6.3.8. SMTP Log Receiver for IDP
Events
When this IDP Rule has been created, an action must also be created, specifying what signatures the IDP should
use when scanning data matching the IDP Rule, and what NetDefendOS should do in case an intrusion is dis-
covered. Intrusion attempts should cause the connection to be dropped, so Action is set to Protect. Severity is
set to Attack, in order to match all SMTP attacks. Signatures is set to IPS_MAIL_SMTP in order to use signa-
tures that describe attacks from the external network, dealing with the SMTP protocol.
1.
Go to IDP > IDP Rules > IDPMailSrvRule > Add > IDP Rule Action
2.
Now enter:
•
Action: Protect
•
Severity: All
•
Signatures: IPS_MAIL_SMTP
•
Click OK
In summary, the following will occur: If traffic from the external network to the mail server occurs, IDP will be activ-
ated. If traffic matches any of the signatures in the IPS_MAIL_SMTP signature group, the connection will be
dropped, thus protecting the mail server.
134
Chapter 6. Security Mechanisms