[Oisf-users] Problem in storing SMTP Mails
praveen gupta
gsf_410 at rediffmail.com
Fri Feb 21 08:53:20 UTC 2020
Hi Guys,
I want to store the mail being sent by thunderbird over smtp.
I have modified suricata-5.0.2/build/etc/suricata/suricata.yaml file by enabling filestore and setting filestore dir. Have also enabled smtp. Created the files.rules file. And provided the path to magic-file.
Have configured iptables as:
iptables -t mangle -F
iptables -t nat -F PREROUTING
iptables -F
iptables -A INPUT -j NFQUEUE --queue-num 12
iptables -A OUTPUT -j NFQUEUE --queue-num 12
To start suricata I am doing `./build/bin/suricata -q 12`
The mentioned files can be found here:
suricata-5.0.2/build/etc/suricata/suricata.yaml -> https://paste.debian.net/1131243/
suricata-5.0.2/build/var/lib/suricata/rules/files.rules -> https://paste.debian.net/1131244/
I am getting alerts about the smtp transfer in fast.log but the email is not getting stored. What am I missing here ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200221/b685b992/attachment.html>
More information about the Oisf-users
mailing list