Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:567 |
Message | POLICY SMTP relaying denied |
Summary | This event is generated when a failed attempt is made to use a Simple Mail Transfer Protocol (SMTP) server to relay mail to a third party. |
Impact | Rejected of unauthorized use. This event indicates that an SMTP server is properly configured to reject mail relay attempts. |
Detailed Information | An attacker may attempt to use an improperly configured SMTP server to relay mail, reflecting the origin of the mail to be the relay SMTP server instead of the actual sender. A poorly configured SMTP server may be used to relay spam and other undesirable mail. If an SMTP server rejects relay attempts, it will return an error message indicating the failure. |
Affected Systems | SMTP servers |
Attack Scenarios | An attacker may attempt to relay mail through an improperly configured SMTP server. |
Ease of Attack | Simple |
Corrective Action | Configure an SMTP server to reject relayed mail. |
Additional References | Arachnids http://www.whitehats.com/info/IDS249 Miscellaneous http://mail-abuse.org/tsi/ar-fix.html |
Rule References | arachnids: 249 url: mail-abuse.org/tsi/ar-fix.html |
--
DID:560498
--
http://www.aanval.com/