Re: [Exim] common pattern in spam involving exim 4.34

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMGiuliano Gavazzi at <-
MSuresh Ramasubramanian at ->
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: Giuliano Gavazzi
CC: exim-users
Subject: Re: [Exim] common pattern in spam involving exim 4.34
On Sun, 4 Jul 2004, Giuliano Gavazzi wrote:
>
> Received: from nobody by server150.teknonservers.com with local (Exim 4.34)
>     id 1BguBu-000729-RO
>     for   @humph.com; Sat, 03 Jul 2004 18:45:06 -0500

>
> it could be:
> 1) exim is very popular
> 2) there is a exploit in version 4.34
> 3) just a coincidence...

The fact that it's being sent by user nobody indicates that it's probably
an exploitable formmail script.

Tony.
--
f.a.n.finch <dot@???> http://dotat.at/
LANDS END TO ST DAVIDS HEAD INCLUDING THE BRISTOL CHANNEL: WEST OR SOUTHWEST 3
LOCALLY 4, BECOMES 3 OR LESS FOR A TIME, THEN INCREASES 4 OR 5, VEERING
NORTHWEST LATER. OCCASIONAL RAIN TO START THEN SCATTERED SHOWERS. GOOD, BUT
MODERATE IN RAIN. MODERATE BECOMES SLIGHT.


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Open relay?[Exim] Automatica generatiuon of temporary address->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)