On Sat, 21 May 2011 19:37:19 -0700, Quinn Comendant wrote: > We have a client on our mail server who occasionally and randomly receives emails which contain nothing other than the output from `spamc --help`
I found the cause of this problem. The client was using a catch-all address, and was receiving mail addressed to "--usern...@client-domain.org" (with double dashes in front). It seems CHKUSER should filter for such bogus addresses; is it valid? I'll suggest that the client disable the catch-all and setup specific, valid aliases for the domain. I've posted the raw email here: http://pastie.textmate.org/private/68bokw2tmauf2soczq The catch-all is not the problem; it is something to do with the way simscan is passing the message to clamc that an email addressed to --local@domain is interpreted as an invalid argument. This brings up the worry that the sender of the message might be able to modify the parameters passed to clamc in dangerous ways? (Running the message through spamc manually `spamc -R < spam.eml` doesn't cause any errors.) Actually, I can't intentionally cause this to make an error if I send a test message to `--chico.volunt...@client-domain.org.` The email address is interpreted normally and the email delivers fine. So it may not be only that `--` precedes the local part of the email address, but something unique in the SMTP transaction that I'm not replicating. Q
