Hosting Provided By

[Snort-sigs] How detect relaying with qmail and snort ?

From: <r2d2r4(at)crusoecids.dyndns.org>
Date: Wed May 28 2003 - 12:49:03 EDT

Hi,

I test snort 191b234 and 200b072,

and qmail103 ...

I run relaying test with abuse.net,

but snort not event this test,

Snort not have relaying rule with qmail,

I add this rule on smtp.rules and snort detect relaying with qmail :

alert tcp $SMTP_SERVERS 25 -> $ANY any (msg:"POLICY SMTP relaying denied"; flow: established,from_server; content: "553 sorry, that domain isn't in my list of al lowed rcpthosts"; depth:70; reference:url,mail-abuse.org/tsi/ar-fix.html; classt ype:misc-activity; )

Do you need help?

Please cc me to your answers.

Regard.

This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Thu May 29 09:04:01 2003

This message: [ Message body ]
Next message: daniel.clemens: "Re: [Snort-sigs] How detect relaying with qmail and snort ?"
Previous message: Nate Haggard: "[Snort-sigs] Re: Signatures related to POP3 overflow attempt"
Next in thread: daniel.clemens: "Re: [Snort-sigs] How detect relaying with qmail and snort ?"
Reply: daniel.clemens: "Re: [Snort-sigs] How detect relaying with qmail and snort ?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:29 EDT