Snort mailing list archives
RE: 1000s of SMTP RCPT TO overflow and Speedera Pings
From: "Robert Schwartz" <robert () mrsquirrel com>
Date: Thu, 15 Aug 2002 09:01:09 -0700
I don't know if this will apply to your data flows, but whenever I see SMTP RCPT TO OVERFLOW alert, it indicates an open SMTP relay. Please disregard if this offends or does not apply, but you may check the configuration of the destination host to ensure that it is not relaying SPAM.
Or it indicates that you have a basic ESMTP host that's relaying properly but uses pipelining for stuff like high volume mailing lists (ahem) :) Although it's always good to verify your relay-sanity. The word in the archives is that this is an old Lotus Notes exploit, so if the archives are correct, disable it unless you have an ancient Lotus Notes system hooked directly up to the Internet. If you do have one, then "upgrade" it with a hammer... ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- 1000s of SMTP RCPT TO overflow and Speedera Pings Eric Joe (Aug 14)
- Re: 1000s of SMTP RCPT TO overflow and Speedera Pings Ian Macdonald (Aug 14)
- <Possible follow-ups>
- RE: 1000s of SMTP RCPT TO overflow and Speedera Pings Jeremy Junginger (Aug 14)
- RE: 1000s of SMTP RCPT TO overflow and Speedera Pings Robert Schwartz (Aug 15)