This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS blocking email

Legitimate email is being blocked by the IPS:

Message........: SMTP Content-Transfer-Encoding overflow attempt
Details........: Snort ::
Time...........: 2012:11:23-11:41:00
Packet dropped.: yes
Priority.......: high
Classification.: Attempted Administrator Privilege Gain
IP protocol....: 6 (TCP)

Source IP address: 192.168.1.2 (astaro1)

The email is stuck in the SMTP Spool, and keeps trying to resend it.

Any suggestions on how to fix this?

Should I just put an exception in for this rule?

Doesn't sound like a safe solution, long-term.

Running 8.307 (waiting for HA version of release 9!)

Thanks,

James.

This thread was automatically locked due to age.

Parents

0 BAlfson over 12 years ago

I'm not seeing this anywhere else, James. I'd be surprised if your server is one of the unpatched Sendmail versions mentioned, so you probably could turn that rule off. Can you confirm that your mail server is listed on the 'Advanced' tab?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 12 years ago

I'm not seeing this anywhere else, James. I'd be surprised if your server is one of the unpatched Sendmail versions mentioned, so you probably could turn that rule off. Can you confirm that your mail server is listed on the 'Advanced' tab?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data