OK,
those that where suspicious that I had been hacked were right!
With a lot of checking I am slowly pining down the problem. The
problem as it appears, is that someone is exploiting a bug probably in
sendmail, but I am lacking knowledge in the interaction between
fetchmail, sendmail, and procmail to be sure.
What I have noticed is that the messages are chinese spam, somehow
they are getting split in two parts. One that has the full
headers and the other which has incomplete and erroneous headers.
Comparing the message that procmail has backed up and the splitted
version of it. I am not seeing these lines
X-From-Line: foo(_at_)bar Wed Jan 26 16:50:04 2000
Message-ID: <m3n1psfp56(_dot_)fsf(_at_)totally-fudged-out-message-id>
in the backed up version. Would this point to sendmail not being
able to handle properly these spams? Does someone knows a
solution with sendmail to fix this annoying "feature"? Note: I had
tried to picked up the X-Form-Line: foo(_at_)bar header which is always
there but somehow it it not picking it up. I have to see why...
I am still looking into this problem.
Thanks,
--
==================================================================
Dominic Mitchell Email:
mitcheld(_at_)qed(_dot_)econ(_dot_)queensu(_dot_)ca
Department of Economics mailto:dominic(_at_)cedep(_dot_)net
Queen's University
Kingston, Ontario The XXI century starts on 2001-01-01!
Canada, K7L 3N6 Le XXI siècle débute le 2001-01-01!
==================================================================