[nSLUG] smtp relay through eastlink and ESET Nod32 tagline = disappearing email

George N. White III gnwiii at gmail.com
Fri Oct 30 09:20:26 ADT 2009


On Fri, Oct 30, 2009 at 8:51 AM, D G Teed <donald.teed at gmail.com> wrote:

> We have a Linux server at home for local mailboxes and it also
> relays to Eastlink for our SMTP.  My wife reported emails
> not being received at work sent from home.  We use ESET
> nod32 virus software on Windows, and it integrates with
> Thunderbird.
>
> What I found when testing emails from Thunderbird
> on two different windows PCs, sending to work and to Gmail,
> is that if the integration set up has the default of adding a tag
> line:
>
> __________ Information from ESET NOD32 Antivirus, version of virus signature
> database
> 4556 (20091029) __________
>
> The message was checked by ESET NOD32 Antivirus.

Some email viruses add lines to the header claiming the
messages have been checked.  Many AV tools will use
this to increase the "score", but should reject such messages
unless there are other patterns that push the score over the
threshold.

Several weeks ago my wife's Eastlink mail was not being
delivered to a friend using Sympatico.  Sympatico support
blamed the friend's use of Thunderbird, but after being told
that was nonsense they admitted that Eastlink was blacklisted.
I suspect this was an example of the blackholes.us problem:

http://isc.sans.org/diary.html?storyid=7360
http://www.circleid.com/posts/20091013_unwelcome_afterlife_for_a_long_dead_blacklist/

> and we are relaying through the local Linux as SMTP, then mail
> is disappearing.  Linux server shows it is handed off to
> Eastlink's SMTP OK.
>
> If I either turn off the ESET message tagging, or use smtp.eastlink.ca
> directly from Thunderbird, then the message will be delivered.
>
> I would guess that something on Eastlink's side thinks this is indication
> of a virus.  Otherwise I would expect a bounce.
> They use Ironport Senderbase and Sophos by the looks of the headers.
> With local mail delivery I don't see any headers added by ESET.
>
> I'm hoping to talk to Eastlink about this when I have a chance.
>
> --Donald
>
>
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug
>
>



-- 
George N. White III <aa056 at chebucto.ns.ca>
Head of St. Margarets Bay, Nova Scotia



More information about the nSLUG mailing list