If I'm reading this right, there are '|' characters in the address. Most
firewalls will block this by default because it was an early sendmail
exploit that would pipe the input to a shell and root the box. (as I recall,
look it up)

It doesn't look like legitimate to me. IMHO I'd keep it blocked.

-erik

-----Original Message-----
From: firewall-wizards-bounces@listserv.icsalabs.com
[mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Simon
Bell
Sent: Monday, December 11, 2006 12:25 PM
To: firewall-wizards@listserv.cybertrust.com
Subject: [fw-wiz] FWSM tagging email from myspace.com

I've noticed lately a growing number of firewall syslog msgs with critical
SMTP errors:

%FWSM-2-108002: SMTP replaced |: out 204.16.32.71 in x.x.x.x data: MAIL
FROM:<03|m|gci0emm80|42wdr4_2_h.nfrd|_|5rjd5n2hjw7.rdlsr 1w@me4<006>=F6K+<01=
8>=AA
<007>=EC=D1<003>#

At first I thought this was just typical spam that the firewall was tagging
and it wasn't a big deal. However, I started sniffing these packets and I'm
beginning to think they're legitimate emails coming from myspace.com. Is
there a configuration setting that could be applied to allow this type
email? I realize this would then be opening me up a bit, but I'm not sure
how else to approach this problem.

Thanks in advance.

Simon

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards