Re: [fw-wiz] FWSM tagging email from myspace.com


If I'm reading this right, there are '|' characters in the address. Most
firewalls will block this by default because it was an early sendmail
exploit that would pipe the input to a shell and root the box. (as I recall,
look it up)

It doesn't look like legitimate to me. IMHO I'd keep it blocked.

-erik

-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Simon
Bell
Sent: Monday, December 11, 2006 12:25 PM
To: firewall-wizards@xxxxxxxxxxxxxxxxxxxxxxx
Subject: [fw-wiz] FWSM tagging email from myspace.com

I've noticed lately a growing number of firewall syslog msgs with critical
SMTP errors:

%FWSM-2-108002: SMTP replaced |: out 204.16.32.71 in x.x.x.x data: MAIL
FROM:<03|m|gci0emm80|42wdr4_2_h.nfrd|_|5rjd5n2hjw7.rdlsr1w@me4<006>öK+<018>ª
<007>ìÑ<003>#

At first I thought this was just typical spam that the firewall was tagging
and it wasn't a big deal. However, I started sniffing these packets and I'm
beginning to think they're legitimate emails coming from myspace.com. Is
there a configuration setting that could be applied to allow this type
email? I realize this would then be opening me up a bit, but I'm not sure
how else to approach this problem.

Thanks in advance.

Simon

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • RE: [Full-Disclosure] Sidewinder G2
    ... Secure Computing Sidewinder G2 Firewall Stops New High-Profile Sendmail ... Technology Prevents Sendmail Attack Warned About in CERT Advisory ...
    (Full-Disclosure)
  • Re: [Full-Disclosure] Sidewinder G2
    ... > The Sidewinder G2 Firewall, ... > mail message containing this attack is processed on the Sidewinder G2 ... > internal Sendmail servers. ...
    (Full-Disclosure)
  • Re: Setting up SMTP delivery
    ... The system is using sendmail. ... You should also configure your ISPs outgoing mail relay as the ... I am with plusnet, like the OP, and have mail setup for smtp delivery. ... Port 25 should be open on the firewall, but the sendmail access file should ...
    (uk.comp.os.linux)
  • Re: Mail going to wrong server
    ... The firewall needs to be able to send messages, ... sendmail running on the firewall. ... the firewall and not to the mail server. ... Sendmail keeps a list of host names that are considered to be local. ...
    (comp.mail.sendmail)
  • Configuring sendmail relay behind the firewall
    ... I recently upgraded my firewall at home. ... I can connect to sendmail, and I can see mail coming in, ... h9QDMmJ7011782: h9QDMmJ8011782: return to sender: User unknown ... h9QDMmJ7011782: SYSERR: savemail: cannot save rejected email ...
    (comp.unix.solaris)