Re: Unknown SMTP configuration option 260

[Johnny Venter <Johnny.Venter () zoho com>]

It's plain snort.

I just fixed the issue by restoring the smpt.conf file to default.

Thanks for all the help!

On Aug 24, 2011, at 5:00 PM, Joel Esler wrote:

> What are you running?  Snort plain?  Or are you using something like Vyatta?
>
>
> On Aug 24, 2011, at 4:49 PM, Johnny Venter wrote:
>
> > I have no idea.  I checked the .conf file and those were the contents.
> >  
> > No manual changes have been made. I'm wondering if an update (which seems unlikely) might have changed the file.
> >
> > On Aug 24, 2011, at 4:43 PM, Nigel Houghton wrote:
> >
> > > On Aug 24, 2011, at 4:17 PM, Johnny Venter wrote:
> > >
> > > > I am receiving the following "fatal" error message:
> > > >
> > > > Unknown SMTP configuration option 260
> > > >
> > > > From the smtp.conf file, this option appears here "{ EXPN VRFY RCPT } max_command_line_len  max_header_line_len  
> > > > max_response_line_len  alt_max_command_line_len 260"
> > > >
> > > > This causes my NIC to be disabled and thus not capture any packets.  If I comment out the entries in the smtp.conf 
> > > > file, snort starts up successfully and it can capture packets as normal.
> > > >
> > > > The only issue is that the smtp preprocessor does not get loaded.
> > >
> > > That configuration line is completely wrong. Where do you get the smtp.conf file? The options are in the snort.conf 
> > > files shipped with Snort and with the rule packs.
> > >
> > > It should look something like this:
> > >
> > > preprocessor smtp: ports { 25 etc.....
> > > ....other config options.....
> > > max_command_line_len 512 \
> > > max_header_line_len 1000 \
> > > max_response_line_len 512 \
> > > alt_max_command_line_len 260 { EXPN VRFY RCPT } \
> > > valid_cmds .....etc....
> > >
> > > --
> > > Nigel Houghton
> > > Head Mentalist
> > > SF VRT Department of Intelligence Excellence
> > > http://vrt-blog.snort.org/ && http://labs.snort.org/
> > >
> > >
> > > ------------------------------------------------------------------------------
> > > EMC VNX: the world's simplest storage, starting under $10K
> > > The only unified storage solution that offers unified management 
> > > Up to 160% more powerful than alternatives and 25% more efficient. 
> > > Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> > > Please visit http://blog.snort.org to stay current on all the latest Snort news!
> >
> > ------------------------------------------------------------------------------
> > EMC VNX: the world's simplest storage, starting under $10K
> > The only unified storage solution that offers unified management 
> > Up to 160% more powerful than alternatives and 25% more efficient. 
> > Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev_______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
> ------------------------------------------------------------------------------
> EMC VNX: the world's simplest storage, starting under $10K
> The only unified storage solution that offers unified management 
> Up to 160% more powerful than alternatives and 25% more efficient. 
> Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev_______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management 
Up to 160% more powerful than alternatives and 25% more efficient. 
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!