From owner-freebsd-security Mon Mar 10 7:50:48 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF1F137B401 for ; Mon, 10 Mar 2003 07:50:46 -0800 (PST) Received: from bubbles.electricutopia.net (adsl-67-120-245-61.dsl.sndg02.pacbell.net [67.120.245.61]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5367843F75 for ; Mon, 10 Mar 2003 07:50:44 -0800 (PST) (envelope-from dave@slickness.org) Received: by bubbles.electricutopia.net (Postfix, from userid 1001) id 571511524C; Mon, 10 Mar 2003 07:50:43 -0800 (PST) Date: Mon, 10 Mar 2003 07:50:43 -0800 From: David Olbersen To: freebsd-security@freebsd.org Subject: sendmail exploit in wild? Message-ID: <20030310155043.GA86716@slickness.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I don't use sendmail but did get these two messages from postfix: Mar 9 22:47:58 bubbles postfix/smtpd[26116]: warning: unknown[62.56.175.142] sent Message-ID: header instead of SMTP command: Message-ID: <199b8142297b$b6bc9b9a$c2263fc2@hnayttbkseb.bu> Mar 9 22:47:58 bubbles postfix/smtpd[26116]: warning: unknown[62.56.175.142] sent Message-ID: header instead of SMTP command: Message-ID: <199b8142297b$b6bc9b9a$c2263fc2@hnayttbkseb.bu> I know the sendmail exploit is in the headers, does this look like it? -- David Olbersen Site: http://mp3s.mootech.net PGP Key: http://mootech.net/~dave/gpg-key.txt One hoopy frood who knows where his towel is. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message