[Mimedefang] md 2.6 -> 2.33 = POSSIBLE ATTACK on SA headers
Mike Batchelor
mikebat at tmcs.net
Tue May 6 19:01:01 EDT 2003
I was running MD 2.6, upgraded to 2.33. Now when sendmail accepts a
modified message from MIMEDefang, it complains to syslog:
May 6 14:36:26 u1 sm-mta[10317]: h46M0lJ1010317: POSSIBLE ATTACK FROM
[(some relay)]: newline in string
"---- Start SpamAssassin results 6.90 points, 5 required; * 0.3 -- BODY:
Offers a limited time offer * 0.9 -- BODY: Money back guarantee * 0.3 --
BODY: HTML has unbalanced "html" tags * 0.7 -- BODY: Message is 70% to 80%
HTML * 0.2 -- BODY: HTML included in message * 0.5 -- BODY: HTML has
unbalanced "body" tags * 0.1 -- Message only has text/html MIME parts *
3.9 -- HTML comments which obfuscate text ---- End of SpamAssassin
results"
What the heck did the upgrade from 2.6 -> 2.33 do to the SA report that
used to be split across multiple lines, like Received: header are?
Before the upgrade, I was running SA 2.53, same as afterwards. The only
other changes I made at the time of the MD upgrade, was to setup sendmail
for non-setuid operation, with a clientmqueue and MTA mqueue, but I did not
change the sendmail binary to do this. I did however, set mimedefang to run
as non-root, but that shouldn't matter for this should it?
---
"The avalanche has already begun. It is too late for the pebbles to vote."
-- Kosh
More information about the MIMEDefang
mailing list