Re: SMTP rule "Access Denied for Mail Relay"

[Joel Esler <jesler () sourcefire com>]

On Fri, Jan 1, 2010 at 2:20 PM, <volga629 () skillsearch ca> wrote:

> Hello,
> Yes you right i am trying set snort to alert and deny open mail relay
> for mail server, by the way on mail server is denied, but i want take
> off this task from it.  I triggered some alerts of SMTP traffic and
> BASE shows as expected.
> But I am not sure how to alert open mail relay and how snort should act as
> IPS.

 The IPS will not know if relaying is allowed.  Only the SMTP server can
send this response.  So, you can't "take off this task" from the SMTP
Server.

If you are trying to deny this response from leaving your SMTP server and
going back to the client, you can do that with an IPS, but it's better to
make that configuration change on the SMTP server instead of dropping the
packets in midstream.

J

-- 
Joel Esler | 302-223-5974 | gtalk: jesler () sourcefire com

------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs