SMTP rule "Access Denied for Mail Relay"

[volga629 () skillsearch ca]

Hello,

I added this alert to new smtp.rule

alert tcp $SMTP_SERVERS 25 -> $EXTERNAL_NET any
(msg:"Possible mail relay usage"; content:"Relaying denied";
flags:A+; classtype:trojan-activity; sid:1000001; rev:1;)

When I tested snort in verbose snort -v i see smtp traffic going through, but no denied by snort.

I wonder what else need add to snort ? Mail server is deny mail relay anyway, but i want the snort will do this job 
instead.

Thank you in advance.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs