Legitimate email is being blocked by the IPS:
The email is stuck in the SMTP Spool, and keeps trying to resend it.
Any suggestions on how to fix this?
Should I just put an exception in for this rule?
Doesn't sound like a safe solution, long-term.
Running 8.307 (waiting for HA version of release 9!)
Thanks,
James.
Quote:
|
Message........: SMTP Content-Transfer-Encoding overflow attempt Details........: Snort :: Time...........: 2012:11:23-11:41:00 Packet dropped.: yes Priority.......: high Classification.: Attempted Administrator Privilege Gain IP protocol....: 6 (TCP) Source IP address: 192.168.1.2 (astaro1) |
Any suggestions on how to fix this?
Should I just put an exception in for this rule?
Doesn't sound like a safe solution, long-term.
Running 8.307 (waiting for HA version of release 9!)
Thanks,
James.