On Mon, 10 May 1999 10:10:08 +0100 (BST), you wrote:
>On Sun, 9 May 1999, Marc Haber wrote:
>> |riuztrieouhdgklj
>> |500 Command unrecognized
>> |debug
>> |500 No way!
>
>> None of these things resulted in a log entry. I am thinking that it
>> might be useful to have exim log illegal commands on the SMTP channel.
>> This could be useful in detecting somebody trying to to a buffer
>> overflow or a similar attack. Would having such an option be useful in
>> attack scenarios or would it open ways to attack a mail host itself?
>
>Set log_smtp_syntax_errors.
This does half of the trick. Since trying the "debug" command on the
SMTP channel most certainly denotes an attack, I'd like to have this
logged, too.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
--
*** Exim information can be found at
http://www.exim.org/ ***
