Hi.
I'm getting Snort alerts that describe "Attempted specific command buffer
overflow: MAIL FROM:, 346 chars" via this list. The typical message contains a
software pitch included in the headers like this:
====begin====
X-Spam-Check-By: apache.org
Received-SPF: neutral (asf.osuosl.org: local policy)
Received: from [85.194.0.110] (HELO mail.visit.se) (85.194.0.110)
by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Jul 2006 15:55:30 -0700
Received: by mail.visit.se (Postfix, from userid 503)
id 6188336E0097; Tue, 18 J="0" cellpadding="0" cellspacing="0">
<tr>
...and more HTML....followed by a 345 character string ...
====end====
Then the rest of the mail headers and a (truncated?) list message that begins:
====begin====
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Thursday 13 July 2006 08:31, Sietse van Zanen took the opportunity to=20
write:
> And that trick could also very well cause you to loose legitimate
...and more message...
====end====
Thoughts? I have preserved the entire message, for anyone who may be
interested. Thanks.
James
