Autor: Marc Sherman Data: A: exim-users Assumpte: [exim] HTTP requests to port 25?
My logs show a number of SMTP protocol violations similar to this one:
2005-11-21 04:55:24 SMTP protocol violation: synchronization error
(input sent without waiting for greeting): rejected connection from
H=ns1.avs18.com[85.118.32.254] input="POST / HTTP/1.1\r\nHost:
projectile.ca:25\r\nContent-Type:text/plain\r\nContent-Length:
891\r\nMax-Forwards: 10\r\nVia: 1.0 projectile.ca:25\r\n\r\nRSET\r\nHELO
lab-"
Does anyone know what the deal is with those? Is it some kind of
exploit against a broken HTTP proxy server? If so, why is it hitting
port 25 instead of port 80?