I found a few of these in syslog (wrapped here for legibility):
Apr 3 04:33:52 jujube mimedefang-multiplexor[411]:
[ID 980602 mail.info] Slave 22 stderr: Can't coerce GLOB to number
in add at /etc/mail/mimedefang/mimedefang-filter line 383.
The slave then dies prematurely with the "check your filter rules"
error. Line 383 is:
if ($Helo =~ /yahoo.com/) {
The error follows closely this sendmail report:
Apr 3 04:33:52 jujube sm-mta[22755]: [ID 801593 mail.info]
k338XTZk022755: from=<[EMAIL PROTECTED]>, size=180541, class=0,
nrcpts=1, msgid=<[EMAIL PROTECTED]>,
proto=ESMTP, daemon=MTA-v4, relay=[202.120.113.165]
That's not Yahoo, so who knows what the HELO string was.
"Can't coerce GLOB to number in add"-- meaning a file named "add"?
If this is the result of a bizarre HELO string, is there an exploit
here waiting for the right HELO string?
Ha!-- I just looked for other messages from that IP address. Three
hours later it tried to send us a zipped virus.
Joseph Brennan
Columbia University Information Technology
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
