[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <7d85153f0607182100n7b5ee2e0l66a3f0f2489e38ab@mail.gmail.com>
Date: Wed, 19 Jul 2006 14:00:50 +1000
From: "Josh L. Perrymon" <joshuaperrymon@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Symantec 3300 E-mail Gateway dropping spoofed
mails
This email gateway is blocking email messages spoofed from my RH3 box...
<! error snippet>
The error message:
X-NAI-Spam-Level: **
X-NAI-Spam-Score: 2.3
X-NAI-Spam-Report: 2 Rules triggered * 1.8 -- MIME_MISSING_BOUNDARY --
RAW: MIME section missing boundary * 0.5 -- MIME_BASE64_LATIN -- RAW:
Latin alphabet text using base64 encodi:
< end snip >
WTF?
Never had this message before... The gateway didn't pickup on spoofed
senders or content. Just some weird message about Latin Alphabet and MIME
section missing boundary?
Anyone seen this before? Is this a .conf setting on my *nix mail server?
< full error>
Received: from target.system.com ([X.X>X>X>)
by target.system.com (Sun Java System Messaging Server 6.2-4.03 (built
Sep
22 2005)) with SMTP id <0J2K0058KSVLMI00@...ote.mail.server> for
target@...get.com; Tue, 18 Jul 2006 11:45:21 +1000 (EST)
Received: from MI.ISP.( x.x.x.x)
by target.email.server via smtp id
059c_11c2333338_1652_11db_97c3_00142279d9aa;
Tue, 18 Jul 2006 21:39:29 +1000
Received: from nobody by hostingcmopanby.com with local (Exim
4.52)
id 1G2eVs-0004X9-Ou for target@...il.com ; Tue, 18 Jul 2006 11:36:40
+1000
Date: Tue, 18 Jul 2006 11:36:40 +1000
From: Spoofed Support Dept <websupport@...spoof.com>
Subject: [spam] Attention: Messenger Express Upgrade- Requires Action
To: target@...pany.com
Message-id: <E1G2eVs-0004X9-Ou@...oved.com>
MIME-version: 1.0
Content-type: multipart/alternative; boundary=HTMLDEMO44bc3b28b4ba5
X-AntiAbuse: This header was added to track abuse,
please include it with any abuse report
X-AntiAbuse: Primary Hostname -REMOVED
X-AntiAbuse: Original Domain - REMOVED
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - REMOVED
X-Source:
X-Source-Args:
X-Source-Dir:
X-NAI-Spam-Level: **
X-NAI-Spam-Score: 2.3
X-NAI-Spam-Report: 2 Rules triggered * 1.8 -- MIME_MISSING_BOUNDARY --
RAW: MIME section missing boundary * 0.5 -- MIME_BASE64_LATIN -- RAW:
Latin alphabet text using base64 encodi
Original-recipient: rfc822;removed@...oved.com
This is a MIME encoded message.
--HTMLDEMO44bc3b28b4ba5
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: base64
DQoNCkF0dGVudGlvbiBFbWFpbCBVc2Vycyw8YnI+DQo8YnI+DQpEdWUgdG8gcmVjZW50IHNl
DQoNCkF0dGVudGlvbiBFbWFpbCBVc2Vycyw8YnI+DQo8YnI+Y3Vy
(snipped)
cm8uZ292LmF1IDxicj4NCg0KDQo=
< end full >
Cheers,
JP
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists