what was that?
Jacques A. Vidrine
nectar at FreeBSD.org
Mon Mar 31 10:56:41 PST 2003
On Mon, Mar 31, 2003 at 09:18:08PM +0400, Nikolaj I. Potanin wrote:
> What does mean this bizarre msgid?
>
> maillog:
> Mar 31 19:31:15 cu sm-mta[5352]: h2VFVEGS005352: from=<nb at sindbad.ru>,
> size=1737, class=0, nrcpts=1,
> msgid=<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAfp4Fa2ShPE2u4pP/QpPDIMKAAAAQAAAAj+zb4Isbuk+tYEPVF9Vf,
> proto=ESMTP, daemon=MTA, relay=wg.pu.ru [193.124.85.219]
It was a long Message-ID which sendmail truncated to 100 characters
when printing the log message, i.e. printf(... msgid=%.100s ...).
It's kind of interesting, because it is base64 encoded data which
begins with the string `PCDFEB09':
0000 50 43 44 46 45 42 30 39 00 01 00 02 00 00 00 00 |PCDFEB09........|
0010 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 |................|
0020 00 7e 9e 05 6b 64 a1 3c 4d ae e2 93 ff 42 93 c3 |.~..kd¡<M®â.ÿB.Ã|
0030 20 c2 80 00 00 10 00 00 00 8f ec db e0 8b 1b ba | Â........ìÛà..º|
0040 4f ad 60 43 d5 17 d5 5f |O`CÕ.Õ_|
Google'ing for that string turns up a lot of hits, which seem to be
Microsoft TNEF attachements. *shrug* Perhaps it is a sneaky way of
sending some data out-of-band :-) or maybe it is just a buggy
application. Too bad you don't have the entire message.
I don't think it is anything to worry about, really.
Cheers,
--
Jacques A. Vidrine <nectar at celabo.org> http://www.celabo.org/
NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos
jvidrine at verio.net . nectar at FreeBSD.org . nectar at kth.se
More information about the freebsd-security
mailing list