Re: Testing mail list

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Gregory Stark <stark(at)enterprisedb(dot)com>, "Andrew Dunstan" <andrew(at)dunslane(dot)net>, "pgsql-hackers list" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Testing mail list
Date: 2007-12-19 16:45:12
Message-ID: 23979.1198082712@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

I wrote:
> Adding to my suspicion is that I don't recall having seen one of these
> personally,

I take that back --- some digging in my mail logs shows that I have
gotten a few of these, but they went straight to /dev/null because
my spam filters thought they were a virus. Have you checked whether
that "gif" is really an image, rather than a bit of malware?

The mail-log trace of the last such attempt is pretty interesting too:

Dec 16 13:05:16 sss2 sm-mta[27362]: lBGI5G1g027362: infotecnica.com.br [201.35.247.5] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Dec 16 13:05:16 sss2 sm-mta[27363]: lBGI5GFn027363: infotecnica.com.br [201.35.247.5] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Dec 16 13:05:17 sss2 sm-mta[27365]: lBGI5HIe027365: infotecnica.com.br [201.35.247.5] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Dec 16 13:05:52 sss2 sm-mta[27368]: lBGI5n2G027368: from=<root(at)infotecnica(dot)com(dot)br>, size=27892, class=0, nrcpts=1, msgid=<200712161805(dot)lBGI59uu016307(at)infotecnica(dot)com(dot)b
r>, bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=infotecnica.com.br [201.35.247.5]
Dec 16 13:05:52 sss2 sm-mta[27369]: lBGI5n2G027368: to="|/usr/local/bin/procmail -tYf- || exit 75 #tgl", ctladdr=<tgl(at)sss(dot)pgh(dot)pa(dot)us> (301/20), delay=00:00:02, xdelay=0
0:00:00, mailer=prog, pri=58095, dsn=2.0.0, stat=Sent

Since 11 December there are consistently three no-op connections before
anything actually happens, which adds a whole new layer of incompetence
that could be charged against whoever is running this, if it actually is
a mail server --- which I grow increasingly dubious of. I also see a
whole lot of connection attempts in the preceding months in which
nothing was *ever* sent, just "did not issue MAIL" reports in bursts of
three.

Looks like spamhaus.org was blocking them for portions of last month,
too, so other people have been unhappy about this as well.

Whoever these people are, I've seen enough; I'm off to add this IP
address to my local permanent blacklist.

regards, tom lane

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Mark Mielke 2007-12-19 17:08:23 Re: Sorting Improvements for 8.4
Previous Message Andrew Sullivan 2007-12-19 16:33:42 Re: Testing mail list