Lately I have been getting spam that is blocked by NIS when I attempt to transfer it from my inbox to the SC heldmail folder for reporting (OE in XP SP2), a bit annoying since I have to report such spam mannually...any ideas?
Here is an example:
TRACKING URL
Full Version: Spam triggering firewall
Not having worked much with the recent versions of NIS because I've always found it to cause more problems than it fixes, I can't say for sure. However, in previous versions there was an option buried in there somewhere to turn of NIS's handling of spam, so that it only checks your inbox for actual viruses.
Possible technical terminology involved here .....
Firewall .... Symantec (Norton) bought the @Guard firewall and then proceded to bloat it up, screw it up, etc. If it is the "firewall" that's at issue, then based on the @Guard roots, you apparently need to "train" it to allow the connection/transfer you're trying to make in the (assumed) IMAP connection.
On the other hand, as Telarin suggests, you may be running into a "spam prevention" module .. but not exactly sure why this would show up as a "firewall" alert. It sure seems to me that it should be labeled as something else .. or at least have a better description ....?????
Firewall .... Symantec (Norton) bought the @Guard firewall and then proceded to bloat it up, screw it up, etc. If it is the "firewall" that's at issue, then based on the @Guard roots, you apparently need to "train" it to allow the connection/transfer you're trying to make in the (assumed) IMAP connection.
On the other hand, as Telarin suggests, you may be running into a "spam prevention" module .. but not exactly sure why this would show up as a "firewall" alert. It sure seems to me that it should be labeled as something else .. or at least have a better description ....?????
It only happens with certain stock spam, but a small prcentage of even look alike spam. The spam option on the firewall should move the spam to a different folder, but it doesn't work on imap folder where I make the transfer. Besides, I have disabled it as it's totally useless.. I move the spam in bulk between imap folders, when it finds the spam in question it gives a firewall warning;
"Details: Attempted Intrusion "IMAP Mailbox Name Length BO" from your machine against imap.spamcop.net(216.154.195.50) was detected and blocked.
Intruder: OWNER-Mehere(67.186.61.132)(3143).
Risk Level: Medium.
Protocol: TCP.
Attacked IP: imap.spamcop.net(216.154.195.50).
Attacked Port: imap(143)."
Their explanation:
it seems to be bogus or a false positive, but certaily triggered by unusual spam.
The glitch is independent of the PC or operating system, I get the same error on different PCs with different OS and connections (work vs. home)
"Details: Attempted Intrusion "IMAP Mailbox Name Length BO" from your machine against imap.spamcop.net(216.154.195.50) was detected and blocked.
Intruder: OWNER-Mehere(67.186.61.132)(3143).
Risk Level: Medium.
Protocol: TCP.
Attacked IP: imap.spamcop.net(216.154.195.50).
Attacked Port: imap(143)."
Their explanation:
QUOTE
IMAP Mailbox Name Length BO
Severity: Medium
This attack could pose a moderate security threat. It does not require immediate action.
Description
This signature detects attempts to exploit a buffer overflow vulnerability due to the unchecked mailbox name length in some IMAP commands.
Severity: Medium
This attack could pose a moderate security threat. It does not require immediate action.
Description
This signature detects attempts to exploit a buffer overflow vulnerability due to the unchecked mailbox name length in some IMAP commands.
it seems to be bogus or a false positive, but certaily triggered by unusual spam.
The glitch is independent of the PC or operating system, I get the same error on different PCs with different OS and connections (work vs. home)
QUOTE(dra007 @ Aug 24 2006, 09:29 PM) 
... a firewall warning;
"Details: Attempted Intrusion "IMAP Mailbox Name Length BO" from your machine against imap.spamcop.net(216.154.195.50) was detected and blocked.
Intruder: OWNER-Mehere(67.186.61.132)(3143).
Risk Level: Medium.
Protocol: TCP.
Attacked IP: imap.spamcop.net(216.154.195.50).
Attacked Port: imap(143)."
Sounds like something you should be able to reach in configuration, if you are sure it is bogus - "Details: Attempted Intrusion "IMAP Mailbox Name Length BO" from your machine against imap.spamcop.net(216.154.195.50) was detected and blocked.
Intruder: OWNER-Mehere(67.186.61.132)(3143).
Risk Level: Medium.
Protocol: TCP.
Attacked IP: imap.spamcop.net(216.154.195.50).
Attacked Port: imap(143)."
NIS
Personal firewall
Configure
Advanced
Trojan horse
... from dropdown - Any "Block" on direction: outbound, protocol: TCP?
Nothing resembling it on my setup (all my blocks are "inbound")
Worth a look perhaps, if you've not done so already.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.