specific email (delivered over IPv6) kills milter-greylist
2012-01-23 by David Young
Hi folks, We run milter-greylist 4.2.7 on 4 load-balanced mail hosts, which receive and process mail for a variety of customers. Lately (yesterday, specifically), the milter-greylist process would crash on each of them, intermittently. Each time before it crashed, the last message milter-greylist processed was spam, from the same IPv6 address. I.e: --- [root@mailscan-n1 ~]# grep q0N4GC3O023026 /var/log/maillog Jan 23 17:16:14 mailscan-n1 sendmail[23026]: q0N4GC3O023026: milter_read(greylist): cmd read returned 0, expecting 5 Jan 23 17:16:14 mailscan-n1 sendmail[23026]: q0N4GC3O023026: Milter (greylist): to error state Jan 23 17:16:14 mailscan-n1 sendmail[23026]: q0N4GC3O023026: from=<office@...>, size=2724, class=0, nrcpts=1, msgid=<201201230416.q0N4GC3O023026@...>, proto=ESMTP, daemon=MTA-v6, relay=[IPv6:2a02:af8:2:4100::9976] Jan 23 17:16:14 mailscan-n1 sendmail[23026]: q0N4GC3O023026: to=<info@...>, delay=00:00:00, mailer=smtp, pri=32724, stat=queued [root@mailscan-n1 ~]# --- I managed to tcpdump this specific transaction above: --- 220 mailscan-n1.safenz.net ESMTP Sendmail 8.13.8/8.13.8; Mon, 23 Jan 2012 17:16:12 +1300 EHLO gillingham.webhosting.uk.com 250-mailscan-n1.safenz.net Hello [IPv6:2a02:af8:2:4100::9976], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-DELIVERBY 250 HELP MAIL FROM:<office@...> SIZE=3486 RCPT TO:<info@...> DATA 250 2.1.0 <office@...>... Sender ok 250 2.1.5 <info@...>... Recipient ok 354 Enter mail, end with "." on a line by itself Received: from [75.119.88.194] (port=1059 helo=User) .by gillingham.webhosting.uk.com with esmtpa (Exim 4.69) .(envelope-from <office@...>) .id 1RpBJ8-0006GO-ML; Mon, 23 Jan 2012 04:15:03 +0000 Reply-To: <office@...>
Show quoted textHide quoted text
From: "De Lotto NL"<office@...> Subject: Lotto NL Date: Sun, 22 Jan 2012 23:14:58 -0500 MIME-Version: 1.0 Content-Type: text/plain; .charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - gillingham.webhosting.uk.com X-AntiAbuse: Original Domain - hetoatakitini.iwi.nz X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - lotto.nl De Lotto NL (The Netherlands). File Serial No: ML/02212/039ZX. File Reference No: AMD/17105/FENL CONGRATULATIONS!!! We are pleased to provide you with the out come of our Promotional Sweepstake program that was conducted on the 2nd Day of January, 2012 and that your e-mail address which was extracted among other e-mail addresses from the Internet Data Base and attach to a File Serial Number: ML/02212/039ZX, has won you a total prize money of 1,925,000 euro (One Million, Nine Hundred and Twenty-Five Thousand Euros) in cash. You are advice to contact our Payment Release Department upon your receipt of this message through the below stated details for the documentation/release of the prize money to you. Mr. Willem Hendrikje. Tel: 312 0894 3513 Fax: 312 0719 2219. Email: Willem-Hendrikje@... As part of our security protocol to avoid unwarranted abuse of this program, we kindly ask that you keep your winning information private until your claim has been processed and your prize money remitted to you. This lottery program was sponsored by a consortium of software companies as a way of rewarding the Internet users. Your winning must be claimed not later than the 30days of your receipt of this message. Please note that in order to avoid unnecessary delays and complications do remember to provide our payment department with the following details. 1). Full Names (As prefer to be Written on your Winning Documents): 2). Residential Address: 3). Occupation: 4). Phone/Fax Numbers: 5). Nationality: 6). Reference Number: 7). Winning Email Address: Congratulations and thanks for being part of our Lottery program. Sincerely yours, Mrs. Guus Mayer. (Programs Coordinator) For: Lotto NL. (Lotto is een onderdeel van De Lotto). Copyright(c) 2011 by De Lotto, the Netherlands. Website: http://lotto.nl . 250 2.0.0 q0N4GC3O023026 Message accepted for delivery QUIT 221 2.0.0 mailscan-n1.safenz.net closing connection --- We receive lots of other IPv6 email, none of which causes a problem for milter-greylist. Can anybody shed some light as to what it is about this particular email that kills milter-greylist? (Assuming it's even the email's IPv6 state which causes the crash...) Thanks :) - David PS. Here are the relevant parts of my config file, with ACLs and peers removed: --- pidfile "/var/run/milter-greylist.pid" socket "/var/milter-greylist/milter-greylist.sock" dumpfile "/var/milter-greylist/greylist.db" user "smmsp" lazyaw quiet acl whitelist list "my network" acl whitelist list "broken mta" acl whitelist list "known ok" acl whitelist list "SNZ Customers mail servers" acl whitelist list "to known ok users" acl whitelist list "from known ok users" acl greylist default delay 14m autowhite 50d ---