Snort mailing list archives
Re: SMTP rule "Access Denied for Mail Relay"
From: Joel Esler <jesler () sourcefire com>
Date: Fri, 1 Jan 2010 14:55:06 -0500
On Fri, Jan 1, 2010 at 2:20 PM, <volga629 () skillsearch ca> wrote:
Hello, Yes you right i am trying set snort to alert and deny open mail relay for mail server, by the way on mail server is denied, but i want take off this task from it. I triggered some alerts of SMTP traffic and BASE shows as expected. But I am not sure how to alert open mail relay and how snort should act as IPS.
The IPS will not know if relaying is allowed. Only the SMTP server can send this response. So, you can't "take off this task" from the SMTP Server. If you are trying to deny this response from leaving your SMTP server and going back to the client, you can do that with an IPS, but it's better to make that configuration change on the SMTP server instead of dropping the packets in midstream. J -- Joel Esler | 302-223-5974 | gtalk: jesler () sourcefire com
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- SMTP rule "Access Denied for Mail Relay" volga629 (Jan 01)
- Re: SMTP rule "Access Denied for Mail Relay" Joel Esler (Jan 01)
- <Possible follow-ups>
- SMTP rule "Access Denied for Mail Relay" volga629 (Jan 01)