Exploit or artifact?

[Jeff Eshom <je...@nixhub.com>]

I run a cluster of servers (18 node) and over the last week the mail 
spools skyrocketed to process around 80,000+ emails per node. (There are 
hundreds of domains hosted.).

Spamassassin is set to DB for accounts to filter as well as storing 
whitelistfrom functions.

Tonight I found an account with 22,200 entries of text:
„ÿÿ2Œÿÿi¡Øü>21Ë;11‚?:?5ÿÿÿ�ÿÿÿ�ÿÿÿ�ÿÿÿ�ÿÿÿ�†ºáŠI¨ÿÿ?†Ðÿÿ˃ÿÿ´FÿÿˆÿÿêÎÿÿìÒÿüæÌÿÿðÛÿÿñßÿÿóâÿÿõçÿÿ÷íÿÿ

I was hoping for input on whether this was an inserted exploit to 
whitelist basically everything inbound to the domain (72,000 email 
accounts serviced for the domain in question). Or if it is just a rule 
that got corrupted and replicated.

Any info would be greatly appreciated.

Jeff

Re: Exploit or artifact?

[Loren Wilton <lw...@earthlink.net>]

I got one of something like that tonight.  Clearly foreign language, and got 
tagged for around 20 points by my system.  Looks like a Russian spam run or 
the like starting.

        Loren