lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <200607191300.k6JD0xCu013608@turing-police.cc.vt.edu>
Date: Wed, 19 Jul 2006 09:00:59 -0400
From: Valdis.Kletnieks@...edu
To: "Josh L. Perrymon" <joshuaperrymon@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Symantec 3300 E-mail Gateway dropping spoofed
	mails

On Wed, 19 Jul 2006 14:00:50 +1000, "Josh L. Perrymon" said:

> X-NAI-Spam-Report: 2 Rules triggered *  1.8 -- MIME_MISSING_BOUNDARY --

The first error message..

> RAW:  MIME section missing boundary *  0.5 -- MIME_BASE64_LATIN -- RAW:
> Latin  alphabet text using base64 encodi:

and the second..

> Content-type: multipart/alternative; boundary=HTMLDEMO44bc3b28b4ba5

OK so far...

> --HTMLDEMO44bc3b28b4ba5

And the *starting* boundary..

> Content-Type: text/html; charset=ISO-8859-1

I'll get back to this..

> Content-Transfer-Encoding: base64
> 
> DQoNCkF0dGVudGlvbiBFbWFpbCBVc2Vycyw8YnI+DQo8YnI+DQpEdWUgdG8gcmVjZW50IHNl
> DQoNCkF0dGVudGlvbiBFbWFpbCBVc2Vycyw8YnI+DQo8YnI+Y3Vy
> (snipped)
> cm8uZ292LmF1IDxicj4NCg0KDQo=
> 
> < end full >

Umm.. An *ending* boundary would be considered at least *polite*. Actually,
required by the RFCs.  So the first error message is in fact correct.

I haven't actually *decoded* the text, and can't due to the "(snipped)",
but I'm willing to bet that the second complaint is that it's tagged with
charset=ISO-8859-1 when in fact all the text contained therein is actually
US-ASCII. RFC2046, section 4.1.2:

   In general, composition software should always use the "lowest common
   denominator" character set possible.  For example, if a body contains
   only US-ASCII characters, it SHOULD be marked as being in the US-
   ASCII character set, not ISO-8859-1, which, like all the ISO-8859
   family of character sets, is a superset of US-ASCII.  More generally,
   if a widely-used character set is a subset of another character set,
   and a body contains only characters in the widely-used subset, it
   should be labelled as being in that subset.  This will increase the
   chances that the recipient will be able to view the resulting entity
   correctly.

So again, the message is quite likely being impolite again.  And this is
the sort of impoliteness that spammers like to abuse.  And I believe that
even Microsoft MUAs are able to get this one right these days, so there's
really no excuse for anybody except a spammer.. ;)


Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ