[Snort-sigs] SMTP rule "Access Denied for Mail Relay"

Joel Esler jesler at ...435...
Fri Jan 1 14:55:06 EST 2010


On Fri, Jan 1, 2010 at 2:20 PM, <volga629 at ...3439...> wrote:

> Hello,
> Yes you right i am trying set snort to alert and deny open mail relay
> for mail server, by the way on mail server is denied, but i want take
> off this task from it.  I triggered some alerts of SMTP traffic and
> BASE shows as expected.
> But I am not sure how to alert open mail relay and how snort should act as
> IPS.
>

 The IPS will not know if relaying is allowed.  Only the SMTP server can
send this response.  So, you can't "take off this task" from the SMTP
Server.

If you are trying to deny this response from leaving your SMTP server and
going back to the client, you can do that with an IPS, but it's better to
make that configuration change on the SMTP server instead of dropping the
packets in midstream.

J

-- 
Joel Esler | 302-223-5974 | gtalk: jesler at ...435...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20100101/dfa87dc8/attachment.html>


More information about the Snort-sigs mailing list