Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 532 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS: False Positive on rule 12592

UrsWeiss
The rule with id 12592 produces false positives when sending mail from our SMTP server.

We have a Mail gateway which checks incomming mails (Postfix, Spamassassin, Clamd, Policyd). When the mail was scanned and wants to deliver the mail to the customer (which is running an Astaro) it is blocked by this rule.

Software is up to date: clamd-0.95.2-4

Pattern version: 10726

Error from Postfix:
(delivery temporarily suspended: conversation with customer.server.com[11.22.33.44] timed out while sending MAIL FROM)


Had to exclude this rule for the moment.


This thread was automatically locked due to age.
  • 0
    Hi,
    maybe we need a sticky where can put our failed IPS rules?

    I have one 1440 that interferes with my audiostreaming. I disabled it this morning my time. If I let iTunes fail to connect, eventually the IPS sub-system would recognise the it was not an attack and let the port through.

    Ian M[:)][:S]

    Anyone notice that when you disable a rule that has been detecting incidents that it disappears from the reports?