Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/scripts/base/protocols/smtp
History
Arne Welzel b8dc6ad120 smtp: Validate mail transaction and disable SMTP analyzer if excessive 
An invalid mail transaction is determined as

* RCPT TO command without a preceding MAIL FROM
* a DATA command without a preceding RCPT TO

and logged as a weird.

The testing pcap for invalid mail transactions was produced with a Python
script against a local exim4 configured to accept more errors and unknown
commands than 3 by default:

    # exim4.conf.template
    smtp_max_synprot_errors = 100
    smtp_max_unknown_commands = 100

See also: https://www.rfc-editor.org/rfc/rfc5321#section-3.3
2023-03-27 18:41:47 +02:00
..
attachment-msg.test GH-1352: Added flag to stop processing SMTP headers in attached 2021-01-21 14:55:10 -05:00
attachment.test GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
basic.test General btest cleanup 2020-08-11 11:26:22 -07:00
mail-transactions-invalid-disable-analyzer.zeek smtp: Validate mail transaction and disable SMTP analyzer if excessive 2023-03-27 18:41:47 +02:00
mail-transactions-invalid.zeek smtp: Validate mail transaction and disable SMTP analyzer if excessive 2023-03-27 18:41:47 +02:00
mime-all-headers-event.zeek Add tests for {http,mime}_all_headers events 2019-08-13 11:28:00 -07:00
one-side.test General btest cleanup 2020-08-11 11:26:22 -07:00
starttls.test General btest cleanup 2020-08-11 11:26:22 -07:00