On Sep 28, 2012, at 2:26 PM, "Carl S. Gutekunst" <csg(_at_)alameth(_dot_)org>
wrote:
Does anyone here know of a legitimate MTA, proxy/filter, IDS, or similar
critter that sends this verb before sending EHLO?
FCCKV2 zQUdwkgzYhu/noMgcNtA0wvhrV0T9SThL3koEfk=
I'm suspicious that it's a malware infection on the sender's host, but before
I start making accusations I wanted to check around. Various web forums have
also reported seeing this as an X-bar header line in HTTP requests, without
identifying what it was.
In an http context it'd be something to do with Fortinet, I think. It's
possible that it'd
show up on SMTP too, I guess.
Cheers,
Steve
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp