Bug #7709
openpop3: Use version 8.0, configure pop3 port 110, and no emails can be received
Added by jun yuan about 2 months ago. Updated about 1 month ago.
Description
Remove all the rules and only one udp will be retained, and the email will not be received.
Files
| stop.pcapng (11.8 KB) stop.pcapng | stop suricata | jun yuan, 05/15/2025 12:23 AM | |
| run.pcapng (3.55 KB) run.pcapng | run suricata | jun yuan, 05/15/2025 12:23 AM |
Updated by Victor Julien about 2 months ago
- Status changed from New to Feedback
- Priority changed from High to Normal
- Target version changed from 8.0.0 to 8.0.0-rc1
Please add more detail about the test setup, the expected results, the actual results.
If possible add a pcap based test case.
Updated by jun yuan about 2 months ago ยท Edited
- File stop.pcapng stop.pcapng added
- File run.pcapng run.pcapng added
pc -- vm -- emailserver
vm run suricata in IPS mode
configure Pop3 port 110 to receive mail on PC
results:
suricata v6 Normal reception
suricata v8 Email not received
stop.pacpng means stop running suricata
run.pacpng means running suricata on vm
Updated by jun yuan about 2 months ago
- Assignee changed from OISF Dev to Victor Julien
Updated by jun yuan about 2 months ago
suricata-7.0.10 Can collect emails normally
Updated by jun yuan about 2 months ago
- Assignee changed from Victor Julien to OISF Dev
Updated by Victor Julien about 2 months ago
- Priority changed from High to Normal
@jun yuan can you please leave the priority at normal. Priorities are set by the team.
Updated by jun yuan about 2 months ago
pop3: Use version 8.0, configure pop3 port 110, and no emails can be received
Is there any progress in this issue?
Updated by jun yuan about 2 months ago
- File stop.pcapng added
- File run.pcapng added
Victor Julien wrote in #note-3:
Please add more detail about the test setup, the expected results, the actual results.
If possible add a pcap based test case.
pop3: Use version 8.0, configure pop3 port 110, and no emails can be received
Is there any progress in this issue?
pc -- vm -- emailserver
vm run suricata in IPS mode
configure Pop3 port 110 to receive mail on PC
results:
suricata v6 Normal reception
suricata v8 Email not received
stop.pacpng means stop running suricata
run.pacpng means running suricata on vm
Updated by Jeff Lucovsky about 1 month ago
I deleted the 2nd set of pcaps -- they are identical to the original set.
Updated by Philippe Antoine about 1 month ago
Maybe disabling pop3 parser in suricata.yaml may help
Updated by Philippe Antoine about 1 month ago
- Target version changed from 8.0.0-rc1 to 9.0.0-beta1