Project

General

Profile

Actions
Copy link

Bug #7709

open

pop3: Use version 8.0, configure pop3 port 110, and no emails can be received

Added by jun yuan 4 months ago. Updated about 8 hours ago.

Status:
In Progress
Priority:
Normal
Assignee:
OISF Dev
Target version:
9.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Remove all the rules and only one udp will be retained, and the email will not be received.

Files

Download all files
stop.pcapng (11.8 KB) stop.pcapng stop suricata jun yuan, 05/15/2025 12:23 AM
run.pcapng (3.55 KB) run.pcapng run suricata jun yuan, 05/15/2025 12:23 AM
Actions
Copy link
 #1

Updated by jun yuan 4 months ago

Run in IPS mode

Actions
Copy link
 #2

Updated by jun yuan 4 months ago

  • Priority changed from Normal to High
Actions
Copy link
 #3

Updated by Victor Julien 4 months ago

  • Status changed from New to Feedback
  • Priority changed from High to Normal
  • Target version changed from 8.0.0 to 8.0.0-rc1

Please add more detail about the test setup, the expected results, the actual results.

If possible add a pcap based test case.

Actions
Copy link Download all files
 #4

Updated by jun yuan 4 months ago ยท Edited

pc -- vm -- emailserver

vm run suricata in IPS mode
configure Pop3 port 110 to receive mail on PC

results:
suricata v6 Normal reception
suricata v8 Email not received

stop.pacpng means stop running suricata
run.pacpng means running suricata on vm

Actions
Copy link
 #5

Updated by jun yuan 4 months ago

  • Assignee changed from OISF Dev to Victor Julien
Actions
Copy link
 #6

Updated by jun yuan 4 months ago

suricata-7.0.10 Can collect emails normally

Actions
Copy link
 #7

Updated by jun yuan 3 months ago

  • Priority changed from Normal to High
Actions
Copy link
 #8

Updated by jun yuan 3 months ago

  • Assignee changed from Victor Julien to OISF Dev
Actions
Copy link
 #9

Updated by Victor Julien 3 months ago

  • Priority changed from High to Normal

@jun yuan can you please leave the priority at normal. Priorities are set by the team.

Actions
Copy link
 #10

Updated by jun yuan 3 months ago

Victor Julien wrote in #note-9:

@jun yuan can you please leave the priority at normal. Priorities are set by the team.

ok.
Is there a solution to this problem?

Actions
Copy link
 #11

Updated by jun yuan 3 months ago

pop3: Use version 8.0, configure pop3 port 110, and no emails can be received
Is there any progress in this issue?

Actions
Copy link
 #12

Updated by jun yuan 3 months ago

  • File stop.pcapng added
  • File run.pcapng added

Victor Julien wrote in #note-3:

Please add more detail about the test setup, the expected results, the actual results.

If possible add a pcap based test case.

pop3: Use version 8.0, configure pop3 port 110, and no emails can be received
Is there any progress in this issue?

pc -- vm -- emailserver

vm run suricata in IPS mode
configure Pop3 port 110 to receive mail on PC

results:
suricata v6 Normal reception
suricata v8 Email not received

stop.pacpng means stop running suricata
run.pacpng means running suricata on vm

Actions
Copy link
 #13

Updated by Jeff Lucovsky 3 months ago

  • File deleted (run.pcapng)
Actions
Copy link
 #14

Updated by Jeff Lucovsky 3 months ago

  • File deleted (stop.pcapng)
Actions
Copy link
 #15

Updated by Jeff Lucovsky 3 months ago

I deleted the 2nd set of pcaps -- they are identical to the original set.

Actions
Copy link
 #16

Updated by Philippe Antoine 3 months ago

Maybe disabling pop3 parser in suricata.yaml may help

Actions
Copy link
 #17

Updated by Philippe Antoine 3 months ago

  • Target version changed from 8.0.0-rc1 to 9.0.0-beta1
Actions
Copy link
 #18

Updated by jun yuan about 2 months ago

  • Status changed from Feedback to Rejected
Actions
Copy link
 #19

Updated by jun yuan 18 days ago

  • Status changed from Rejected to In Progress
Actions
Copy link
 #20

Updated by Philippe Antoine about 8 hours ago

Why did you set to in progress ? Are you working on it ?

Actions
Copy link

Also available in: Atom PDF