zeek/scripts/base/protocols/smtp at 2c5b5bb41f446d00664506d446ea09ac0015f7f8 - Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00

History

Arne Welzel b8dc6ad120 smtp: Validate mail transaction and disable SMTP analyzer if excessive An invalid mail transaction is determined as * RCPT TO command without a preceding MAIL FROM * a DATA command without a preceding RCPT TO and logged as a weird. The testing pcap for invalid mail transactions was produced with a Python script against a local exim4 configured to accept more errors and unknown commands than 3 by default: # exim4.conf.template smtp_max_synprot_errors = 100 smtp_max_unknown_commands = 100 See also: https://www.rfc-editor.org/rfc/rfc5321#section-3.3		2023-03-27 18:41:47 +02:00
..
__load__.zeek	Rename all scripts to have ".zeek" file extension	2019-04-11 21:12:40 -05:00
dpd.sig	Added a missing curly brace in smtp/dpd.sig	2013-07-09 22:57:36 -04:00
entities.zeek	{http,smtp}/entities: Align header regexes with extract_filename_from_content_disposition()	2022-11-08 16:45:25 -07:00
files.zeek	scripts: Migrate table iteration to blank identifiers	2022-10-24 10:36:09 +02:00
main.zeek	smtp: Validate mail transaction and disable SMTP analyzer if excessive	2023-03-27 18:41:47 +02:00
README	Add README files for base/protocols	2013-10-17 12:47:32 -05:00

Support for Simple Mail Transfer Protocol (SMTP) analysis.