[Snort-users] Unknown SMTP configuration option 260

Johnny Venter Johnny.Venter at ...15370...
Wed Aug 24 17:06:15 EDT 2011


It's plain snort.

I just fixed the issue by restoring the smpt.conf file to default.

Thanks for all the help!

On Aug 24, 2011, at 5:00 PM, Joel Esler wrote:

> What are you running?  Snort plain?  Or are you using something like Vyatta?
> 
> 
> On Aug 24, 2011, at 4:49 PM, Johnny Venter wrote:
> 
>> I have no idea.  I checked the .conf file and those were the contents.
>>  
>> No manual changes have been made. I'm wondering if an update (which seems unlikely) might have changed the file.
>> 
>> On Aug 24, 2011, at 4:43 PM, Nigel Houghton wrote:
>> 
>>> On Aug 24, 2011, at 4:17 PM, Johnny Venter wrote:
>>> 
>>>> I am receiving the following "fatal" error message:
>>>> 
>>>> Unknown SMTP configuration option 260
>>>> 
>>>> From the smtp.conf file, this option appears here "{ EXPN VRFY RCPT } max_command_line_len  max_header_line_len  max_response_line_len  alt_max_command_line_len 260"
>>>> 
>>>> This causes my NIC to be disabled and thus not capture any packets.  If I comment out the entries in the smtp.conf file, snort starts up successfully and it can capture packets as normal.
>>>> 
>>>> The only issue is that the smtp preprocessor does not get loaded.
>>> 
>>> That configuration line is completely wrong. Where do you get the smtp.conf file? The options are in the snort.conf files shipped with Snort and with the rule packs.
>>> 
>>> It should look something like this:
>>> 
>>> preprocessor smtp: ports { 25 etc.....
>>> ....other config options.....
>>> max_command_line_len 512 \
>>> max_header_line_len 1000 \
>>> max_response_line_len 512 \
>>> alt_max_command_line_len 260 { EXPN VRFY RCPT } \
>>> valid_cmds .....etc....
>>> 
>>> --
>>> Nigel Houghton
>>> Head Mentalist
>>> SF VRT Department of Intelligence Excellence
>>> http://vrt-blog.snort.org/ && http://labs.snort.org/
>>> 
>>> 
>>> ------------------------------------------------------------------------------
>>> EMC VNX: the world's simplest storage, starting under $10K
>>> The only unified storage solution that offers unified management 
>>> Up to 160% more powerful than alternatives and 25% more efficient. 
>>> Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>> 
>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>> 
>> ------------------------------------------------------------------------------
>> EMC VNX: the world's simplest storage, starting under $10K
>> The only unified storage solution that offers unified management 
>> Up to 160% more powerful than alternatives and 25% more efficient. 
>> Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev_______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> 
> ------------------------------------------------------------------------------
> EMC VNX: the world's simplest storage, starting under $10K
> The only unified storage solution that offers unified management 
> Up to 160% more powerful than alternatives and 25% more efficient. 
> Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110824/a0e962c1/attachment.html>


More information about the Snort-users mailing list