Full Disclosure mailing list archives
Symantec 3300 E-mail Gateway dropping spoofed mails
From: "Josh L. Perrymon" <joshuaperrymon () gmail com>
Date: Wed, 19 Jul 2006 14:00:50 +1000
This email gateway is blocking email messages spoofed from my RH3 box... <! error snippet> The error message: X-NAI-Spam-Level: ** X-NAI-Spam-Score: 2.3 X-NAI-Spam-Report: 2 Rules triggered * 1.8 -- MIME_MISSING_BOUNDARY -- RAW: MIME section missing boundary * 0.5 -- MIME_BASE64_LATIN -- RAW: Latin alphabet text using base64 encodi: < end snip > WTF? Never had this message before... The gateway didn't pickup on spoofed senders or content. Just some weird message about Latin Alphabet and MIME section missing boundary? Anyone seen this before? Is this a .conf setting on my *nix mail server? < full error> Received: from target.system.com ([X.X>X>X>) by target.system.com (Sun Java System Messaging Server 6.2-4.03 (built Sep 22 2005)) with SMTP id <0J2K0058KSVLMI00 () remote mail.server> for target () target com; Tue, 18 Jul 2006 11:45:21 +1000 (EST) Received: from MI.ISP.( x.x.x.x) by target.email.server via smtp id 059c_11c2333338_1652_11db_97c3_00142279d9aa; Tue, 18 Jul 2006 21:39:29 +1000 Received: from nobody by hostingcmopanby.com with local (Exim 4.52) id 1G2eVs-0004X9-Ou for target () email com ; Tue, 18 Jul 2006 11:36:40 +1000 Date: Tue, 18 Jul 2006 11:36:40 +1000 From: Spoofed Support Dept <websupport () bigspoof com> Subject: [spam] Attention: Messenger Express Upgrade- Requires Action To: target () company com Message-id: <E1G2eVs-0004X9-Ou () removed com> MIME-version: 1.0 Content-type: multipart/alternative; boundary=HTMLDEMO44bc3b28b4ba5 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname -REMOVED X-AntiAbuse: Original Domain - REMOVED X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12] X-AntiAbuse: Sender Address Domain - REMOVED X-Source: X-Source-Args: X-Source-Dir: X-NAI-Spam-Level: ** X-NAI-Spam-Score: 2.3 X-NAI-Spam-Report: 2 Rules triggered * 1.8 -- MIME_MISSING_BOUNDARY -- RAW: MIME section missing boundary * 0.5 -- MIME_BASE64_LATIN -- RAW: Latin alphabet text using base64 encodi Original-recipient: rfc822;removed () removed com This is a MIME encoded message. --HTMLDEMO44bc3b28b4ba5 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: base64 DQoNCkF0dGVudGlvbiBFbWFpbCBVc2Vycyw8YnI+DQo8YnI+DQpEdWUgdG8gcmVjZW50IHNl DQoNCkF0dGVudGlvbiBFbWFpbCBVc2Vycyw8YnI+DQo8YnI+Y3Vy (snipped) cm8uZ292LmF1IDxicj4NCg0KDQo= < end full > Cheers, JP
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Symantec 3300 E-mail Gateway dropping spoofed mails Josh L. Perrymon (Jul 18)
- Re: Symantec 3300 E-mail Gateway dropping spoofed mails mikeiscool (Jul 18)
- Re: Symantec 3300 E-mail Gateway dropping spoofed mails Valdis . Kletnieks (Jul 19)