You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by James Butler <ja...@musicforhumans.com> on 2006/07/18 01:59:03 UTC

Getting spammed/attacked via this list?

Hi.

I'm getting Snort alerts that describe "Attempted specific command buffer overflow: MAIL FROM:, 346 chars" via this list. The typical message contains a software pitch included in the headers like this:

====begin====
X-Spam-Check-By: apache.org
Received-SPF: neutral (asf.osuosl.org: local policy)
Received: from [85.194.0.110] (HELO mail.visit.se) (85.194.0.110)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Jul 2006 15:55:30 -0700
Received: by mail.visit.se (Postfix, from userid 503)
id 6188336E0097; Tue, 18 J="0" cellpadding="0" cellspacing="0">
<tr>
...and more HTML....followed by a 345 character string ...
====end====

Then the rest of the mail headers and a (truncated?) list message that begins:

====begin====
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Thursday 13 July 2006 08:31, Sietse van Zanen took the opportunity to=20
write:
> And that trick could also very well cause you to loose legitimate

...and more message...
====end====

Thoughts? I have preserved the entire message, for anyone who may be interested. Thanks.

James