Solved

"Fixed MIME Content-Type header field"

Posted on 2004-08-27
5
1,415 Views
Last Modified: 2013-12-27
Good day

I get the following error message from the error log in a Solaris 9 system. Is this an misconfiguration error or bug? If so, how do I fix this? Thank you.

Aug 27 15:39:29 mail sendmail[25528]: [ID 801593 mail.alert] i7RNdE8R025486: Fixed MIME Content-Type header field (possible attack)
0
Comment
Question by:shawnk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 34

Expert Comment

by:PsiCop
ID: 11918973
Well, you didn't bother to say exactly which version of sendmail you're running, but if you're running the one that came with the stock Solaris v9 install (even patched), be aware that its almost certainly an older sendmail version. Telnet to the machine's port 25 and take a look at what version is reported. If its not v8.12.11 or v8.13.x, then you're running a older version. If its v8.11.x or earlier, then its a VULNERABLE older version and you should update immediately (or at the very least change the config so it doesn't broadcast to everyone who connects it just how bad off it is).

What the error means is that as sendmail processed a message header, probably an incoming one, it saw a suspicious MIME Content-Type header field, one that may have been part of an attack on your system. What specific attack I dunno. Perhaps an attempt to get sendmail to hang. You'd have to track down the message via the logs and examine it.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11918983
First things first, check your sendmail version, and if its outdated (personally, I'd call anything earlier than v8.12.10 "outdated"), you should start working on updating it. I know that a package for v8.12.11 (the last v8.12 release) is available on http://sunfreeware.com. I imagine that v8.13 is as well, and if it isn't, you can download the source from http://www.sendmail.org

Recommended reference: _Sendmail,_3rd Edition_ by Bryan Costales, ISBN 1-56592-839-3. Its not a "How to" or "For Dummies" book, its a reference for sendmail's features and functions.
0
 
LVL 40

Accepted Solution

by:
jlevie earned 125 total points
ID: 11919362
That is a result of a change in Sendmail introduced in 8.12.8. The RELEASE_NOTES say:

"If MaxMimeHeaderLength is set and a malformed MIME header is fixed, log the fixup as "Fixed MIME header" instead of "Truncate MIME header".  Problem noted by Ian J Hart."

Sendmail is just reacting to a bogus MIME header, fixing it so that it can't cause problems, and telling you about it.
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question