Project

General

Profile

Actions
Copy link

Bug #5491

closed

SMTP response 530 appears to generate an SMTP invalid response alert

Added by Orion Poplawski almost 2 years ago. Updated 8 days ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
8.0.0-beta1
Affected Versions:
6.0.4
Effort:
Difficulty:
Label:

Description

We have a public facing mail server and we see a lot of SMTP invalid reply alerts when it issues a response like:

530 5.7.0 Must issue a STARTTLS command first
221 2.0.0 Bye

Now, I suppose this is indication of a failed attempt to send mail through it, but it’s not really an “invalid reply” and it’s not unexpected.

Related issues 1 (0 open1 closed)

Related to Suricata - Optimization #6821: smtp: add 535 codeClosedPhilippe AntoineActions
Actions
Copy link
 #1

Updated by Philippe Antoine 9 months ago

Could you provide a pcap or a suricata-verify test for this ?

Actions
Copy link
 #2

Updated by Philippe Antoine about 2 months ago

  • Subject changed from SMTP response 221 appears to generate an SMTP invalid response alert to SMTP response 530 appears to generate an SMTP invalid response alert
  • Status changed from New to In Review
  • Assignee changed from OISF Dev to Philippe Antoine
  • Target version changed from TBD to 8.0.0-beta1
Actions
Copy link
 #3

Updated by Philippe Antoine about 2 months ago

Actions
Copy link
 #4

Updated by Philippe Antoine 8 days ago

  • Status changed from In Review to Closed
Actions
Copy link

Also available in: Atom PDF