On 8 May 2015, at 11:46, Dianne Skoll wrote:
Hi,
We are seeing a trickle of weird empty messages. Here's a sample
Sendmail log:
May 8 11:33:31 colo3 sm-mta[1100]: t48FXPqL001100:
from=<ragland_rosell...@cttstone.com>, size=18, class=0, nrcpts=1,
msgid=<8[10, proto=SMTP, daemon=MTA,
relay=50-242-22-73-static.hfc.comcastbusiness.net [50.242.22.73] (may
be forged)
Note the size of 18 bytes. The entire message content consists of
the single header:
Message-ID: <8[10
and that's it!
So, buggy ratware? Someone trying to exploit a vulnerable SMTP
server?
Bizarre...
A blast from the past!
Yes, it's buggy ratware. I haven't seen those in volume since ~2007. I
believe the CBL treats that as a signature so if you're using it (or
Spamhaus Zen) ahead of SA, you should see very few of those unless the
senders have figured out how to hide from CBL detection.
