I run a cluster of servers (18 node) and over the last week the mail
spools skyrocketed to process around 80,000+ emails per node. (There are
hundreds of domains hosted.).
Spamassassin is set to DB for accounts to filter as well as storing
whitelistfrom functions.
Tonight I found an account with 22,200 entries of text:
„ÿÿ2Œÿÿi¡Øü>21Ë;11‚?:?5ÿÿÿ�ÿÿÿ�ÿÿÿ�ÿÿÿ�ÿÿÿ�†ºáŠI¨ÿÿ?†Ðÿÿ˃ÿÿ´FÿÿˆÿÿêÎÿÿìÒÿüæÌÿÿðÛÿÿñßÿÿóâÿÿõçÿÿ÷íÿÿ
I was hoping for input on whether this was an inserted exploit to
whitelist basically everything inbound to the domain (72,000 email
accounts serviced for the domain in question). Or if it is just a rule
that got corrupted and replicated.
Any info would be greatly appreciated.
Jeff