Might have to handle these things with procmail level tools.
{^_^}
----- Original Message -----
From: <[EMAIL PROTECTED]>
Got a nasty spam with an extremly oversized Thread-Index header. (I set
my word wrap to 72 characters, I don't know if it will hold up however
when I hit send).
Does anyone know if it is exploiting a known Outlook/Exchange security hole?
The Thread-Index header seems to have caused Microsoft Outlook to "pick"
a friendly name from the users's address book and also hide the To:
header so it came through to undisclosed recipients.
The entire mail was 1.2megs so SpamAssassin of course did not scan it.
From [EMAIL PROTECTED] Tue Aug 30 15:47:08 2005
Return-Path: <[EMAIL PROTECTED]>
Received: from excluster1.scriptlogic.com (excluster1.scriptlogic.com
[65.248.131.18])
by inpf1.XXXXXXXXXXX.com (Postfix) with ESMTP id 46F0231A829
for <[EMAIL PROTECTED]>; Tue, 30 Aug 2005 15:47:01 -0400 (EDT)
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----_=_NextPart_001_01C5AD9B.92851B9B"
Subject: Active Directory Security, Back up and Restore with Active
Administrator 4.0
Date: Tue, 30 Aug 2005 15:46:53 -0400
Message-ID:
<[EMAIL PROTECTED]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Active Directory Security, Back up and Restore with Active
Administrator 4.0
Thread-Index:
AcWGJwzVhgXvfzM9S6i4YiAif+/YQAAIGvRQAABuKoAAJH1ZAAAAV/BQAAAEEGAAAigZcAAAcZ2QAAOJJ9AAAA3v8AAANqMQAAAfGgAAACKvkAAAhhjgAAA9GYAAAQ2GIAAACxRwAAConqAAAEAwQAA6TJVgAB/7SsAAAFCxwAABGqKQAAHmjBAAAJcnQAAAK9aAAAAUr1AAABu/wAAADc9AAABPN+AAAFOtoAAAJExAAAARVtAAABZkAAAAfq+AAAAMzMAAAISQ0AAAEZWAAAcICAAAAWeMAAAAJD1gAABmgjAAJIXI0AAADQzwAABhXTAAAHEq0AAAhI/QAACd/QAAAFUSsAAHUX6QAAAaofAAAE2csAAAMx6AAAAvoxAAAIOowAAAaQFQAAANTWAAABe+sAAABfFgAAAMFRAAAAZvQAAABhwAAAAkYfAAABOswAAAA98wAAAeBfAAABc0EAAALYmQAABABtABK97joAAAJNRwAAB6x7AAAS2uYAAAFeNwAPJxAtAAANAgQAAAajHQAAA5EdAAAvyKMAABANfAAABDDMAAAA9/0AADI60QAAARuXAAABMnAAAAJrCQAFlEW8AAAzf54AAAGrrgAAS50+AAA+SYcADH4mfwAAD2JVAAAINs0AAAKMFgAAAcqPAAACbyAAAATgigAAFxAbAAALJzMAAAFcegAAAWW4AAAEsHYAAiKKdgAAsa0XAAARbTgAABRIgQAAC9mwAAAAayYAAih/ewAAA80zAAACXuEAAAHJtQAAEo3YAAABgkUAAAEp/QAABPTKAAAAlb0AAAJwyAAAC82PAAAF0zoAAArTdgAAEPV0AAAB/owAAAmUzwAANSIGAAACGskAAAed1QAAHmLuAAAFTk0AAADqagAAEqkZAAACJKsAAAF7IgAABcElAAAB7mIAAARU1wAAC1M5AAAmLDQAAARGowAABOzOAAHyHRUAAACPtQAAAVVAAA
AFmBAAAAhm0AAABXSUAAAA3/oAAAqFAAAAFjY2AAAGz+UAAAU3UgAAA1tEAAAN+CoAAAv3aQANAsWRAAAAV0UAAABZnQAAAggdAAAFkRQAAAd/7gAAAzB8AAABDtgAAANdHgAARjVZAAAAMRUAAfU5hAAABRJ4AAAB28kAANM1lwAADHelAAAMXwQAAAr8+wAAAXoXAAADIuoAAABDDAAAACxIAAAAUGYAAB8mbAAAAeDGAAAAhmcAAAMMdAAAADXOAAABStEAAAC7ZgAAAaqiAAAGp3sAAiYy+QAACU7ZAAAAu2QAAACXlQAAAUpXAAABKYAAABCzpwAAAdZ6AAAB+t4AAAPSWgAAAIGAAAAKmCkAAAHt4gAAAhiAAAAISxAAAAmUmwAABGSpAAABEIUAAALSdgAAdDT2AAAAJhYAAAETkgAAFbNEAAAHm4oAAAGgMQAB+BNZAAACR3oAAAEWiQAAA2oGAAAALO0AAAIc8wAACNRwAAAH2MgAAAi3fwAAAVXsAAAAph8AAABYNwAAAhuBAAAAXRgAABhOYwAAlcQsAAy5EewAAAGbuwAAD2FbAAAAy1YAAAIzTgAAC2+rAAAT1k4AAASmOgAAFaj8AAAAK2sAAgHZfQAADHilAAAAUJ4AAAFO/QAAAIctAAA1bK8AAABGkQAAATTmAAAAOocAAAAqSgASqHvHAAACIgsAAAFcNgAAA74KAAANPWEAAHRRPgAADyx2AAAHFMEAAFESBQAADnSRAAACIiQAAAA/ngAAACiDAAAA82UAAABAiwAAAgP4AAADIvgAAAOBfAAABamUAALpBv0AABTQcgAAMB+WAAABJUUAAAGW0gAAAySqAAAAjXYAAATm7gAAFRIjAAHeOj8AAEf/+gAAAG83AAAGsq4AAAFODAAAajQjAAAKJOsAABH5/AAAB/lMAAAEko0AAALwTQAAAeOyAABCclIAAAQepgAAAwRDAAACxOMAAAGD
TwAAAXkn
AAAAM1MAAAArcQAABkikAAABo7UAAACh9gAADFfAAAAA9p0AAAGjjwAAAg2HAAKaui8AAAByWQAAAQVxAAAAJoUAAz9yDgAJOgxbAAAAK+sAAAfCWwAAAWmxAAABJWsAAAJAOQAAAm4KAAAG5l8AAAOulQAAADfpAAABA3IAAEPefwAAA5tOAAAAPNoAABgDXgACBE0tAAATBjwAAAex2AAACFjoAAAOMtMAAAdZCgAAADXWAAAAKzMAAAAubgAAFGHBAAA/Qa4AAAtObAAAQPqkAAAGSK0AAAzuzQ
From: "Jeffrey Colas" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
