Re: [fw-wiz] FWSM tagging email from

If I'm reading this right, there are '|' characters in the address. Most
firewalls will block this by default because it was an early sendmail
exploit that would pipe the input to a shell and root the box. (as I recall,
look it up)

It doesn't look like legitimate to me. IMHO I'd keep it blocked.


-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Simon
Sent: Monday, December 11, 2006 12:25 PM
To: firewall-wizards@xxxxxxxxxxxxxxxxxxxxxxx
Subject: [fw-wiz] FWSM tagging email from

I've noticed lately a growing number of firewall syslog msgs with critical
SMTP errors:

%FWSM-2-108002: SMTP replaced |: out in x.x.x.x data: MAIL

At first I thought this was just typical spam that the firewall was tagging
and it wasn't a big deal. However, I started sniffing these packets and I'm
beginning to think they're legitimate emails coming from Is
there a configuration setting that could be applied to allow this type
email? I realize this would then be opening me up a bit, but I'm not sure
how else to approach this problem.

Thanks in advance.


firewall-wizards mailing list

firewall-wizards mailing list