[Snort-users] 1000s of SMTP RCPT TO overflow and Speedera Pings

Robert Schwartz robert at ...5775...
Thu Aug 15 08:57:05 EDT 2002

> I don't know if this will apply to your data flows, but 
> whenever I see SMTP RCPT TO OVERFLOW alert, it indicates an 
> open SMTP relay.  Please disregard if this offends or does 
> not apply, but you may check the configuration of the 
> destination host to ensure that it is not relaying SPAM.

Or it indicates that you have a basic ESMTP host that's relaying
properly but uses pipelining for stuff like high volume mailing lists
(ahem) :)  Although it's always good to verify your relay-sanity.

The word in the archives is that this is an old Lotus Notes exploit, so
if the archives are correct, disable it unless you have an ancient Lotus
Notes system hooked directly up to the Internet.  If you do have one,
then "upgrade" it with a hammer...

More information about the Snort-users mailing list