This is an extract from a log file I’m looking at right now for an Exchange 2003 SMTP service… I sure as hell hope there’s just a patch missing, otherwise, this could be one NASTY bug. It appears as if the DATA section of the SMTP session has been escaped, possibly by inclusion of the escape sequence used by SMTP to exit the DATA block, thus tacking the rest of the email straight to the SMTP service for processing… Anyone who knows anything about SMTP should be able to see the implications of this… And hopefully, I’m not just making an ass of myself 😛
13:13:30 124.61.182.49 EHLO – 250
13:13:30 124.61.182.49 MAIL – 250
13:13:30 124.61.182.49 RCPT – 250
13:13:32 124.61.182.49 DATA – 250
13:13:32 124.61.182.49 so – 500
13:13:32 124.61.182.49 ——=_nextpart_000_0007_01ca4ccf.fc799c50 – 500
13:13:32 124.61.182.49 content-type: – 500
13:13:32 124.61.182.49 charset=”iso-8859-1″ – 500
13:13:32 124.61.182.49 content-transfer-encoding: – 500
13:13:32 124.61.182.49 <!doctype – 500
13:13:32 124.61.182.49 <html><head> – 500
13:13:32 124.61.182.49 <meta – 500
13:13:32 124.61.182.49 > – 500
13:13:32 124.61.182.49 <meta – 500
13:13:32 124.61.182.49 <style></style> – 500
13:13:32 124.61.182.49 </head> – 500
13:13:32 124.61.182.49 <body> – 500
13:13:32 124.61.182.49 <html> – 500
13:13:32 124.61.182.49 <head> – 500
13:13:32 124.61.182.49 <title></title> – 500
13:13:32 124.61.182.49 </head> – 500
13:13:32 124.61.182.49 <body – 500
13:13:32 124.61.182.49 “> – 500
13:13:32 124.61.182.49 <table – 500
13:13:32 124.61.182.49 <tr> – 500
13:13:32 124.61.182.49 <td> – 500
13:13:32 124.61.182.49 <center><a – 500
13:13:32 124.61.182.49 QUIT – 240