Re: [exim] Interesting log entry

Jeroen van Aart wrote:
> Hello,
>
> I noticed this log entry, which I have not seen before:
>
> 2007-08-23 11:17:49 SMTP protocol synchronization error (next input sent
> too soon: pipelining was not advertised): rejected "Subject:¡erelay
> ok¡f66.252.xxx.xxx" H=219-84-61-136-adsl-tpe.dynamic.so-net.net.tw
> [219.84.61.136] next input="MIME-Version: 1.0\r\nContent-Type:
> text/html;charset="big5"\r\nContent-Transfer-Encoding:7bit\r\n\263o\253\312\253H
> relay from : 66.252.xxx.xxx\r\n.\r\n"
>
> The 66.252 IP address is the IP address of our email server. This seems
> to me like some attempt to exploit some vulnerability (looking at the
> subject). But I don't expect exim to have problems with it.

To me, it looks like someone who is scanning for open relays but doesn't
really know that in SMTP, you have to wait for an answer before sending
the next request. If you have a well-configured mail server, you
shouldn't need to worry about that.

Roland