Actions
Bug #5491
closedSMTP response 530 appears to generate an SMTP invalid response alert
Affected Versions:
Effort:
Difficulty:
Label:
Description
We have a public facing mail server and we see a lot of SMTP invalid reply alerts when it issues a response like:
530 5.7.0 Must issue a STARTTLS command first
221 2.0.0 Bye
Now, I suppose this is indication of a failed attempt to send mail through it, but it’s not really an “invalid reply” and it’s not unexpected.
Updated by Philippe Antoine about 1 year ago
Could you provide a pcap or a suricata-verify test for this ?
Updated by Philippe Antoine 6 months ago
- Subject changed from SMTP response 221 appears to generate an SMTP invalid response alert to SMTP response 530 appears to generate an SMTP invalid response alert
- Status changed from New to In Review
- Assignee changed from OISF Dev to Philippe Antoine
- Target version changed from TBD to 8.0.0-beta1
Updated by Philippe Antoine 6 months ago
- Related to Optimization #6821: smtp: add 535 code added
Updated by Philippe Antoine 4 months ago
- Status changed from In Review to Closed
Actions