Jump to content

Spam triggering firewall


Recommended Posts

Posted

Lately I have been getting spam that is blocked by NIS when I attempt to transfer it from my inbox to the SC heldmail folder for reporting (OE in XP SP2), a bit annoying since I have to report such spam mannually...any ideas?

Here is an example:

TRACKING URL

Posted

Not having worked much with the recent versions of NIS because I've always found it to cause more problems than it fixes, I can't say for sure. However, in previous versions there was an option buried in there somewhere to turn of NIS's handling of spam, so that it only checks your inbox for actual viruses.

Posted

Possible technical terminology involved here .....

Firewall .... Symantec (Norton) bought the [at]Guard firewall and then proceded to bloat it up, screw it up, etc. If it is the "firewall" that's at issue, then based on the [at]Guard roots, you apparently need to "train" it to allow the connection/transfer you're trying to make in the (assumed) IMAP connection.

On the other hand, as Telarin suggests, you may be running into a "spam prevention" module .. but not exactly sure why this would show up as a "firewall" alert. It sure seems to me that it should be labeled as something else .. or at least have a better description ....?????

Posted

It only happens with certain stock spam, but a small prcentage of even look alike spam. The spam option on the firewall should move the spam to a different folder, but it doesn't work on imap folder where I make the transfer. Besides, I have disabled it as it's totally useless.. I move the spam in bulk between imap folders, when it finds the spam in question it gives a firewall warning;

"Details: Attempted Intrusion "IMAP Mailbox Name Length BO" from your machine against imap.spamcop.net(216.154.195.50) was detected and blocked.

Intruder: OWNER-Mehere(67.186.61.132)(3143).

Risk Level: Medium.

Protocol: TCP.

Attacked IP: imap.spamcop.net(216.154.195.50).

Attacked Port: imap(143)."

Their explanation:

IMAP Mailbox Name Length BO

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.

Description

This signature detects attempts to exploit a buffer overflow vulnerability due to the unchecked mailbox name length in some IMAP commands.

it seems to be bogus or a false positive, but certaily triggered by unusual spam.

The glitch is independent of the PC or operating system, I get the same error on different PCs with different OS and connections (work vs. home)

Posted
... a firewall warning;

"Details: Attempted Intrusion "IMAP Mailbox Name Length BO" from your machine against imap.spamcop.net(216.154.195.50) was detected and blocked.

Intruder: OWNER-Mehere(67.186.61.132)(3143).

Risk Level: Medium.

Protocol: TCP.

Attacked IP: imap.spamcop.net(216.154.195.50).

Attacked Port: imap(143)."

Sounds like something you should be able to reach in configuration, if you are sure it is bogus -

NIS

Personal firewall

Configure

Advanced

Trojan horse

... from dropdown - Any "Block" on direction: outbound, protocol: TCP?

Nothing resembling it on my setup (all my blocks are "inbound")

Worth a look perhaps, if you've not done so already.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...