Date: Mon, 31 Mar 2003 12:56:33 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: "Nikolaj I. Potanin" <nikolaj@drweb.ru> Cc: freebsd-security@freebsd.org Subject: Re: what was that? Message-ID: <20030331185633.GA40453@madman.celabo.org> In-Reply-To: <3E887850.7010100@drweb.ru> References: <3E887850.7010100@drweb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 31, 2003 at 09:18:08PM +0400, Nikolaj I. Potanin wrote: > What does mean this bizarre msgid? > > maillog: > Mar 31 19:31:15 cu sm-mta[5352]: h2VFVEGS005352: from=<nb@sindbad.ru>, > size=1737, class=0, nrcpts=1, > msgid=<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAfp4Fa2ShPE2u4pP/QpPDIMKAAAAQAAAAj+zb4Isbuk+tYEPVF9Vf, > proto=ESMTP, daemon=MTA, relay=wg.pu.ru [193.124.85.219] It was a long Message-ID which sendmail truncated to 100 characters when printing the log message, i.e. printf(... msgid=%.100s ...). It's kind of interesting, because it is base64 encoded data which begins with the string `PCDFEB09': 0000 50 43 44 46 45 42 30 39 00 01 00 02 00 00 00 00 |PCDFEB09........| 0010 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 |................| 0020 00 7e 9e 05 6b 64 a1 3c 4d ae e2 93 ff 42 93 c3 |.~..kd¡<M®â.ÿB.Ã| 0030 20 c2 80 00 00 10 00 00 00 8f ec db e0 8b 1b ba | Â........ìÛà..º| 0040 4f ad 60 43 d5 17 d5 5f |O`CÕ.Õ_| Google'ing for that string turns up a lot of hits, which seem to be Microsoft TNEF attachements. *shrug* Perhaps it is a sneaky way of sending some data out-of-band :-) or maybe it is just a buggy application. Too bad you don't have the entire message. I don't think it is anything to worry about, really. Cheers, -- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030331185633.GA40453>