[Snort-users] SMTP Relaying bug
pauling at ...7196...
Tue Jan 14 09:22:02 EST 2003
Has anybody noticed this, that the Alert for an SMTP relay attack monitors
the 550 RELAING DENIED message, and as such, gives a misleading
notification implying that your server is attempting to send mail through
a closed relay.
I'm not very good at writing snort rules, but is there any way to
efectively reverse this, so that the alert reads that a mail message from
$EXTERNAL_NET was not relayed through $SMTP_SERVERS
Starwolf.biz Systems Administrator
More information about the Snort-users