Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

"Fixed MIME Content-Type header field"

Posted on 2004-08-27
5
Medium Priority
?
1,440 Views
Last Modified: 2013-12-27
Good day

I get the following error message from the error log in a Solaris 9 system. Is this an misconfiguration error or bug? If so, how do I fix this? Thank you.

Aug 27 15:39:29 mail sendmail[25528]: [ID 801593 mail.alert] i7RNdE8R025486: Fixed MIME Content-Type header field (possible attack)
0
Comment
Question by:shawnk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 34

Expert Comment

by:PsiCop
ID: 11918973
Well, you didn't bother to say exactly which version of sendmail you're running, but if you're running the one that came with the stock Solaris v9 install (even patched), be aware that its almost certainly an older sendmail version. Telnet to the machine's port 25 and take a look at what version is reported. If its not v8.12.11 or v8.13.x, then you're running a older version. If its v8.11.x or earlier, then its a VULNERABLE older version and you should update immediately (or at the very least change the config so it doesn't broadcast to everyone who connects it just how bad off it is).

What the error means is that as sendmail processed a message header, probably an incoming one, it saw a suspicious MIME Content-Type header field, one that may have been part of an attack on your system. What specific attack I dunno. Perhaps an attempt to get sendmail to hang. You'd have to track down the message via the logs and examine it.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11918983
First things first, check your sendmail version, and if its outdated (personally, I'd call anything earlier than v8.12.10 "outdated"), you should start working on updating it. I know that a package for v8.12.11 (the last v8.12 release) is available on http://sunfreeware.com. I imagine that v8.13 is as well, and if it isn't, you can download the source from http://www.sendmail.org

Recommended reference: _Sendmail,_3rd Edition_ by Bryan Costales, ISBN 1-56592-839-3. Its not a "How to" or "For Dummies" book, its a reference for sendmail's features and functions.
0
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
ID: 11919362
That is a result of a change in Sendmail introduced in 8.12.8. The RELEASE_NOTES say:

"If MaxMimeHeaderLength is set and a malformed MIME header is fixed, log the fixup as "Fixed MIME header" instead of "Truncate MIME header".  Problem noted by Ian J Hart."

Sendmail is just reacting to a bogus MIME header, fixing it so that it can't cause problems, and telling you about it.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question