[fetchmail-users] fetchmail gets stuck because of malformed spam

[Karel K. <cl...@tw...>]

I got some malformed spam which causes fetchmail to stop on this spam
and I am unable to download 162 waiting messages behind this spam.

This seems to be some kind of fetchmail DoS vulnerability - if someone
sends this mail to all fetchmail users in the world, they will be pretty
pissed off to have to log in to remote machine and erase the e-mail by
hand. And if he sends every hour, they will have to change to a
different program than fetchmail ;-)

clock@kestrel:~$ fetchmail
162 messages for clock at twin.jikos.cz.
reading message cl...@tw...:1 of 162 (765 header octets) fetchmail: SMTP error: 501 <agrode@%%DOMAIN%>: domain missing or malformed
gethostbyname failed for kestrel

Operating system gentoo linux
GCC 3.3.6
don't know how to get IMAP server greeting line
MDA: ESMTP Exim 4.50
 
This is fetchmail release 6.2.5.2+RPA+NTLM+SDPS+SSL+INET6+NLS
Fallback MDA: (none)
Linux kestrel 2.6.12-gentoo-r10 #2 Tue Oct 4 10:27:59 CEST 2005 i686 Intel(R) Pentium(R) M processor 1.50GHz GenuineIntel GNU/Linux
Taking options from command line and /home/clock/.fetchmailrc
Idfile is /home/clock/.fetchids
Fetchmail will forward misaddressed multidrop messages to clock.
Options for retrieving from cl...@tw...:
  True name of server is twin.jikos.cz.
  Protocol is IMAP.
  All available authentication methods will be tried.
  SSL encrypted sessions enabled.
  Server nonresponse timeout is 300 seconds (default).
  Default mailbox selected.
  Only new messages will be retrieved (--all off).
  Fetched messages will not be kept on the server (--keep off).
  Old messages will not be flushed before message retrieval (--flush off).
  Rewrite of server-local addresses is enabled (--norewrite off).
  Carriage-return stripping is disabled (stripcr off).
  Carriage-return forcing is disabled (forcecr off).
  Interpretation of Content-Transfer-Encoding is enabled (pass8bits off).
  MIME decoding is disabled (mimedecode off).
  Idle after poll is disabled (idle off).
  Nonempty Status lines will be kept (dropstatus off)
  Delivered-To lines will be kept (dropdelivered off)
  Fetch message size limit is 100 (--fetchsizelimit 100).
  Do binary search of UIDs during 9 out of 10 polls (--fastuidl 10).
  Messages will be SMTP-forwarded to: localhost (default)
  Single-drop mode: 1 local name(s) recognized.
  No UIDs saved from this host.
Options for retrieving from cl...@at...:
  True name of server is atrey.karlin.mff.cuni.cz.
  Protocol is IMAP.
  All available authentication methods will be tried.
  SSL encrypted sessions enabled.
  Server nonresponse timeout is 300 seconds (default).
  Default mailbox selected.
  Only new messages will be retrieved (--all off).
  Fetched messages will not be kept on the server (--keep off).
  Old messages will not be flushed before message retrieval (--flush off).
  Rewrite of server-local addresses is enabled (--norewrite off).
  Carriage-return stripping is disabled (stripcr off).
  Carriage-return forcing is disabled (forcecr off).
  Interpretation of Content-Transfer-Encoding is enabled (pass8bits off).
  MIME decoding is disabled (mimedecode off).
  Idle after poll is disabled (idle off).
  Nonempty Status lines will be kept (dropstatus off)
  Delivered-To lines will be kept (dropdelivered off)
  Fetch message size limit is 100 (--fetchsizelimit 100).
  Do binary search of UIDs during 9 out of 10 polls (--fastuidl 10).
  Messages will be SMTP-forwarded to: localhost (default)
  Single-drop mode: 1 local name(s) recognized.
  No UIDs saved from this host.
Options for retrieving from di...@po...:
  True name of server is pop.centrum.cz.
  Protocol is POP3.
  All available authentication methods will be tried.
  Server nonresponse timeout is 300 seconds (default).
  Default mailbox selected.
  Only new messages will be retrieved (--all off).
  Fetched messages will not be kept on the server (--keep off).
  Old messages will not be flushed before message retrieval (--flush off).
  Rewrite of server-local addresses is enabled (--norewrite off).
  Carriage-return stripping is disabled (stripcr off).
  Carriage-return forcing is disabled (forcecr off).
  Interpretation of Content-Transfer-Encoding is enabled (pass8bits off).
  MIME decoding is disabled (mimedecode off).
  Idle after poll is disabled (idle off).
  Nonempty Status lines will be kept (dropstatus off)
  Delivered-To lines will be kept (dropdelivered off)
  Fetch message size limit is 100 (--fetchsizelimit 100).
  Do binary search of UIDs during 9 out of 10 polls (--fastuidl 10).
  Messages will be SMTP-forwarded to: localhost (default)
  Single-drop mode: 1 local name(s) recognized.
  No UIDs saved from this host.
Options for retrieving from yc...@po...:
  True name of server is pop.centrum.cz.
  Protocol is POP3.
  All available authentication methods will be tried.
  Server nonresponse timeout is 300 seconds (default).
  Default mailbox selected.
  Only new messages will be retrieved (--all off).
  Fetched messages will not be kept on the server (--keep off).
  Old messages will not be flushed before message retrieval (--flush off).
  Rewrite of server-local addresses is enabled (--norewrite off).
  Carriage-return stripping is disabled (stripcr off).
  Carriage-return forcing is disabled (forcecr off).
  Interpretation of Content-Transfer-Encoding is enabled (pass8bits off).
  MIME decoding is disabled (mimedecode off).
  Idle after poll is disabled (idle off).
  Nonempty Status lines will be kept (dropstatus off)
  Delivered-To lines will be kept (dropdelivered off)
  Fetch message size limit is 100 (--fetchsizelimit 100).
  Do binary search of UIDs during 9 out of 10 polls (--fastuidl 10).
  Messages will be SMTP-forwarded to: localhost (default)
  Single-drop mode: 1 local name(s) recognized.
  No UIDs saved from this host.