[ale] email rejection

Michael B. Trausch mike at trausch.us
Tue Sep 9 12:55:08 EDT 2008 

On Tue, Sep 09, 2008 at 07:22:36AM -0400, Paul Cartwright wrote:
> I am using Icedove, (thunderbird) on Debian. I setup a filter to forward
> an email to my wife. It fails and I get this:
>[snip]
>     This message has been rejected because it has
>     a potentially executable attachment "PREMIUM This is True #743:
>     7 September.eml"
>     This form of attachment has been used by
>     recent viruses or other malware.
>     If you meant to send this file then please
>     package it up as a zip file and resend it.
>[snip] 
> so why can't I forward a .eml amd what else can I do?
> my ISP is atnex.net

Because the ISP is stupid---first off, if something is dangerous, it is
going to be dangerous whether or not it is inside of a ZIP file.  They
should be telling their users “if you meant to do this, then please
encrypt the file and send it that way.”  But, really, they should simply
scan the thing.

.eml files are simply used to contain RFC822/RFC2822 email messages as
attachments in forwarded email messages.  They preserve the MIME
structure of the forwarded email message, and thus are more robust than
forwarding mail inline.

The ISP needs to be scanning each file and determining the file type
independent of the extension or MIME type that has been associated with
the attachment on the client side.  If they did this, they would see
that .eml files (which should be sent with the MIME type message/rfc822
anyway) are nothing more than an encapsulated email message, and they
would scan it as such, accepting or rejecting it based on its
*contents*, not the fact that it is an embedded/forwarded email message.

Contact the ISP and notify them that they are not properly scanning the
email messages that go through their mail systems.  They need to be
scanning the files directly.  It sounds like they are using software on
Windows that encourages the brain-dead notion of filtering files by
extension, MIME type, or both; this is unreliable behavior in that it
will both miss real threats and trigger unnecessary false positives.  If
they are filtering for security, they need to do a better job of it; if
they are filtering to annoy you, they're doing just fine.

If they refuse to change their behaviors, then change email providers if
you can.  There are a large number of email providers out there that
provide sane services and know what they're doing.  Google Apps for your
Domain handles .eml properly (just tested it out myself, using mutt).  I
have never had a problem sending or receiving files via GAfyD that I can
recall or have been told about.

   --- Mike

-- 
My sigfile ran away and is on hiatus.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mail.ale.org/pipermail/ale/attachments/20080909/d1bd4689/attachment.bin

More information about the Ale mailing list