Yup, Michael Appeldorn wrote:
Am 08.02.2002 14:49:33, schrieb Jochen Kaechelin
: tail -f /var/log/warn:
Feb 8 05:23:21 jochen sendmail[12473]: g184NLB12469: Truncated MIME Content-Type header due to field size (length = 16) (possible attack) ^ ^ ^ ^ ^ ^ ^ ^
And if I read the error-code step by step it seems to mean that the header that describes to content-type of the mime-content has an length longer then normally (may RFC) - so this can by a try to generate a buffer-overflow.
Exactly. The error message sendmail spew out was directed to a truncation of the mime-header, which should only have 256 chars. Sendmail protects itself from buffer overflow with this truncation. Bof-attack - note down, investigate, and be careful, Jochen. It may be an old Pegasus MUA version (which, among other MUAs, is known to create these kinds of problems), but also could have been an attack. Check your sendmail version, and consider updating to the latest safe-stable release.
Michael Appeldorn
Boris