| GEN:SID | 1:567 |
| Message | POLICY SMTP relaying denied |
| Summary | This event is generated when a failed attempt is made to use a Simple Mail Transfer Protocol (SMTP) server to relay mail to a third party.
|
| Impact | Rejected of unauthorized use. This event indicates that an SMTP server is properly configured to reject mail relay attempts.
|
| Detailed Information | An attacker may attempt to use an improperly configured SMTP server to relay mail, reflecting the origin of the mail to be the relay SMTP server instead of the actual sender. A poorly configured SMTP server may be used to relay spam and other undesirable mail. If an SMTP server rejects relay attempts, it will return an error message indicating the failure.
|
| Affected Systems | SMTP servers
|
| Attack Scenarios | An attacker may attempt to relay mail through an improperly configured SMTP server.
|
| Ease of Attack | Simple
|
| Corrective Action | Configure an SMTP server to reject relayed mail.
|
| Additional References | Arachnids http://www.whitehats.com/info/IDS249
Miscellaneous http://mail-abuse.org/tsi/ar-fix.html
|
| Rule References | arachnids: 249
url: mail-abuse.org/tsi/ar-fix.html
|