Hi, on my linux box have some attack via smtp/saslauthd but ossec don't block attacker via 'active-response' because don't have rules suitable. I have think to create new rules, but don't have skill to build, so ask for help.
I want block attacker when read this in the maillog file: /var/log/maillog:Jan 19 17:58:40 tech2srv12 sendmail[24741]: u0JGwbD8024741: xxx-xxx-x-xx.xxx.xxxxxx.xxx [ip.add.rre.ss] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA I want block ip address when ossec read (for example) "did not issue MAIL/EXPN/VRFY/ETRN during" I hope in you.. All the best Giorgio Biondi. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
