GEN:SID | 1:567 |
Message | POLICY SMTP relaying denied |
Summary | This event is generated when a failed attempt is made to use a Simple Mail Transfer Protocol (SMTP) server to relay mail to a third party.
|
Impact | Rejected of unauthorized use. This event indicates that an SMTP server is properly configured to reject mail relay attempts.
|
Detailed Information | An attacker may attempt to use an improperly configured SMTP server to relay mail, reflecting the origin of the mail to be the relay SMTP server instead of the actual sender. A poorly configured SMTP server may be used to relay spam and other undesirable mail. If an SMTP server rejects relay attempts, it will return an error message indicating the failure.
|
Affected Systems | SMTP servers
|
Attack Scenarios | An attacker may attempt to relay mail through an improperly configured SMTP server.
|
Ease of Attack | Simple
|
Corrective Action | Configure an SMTP server to reject relayed mail.
|
Additional References | Arachnids http://www.whitehats.com/info/IDS249
Miscellaneous http://mail-abuse.org/tsi/ar-fix.html
|
Rule References | arachnids: 249
url: mail-abuse.org/tsi/ar-fix.html
|