Project

General

Profile

Actions
Copy link

Bug #7709

open

pop3: Use version 8.0, configure pop3 port 110, and no emails can be received

Added by jun yuan about 1 month ago. Updated 6 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
OISF Dev
Target version:
9.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Remove all the rules and only one udp will be retained, and the email will not be received.

Files

Download all files
stop.pcapng (11.8 KB) stop.pcapng stop suricata jun yuan, 05/15/2025 12:23 AM
run.pcapng (3.55 KB) run.pcapng run suricata jun yuan, 05/15/2025 12:23 AM
Actions
Copy link
 #1

Updated by jun yuan about 1 month ago

Run in IPS mode

Actions
Copy link
 #2

Updated by jun yuan about 1 month ago

  • Priority changed from Normal to High
Actions
Copy link
 #3

Updated by Victor Julien about 1 month ago

  • Status changed from New to Feedback
  • Priority changed from High to Normal
  • Target version changed from 8.0.0 to 8.0.0-rc1

Please add more detail about the test setup, the expected results, the actual results.

If possible add a pcap based test case.

Actions
Copy link Download all files
 #4

Updated by jun yuan about 1 month ago ยท Edited

pc -- vm -- emailserver

vm run suricata in IPS mode
configure Pop3 port 110 to receive mail on PC

results:
suricata v6 Normal reception
suricata v8 Email not received

stop.pacpng means stop running suricata
run.pacpng means running suricata on vm

Actions
Copy link
 #5

Updated by jun yuan about 1 month ago

  • Assignee changed from OISF Dev to Victor Julien
Actions
Copy link
 #6

Updated by jun yuan about 1 month ago

suricata-7.0.10 Can collect emails normally

Actions
Copy link
 #7

Updated by jun yuan about 1 month ago

  • Priority changed from Normal to High
Actions
Copy link
 #8

Updated by jun yuan about 1 month ago

  • Assignee changed from Victor Julien to OISF Dev
Actions
Copy link
 #9

Updated by Victor Julien about 1 month ago

  • Priority changed from High to Normal

@jun yuan can you please leave the priority at normal. Priorities are set by the team.

Actions
Copy link
 #10

Updated by jun yuan 29 days ago

Victor Julien wrote in #note-9:

@jun yuan can you please leave the priority at normal. Priorities are set by the team.

ok.
Is there a solution to this problem?

Actions
Copy link
 #11

Updated by jun yuan 27 days ago

pop3: Use version 8.0, configure pop3 port 110, and no emails can be received
Is there any progress in this issue?

Actions
Copy link
 #12

Updated by jun yuan 21 days ago

  • File stop.pcapng added
  • File run.pcapng added

Victor Julien wrote in #note-3:

Please add more detail about the test setup, the expected results, the actual results.

If possible add a pcap based test case.

pop3: Use version 8.0, configure pop3 port 110, and no emails can be received
Is there any progress in this issue?

pc -- vm -- emailserver

vm run suricata in IPS mode
configure Pop3 port 110 to receive mail on PC

results:
suricata v6 Normal reception
suricata v8 Email not received

stop.pacpng means stop running suricata
run.pacpng means running suricata on vm

Actions
Copy link
 #13

Updated by Jeff Lucovsky 15 days ago

  • File deleted (run.pcapng)
Actions
Copy link
 #14

Updated by Jeff Lucovsky 15 days ago

  • File deleted (stop.pcapng)
Actions
Copy link
 #15

Updated by Jeff Lucovsky 15 days ago

I deleted the 2nd set of pcaps -- they are identical to the original set.

Actions
Copy link
 #16

Updated by Philippe Antoine 11 days ago

Maybe disabling pop3 parser in suricata.yaml may help

Actions
Copy link
 #17

Updated by Philippe Antoine 6 days ago

  • Target version changed from 8.0.0-rc1 to 9.0.0-beta1
Actions
Copy link

Also available in: Atom PDF