On Monday 11 June 2001 11:25, you wrote:
> On 09-Jun-01 Nash Hoogwater wrote:
> > Hi list,
> >
> > I got some very strange mail a few minutes ago and a week ago also. Maybe
> > someone can help me with this.
> >
> > The mail doesn't contain a reply-adres, subject and almost no headers.
> > The date is 1 january 1970 00:59:59. I have pasted the headers and text
> > below. The text is also very strange as you can see.
> >
> > -------------------------------------------------
> >
> > Content-Type:
> > Status: R
> > X-Status: N
> >
> >
> >
> > 1 3b13ce2000000001
> > 2 3b13ce2000000002
> >
> > ----------------------------------------------------
>
> Really a strange one... Please state your kernel version, MTA (e. g.
> sendmail, with version number) and SuSE-release of your box and wether you
> use it in a production/business environment (with a 'real' IP) or at home
> with dyn.IP and modem/isdn/dsl/cable/whatever.

OK, here is comes: I use SuSE 7.1 with 2.4.0-4GB kernel (original
suse-kernel), MTA = postfix-20001212-4. I have a static ip-address (adsl). I
use fetchmail(fetchmail-5.6.0-5) to pop3 one account, but this isn't the
account that received this mail. The account that received the mail is one
that I pop3 from KMail (KDE 2.1.1) from my workstation. Furthermore I use
gotmail to get my mail from hotmail, it runs every 5 minutes and sends mail
to my mailbox. (on the server/gateway). To get al the mail I pop3 the
server/gateway from my workstation with KMail. On account of my configuration
on KMail: I have a filter-rule that states that every mail from a whole
domain (in To and CC) has to be transfered to a specific folder.

So the problem is I don't know to which account/email-address the mail has
been sent, but I'm pretty sure it is the account that I check manually (via
KMail).

>
> > Someone??? Any idea???
>
> Normally, messages with headers like the ones which worry you are
> incomplete and would be rejected by any MTA following the rules for
> electronic mail as given in rfc822 and rfc1123. To be precise, they (the
> headers) would be completed with at least one received line (from your own
> host), date and Message-ID, together with other headers which might be
> assigned in your MTA's configuration. However, newer version of sendmail
> (V8) would not accept mails without a from: line in standard configuration
> ("need MAIL before RCPT").
>
> That's why you should make sure that you have gotten the *whole* header and
> not just the body and parts of (optional) header lines; AFAIK, Status: and
> X-Status: are no mandatory header entries and therefore are treated like
> being part of the message body, as it would be with any subject: lines
> which are helpfull for the recipient but also not mandatory. Some mail
> programs do not show you the whole of the header. In this case it's best to
> directly cut and paste the problem mail out of the spool file.

I did just that: this is everything that is in the mail :-(.

> My first guess would point in the direction of a slightly misconfigured MTA
> on your side, together with a remote script/bot directly sending mails by
> connecting to your host, port 25, or a strictly local problem on your
> host... Just a guess...
>
> > Greetings,
> >
> > Nash
>
> ---
> Boris Lorenz <bololupa.de>
> System Security Admin *nix - *nux
> ---

-- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]