mdturner

 

ah found you! he he!. Its a sign of my old age..

 

Well the words are as follows:

 

Norton Internet Security

Email Error

550 Blacklisted File extension detected

Email details

From: moi

To:  moi

Norton from Symantec  

OK

 

I do appreciate that I can overcome the blacklisted extension in various ways, but I would still like to know if a user could access the blacklist and allow certain extensions through if that is what they want to do and are therefore happy with the security risk.

 

Hi

 

If there is no list of types of file attachments listed in email scanning part of your firewall, that is a good idea to have next year or an update to this years program. You should be able to check off the types of files that you want to allow to get thru the Symantec filter from the list of types that do get flagged.

cgoldman,

 

This is coming from, probably, your ISP or the receiver's e-mail server. NIS does not filter attachments by their file extensions. Using password encrypted zip files and including the password in the e-mail body is the simple way to evade this type of filtering. Sometimes you have rename the zip files' extensions as well.

Reese_anschultz

 

It was not a workaround I was looking for. Thank you for effectively advising that NIS does not maintain outbound file extension blacklist.

From the users perspective this is being reported by Norton but as you say it is coming from the ISP. There is however a fundamental difference between such emails sent with and those without the addition of NIS 2010, and it is this.

 

NIS 2010 is not just intercepting outbound emails with a view to scanning for virus etc. it is actually taking control of the routing process after it has left the email client. So what happens is that the email client considers the email sent when it leaves the client and is picked up by NIS 2010. Although NIS 2010 then reports the 550 error, there is no communication or interface back to the email client.

 

When NIS 2010 is not intercepting outbound emails, the client receives the 550 error directly and depending on the client in use, marks the outbound email as failed.

 

With NIS in place, when the user scans back through their outbound email they cannot establish which messages with attachments were sent sucessfully and which failed because of such a 550 error.

 

I just point this out.

---

cgoldman wrote:

NIS 2010 is not just intercepting outbound emails with a view to scanning for virus etc. it is actually taking control of the routing process after it has left the email client. So what happens is that the email client considers the email sent when it leaves the client and is picked up by NIS 2010. Although NIS 2010 then reports the 550 error, there is no communication or interface back to the email client.

 

---

I'll have to look into this because we specifically designed this a number of years ago to make this filtering transparent to the e-mail client, i.e. it should see the exact same failure code when the e-mail is sent. There may have been some changes in the past few years that I'm not aware of though...

reese_anschultz

 

Gee that was quick! I promise you I carried out extensive tests before I posted. I am using Eudora version 7 Paid mode.

I appreciate that Eudora is not listed in NIS 2010 client integration, maybe thats the reason that the filtering is not transparent.

Anyway, I hope I can leave this to yourselves now.Thanks

At the level this filtering is occuring, the e-mail client "shouldn't" matter. Unfortunately, different e-mail clients as well as servers implement SMTP and POP3 in slightly different ways and occasionally we have seen unexpected behaviors. As mentioned previously, I've already started some investigation into the current behavior but don't expect to have a definitive answer for over a week or so.

Hi

 

How would people who have to use different port for email than the standard ones fair with this problem? Those of us who have to use port 587 as required by our ISP's?