Bug #5491
closed
smtp: response 530 appears to generate an invalid response alert
Added by Orion Poplawski over 2 years ago.
Updated 19 days ago.
Description
We have a public facing mail server and we see a lot of SMTP invalid reply alerts when it issues a response like:
530 5.7.0 Must issue a STARTTLS command first
221 2.0.0 Bye
Now, I suppose this is indication of a failed attempt to send mail through it, but it’s not really an “invalid reply” and it’s not unexpected.
Could you provide a pcap or a suricata-verify test for this ?
- Subject changed from SMTP response 221 appears to generate an SMTP invalid response alert to SMTP response 530 appears to generate an SMTP invalid response alert
- Status changed from New to In Review
- Assignee changed from OISF Dev to Philippe Antoine
- Target version changed from TBD to 8.0.0-beta1
- Status changed from In Review to Closed
- Subject changed from SMTP response 530 appears to generate an SMTP invalid response alert to smtp: response 530 appears to generate an invalid response alert
Also available in: Atom
PDF