Full Disclosure mailing list archives
Re: Symantec 3300 E-mail Gateway dropping spoofed mails
From: Valdis.Kletnieks () vt edu
Date: Wed, 19 Jul 2006 09:00:59 -0400
On Wed, 19 Jul 2006 14:00:50 +1000, "Josh L. Perrymon" said:
X-NAI-Spam-Report: 2 Rules triggered * 1.8 -- MIME_MISSING_BOUNDARY --
The first error message..
RAW: MIME section missing boundary * 0.5 -- MIME_BASE64_LATIN -- RAW: Latin alphabet text using base64 encodi:
and the second..
Content-type: multipart/alternative; boundary=HTMLDEMO44bc3b28b4ba5
OK so far...
--HTMLDEMO44bc3b28b4ba5
And the *starting* boundary..
Content-Type: text/html; charset=ISO-8859-1
I'll get back to this..
Content-Transfer-Encoding: base64 DQoNCkF0dGVudGlvbiBFbWFpbCBVc2Vycyw8YnI+DQo8YnI+DQpEdWUgdG8gcmVjZW50IHNl DQoNCkF0dGVudGlvbiBFbWFpbCBVc2Vycyw8YnI+DQo8YnI+Y3Vy (snipped) cm8uZ292LmF1IDxicj4NCg0KDQo= < end full >
Umm.. An *ending* boundary would be considered at least *polite*. Actually, required by the RFCs. So the first error message is in fact correct. I haven't actually *decoded* the text, and can't due to the "(snipped)", but I'm willing to bet that the second complaint is that it's tagged with charset=ISO-8859-1 when in fact all the text contained therein is actually US-ASCII. RFC2046, section 4.1.2: In general, composition software should always use the "lowest common denominator" character set possible. For example, if a body contains only US-ASCII characters, it SHOULD be marked as being in the US- ASCII character set, not ISO-8859-1, which, like all the ISO-8859 family of character sets, is a superset of US-ASCII. More generally, if a widely-used character set is a subset of another character set, and a body contains only characters in the widely-used subset, it should be labelled as being in that subset. This will increase the chances that the recipient will be able to view the resulting entity correctly. So again, the message is quite likely being impolite again. And this is the sort of impoliteness that spammers like to abuse. And I believe that even Microsoft MUAs are able to get this one right these days, so there's really no excuse for anybody except a spammer.. ;)
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Symantec 3300 E-mail Gateway dropping spoofed mails Josh L. Perrymon (Jul 18)
- Re: Symantec 3300 E-mail Gateway dropping spoofed mails mikeiscool (Jul 18)
- Re: Symantec 3300 E-mail Gateway dropping spoofed mails Valdis . Kletnieks (Jul 19)