lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <7d85153f0607182100n7b5ee2e0l66a3f0f2489e38ab@mail.gmail.com>
Date: Wed, 19 Jul 2006 14:00:50 +1000
From: "Josh L. Perrymon" <joshuaperrymon@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Symantec 3300 E-mail Gateway dropping spoofed
	mails

This email gateway is blocking email messages spoofed from my RH3 box...

<! error snippet>

The error message:
X-NAI-Spam-Level: **
X-NAI-Spam-Score: 2.3
X-NAI-Spam-Report: 2 Rules triggered *  1.8 -- MIME_MISSING_BOUNDARY --
RAW:  MIME section missing boundary *  0.5 -- MIME_BASE64_LATIN -- RAW:
Latin  alphabet text using base64 encodi:
< end snip >


WTF?

Never had this message before...  The gateway didn't pickup on spoofed
senders or content. Just some weird message about Latin Alphabet and MIME
section missing boundary?


Anyone seen this before? Is this a .conf setting on my *nix mail server?


< full error>
Received: from target.system.com ([X.X>X>X>)
 by target.system.com (Sun Java System Messaging Server 6.2-4.03 (built
Sep
 22 2005)) with SMTP id <0J2K0058KSVLMI00@...ote.mail.server> for
target@...get.com; Tue, 18 Jul 2006 11:45:21 +1000 (EST)
Received: from MI.ISP.( x.x.x.x)
 by target.email.server  via smtp id
059c_11c2333338_1652_11db_97c3_00142279d9aa;
 Tue, 18 Jul 2006 21:39:29 +1000
Received: from nobody by hostingcmopanby.com with local (Exim
4.52)
 id 1G2eVs-0004X9-Ou for target@...il.com ; Tue, 18 Jul 2006 11:36:40
+1000
Date: Tue, 18 Jul 2006 11:36:40 +1000
From: Spoofed Support Dept <websupport@...spoof.com>
Subject: [spam] Attention: Messenger Express Upgrade- Requires Action
To: target@...pany.com
Message-id: <E1G2eVs-0004X9-Ou@...oved.com>
MIME-version: 1.0
Content-type: multipart/alternative; boundary=HTMLDEMO44bc3b28b4ba5
X-AntiAbuse: This header was added to track abuse,
 please include it with any abuse report
X-AntiAbuse: Primary Hostname -REMOVED
X-AntiAbuse: Original Domain - REMOVED
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - REMOVED
X-Source:
X-Source-Args:
X-Source-Dir:
X-NAI-Spam-Level: **
X-NAI-Spam-Score: 2.3
X-NAI-Spam-Report: 2 Rules triggered *  1.8 -- MIME_MISSING_BOUNDARY --
RAW:  MIME section missing boundary *  0.5 -- MIME_BASE64_LATIN -- RAW:
Latin  alphabet text using base64 encodi
Original-recipient: rfc822;removed@...oved.com

This is a MIME encoded message.

--HTMLDEMO44bc3b28b4ba5
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: base64

DQoNCkF0dGVudGlvbiBFbWFpbCBVc2Vycyw8YnI+DQo8YnI+DQpEdWUgdG8gcmVjZW50IHNl
DQoNCkF0dGVudGlvbiBFbWFpbCBVc2Vycyw8YnI+DQo8YnI+Y3Vy
(snipped)
cm8uZ292LmF1IDxicj4NCg0KDQo=

< end full >



Cheers,

JP

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ