NO "send error 10038" found in last 3 days logs. We're using ASSP in front Imail. I don't know if ASSP "blocks" attack or just we were not attacked.
Pere. -----Mensaje original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Robbie Pardue Enviado el: sábado, 28 de octubre de 2006 1:39 Para: [email protected] Asunto: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 Look at your smtp logs for "send error 10038". That will be preceded by something like date time SMTPD(your-message-number) [<the imail IP>] connect the-offending-server-ip port 3442 date time SMTPD(your-message-number) [the-offending-server-up] EHLO date time SMTPD(your-message-number) [the-offending-server-up] MAIL FROM <[EMAIL PROTECTED]> date time SMTPD(your-message-number) [the-offending-server-up] RCPT TO: <@qo♥►:ÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉ ÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉ date time SMTPD() send error 10038 and followed by a SMTP server refusing connections (though the service says "Running") (and only that if you are lucky...the overflow warning indicates that they can run anything they want in that). (That string can be any number of continuous crazy characters, seems to vary from hacker to hacker / log server to log server.) ----- Original Message ---- From: Brian T. <[EMAIL PROTECTED]> To: [email protected] Sent: Friday, October 27, 2006 4:18:27 PM Subject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 Anybody willing to give any input as to what to look for? Brian ----- Original Message ----- From: Brian T. To: [email protected] Sent: Friday, October 27, 2006 11:23 AM Subject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 How can you tell? Brian T. ----- Original Message ----- From: Servei Tecnic [ MICROTECH ] To: [email protected] Sent: Friday, October 27, 2006 11:01 AM Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 just get hacked... -----Mensaje original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Beach Computers Enviado el: viernes, 27 de octubre de 2006 16:45 Para: [email protected] Asunto: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 So, if you have no SA and are on 8.15, you either pay, or get hacked? Dave =================================== Beach Computers Affordable Hosting Solutions http://www.beachcomp.com =================================== Cheap Domain Warehouse Get Your Own Dot! http://www.cheapdomainwarehouse.com ------------------------------------ Disclaimer and confidentiality note: The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address records can be corrected. Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies. Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Pardue Sent: Friday, October 27, 2006 9:24 AM To: [email protected] Subject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 I talked to Kevin Gillis. The short answer is no patch for anything older than 8.22. ----- Original Message ---- From: marc <[EMAIL PROTECTED]> To: [email protected] Sent: Friday, October 27, 2006 4:51:00 AM Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 any news about "planning to check/fix prior 8.22 versions"? will Kevin Gillis answer this (and here)? marc At 09:36 27.10.2006, you wrote: > >Is Ipswitch planning to check/fix prior 8.22 versions? >Any SMTP update for 8.15 will work in 8.05?? >If i understand correctly, SMTP was fully rewrited in 8.22, so is same in >8.05 and 8.15 > >Thxs, >Pere Ginabreda > > > >-----Mensaje original----- >De: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] nombre de Tripp Allen >Enviado el: viernes, 27 de octubre de 2006 3:57 >Para: [email protected] >Asunto: [IMail Forum] Update for SMTP vulnerability in 8.22 > > >The steps and files to update 8.22 are located here: >http://support.ipswitch.com/kb/IM-20061026-JH01.htm Note this will ONLY >work for 8.22. > >Thanks, >Tripp Allen >Software Development Manager, Messaging >Ipswitch, Inc. > >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > >[Scanned for viruses by Declude] [Scanned for viruses by Declude] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
