[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Strange problem with mail...



Huummm, I think this is not the right direction, first Im using ext3 in that
partition and the others olso have ext3 and one with ext2 in any case, the
kernel 2.6.26 was running smothly for 11 days, and blew up with that mail,
prof of it is that since the removal of the mail the problem disapear.
An MX error could be the server seams to be somehow miss config
:~$ dig MX host.serverspain.com

; <<>> DiG 9.2.1 <<>> MX host.serverspain.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58923
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;host.serverspain.com.          IN      MX

;; AUTHORITY SECTION:
serverspain.com.        3600    IN      SOA     dns1.name-services.com. info.name-services.com. 2002050701 10001 1801 604801 181

;; Query time: 291 msec
;; SERVER: 164.73.80.11#53(164.73.80.11)
;; WHEN: Fri Aug 27 10:31:35 2004
;; MSG SIZE  rcvd: 98


as the MX record seam to be pointing nowhere, or whats more been comented,
any how I still belive there is a bug here I cant belive that exim would
blow the memory away if he couldnt resolve a MX in this conditions and the
mail would have the headers "broken", should we notify exim devs? or
something?

Cheers, 
rak

On Fri, Aug 27, 2004 at 08:57:46AM +0100, Ronny Adsetts wrote:
> Resending to correct address this time - list sender gets me every damn 
> time.
> 
> Stephen Gran said at 27/08/04 02:53:
> 
> > This one time, at band camp, Jan Luehr said:
> >
> >> Greetings,...
> >>
> >> Am Donnerstag, 26. August 2004 22:18 schrieb Thomas Sjögren:
> >>
> >>> On Thu, Aug 26, 2004 at 09:44:51PM +0200, Jan Luehr wrote:
> >>>
> >>>> Greetings,....
> >>>>
> >>>> Am Donnerstag, 26. August 2004 19:32 schrieb UnKnown:
> >>>>
> >>>>> Hi ppl, first I wont to state that this is my first mail to this list,
> >>>>> if by any chance this is not the right list to do so plz point me to
> >>>>> the correct one.
> >>>>> Last sunday the mail server start kicking process, actually it did 
> such
> >>>>> a mess, that it trow all daemons down. When I check the console this
> >>>>> message was the only thing left:
> >>>>> __alloc_pages: '-order allocation failed (gfp=0x....)
> >>>>
> >>>>
> >>>> Ok. This looks like an exploit.
> >>>> Wich Kernel do you use?
> >>>> 2.4.26 is certainly not Woody-standard.
> >>>> Are you able to find any binary causing these kind of messages?
> >>>
> >>>
> >>> Sure it isnt the memory or filesystem?
> >>> Some info:
> >>> http://www.ussg.iu.edu/hypermail/linux/kernel/0404.2/1680.html
> >>> http://mirror.hamakor.org.il/archives/linux-il/01-2004/8144.html
> >>> http://lists.suse.com/archive/suse-linux-e/2003-Jul/1178.html
> >>
> >>
> >> You may be right. I thought ReiserFS-Bugs in that way are relicts from 
> the dark age of 2.4...
> >> However - failed memory allocation can also be a sympton of an exploit 
> trying to access memory he shouldn't do ,)
> >
> >
> > In this case, though, I think spamassassin was sparking OOM problems
> > scanning an oversized email header block.  How exim wrote all those
> > headers is another question, though - it shouldn't be doing that,
> > I wouldn't think.
> 
> 
> I've seen similar headers from exim (woody) where a bounce was trying to be 
> delivered where the MX records pointed to 0.0.0.0 or something similar 
> (don't recall exactly). Setting "ignore_target_hosts = 127.0.0.0/8 : 
> 0.0.0.0/8" helped in that case though, having had a quick look, it doesn't 
> seem to be the case here.
> 
> I do suspect some simliar loop though.
> 
> Ronny
> -- 
> Technical Director
> Amazing Internet Ltd, London
> t: +44 20 8607 9535
> f: +44 20 8607 9536
> w: www.amazinginternet.com
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact 
> listmaster@lists.debian.org
> 



Reply to: