Snort mailing list archives
SMTP rule "Access Denied for Mail Relay"
From: volga629 () skillsearch ca
Date: Tue, 29 Dec 2009 18:37:08 -0500
Hello, I added this alert to new smtp.rule alert tcp $SMTP_SERVERS 25 -> $EXTERNAL_NET any (msg:"Possible mail relay usage"; content:"Relaying denied"; flags:A+; classtype:trojan-activity; sid:1000001; rev:1;) When I tested snort in verbose snort -v i see smtp traffic going through, but no denied by snort. I wonder what else need add to snort ? Mail server is deny mail relay anyway, but i want the snort will do this job instead. Thank you in advance. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- SMTP rule "Access Denied for Mail Relay" volga629 (Dec 29)
- Re: SMTP rule "Access Denied for Mail Relay" Joel Esler (Dec 29)