Project

General

Profile

Actions
Copy link

Bug #7709

open

pop3: Use version 8.0, configure pop3 port 110, and no emails can be received

Added by jun yuan about 2 months ago. Updated about 1 month ago.

Status:
Feedback
Priority:
Normal
Assignee:
OISF Dev
Target version:
9.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Remove all the rules and only one udp will be retained, and the email will not be received.

Files

Download all files
stop.pcapng (11.8 KB) stop.pcapng stop suricata jun yuan, 05/15/2025 12:23 AM
run.pcapng (3.55 KB) run.pcapng run suricata jun yuan, 05/15/2025 12:23 AM
Actions
Copy link
 #1

Updated by jun yuan about 2 months ago

Run in IPS mode

Actions
Copy link
 #2

Updated by jun yuan about 2 months ago

  • Priority changed from Normal to High
Actions
Copy link
 #3

Updated by Victor Julien about 2 months ago

  • Status changed from New to Feedback
  • Priority changed from High to Normal
  • Target version changed from 8.0.0 to 8.0.0-rc1

Please add more detail about the test setup, the expected results, the actual results.

If possible add a pcap based test case.

Actions
Copy link Download all files
 #4

Updated by jun yuan about 2 months ago ยท Edited

pc -- vm -- emailserver

vm run suricata in IPS mode
configure Pop3 port 110 to receive mail on PC

results:
suricata v6 Normal reception
suricata v8 Email not received

stop.pacpng means stop running suricata
run.pacpng means running suricata on vm

Actions
Copy link
 #5

Updated by jun yuan about 2 months ago

  • Assignee changed from OISF Dev to Victor Julien
Actions
Copy link
 #6

Updated by jun yuan about 2 months ago

suricata-7.0.10 Can collect emails normally

Actions
Copy link
 #7

Updated by jun yuan about 2 months ago

  • Priority changed from Normal to High
Actions
Copy link
 #8

Updated by jun yuan about 2 months ago

  • Assignee changed from Victor Julien to OISF Dev
Actions
Copy link
 #9

Updated by Victor Julien about 2 months ago

  • Priority changed from High to Normal

@jun yuan can you please leave the priority at normal. Priorities are set by the team.

Actions
Copy link
 #10

Updated by jun yuan about 2 months ago

Victor Julien wrote in #note-9:

@jun yuan can you please leave the priority at normal. Priorities are set by the team.

ok.
Is there a solution to this problem?

Actions
Copy link
 #11

Updated by jun yuan about 2 months ago

pop3: Use version 8.0, configure pop3 port 110, and no emails can be received
Is there any progress in this issue?

Actions
Copy link
 #12

Updated by jun yuan about 2 months ago

  • File stop.pcapng added
  • File run.pcapng added

Victor Julien wrote in #note-3:

Please add more detail about the test setup, the expected results, the actual results.

If possible add a pcap based test case.

pop3: Use version 8.0, configure pop3 port 110, and no emails can be received
Is there any progress in this issue?

pc -- vm -- emailserver

vm run suricata in IPS mode
configure Pop3 port 110 to receive mail on PC

results:
suricata v6 Normal reception
suricata v8 Email not received

stop.pacpng means stop running suricata
run.pacpng means running suricata on vm

Actions
Copy link
 #13

Updated by Jeff Lucovsky about 1 month ago

  • File deleted (run.pcapng)
Actions
Copy link
 #14

Updated by Jeff Lucovsky about 1 month ago

  • File deleted (stop.pcapng)
Actions
Copy link
 #15

Updated by Jeff Lucovsky about 1 month ago

I deleted the 2nd set of pcaps -- they are identical to the original set.

Actions
Copy link
 #16

Updated by Philippe Antoine about 1 month ago

Maybe disabling pop3 parser in suricata.yaml may help

Actions
Copy link
 #17

Updated by Philippe Antoine about 1 month ago

  • Target version changed from 8.0.0-rc1 to 9.0.0-beta1
Actions
Copy link

Also available in: Atom PDF