> Try the IDS software for the pix. Seems like kind of a waste to me, though admittedly it's good to offload certain attack auditing tasks. The only notable attack signatures I could find are:
> 3101 Sendmail Invalid Recipient (Attack, Compound) > > Triggers on any mail message with a "pipe" (|) symbol in the > recipient field. > > 3102 Sendmail Invalid Sender (Attack, Compound) > > Triggers on any mail message with a "pipe" (|) symbol in the "From:" > field. > > 3103 Sendmail Reconnaissance (Attack, Compound) > > Triggers when "expn" or "vrfy" commands are issued to the SMTP port. Note to Ipswitch: these could all definitely be implemented as logging options within Imail (sort of an attack-level logging). -Sandy Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
