Does anyone here know of a legitimate MTA, proxy/filter, IDS, or similar
critter that sends this verb before sending EHLO?
FCCKV2 zQUdwkgzYhu/noMgcNtA0wvhrV0T9SThL3koEfk=
In an http context it'd be something to do with Fortinet, I think. It's
possible that it'd
show up on SMTP too, I guess.
Thanks Steve (and John), I've gotten several suggestions now that it's a
Fortinet security device. I was just a little suspicious because of the
keyword (really?), the protocol violation, and the existence of a
trojan/dropper with the same name. And I haven't been able to coerce my
own Fortinet box to do the same. Perhaps an Email to their support group
would be in order.
<csg>
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp