Snort mailing list archives
Re: SMTP relaying denied
From: Brian <bmc () snort org>
Date: Wed, 5 Dec 2001 20:38:59 -0500
On Wed, Dec 05, 2001 at 04:44:21PM -0700, jamesh wrote:
[**] [1:567:4] SMTP relaying denied [**] [Classification: Potentially Bad Traffic] [Priority: 2] 12/05-16:35:54.492244 198.59.109.2:25 -> 61.74.184.2:4053 TCP TTL:64 TOS:0x0 ID:39457 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x917E2A81 Ack: 0x8EDAE1C8 Win: 0x2238 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS249] I have been flooded by relay requests for several days at the rate of 1 attempt/sec. Random IP's. Just want to make sure I am reading this rule right. 198.59.109.2 is my mail server. So in the alert above 61.74.184.2 asked my mail server to relay mail and my server returned a "relay denied" packet ?
You are correct. This is YOUR server telling THEM that THEY can't relay through you. This is a good thing. :) -brian _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SMTP relaying denied jamesh (Dec 05)
- Re: SMTP relaying denied Brian (Dec 05)
- Re: SMTP relaying denied James (Dec 06)
- Re: SMTP relaying denied Brian (Dec 05)