From owner-freebsd-security Wed Jul 17 12:26:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB26B37B400 for ; Wed, 17 Jul 2002 12:26:06 -0700 (PDT) Received: from kknd.mweb.co.za (kknd.mweb.co.za [196.2.45.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5C71143E70 for ; Wed, 17 Jul 2002 12:26:05 -0700 (PDT) (envelope-from savage@savage.za.org) Received: from cpt-dial-196-30-179-68.mweb.co.za ([196.30.179.68] helo=netsonic.megalan.co.za) by kknd.mweb.co.za with esmtp (Exim 4.01) id 17UuKw-0000Aj-00; Wed, 17 Jul 2002 21:19:52 +0200 Received: from genocide.megalan.co.za ([192.168.1.254] helo=genocide) by netsonic.megalan.co.za with smtp (Exim 3.36 #2) id 17UuS5-00092R-47; Wed, 17 Jul 2002 21:27:09 +0200 Message-ID: <018901c22dc7$c02f43a0$fe01a8c0@genocide> From: "Chris Knipe" To: "Klaus Steden" , References: <20020711170957.U318-100000@gabba.so.cpt1.za.uu.net> <20020711153708.GF25321@straylight.oblivion.bg> <20020717151429.J48097@cthulu.compt.com> Subject: Re: Weird messages reported by kernel ... Date: Wed, 17 Jul 2002 21:25:45 +0200 Organization: MegaLAN Corporate Networking Services MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org It looks like it's trying to send HTML code to your mail server... Nothing to serious... Just a seriously disturbed individual... But I don't think any harm can come from it... Regards, Chris Knipe Cell: (072) 434-7582 MegaLAN Corporate Networking Services ----- Original Message ----- From: "Klaus Steden" To: Sent: Wednesday, July 17, 2002 9:14 PM Subject: Weird messages reported by kernel ... > Hi there, > > I've noticed a couple of messages show up in my daily reports from our DMZ > mail server that I can't explain, and I'm wondering if they indicate some > attempted exploit. Specifically ... > > Jul 16 18:52:36 cthulu sendmail[1067]: g6GMqah01067: SYSERR: putoutmsg (CPE014140013297.cpe.net.cable.rogers.com): error on output channel sending "500 5.5.1 Command unrecognized: "Content-Type: text/html;"": Broken pipe > Jul 16 21:56:21 cthulu sendmail[3984]: g6H1uLh03984: SYSERR: putoutmsg (adsl-66-124-102-179.dsl.mtry01.pacbell.net): error on output channel sending "500 5.5.1 Command unrecognized: "Content-Type: text/html;"": Broken pipe > > Anyone seen this before? Anyone have an inkling as to what it is, besides > someone not understanding SMTP? > > cheers, > Klaus > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message