Somebody's starting to exploit a hole in sendmail 8.8, where
giving a HELO longer than 1024 bytes causes buffer overflow,
and all following "Received:" headers are lost. If it's done
off a relay, we have no clue who sent it. There may be a
more elegant solution, but here's a quick-n-dirty procmail
filter for this stunt.
#
# Note: The 5 lines of dots starting with "* ^Received:"
# should be one long continuous line of dots.
#
:0:
* ^Received:..................................................
...............................................................
...............................................................
...............................................................
...............................................................
| formail -A "X-Reject: Using security hole in sendmail 8.8"
junkmail
--
Walter Dnes (Toronto)
<waltdnes(_at_)interlog(_dot_)com>