SMTP Backscatter

[Dave Corsello <snort-users () wintertreemedia com>]

Folks,

I've been getting a lot of SMTP backscatter over the past few weeks. 
I'm looking for a way to use Snort to stop as much of this traffic as
possible before it hits my mail server.  I was achieving this by
manually harvesting IP addresses from my maillog and feeding them into
Snort's reputation preprocessor.  But I wonder if somehow Snort
filtering or some other feature can provide an automated way to block
offending traffic.  Can Snort somehow: 1) detect an outgoing 450 4.1.1
error; and in response, 2) block all incoming SMTP traffic from the
sender IP for a period of time?  I think Snortsam was capable of doing
this by tracking events by IP and acting in conjunction with a
firewall.  Is it possible to get a similar effect with standard Snort
features?  I think the answer is "no", but I wanted to confirm this.

--Dave

------------------------------------------------------------------------------
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience.  Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!