Symantec 3300 E-mail Gateway dropping spoofed mails

["Josh L. Perrymon" <joshuaperrymon () gmail com>]

This email gateway is blocking email messages spoofed from my RH3 box...

<! error snippet>

The error message:
X-NAI-Spam-Level: **
X-NAI-Spam-Score: 2.3
X-NAI-Spam-Report: 2 Rules triggered *  1.8 -- MIME_MISSING_BOUNDARY --
RAW:  MIME section missing boundary *  0.5 -- MIME_BASE64_LATIN -- RAW:
Latin  alphabet text using base64 encodi:
< end snip >


WTF?

Never had this message before...  The gateway didn't pickup on spoofed
senders or content. Just some weird message about Latin Alphabet and MIME
section missing boundary?


Anyone seen this before? Is this a .conf setting on my *nix mail server?


< full error>
Received: from target.system.com ([X.X>X>X>)
by target.system.com (Sun Java System Messaging Server 6.2-4.03 (built
Sep
22 2005)) with SMTP id <0J2K0058KSVLMI00 () remote mail.server> for
target () target com; Tue, 18 Jul 2006 11:45:21 +1000 (EST)
Received: from MI.ISP.( x.x.x.x)
by target.email.server  via smtp id
059c_11c2333338_1652_11db_97c3_00142279d9aa;
Tue, 18 Jul 2006 21:39:29 +1000
Received: from nobody by hostingcmopanby.com with local (Exim
4.52)
id 1G2eVs-0004X9-Ou for target () email com ; Tue, 18 Jul 2006 11:36:40
+1000
Date: Tue, 18 Jul 2006 11:36:40 +1000
From: Spoofed Support Dept <websupport () bigspoof com>
Subject: [spam] Attention: Messenger Express Upgrade- Requires Action
To: target () company com
Message-id: <E1G2eVs-0004X9-Ou () removed com>
MIME-version: 1.0
Content-type: multipart/alternative; boundary=HTMLDEMO44bc3b28b4ba5
X-AntiAbuse: This header was added to track abuse,
please include it with any abuse report
X-AntiAbuse: Primary Hostname -REMOVED
X-AntiAbuse: Original Domain - REMOVED
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - REMOVED
X-Source:
X-Source-Args:
X-Source-Dir:
X-NAI-Spam-Level: **
X-NAI-Spam-Score: 2.3
X-NAI-Spam-Report: 2 Rules triggered *  1.8 -- MIME_MISSING_BOUNDARY --
RAW:  MIME section missing boundary *  0.5 -- MIME_BASE64_LATIN -- RAW:
Latin  alphabet text using base64 encodi
Original-recipient: rfc822;removed () removed com

This is a MIME encoded message.

--HTMLDEMO44bc3b28b4ba5
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: base64

DQoNCkF0dGVudGlvbiBFbWFpbCBVc2Vycyw8YnI+DQo8YnI+DQpEdWUgdG8gcmVjZW50IHNl
DQoNCkF0dGVudGlvbiBFbWFpbCBVc2Vycyw8YnI+DQo8YnI+Y3Vy
(snipped)
cm8uZ292LmF1IDxicj4NCg0KDQo=

< end full >



Cheers,

JP

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/