[Snort-users] Capture Spam mail traffic using snort

Jose Maria Lopez Hernandez jkerouac at ...12346...
Wed Mar 30 00:14:43 EST 2005

El mié, 30-03-2005 a las 07:23 +0100, lokesh.khanna at ...13040...
> Thanks. But is there any other way. If Spammer sends less than 10 mail
> in 60 sec, then snort will not be able to capture that.
> Is there any way to generate Alert based on content in Mail, or header
> of mail?
> Cordially,
> Lokesh

You obviously can generate alerts based on the content of the email
or the header, but you would need lots of rules and it's not the
smartest way of solving the problem of spam.

You better try something like Spamassasin. It will treat spam
traffic much better than Snort.



Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac at ...12346...
bgSEC Seguridad y Consultoria de Sistemas Informaticos

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"

More information about the Snort-users mailing list