Re: SMTP Backscatter

[Dave Corsello <snort-users () wintertreemedia com>]

Guys, thanks, but I don't need advice on setting up SMTP--at least not
in this situation.  Just looking for an answer to the following:  Can
Snort somehow: 1) detect an outgoing 450 4.1.1 error; and in response,
2) block all incoming SMTP traffic from the sender IP for a period of
time?  A 450 4.1.1 error means "recipient address rejected: unverified
address: mailbox full or unavailable".  In this case, I'm sending out
450 errors because messages are being addressed to random, invalid
accounts on my domain.  As was suggested, it might be best to just let
SMTP continue to handle this.  But I view it as an attack of sorts, and
my preference would be to stop it as far out on my perimeter as
possible.  My apologies in advance if this question exposes ignorance of
some Snort basics...

------------------------------------------------------------------------------
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience.  Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!