Bug #7709
openpop3: Use version 8.0, configure pop3 port 110, and no emails can be received
Description
Remove all the rules and only one udp will be retained, and the email will not be received.
Files
Updated by Victor Julien 4 months ago
- Status changed from New to Feedback
- Priority changed from High to Normal
- Target version changed from 8.0.0 to 8.0.0-rc1
Please add more detail about the test setup, the expected results, the actual results.
If possible add a pcap based test case.
Updated by jun yuan 4 months ago ยท Edited
- File stop.pcapng stop.pcapng added
- File run.pcapng run.pcapng added
pc -- vm -- emailserver
vm run suricata in IPS mode
configure Pop3 port 110 to receive mail on PC
results:
suricata v6 Normal reception
suricata v8 Email not received
stop.pacpng means stop running suricata
run.pacpng means running suricata on vm
Updated by Victor Julien 4 months ago
- Priority changed from High to Normal
@jun yuan can you please leave the priority at normal. Priorities are set by the team.
Updated by jun yuan 4 months ago
- File stop.pcapng added
- File run.pcapng added
Victor Julien wrote in #note-3:
Please add more detail about the test setup, the expected results, the actual results.
If possible add a pcap based test case.
pop3: Use version 8.0, configure pop3 port 110, and no emails can be received
Is there any progress in this issue?
pc -- vm -- emailserver
vm run suricata in IPS mode
configure Pop3 port 110 to receive mail on PC
results:
suricata v6 Normal reception
suricata v8 Email not received
stop.pacpng means stop running suricata
run.pacpng means running suricata on vm
Updated by Jeff Lucovsky 4 months ago
I deleted the 2nd set of pcaps -- they are identical to the original set.
Updated by Philippe Antoine 4 months ago
Maybe disabling pop3 parser in suricata.yaml may help
Updated by Philippe Antoine 3 months ago
- Target version changed from 8.0.0-rc1 to 9.0.0-beta1
Updated by jun yuan about 1 month ago
- Status changed from Rejected to In Progress
Updated by Philippe Antoine 21 days ago
Why did you set to in progress ? Are you working on it ?
Updated by Philippe Antoine 14 days ago
- Affected Versions 8.0.0 added
Ok, I see the bug stop.pcapng has an app-layer-parser error on the pop3 traffic see jq .stats.app_layer.error.pop3 log/eve.json
Updated by jun yuan 10 days ago
- Status changed from In Progress to Feedback
Philippe Antoine wrote in #note-21:
Ok, I see the bug stop.pcapng has an app-layer-parser error on the pop3 traffic see
jq .stats.app_layer.error.pop3 log/eve.json
I have temporarily modified it using this method:
https://github.com/OISF/suricata/pull/9500/commits/1fe1af99c2200ff9947cf47d504b015e57b84a3b
Updated by Philippe Antoine 4 days ago
- Status changed from Feedback to Assigned