Solved

"Fixed MIME Content-Type header field"

Posted on 2004-08-27
5
1,352 Views
Last Modified: 2013-12-27
Good day

I get the following error message from the error log in a Solaris 9 system. Is this an misconfiguration error or bug? If so, how do I fix this? Thank you.

Aug 27 15:39:29 mail sendmail[25528]: [ID 801593 mail.alert] i7RNdE8R025486: Fixed MIME Content-Type header field (possible attack)
0
Comment
Question by:shawnk
  • 2
5 Comments
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
Well, you didn't bother to say exactly which version of sendmail you're running, but if you're running the one that came with the stock Solaris v9 install (even patched), be aware that its almost certainly an older sendmail version. Telnet to the machine's port 25 and take a look at what version is reported. If its not v8.12.11 or v8.13.x, then you're running a older version. If its v8.11.x or earlier, then its a VULNERABLE older version and you should update immediately (or at the very least change the config so it doesn't broadcast to everyone who connects it just how bad off it is).

What the error means is that as sendmail processed a message header, probably an incoming one, it saw a suspicious MIME Content-Type header field, one that may have been part of an attack on your system. What specific attack I dunno. Perhaps an attempt to get sendmail to hang. You'd have to track down the message via the logs and examine it.
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
First things first, check your sendmail version, and if its outdated (personally, I'd call anything earlier than v8.12.10 "outdated"), you should start working on updating it. I know that a package for v8.12.11 (the last v8.12 release) is available on http://sunfreeware.com. I imagine that v8.13 is as well, and if it isn't, you can download the source from http://www.sendmail.org

Recommended reference: _Sendmail,_3rd Edition_ by Bryan Costales, ISBN 1-56592-839-3. Its not a "How to" or "For Dummies" book, its a reference for sendmail's features and functions.
0
 
LVL 40

Accepted Solution

by:
jlevie earned 125 total points
Comment Utility
That is a result of a change in Sendmail introduced in 8.12.8. The RELEASE_NOTES say:

"If MaxMimeHeaderLength is set and a malformed MIME header is fixed, log the fixup as "Fixed MIME header" instead of "Truncate MIME header".  Problem noted by Ian J Hart."

Sendmail is just reacting to a bogus MIME header, fixing it so that it can't cause problems, and telling you about it.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now