[Oisf-users] Block Spammer

Mesra.net CEO admin at mesra.my
Sun Sep 17 15:51:03 UTC 2017

Dear All,

To block spammer by mail subject or contents, i’m using below rules:

drop tcp any any -> any [25,143,465,587,993] (msg:"***** SPAMMER *****"; dsize:>0; content:"Sample Greeting"; sid:10000; rev:1;)

And i found on my mail server the email send by spammer similar with content:"Sample Greeting"; are not reach the receipent, But on mail server log i still found the attacker IP are still get connected to SMTP services and that make my SMTP services are going high, so how can i make the attacker are didnt reach at all to SMTP services ?

Please help. TQ so much

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170917/af0b2b5d/attachment.html>

More information about the Oisf-users mailing list