[Mimedefang] odd empty messages
Stewart
stewart at f8.com.au
Tue Feb 3 00:10:34 EST 2004
Hi all..
Ever since this latest virus outbreak started i've been seeing a number
of odd messages getting through without being flagged, apparently.
example follows (munged obfuscation applied):
=========
From probably-faked at dodo.com.au Tue Feb 3 08:55:32 2004
Return-Path: <probably-faked at dodo.com.au>
Received: from myserver.mydomain.com.au ([unix socket])
by myserver (Cyrus v2.1.14-IPv6-Debian-2.1.14-3) with LMTP; Tue, 03
Feb 2004 08:55:32 +1100
X-Sieve: CMU Sieve 2.2
Received: from dodo.com.au (ESS-p-144-138-109-159.mega.tmns.net.au
[144.138.109.159])
by myserver. mydomain.com.au (8.12.9/8.12.9/Debian-5) with ESMTP id
i12LsJEm015522
for <myuser@ mydomain.com.au>; Tue, 3 Feb 2004 08:54:21 +1100
Message-Id: <200402022154.i12LsJEm015522 at myserver. mydomain.com.au>
From: probably-faked at dodo.com.au
To: myuser@ mydomain.com.au
Subject: Hello
Date: Tue, 3 Feb 2004 07:55:01 +1000
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0004_CD05CB46.BD84472F"
X-Priority: 3
X-MSMail-Priority: Normal
X-Scanned-By: MIMEDefang 2.37
This is a multi-part message in MIME format...
------=_NextPart_000_0004_CD05CB46.BD84472F
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
The message contains Unicode characters and has been sent as a binary
attachment.
------=_NextPart_000_0004_CD05CB46.BD84472F--
..and that's all there is.
the log shows nothing unusual that i can see.. it's detecting the bad
content and setting drop=1 (i'm using action_drop on everything this
week and stuff the consequences ;-) but it's still delivering.
============
Feb 3 08:55:31 inserver sm-mta[15522]: i12LsJEm015522: from=<
probably-faked at dodo.com.au>, size=31180, class=0, nrcpts=1,
msgid=<200402022154.i12LsJEm015522 at inserver.bleach.com.au>,
proto=ESMTP, daemon=MTA, relay=ESS-p-144-138-109-159.mega.tmns.net.au
[144.138.109.159]
Feb 3 08:55:31 inserver mimedefang.pl[11244]:
MDLOG,i12LsJEm015522,bad_filename,text.bat,application/octet-stream,<
probably-faked at dodo.com.au>,<shannon at bleach.com.au>,Hello
Feb 3 08:55:32 inserver mimedefang.pl[11244]: filter: i12LsJEm015522:
drop=1
Feb 3 08:55:32 inserver sm-mta[15522]: i12LsJEm015522: Milter change:
header Content-Type: from
multipart/mixed;\n\tboundary="----
=_NextPart_000_0004_CD05CB46.BD84472F" to multipart/mixed;
boundary="----=_NextPart_000_0004_CD05CB46.BD84472F"
Feb 3 08:55:32 inserver sm-mta[15522]: i12LsJEm015522: Milter change:
header MIME-Version: from 1.0 to 1.0
Feb 3 08:55:32 inserver sm-mta[15522]: i12LsJEm015522: Milter message:
body replaced
Feb 3 08:55:32 inserver sm-mta[15522]: i12LsJEm015522: Milter add:
header: X-Scanned-By: MIMEDefang 2.37
Feb 3 08:55:32 inserver sm-mta[15525]: i12LsJEm015522:
to=<shannon at bleach.com.au>, delay=00:01:11, xdelay=00:00:00,
mailer=cyrus, pri=120248, relay=localhost, dsn=2.0.0, stat=Sent
is anyone else getting these, and if so, what do you do about it? this
MD newbie here isn't sure where to go next...
cheers,
..S.
More information about the MIMEDefang
mailing list