At 02:28 PM 6/27/2003 +0100, you wrote:
Recently I have started to get this log reportsendmail: Truncated MIME Content-Disposition header due to field size (possibleattack) Is this something that I can prevent and stop? I'm running fully patched raq3 and raq4r and message appears in both logfiles.
It is the SoBig.E virus being sent to user's mailboxes. It hit my mail server as quickly as I read the news about it yesterday and numerous times. Interestingly, the news about the virus does not report that it is sending an oversize mail header. Is this an indication that it was designed to take advantage of the sendmail vulnerability that we patched a few months ago? You did patch for the oversized header vulnerability didn't you?
Cheers, Glenn