[Snort-sigs] SMTP rule "Access Denied for Mail Relay"

volga629 at ...3439... volga629 at ...3439...
Tue Dec 29 18:37:08 EST 2009


I added this alert to new smtp.rule

alert tcp $SMTP_SERVERS 25 -> $EXTERNAL_NET any
(msg:"Possible mail relay usage"; content:"Relaying denied";
flags:A+; classtype:trojan-activity; sid:1000001; rev:1;)

When I tested snort in verbose snort -v i see smtp traffic going through, but no denied by snort.

I wonder what else need add to snort ? Mail server is deny mail relay anyway, but i want the snort will do this job instead.

Thank you in advance.

This message was sent using IMP, the Internet Messaging Program.

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20091229/474338f7/attachment.html>

More information about the Snort-sigs mailing list