Menu
▾
▴
Re: [Fetchmail-users] $16 question about --bad-headers
|
From: Matthias A. <mat...@gm...> - 2014-11-11 16:59:43
|
Am 11.11.2014 um 07:09 schrieb Gene Heskett:
> Greetings;
>
> Using a fetchmail thats only a couple months old, built from your tarball,
>
> I just had to set, from a restart on the command line giving it the
> --bad-header accept option in order to clear and retrieve an obviously C&C
> message from a bot controller, or something similar.
>
> The header really was bad:
Dear Gene,
Did the original header of the inbound message contain the "X-procmail:
user=gene" header? Can you be positive that procmail and whatever
you're calling from it are not modifying it?
Is anything in your inbound path transforming messages ("decoding")?
Just to rule out that, for instance, some "MIME decode" is making a mess
of your mail.
> Received: from nx ([218.109.100.99])
> (authenticated user ad...@bh...)
> by empireland.net (Kerio Connect 7.1.2);
> Thu, 23 Oct 2014 12:42:33 -0600
> X-procmail: user=gene
>
> »ú·¿»·¾³·¨¹æ
> Message-ID: <201...@bh...>
...
> Followed by about 23.5kb of what looked to be base64 encoded crap.
> Image,virus, c&c, I have no clue.
>
> Does anything in that look familiar to you folks? I haven't cleaned it up.
Doesn't look familiar to me, but I presume most of the crap is set aside
by the spam filters here. On the other hand, I do not operate
large-scale mail servers at this time.
Probably not all that helpful to you.
Best regards,
Matthias
|
