Hi Rodrigo,

WOW! Work fine.. thanks a lot!

Il giorno martedì 19 gennaio 2016 18:38:15 UTC+1, Giorgio Biondi ha scritto:
>
> Hi,
>
> on my linux box have some attack via smtp/saslauthd but ossec don't block 
> attacker via 'active-response' because don't have rules suitable.
> I have think to create new rules, but don't have skill to build, so ask 
> for help.
>
> I want block attacker when read this in the maillog file:
>
> /var/log/maillog:Jan 19 17:58:40 tech2srv12 sendmail[24741]: 
> u0JGwbD8024741: xxx-xxx-x-xx.xxx.xxxxxx.xxx [ip.add.rre.ss] did not issue 
> MAIL/EXPN/VRFY/ETRN during connection to MTA
>
> I want block ip address when ossec read (for example) "did not issue 
> MAIL/EXPN/VRFY/ETRN during" 
>
> I hope in you..
>
> All the best 
>
> Giorgio Biondi.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to