[<prev] [next>] [day] [month] [year] [list]
Message-ID: <7d85153f0607182220v8d14a47na62db09b23651078@mail.gmail.com>
Date: Wed, 19 Jul 2006 15:20:31 +1000
From: "Josh L. Perrymon" <joshuaperrymon@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: FW: Symantec 3300 E-mail Gateway dropping
spoofedmails
Posted inline:
>
> On 7/19/06, Josh L. Perrymon <joshuaperrymon@...il.com> wrote:
> > This email gateway is blocking email messages spoofed from my RH3
> > box...
> >
> > <! error snippet>
> >
> > The error message:
> > X-NAI-Spam-Level: **
> > X-NAI-Spam-Score: 2.3
> > X-NAI-Spam-Report: 2 Rules triggered * 1.8 -- MIME_MISSING_BOUNDARY
> > --
> > RAW: MIME section missing boundary * 0.5 -- MIME_BASE64_LATIN -- RAW:
> > Latin alphabet text using base64 encodi:
> > < end snip >
> >
> >
> > WTF?
> >
> > Never had this message before... The gateway didn't pickup on spoofed
> > senders or content. Just some weird message about Latin Alphabet and
> > MIME section missing boundary?
> >
> >
> > Anyone seen this before? Is this a .conf setting on my *nix mail
> > server?
>
> or could it be that the errors that it is reporting are actually true?
>
> it seems strange for you to suddenly decide that this specific error
> message
> somehow indicates the server is blocking your box. what made you come to
> this wild conclusion?
>
> -- mic
This message is from the remote Symantec EMail gateway and it blocks spoofed
emails sent from my linux box.
This is the first time a email/spam filter has detected one of these spoofed
emails from my *nix box so I'm trying to figure what is different.
--Why this was triggered?...
--What I can do to bypass it next time..---
-- Why did Symantecs box detect this and others havent?
JP
_______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists