[27022] in Zephyr_Bugs
BANNED FILENAME (.exe) IN MAIL FROM YOU
daemon@ATHENA.MIT.EDU (amavisd-new)
Mon Sep 5 20:15:00 2005
MIME-Version: 1.0
In-Reply-To: <20050906001222.3A7D720C01F@www2.it-weblog.de>
Message-Id: <VS09582-09@www.myocastor.de>
Content-Type: multipart/report; report-type=delivery-status;
boundary="----------=_1125965677-9582-1"
From: amavisd-new <postmaster@www.myocastor.de>
To: <zephyr-bugs@mit.edu>
Date: Tue, 6 Sep 2005 01:14:36 +0100 (IST)
This is a multi-part message in MIME format...
------------=_1125965677-9582-1
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
BANNED CONTENTS ALERT
Our content checker found
banned name: .exe
in email presumably from you (<zephyr-bugs@mit.edu>), to the following recipient:
-> kai@myocastor.de
Delivery of the email was stopped!
The message has been blocked because it contains a component
(as a MIME part or nested within) with declared name
or MIME type or contents type violating our access policy.
To transfer contents that may be considered risky or unwanted
by site policies, or simply too large for mailing, please consider
publishing your content on the web, and only sending an URL of the
document to the recipient.
Depending on the recipient and sender site policies, with a little
effort it might still be possible to send any contents (including
viruses) using one of the following methods:
- encrypted using pgp, gpg or other encryption methods;
- wrapped in a password-protected or scrambled container or archive
(e.g.: zip -e, arj -g, arc g, rar -p, or other methods)
Note that if the contents is not intended to be secret, the
encryption key or password may be included in the same message
for recipient's convenience.
We are sorry for inconvenience if the contents was not malicious.
The purpose of these restrictions is to cut the most common propagation
methods used by viruses and other malware. These often exploit automatic
mechanisms and security holes in certain mail readers (Microsoft mail
readers and browsers are a common and easy target). By requiring an
explicit and decisive action from the recipient to decode mail,
the dangers of automatic malware propagation is largely reduced.
For your reference, here are headers from your email:
------------------------- BEGIN HEADERS -----------------------------
Return-Path: <zephyr-bugs@mit.edu>
Received: from www2.it-weblog.de (www2.myocastor.de [80.237.145.141])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "", Issuer "www2.it-weblog.de" (not verified))
by www.myocastor.de (Postfix) with ESMTP id 972F51C673EC
for <k.kretschmann@security-gui.de>; Tue, 6 Sep 2005 01:14:08 +0100 (IST)
Received: from security-gui.de (dsl-201-129-64-225.prod-infinitum.com.mx [201.129.64.225])
by www2.it-weblog.de (Postfix) with ESMTP id 3A7D720C01F
for <k.kretschmann@security-gui.de>; Tue, 6 Sep 2005 02:12:22 +0200 (CEST)
From: zephyr-bugs@mit.edu
To: k.kretschmann@security-gui.de
Subject: Re: Hi
Date: Mon, 5 Sep 2005 19:13:50 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20050906001222.3A7D720C01F@www2.it-weblog.de>
-------------------------- END HEADERS ------------------------------
------------=_1125965677-9582-1
Content-Type: message/delivery-status
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Description: Delivery error report
Reporting-MTA: dns; www.myocastor.de
Received-From-MTA: smtp; www.myocastor.de ([127.0.0.1])
Arrival-Date: Tue, 6 Sep 2005 01:14:33 +0100 (IST)
Final-Recipient: rfc822; kai@myocastor.de
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, id=09582-09 - BANNED: .exe
Last-Attempt-Date: Tue, 6 Sep 2005 01:14:36 +0100 (IST)
------------=_1125965677-9582-1
Content-Type: text/rfc822-headers
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Description: Undelivered-message headers
Received: from www2.it-weblog.de (www2.myocastor.de [80.237.145.141])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "", Issuer "www2.it-weblog.de" (not verified))
by www.myocastor.de (Postfix) with ESMTP id 972F51C673EC
for <k.kretschmann@security-gui.de>; Tue, 6 Sep 2005 01:14:08 +0100 (IST)
Received: from security-gui.de (dsl-201-129-64-225.prod-infinitum.com.mx [201.129.64.225])
by www2.it-weblog.de (Postfix) with ESMTP id 3A7D720C01F
for <k.kretschmann@security-gui.de>; Tue, 6 Sep 2005 02:12:22 +0200 (CEST)
From: zephyr-bugs@mit.edu
To: k.kretschmann@security-gui.de
Subject: Re: Hi
Date: Mon, 5 Sep 2005 19:13:50 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20050906001222.3A7D720C01F@www2.it-weblog.de>
------------=_1125965677-9582-1--
