lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 19 Jul 2006 15:20:31 +1000
From: "Josh L. Perrymon" <joshuaperrymon@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: FW: Symantec 3300 E-mail Gateway dropping
	spoofedmails

Posted inline:



>
> On 7/19/06, Josh L. Perrymon <joshuaperrymon@...il.com> wrote:
> > This email gateway is blocking email messages spoofed from my RH3
> > box...
> >
> > <! error snippet>
> >
> > The error message:
> > X-NAI-Spam-Level: **
> >  X-NAI-Spam-Score: 2.3
> >  X-NAI-Spam-Report: 2 Rules triggered *  1.8 -- MIME_MISSING_BOUNDARY
> > --
> > RAW:  MIME section missing boundary *  0.5 -- MIME_BASE64_LATIN -- RAW:
> > Latin  alphabet text using base64 encodi:
> > < end snip >
> >
> >
> > WTF?
> >
> > Never had this message before...  The gateway didn't pickup on spoofed
> > senders or content. Just some weird message about Latin Alphabet and
> > MIME section missing boundary?
> >
> >
> > Anyone seen this before? Is this a .conf setting on my *nix mail
> > server?
>
> or could it be that the errors that it is reporting are actually true?
>
> it seems strange for you to suddenly decide that this specific error
> message
> somehow indicates the server is blocking your box. what made you come to
> this wild conclusion?
>
> -- mic



This message is from the remote Symantec EMail gateway and it blocks spoofed
emails sent from my linux box.

This is the first time a email/spam filter has detected one of these spoofed
emails from my *nix box so I'm trying to figure what is different.

--Why this was triggered?...
--What I can do to bypass it next time..---
-- Why did Symantecs box detect this and others havent?

JP


_______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists