Sendmail 8.10.0 a mozno relay - dlhsie

[Marian Cavojsky]

Prijemny predvianocny cas.

Pritrafil sa mi dnes jeden taky problem. Prisli mi dva e-maily, ktore boli
poslane so ziadneho konta. V logu su tieto hlasky:

Dec 15 07:39:15 mail sendmail[13960]: eBF6d5h13960: from=<>, size=31528,
class=0, nrcpts=1, msgid=<200012150639.eBF6d5h13960 na soria-grey.sk>, proto=SMTP,
daemon=MTA, relay=dial-up-103.gtinet.sk [195.98.129.103]

Dec 15 14:00:07 mail sendmail[17395]: eBFCwIh17395: from=<>, size=31504,
class=0, nrcpts=1, msgid=<200012151258.eBFCwIh17395 na soria-grey.sk>, proto=SMTP,
daemon=MTA, relay=dialup141.sknet.sk [195.12.147.141]

Nebol v nich ziadny text, len pribalene subory EXE. V kazdom z nich pod inym
menom ten isty EXE subor. Takehoto tvaru by mali byt bounce spravy (dufam, ze
som to spravne nazval). Informacie o nedorucitelnosti e-mailu. Lenze z adresy,
na ktoru prisli, sa e-maily neodosielaju. Clovek komu tato posta bola
presmerovana ten subor samozrejme spustil. (Ja sa uz vzdavam, vychovat
pouzivatelov Win, aby neklikali na vsetko co pride sa asi nikdy nepodari.)
Program podla jeho slov, nic neurobil, co znamena, ze urobil nieco o com nemal
vediet.

Teraz moje otazky:
  1) Je mozne zabranit, prijimaniu takychto e-mailov? (Neviem si predstavit, ako
by sa dali odlisit od ostatnych).
  2) Mate niekto skusenosti s prijmom takychto e-mailov (tohoto suboru EXE),
aby som sa dozvedel co asi tak mohol vykonat? (Hlavicky su nizsie)

Dakujem.

PS: Ak by niekto vedel zistit co ten program robi, mozem ho zaslat.

-- 
Marian Cavojsky
cavojsky @ soria-grey.sk
Spravca siete
Soria & Grey s.r.o
Reklamna Agentura

#priloha1: hlavicka a cast prveho e-mailu:

X-POP3-Rcpt: cavo na mail
Return-Path: <MAILER-DAEMON>
Received: from rebus2 (dial-up-103.gtinet.sk [195.98.129.103])
	by soria-grey.sk (8.10.0/8.10.0) with SMTP id eBF6d5h13960
	for <soria na soria-grey.sk>; Fri, 15 Dec 2000 07:39:05 +0100
Date: Fri, 15 Dec 2000 07:39:05 +0100
Message-Id: <200012150639.eBF6d5h13960 na soria-grey.sk>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--VEY3KTM7GDA7K1M3O1UZKDM3GP2RC9"
Status: RO
X-Status: F


----VEY3KTM7GDA7K1M3O1UZKDM3GP2RC9
Content-Type: text/plain; charset="us-ascii"



----VEY3KTM7GDA7K1M3O1UZKDM3GP2RC9
Content-Type: application/octet-stream; name="OECBMMOE.EXE"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="OECBMMOE.EXE"

TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
...

#priloha2: hlavicka a cast druheho e-mailu:

X-POP3-Rcpt: cavo na mail
Return-Path: <MAILER-DAEMON>
Received: from zempress (dialup141.sknet.sk [195.12.147.141])
	by soria-grey.sk (8.10.0/8.10.0) with SMTP id eBFCwIh17395
	for <soria na soria-grey.sk>; Fri, 15 Dec 2000 13:58:21 +0100
Date: Fri, 15 Dec 2000 13:58:21 +0100
Message-Id: <200012151258.eBFCwIh17395 na soria-grey.sk>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--VEMR05U7O12ZKTA3O52FSHMJ"
Status: R 
X-Status: N


----VEMR05U7O12ZKTA3O52FSHMJ
Content-Type: text/plain; charset="us-ascii"



----VEMR05U7O12ZKTA3O52FSHMJ
Content-Type: application/octet-stream; name="LPKKIPLP.EXE"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="LPKKIPLP.EXE"

TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
...