[Snortsam-discussion] snortsam not sending emails
Ondrej Pesta
ondrej.pesta at idc.cz
Fri Aug 28 02:55:05 EDT 2009
> Any error messages in snortsam.log? (like "Did not receive a response
> from mail server at 192.168.1.33" or such?)
>
> Snortsam just waits for the normal "220" banner from the mail server,
> says "HELO", waits for "250" status, and so on. Capture that mail
> session with ngrep and see where it fails. Perhaps Postfix is hanging
> trying to resolve your internal IP address? It could be that Snortsam is
> timing out before Postfix is timing out. The ngrep session capture of
> the mail session should tell you where the problem is.
>
Hi.
Unfortunately there is no message about mailing in snortsam.log. Even if
I have "loglevel 3" in snortsam.conf.
This is output from the ngrep:
########
T 192.168.1.33:25 -> 192.168.1.100:65120 [AP]
220 postfix.tld ESMTP
Postfix..
#
T 192.168.1.100:65120 -> 192.168.1.33:25 [AP]
HELO
snortsam.tld..
#
T 192.168.1.33:25 -> 192.168.1.100:65120 [AP]
250
postfix.tld..
Ondrej
More information about the Snortsam-discussion
mailing list