From owner-freebsd-questions@FreeBSD.ORG Tue Jan 27 09:49:15 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7ED4B16A4CE for ; Tue, 27 Jan 2004 09:49:15 -0800 (PST) Received: from av5-2-sn1.fre.skanova.net (av5-2-sn1.fre.skanova.net [81.228.11.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id A761B43D73 for ; Tue, 27 Jan 2004 09:49:08 -0800 (PST) (envelope-from admin@swedehost.com) Received: by av5-2-sn1.fre.skanova.net (Postfix, from userid 502) id 139DD37EBE; Tue, 27 Jan 2004 18:47:41 +0100 (CET) Received: from smtp3-1-sn1.fre.skanova.net (smtp3-1-sn1.fre.skanova.net [81.228.11.163]) by av5-2-sn1.fre.skanova.net (Postfix) with ESMTP id E9B8737ED5 for ; Tue, 27 Jan 2004 18:47:40 +0100 (CET) Received: from thor.swedehost.com (h129n2fls33o804.telia.com [217.209.211.129]) by smtp3-1-sn1.fre.skanova.net (Postfix) with ESMTP id 9A88837E7E for ; Tue, 27 Jan 2004 18:47:40 +0100 (CET) From: Geir Svalland To: freebsd-questions@freebsd.org Date: Tue, 27 Jan 2004 18:47:52 +0100 User-Agent: KMail/1.5.4 Organization: The Valhalla Project MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200401271847.52402.admin@swedehost.com> Subject: Active System Attack Alerts X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2004 17:49:15 -0000 Hi everybody. Got some strange alerts in my logfiles that I need help to interp. Active System Attack Alerts =-=-=-=-=-=-=-=-=-=-=-=-=-= Jan 27 02:12:41 odin sendmail[46386]: i0R1CbKR046385: Fixed MIME Content-Type header field (possible attack) Jan 27 02:12:41 odin sendmail[46386]: i0R1CbKR046385: Fixed MIME Content-Type header field (possible attack) Security Violations =-=-=-=-=-=-=-=-=-= Jan 27 02:12:41 odin sendmail[46386]: i0R1CbKR046385: Fixed MIME Content-Type header field (possible attack) Jan 27 02:12:41 odin sendmail[46386]: i0R1CbKR046385: Fixed MIME Content-Type header field (possible attack) Unusual System Events =-=-=-=-=-=-=-=-=-=-= Jan 27 02:12:41 odin sendmail[46386]: i0R1CbKR046385: Fixed MIME Content-Type header field (possible attack) Jan 27 02:12:41 odin sendmail[46386]: i0R1CbKR046385: Fixed MIME Content-Type header field (possible attack) and from my maillog cat maillog | grep "02:12:41" Jan 27 02:12:41 odin sendmail[46385]: i0R1CbKR046385: from=, size=122951, class=-30, nrcpts=1, msgid=, proto=ESMTP, daemon=IPv4, relay=mx2.freebsd.org [216.136.204.119] Jan 27 02:12:41 odin sendmail[46386]: i0R1CbKR046385: Fixed MIME Content-Type header field (possible attack) Jan 27 02:12:41 odin sendmail[46386]: i0R1CbKR046385: to=, delay=00:00:03, xdelay=00:00:00, mailer=local, pri=207193, relay=local, dsn=2.0.0, stat=Sent Nothing unusual in any other logfiles. Regards Hasse.