I seem to get many hits on this signature "Qmail crash" to and from mail servers--TAC was unable to provide meaty details on what causes the signature, anyone run across continuous 3109 hits, I get them every day and treat them as benign..
Your TAC engineer has emailed the developers overnight to get more information on this signature for you. He will get back to you when the developers give him an answer. I'll keep an eye out for it also and post the response here so others can see the reply.
If you are experiencing this message even after upgrading to 3.1(3)Sxx then I would suggest letting your TAC engineer know about it, or add filters onto your IDS system so that you don't see these anymore.
Our IDS senors also see very high counts of this signature. We are running 3.1(3)S35. In the past 5 hours, we have recorded 485 events for the Qmail Length Crash signature. Upon inspecting the context, it appears to be normal email communication. It looks as though the email may be non-text, meaning some Outlook richtext or even HTML formatted. Might this be the cause of the false alarm?
y though because maybe i can get all my cleaning and stuff done when we are thru christmas shopping because no one will be home to bug me and then i can finish it up on saturday morning and MAYBE come up saturday afternoon/evening - we will have to see..
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...