Hi Rodrigo, WOW! Work fine.. thanks a lot!
Il giorno martedì 19 gennaio 2016 18:38:15 UTC+1, Giorgio Biondi ha scritto: > > Hi, > > on my linux box have some attack via smtp/saslauthd but ossec don't block > attacker via 'active-response' because don't have rules suitable. > I have think to create new rules, but don't have skill to build, so ask > for help. > > I want block attacker when read this in the maillog file: > > /var/log/maillog:Jan 19 17:58:40 tech2srv12 sendmail[24741]: > u0JGwbD8024741: xxx-xxx-x-xx.xxx.xxxxxx.xxx [ip.add.rre.ss] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > > I want block ip address when ossec read (for example) "did not issue > MAIL/EXPN/VRFY/ETRN during" > > I hope in you.. > > All the best > > Giorgio Biondi. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
