Does anyone here know of a legitimate MTA, proxy/filter, IDS, or similar
critter that sends this verb before sending EHLO?
In an http context it'd be something to do with Fortinet, I think. It's
possible that it'd
show up on SMTP too, I guess.
Thanks Steve (and John), I've gotten several suggestions now that it's a
Fortinet security device. I was just a little suspicious because of the
keyword (really?), the protocol violation, and the existence of a
trojan/dropper with the same name. And I haven't been able to coerce my
own Fortinet box to do the same. Perhaps an Email to their support group
would be in order.
ietf-smtp mailing list