[Mimedefang] Frequent signal 11 crashes

Mișu Moldovan dumol at gnome.ro
Wed Oct 8 09:01:25 EDT 2008 

Hi all,

I'm new to this list and to MIMEDefang. I'm currently trying to set it
up for some basic needs, we need to refuse mail with some blocked
attachments, with malware (using clamd as a scanner) or tagged as spam
(by spamd), everything on our MX servers during the SMTP session.

I've been making good progress in shaping mimedefang-filter for our
needs but I hit a stumbling block, random segfaults that look like this:

Oct  7 18:13:09 [kernel] mimedefang[19983]: segfault at 0400002e eip
b7e97028 esp b6df026c error 4

This is MIMEDefang 2.64 on a regular Gentoo machine with no fancy
unmasked packages and very stable hardware (it's my workstation and it
often reaches tens of days of uptime). I've used the ebuild present in
the official Portage (Gentoo's package system) and didn't bother to try
2.65 as the changelog says the only change seems to be an unrelated
bugfix. The crash happened a few times during testing but they were not
reproducible (the same mail would crash "mimedefang" once and then would
be processed without a hitch).

I've tried the setup on a very solid production machine (server-quality
hardware, uptime over 100 days) with a hardened Gentoo machine where the
kernel is patched with grsecurity and PaX and everything is compiled
with a hardened toolchain with PIC/PIE. The crashes happen very frequent
there (but not 100% reproducible), MIMEDefang rarely gets to process two
or three mail before dying with this message in the log:

Oct  7 17:53:41 [kernel] grsec: From 127.0.0.1: signal 11 sent
to /usr/bin/mimedefang[mimedefang:28223] uid/euid:105/105
gid/egid:1026/1026, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

I've tried to get some more info from this mailing list archives and the
closest matching discussion that I found ended with a request for a
coredump. So I've returned to the regular Gentoo workstation where it's
easier for me to get a core file and I've managed to get one from an
unstripped  "mimedefang" binary. I've put the core and the binary online
at http://dumol.ath.cx/mimedefang/ , hoping that someone with a more
intimate knowledge of MIMEDefang would find a solution to this.

The backtrace looks like this:

Core was generated by `/usr/bin/mimedefang
-P /var/spool/MIMEDefang/mimedefang.pid -R -1 -m /var/spool'.
Program terminated with signal 11, Segmentation fault.
#0  0xb7e97028 in strcmp () from /lib/libc.so.6
(gdb) bt
#0  0xb7e97028 in strcmp () from /lib/libc.so.6
#1  0x080519d4 in smfi_getsymval ()
#2  0x0804cef5 in rcptto (ctx=0x805f740, to=0x805f588)
at ./mimedefang.c:1046
#3  0x080536fb in st_rcpt ()
#4  0x08054699 in mi_engine ()
#5  0x08051879 in mi_handle_session ()
#6  0xb7f7717b in ?? () from /lib/libpthread.so.0
#7  0x0805f740 in ?? ()
#8  0xb6df3b90 in ?? ()
#9  0xb6df3b90 in ?? ()
#10 0xb6df3b90 in ?? ()
#11 0xb6df3480 in ?? ()
#12 0x00000000 in ?? ()

Thanks a lot,

-- 
mișu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Aceast fragment din mesaj este semnat digital
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20081008/3a2299ed/attachment.sig>

More information about the MIMEDefang mailing list