Snort mailing list archives
Re: SMTP relaying denied
From: "James" <the_saint_james () yahoo com>
Date: Thu, 6 Dec 2001 00:48:37 -0700
I have been flooded by relay requests for several days at the rate of 1 attempt/sec. Random IP's. Just want to make sure I am reading this rule right. 198.59.109.2 is my
server. So in the alert above 61.74.184.2 asked my mail server to relay mail and my server returned a "relay denied" packet ?You are correct. This is YOUR server telling THEM that THEY can't relay through you. This is a good thing. :) -brian
James here..... Thanks. Grepping thru the mail logs I realized the msg for "relay deny" and "Blocked by MAPS" both contain content that this rule is looking for. MAPS blocks open relays. So this ends up being not attempts to relay but a flood of Spam at us, blocked by MAPS. I'll write rules to be more specific. This is a useful metric, to measure MAPS and gage floods of Spam. james. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SMTP relaying denied jamesh (Dec 05)
- Re: SMTP relaying denied Brian (Dec 05)
- Re: SMTP relaying denied James (Dec 06)
- Re: SMTP relaying denied Brian (Dec 05)