Bug #7709
closedpop3: Use version 8.0, configure pop3 port 110, and no emails can be received
Description
Remove all the rules and only one udp will be retained, and the email will not be received.
Files
Updated by Victor Julien 3 months ago
- Status changed from New to Feedback
- Priority changed from High to Normal
- Target version changed from 8.0.0 to 8.0.0-rc1
Please add more detail about the test setup, the expected results, the actual results.
If possible add a pcap based test case.
Updated by jun yuan 3 months ago ยท Edited
- File stop.pcapng stop.pcapng added
- File run.pcapng run.pcapng added
pc -- vm -- emailserver
vm run suricata in IPS mode
configure Pop3 port 110 to receive mail on PC
results:
suricata v6 Normal reception
suricata v8 Email not received
stop.pacpng means stop running suricata
run.pacpng means running suricata on vm
Updated by Victor Julien 3 months ago
- Priority changed from High to Normal
@jun yuan can you please leave the priority at normal. Priorities are set by the team.
Updated by jun yuan 2 months ago
- File stop.pcapng added
- File run.pcapng added
Victor Julien wrote in #note-3:
Please add more detail about the test setup, the expected results, the actual results.
If possible add a pcap based test case.
pop3: Use version 8.0, configure pop3 port 110, and no emails can be received
Is there any progress in this issue?
pc -- vm -- emailserver
vm run suricata in IPS mode
configure Pop3 port 110 to receive mail on PC
results:
suricata v6 Normal reception
suricata v8 Email not received
stop.pacpng means stop running suricata
run.pacpng means running suricata on vm
Updated by Jeff Lucovsky 2 months ago
I deleted the 2nd set of pcaps -- they are identical to the original set.
Updated by Philippe Antoine about 2 months ago
Maybe disabling pop3 parser in suricata.yaml may help
Updated by Philippe Antoine about 2 months ago
- Target version changed from 8.0.0-rc1 to 9.0.0-beta1