«

Tried to send out a class manual to a Seniornet group yesterday, with an
attached file (zip archive containing a couple of executables).

I've previously sent this to several Seniornets without problems, but this
time the transmission is blocked by Xnet (at least I think it's Xnet - the
bounce message is from ), with the following
message:-

***************
"BANNED message from you (multipart/mixed | application/(with a list of the
files in the archive)
......
In the body of the message it goes on to say:-

Delivery of the email was stopped!

The message has been blocked because it contains a component
(as a MIME part or nested within) with declared name
or MIME type or contents type violating our access policy.

To transfer contents that may be considered risky or unwanted
by site policies, or simply too large for mailing, please consider
publishing your content on the web, and only sending an URL of the
document to the recipient.

Depending on the recipient and sender site policies, with a little
effort it might still be possible to send any contents (including
viruses) using one of the following methods:

- encrypted using pgp, gpg or other encryption methods;

- wrapped in a password-protected or scrambled container or archive
(e.g.: zip -e, arj -g, arc g, rar -p, or other methods)

Note that if the contents is not intended to be secret, the
encryption key or password may be included in the same message
for recipient's convenience.

We are sorry for inconvenience if the contents was not malicious.

The purpose of these restrictions is to cut the most common propagation
methods used by viruses and other malware. These often exploit automatic
mechanisms and security holes in more popular mail readers (Microsoft
mail readers and browsers are a common target). By requiring an explicit
and decisive action from the recipient to decode mail, the danger of
automatic malware propagation is largely reduced.
*****************

I think I got round the problem, and sent the message again this evening,
but it's coming to some state of affairs when you can't go about your
legitimate business and use the internet without being shackled by this
kind of restriction.

Any other ISPs doing this?

Cheers,

John S

In message <>, John S wrote:

> I've previously sent this to several Seniornets without problems, but this
> time the transmission is blocked by Xnet (at least I think it's Xnet - the
> bounce message is from ) ...

It's probably not them then, but the ISP for one or more of your recipients.
To confirm this, we'd need to check the message headers.

> ... but it's coming to some state of affairs when you can't go about your
> legitimate business and use the internet without being shackled by this
> kind of restriction.

Yeah, it's really bothersome that I can't use the road without having to
watch out for other id^H^Hdrivers.

Why are you trying to e-mail executables anyway? Do you digitally sign your
messages? If not, how do your recipients know to trust the message?

Lawrence D'Oliveiro wrote:
> In message <>, John S wrote:
>
>> I've previously sent this to several Seniornets without problems, but this
>> time the transmission is blocked by Xnet (at least I think it's Xnet - the
>> bounce message is from ) ...
>
> It's probably not them then, but the ISP for one or more of your recipients.
> To confirm this, we'd need to check the message headers.

You're a ****wit Larry, wxnz.net *is* Xnet.

John S wrote:
>
> I think I got round the problem, and sent the message again this evening,
> but it's coming to some state of affairs when you can't go about your
> legitimate business and use the internet without being shackled by this
> kind of restriction.
>
> Any other ISPs doing this?

I'm unsure about ISPs but most businesses running their own mail servers
do it. And they tend to do it much more effectively - encrypted or
password protected files that cannot be checked are stopped. A lot of
the content filters can be fooled by changing the file extension from
exe to txt. Send a txt2exe.bat file out as well to undo the change and
Robert is your mother's brother.

IME Xnet are amenable to making changes if you can justify it - if you
ask they may add you to a whitelist of approved senders who bypass the
content filtering.

It might be just as easy to set up your own mail server at SeniorNet and
use that. Something like Mailenable is free and works well.
http://www.mailenable.com

In message <h8t2b1$fs5$>, EMB wrote:

> ... if you ask they may add you to a whitelist of approved senders who
> bypass the content filtering.

Spot the security n00b.

Lawrence D'Oliveiro wrote:
> In message <h8t2b1$fs5$>, EMB wrote:
>
>> ... if you ask they may add you to a whitelist of approved senders who
>> bypass the content filtering.
>
> Spot the security n00b.


spot the tosspot dick head, hint his name is lawrence (this hint is for
you larry)

Lawrence D'Oliveiro wrote:
> In message <h8t2b1$fs5$>, EMB wrote:
>
>> ... if you ask they may add you to a whitelist of approved senders who
>> bypass the content filtering.
>
> Spot the security n00b.

Not at all Larry. It is perfectly normal mail admin practise at both
enterprise and ISP level to relax content filtering rules for users who
can show a legitimate need for such to happen.

With the attitude to security shown above you're obviously the n00b.
Contrary to what you expound security isn't about seeing how many users
you can inconvenience, it's about the safety and integrity of systems
and data, and the ongoing efficiency of those systems. As such it is
normal practise to add exceptions for which a valid business case can be
made. eg Xnet unblock port 25 upon request.

As an aside Larry, have you ever administered an enterprise level mail
system, or even any enterprise level system?

In message <h8u39l$r2t$>, EMB wrote:

> Lawrence D'Oliveiro wrote:
>
>> In message <h8t2b1$fs5$>, EMB wrote:
>>
>>> ... if you ask they may add you to a whitelist of approved senders who
>>> bypass the content filtering.
>>
>> Spot the security n00b.
>
> It is perfectly normal mail admin practise at both
> enterprise and ISP level to relax content filtering rules for users who
> can show a legitimate need for such to happen.

Except that with e-mail, anybody can pretend to be any sender.

On Thu, 17 Sep 2009 22:17:17 +1200, EMB wrote:

> John S wrote:
>>
>> I think I got round the problem, and sent the message again this evening,
>> but it's coming to some state of affairs when you can't go about your
>> legitimate business and use the internet without being shackled by this
>> kind of restriction.
>>
>> Any other ISPs doing this?
>
> I'm unsure about ISPs but most businesses running their own mail servers
> do it. And they tend to do it much more effectively - encrypted or
> password protected files that cannot be checked are stopped. A lot of
> the content filters can be fooled by changing the file extension from
> exe to txt. Send a txt2exe.bat file out as well to undo the change and
> Robert is your mother's brother.
>
> IME Xnet are amenable to making changes if you can justify it - if you
> ask they may add you to a whitelist of approved senders who bypass the
> content filtering.
>
> It might be just as easy to set up your own mail server at SeniorNet and
> use that. Something like Mailenable is free and works well.
> http://www.mailenable.com

Thanks for the suggestion. The method I used was to change the extension,
then explain in the email how to edit the file name at the other end.
The modified email didn't bounce, so at this stage I assume it got through
alright.

Cheers,

John S

Lawrence D'Oliveiro wrote:
> In message <h8u39l$r2t$>, EMB wrote:
>
>> Lawrence D'Oliveiro wrote:
>>
>>> In message <h8t2b1$fs5$>, EMB wrote:
>>>
>>>> ... if you ask they may add you to a whitelist of approved senders who
>>>> bypass the content filtering.
>>> Spot the security n00b.
>> It is perfectly normal mail admin practise at both
>> enterprise and ISP level to relax content filtering rules for users who
>> can show a legitimate need for such to happen.
>
> Except that with e-mail, anybody can pretend to be any sender.

Authenticated SMTP?