[Mimedefang] Another RND bug spam...
WBrown at e1b.org
WBrown at e1b.org
Mon Apr 12 09:23:16 EDT 2004
mimedefang-bounces at lists.roaringpenguin.com wrote on 04/07/2004 10:59:38
PM:
> Just got a spam in MD/SA did not catch. Yet... Easy to do as it's
> got a %RND* bug in the headers. Just a heads up, I put the relevany
> headers below...
>
> [...]
> Subject: 14 format
> Mime-Version: 1.0
> X-MIMETrack: Itemize by SMTP Server on SMTP1/Irgidvwwpr(Release 5.0.
> 11 |%RND_DATE_ONLY) at
> %RND_MONTH_DAY_YEAR %RND_TIME,
> Serialize by Router on SMTP1/yahoo.com(Release 5.0.11
|%RND_DATE_ONLY) at
> %RND_MONTH_DAY_YEAR %RND_TIME,
> Serialize complete at %RND_MONTH_DAY_YEAR %RND_TIME,
> Date: Wed, 07 Apr 2004 20:11:41 -0600
> [...]
This looks suspiciously like a Lotus Domino server with the exception of
the %RND junk. Here is the X-MIMETrack header from my Domino server on
this message:
X-MIMETrack: Itemize by SMTP Server on
ns-cncrooks/Servers/E1BOCES/Erie1(603HF90 | October
28, 2003) at 04/07/2004 10:04:57 PM,
Serialize by Notes Client on William
Brown/Main/Erie1(Release 6.5.1|January
21, 2004) at 04/12/2004 08:57:20 AM,
Serialize complete at 04/12/2004 08:57:20 AM
The bit about "Release 5.0.11" is another indication, as this is a valid
version for Domino. I've never seen it insert %RND in there, but since
everything in Domino can be programmed, it wouldn't surprise me that it's
possible to have it randomize the date and time.
Of course, this could just be a bogus header that they are trying to use
to insert random data.
More information about the MIMEDefang
mailing list