Firewall Wizards mailing list archives
Re: FWSM tagging email from myspace.com
From: <lordchariot () earthlink net>
Date: Mon, 11 Dec 2006 15:50:06 -0500
If I'm reading this right, there are '|' characters in the address. Most firewalls will block this by default because it was an early sendmail exploit that would pipe the input to a shell and root the box. (as I recall, look it up) It doesn't look like legitimate to me. IMHO I'd keep it blocked. -erik -----Original Message----- From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of Simon Bell Sent: Monday, December 11, 2006 12:25 PM To: firewall-wizards () listserv cybertrust com Subject: [fw-wiz] FWSM tagging email from myspace.com I've noticed lately a growing number of firewall syslog msgs with critical SMTP errors: %FWSM-2-108002: SMTP replaced |: out 204.16.32.71 in x.x.x.x data: MAIL FROM:<03|m|gci0emm80|42wdr4_2_h.nfrd|_|5rjd5n2hjw7.rdlsr1w@me4<006>öK+<018>ª <007>ìÑ<003># At first I thought this was just typical spam that the firewall was tagging and it wasn't a big deal. However, I started sniffing these packets and I'm beginning to think they're legitimate emails coming from myspace.com. Is there a configuration setting that could be applied to allow this type email? I realize this would then be opening me up a bit, but I'm not sure how else to approach this problem. Thanks in advance. Simon _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- FWSM tagging email from myspace.com Simon Bell (Dec 11)
- Re: FWSM tagging email from myspace.com lordchariot (Dec 11)