Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 20:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/scripts/base
History
Arne Welzel b8dc6ad120 smtp: Validate mail transaction and disable SMTP analyzer if excessive 
An invalid mail transaction is determined as

* RCPT TO command without a preceding MAIL FROM
* a DATA command without a preceding RCPT TO

and logged as a weird.

The testing pcap for invalid mail transactions was produced with a Python
script against a local exim4 configured to accept more errors and unknown
commands than 3 by default:

    # exim4.conf.template
    smtp_max_synprot_errors = 100
    smtp_max_unknown_commands = 100

See also: https://www.rfc-editor.org/rfc/rfc5321#section-3.3
2023-03-27 18:41:47 +02:00
..
files Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
frameworks smtp: Validate mail transaction and disable SMTP analyzer if excessive 2023-03-27 18:41:47 +02:00
misc annotate base scripts with &is_used as needed 2022-05-26 17:39:17 -07:00
packet-protocols Use a default analyzer 2023-02-16 19:39:27 -07:00
protocols smtp: Validate mail transaction and disable SMTP analyzer if excessive 2023-03-27 18:41:47 +02:00
utils Treat private address space as site-local by default 2023-03-15 17:01:00 -07:00
init-bare.zeek RunState: Implement forward_network_time_if_applicable() 2023-03-23 12:40:39 +01:00
init-default.zeek Provide infrastructure to migrate legacy analyzers to Spicy. 2023-02-01 11:33:48 +01:00
init-frameworks-and-bifs.zeek analyzer: Add analyzer.log for logging violations/confirmations 2023-01-09 18:11:49 +01:00
init-supervisor.zeek Establish a separate init script when using the supervisor 2021-07-08 13:12:53 -07:00