[milters] Archive

Lists Index Date Thread Search

Article: 1828
From: Ben Spencer
Date: 2008-01-28 05:26:24 -0500
Subject: POSSIBLE ATTACK from.... in milter-p0f

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Just installed milter-p0f (0.5.12). It seems as if there may be a formatting
issue?
From the logs....

2008 Jan 28 04:20:22 mailgw [mail.info] sendmail[27247]: m0SAKKWD027247:
Milter add: header: X-milter-p0f-Report: mail3.crosswalkmail.com
[208.123.68.10] (unknown) Linux 2.6, seldom 2.4 (older, 4) hops 13 link
ethernet/modem up 2888 \r\n    by [66.185.255.136]; Mon, 28 Jan 2008
04:20:20 -0600\r\n
.
.
.
2008 Jan 28 04:20:25 mailgw [mail.notice] sendmail[27247]: m0SAKKWD027247:
POSSIBLE ATTACK from mail3.crosswalkmail.com: newline in string
"mail3.crosswalkmail.com [208.123.68.10] (unknown) Linux 2.6, seldom 2.4
(older, 4) hops 13 link ethernet/modem up 2888 \r     by [66.185.255.136];
Mon, 28 Jan 2008 04:20:20 -0600\r "
2008 Jan 28 04:20:25 mailgw [mail.notice] sendmail[27247]: m0SAKKWD027247:
POSSIBLE ATTACK from mail3.crosswalkmail.com: newline in string
"mail3.crosswalkmail.com [208.123.68.10] (unknown) Linux 2.6, seldom 2.4
(older, 4) hops 13 link ethernet/modem up 2888 \r     by [66.185.255.136];
Mon, 28 Jan 2008 04:20:20 -0600\r "


....The X-milter-p0f-Report is actually getting added to the headers depite
the warning.

benji

---
Benji Spencer
System Administrator
Ph: 312-329-2288



-- Binary/unsupported file stripped by Ecartis --
-- Type: application/x-pkcs7-signature
-- File: smime.p7s



Lists Index Date Thread Search