Re: [exim] Interesting log entry

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMJeroen van Aart at <-
Mike Cardwell at ->
Delete this message
Reply to this message
Author: Roland Illig
Date:  
To: exim-users
Subject: Re: [exim] Interesting log entry
Jeroen van Aart wrote:
> Hello,
>
> I noticed this log entry, which I have not seen before:
>
> 2007-08-23 11:17:49 SMTP protocol synchronization error (next input sent
> too soon: pipelining was not advertised): rejected "Subject:¡erelay
> ok¡f66.252.xxx.xxx" H=219-84-61-136-adsl-tpe.dynamic.so-net.net.tw
> [219.84.61.136] next input="MIME-Version: 1.0\r\nContent-Type:
> text/html;charset="big5"\r\nContent-Transfer-Encoding:7bit\r\n\263o\253\312\253H
> relay from : 66.252.xxx.xxx\r\n.\r\n"
>
> The 66.252 IP address is the IP address of our email server. This seems
> to me like some attempt to exploit some vulnerability (looking at the
> subject). But I don't expect exim to have problems with it.

To me, it looks like someone who is scanning for open relays but doesn't
really know that in SMTP, you have to wait for an answer before sending
the next request. If you have a well-configured mail server, you
shouldn't need to worry about that.

Roland

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Exim 4.67 - how to force usage of a specific authenticator when acting as a clientRe: [exim] Interesting log entry->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)