[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] mail attack
- Subject: Re: [cobalt-security] mail attack
- From: davidblack <DavidBlack@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 21 May 2003 00:22:52 -0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
----- Original Message -----
From: "Paul Jacobs" <paul@xxxxxxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Wednesday, May 21, 2003 5:20 AM
Subject: Re: [cobalt-security] mail attack
> At 03:42 PM 5/20/2003, you wrote:
>
> >----- Original Message -----
> >From: "paul jacobs" <paul@xxxxxxxxxxxxxxxxxx>
> >To: <cobalt-security@xxxxxxxxxxxxxxx>
> >Sent: Tuesday, May 20, 2003 10:11 PM
> >Subject: [cobalt-security] mail attack
> >
> >
> > > Seem to be getting the below error more and more.... anyone else?
> > >
> > > May 20 14:22:25 ns4 sendmail[14779]: h4KLMOs14778: Truncated MIME
> > > Content-Disposition header due to field size (possible attack)
> > > May 20 14:27:36 ns4 sendmail[15018]: h4KLRZs15017: Truncated MIME
> > > Content-Disposition header due to field size (possible attack)
> > >
> > > Any way to stop it or dare I say fix it.
> > >
> > >
> > > Best Regards,
> > > Paul Jacobs /Sr. Network Manager
> > > http://www.yourwebcentral.com
> >
> >
> >Same here. I've seen them occasionally for months,
> >but they've been getting really heavy during the past
> >couple of days. Most of the originating IPs seem to be
> >open relays or non-US dialup types... so I just check
> >and block them, as appropriate. I've also discovered
> >that "truncated MIME" events can be caused by an
> >Outlook spyware add-on, called Hotbar.
>
> Interesting.. any reading I can do on hotbar.. got a url?
Hotbar is from www.hotbar.com. I doubt if you'll find any information
about the mime header issue there though. You might try searching
google groups for "hotbar".
David Black
Houston, TX