[Mimedefang] GLOB error on $Helo
Joseph Brennan
brennan at columbia.edu
Mon Apr 3 12:20:46 EDT 2006
I found a few of these in syslog (wrapped here for legibility):
Apr 3 04:33:52 jujube mimedefang-multiplexor[411]:
[ID 980602 mail.info] Slave 22 stderr: Can't coerce GLOB to number
in add at /etc/mail/mimedefang/mimedefang-filter line 383.
The slave then dies prematurely with the "check your filter rules"
error. Line 383 is:
if ($Helo =~ /yahoo.com/) {
The error follows closely this sendmail report:
Apr 3 04:33:52 jujube sm-mta[22755]: [ID 801593 mail.info]
k338XTZk022755: from=<jsmith at yahoo.com>, size=180541, class=0,
nrcpts=1, msgid=<200604030833.k338XTZk022755 at jujube.cc.columbia.edu>,
proto=ESMTP, daemon=MTA-v4, relay=[202.120.113.165]
That's not Yahoo, so who knows what the HELO string was.
"Can't coerce GLOB to number in add"-- meaning a file named "add"?
If this is the result of a bizarre HELO string, is there an exploit
here waiting for the right HELO string?
Ha!-- I just looked for other messages from that IP address. Three
hours later it tried to send us a zipped virus.
Joseph Brennan
Columbia University Information Technology
More information about the MIMEDefang
mailing list