Possible CA-2003-12 exploit

jeroman8

Well-Known Member
Mar 14, 2003
410
0
166
Hello!

Starting a short while back we can't send mail to a certail host cause they
seem to have high security filters or something.
This apply only form one of our servers - they other servers with same setup
can send so I guess there is something wrong with this server
We can't send from Webmail = sendmail.

[email protected]
SMTP error from remote mail server after end of data:
host smtp.zzz.com [000.000.111.111]: 550 Error:
Possible CA-2003-12 exploit

CA-2003-12 exploit is a sendmail exploit related to buffer owerflow.
Seems the header "can" be rewritten causing something...!

Since the other server is stopping the mail and say it's a CA-2003-12 exploit
I guess the header has been rewritten since they can see this.
Other mailservers is accepting the mail ok.

Anyone know waht to do - how can I see if it's being rewritten.
I'm checking the mail header but can't see anything.

The sendmail program has exact same size and update date as on my
other servers.
I have run upcp force with new build (current instead) and then I run eximup -- force
That did not help.

Any suggestion or info appreciated!
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
31
473
Go on, have a guess
Since cPanel doesn't use sendmail the recipient has got it wrong. Only they can answer why they're blocking the email from a non-sendmail MTA.
 

jeroman8

Well-Known Member
Mar 14, 2003
410
0
166
Hi Chirpy - so the sendmail /usr/sbin/sendmail, script on server
is really exim and not the "real sendmail" program ?


Thanks, Jerry
 

jeroman8

Well-Known Member
Mar 14, 2003
410
0
166
yupp, thanks!
exim-4.63-1_cpanel_maildir

Strange they only block one of our servers and not all since all run same stuff.
Maybe there is something strange on the server....
But the exploit is for sendmail so thats funny!

Anyway, contacted their network staff and they will look into it.