Actions
Bug #5491
openSMTP response 221 appears to generate an SMTP invalid response alert
Affected Versions:
Effort:
Difficulty:
Label:
Description
We have a public facing mail server and we see a lot of SMTP invalid reply alerts when it issues a response like:
530 5.7.0 Must issue a STARTTLS command first
221 2.0.0 Bye
Now, I suppose this is indication of a failed attempt to send mail through it, but it’s not really an “invalid reply” and it’s not unexpected.
Updated by Philippe Antoine 6 months ago
Could you provide a pcap or a suricata-verify test for this ?
Actions