Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

%ASA-3-108003 - inspection too picky? or myspace broken?

Mail from myspace.com is being blocked by our ASAs (not that *I* think that is necessarily a bad thing, but our users do).

The ASA is triggering ASA-3-108003: Terminating ESMTP/SMTP connection; malicious pattern detected in the mail address

Data:MAIL FROM:<02|98ava21y.rttr-x2tdbry!_!7hxsr17@message.myspace.com>

I'd have to agree that it's non-RFC, but with it being myspace, I'm surprised this hasn't come up before? or has it?

2 REPLIES
Silver

Re: %ASA-3-108003 - inspection too picky? or myspace broken?

Change ESMTP to ESMTP/SMTP. One extra space between the mail needs to be removed.If possible, the malicious email address could be moved immediately before the "mail address" string and the Data:

New Member

Re: %ASA-3-108003 - inspection too picky? or myspace broken?

I'm seeing this on my FWSM too:

%FWSM-2-108002: SMTP replaced |: out 204.16.32.71 in x.x.x.x data: MAIL FROM:<03|m|gci0emm80|42wdr4_2_h.nfrd|_|5rjd5n2hjw7.rdlsr1w@me4<006>?K+<018>?<007>??<003>#

At first I thought they were bogus emails, but I reassembled the packets think they're legitimate emails. Is there anything I can change on my FWSM to allow these emails?

93
Views
0
Helpful
2
Replies