HIDS 3901
Rule 3901 | |
---|---|
Status | Active |
Information Message | New courier (imap/pop3) connection. |
Contents |
[edit] Description
This event does not block anything and is not caused by ASL.
This rule simply reports when a courier imap or pop3 connection has occurred. It does not block anything.
[edit] Details
This rule is designed to report when an imap or pop3 connection has occurred. It does not block anything and is simply a log message.
ASL merely reports when this occurs. If your pop or imap server is denying access to a user, this rule is not causing it. Please contact your courier server vendor for assistance with this issue.
ASL does not block and will not shun, by default, on these events however if you wish to have ASL shun an IP address on these events please see the Tuning Advice section below.
Disabling this rule will not prevent your imap or pop3 server from reporting access. It will simply "silence" the alert in ASL, however your pop or imap server will continue to record these events. We do not recommend you disable this rule.
[edit] Troubleshooting
[edit] False Positives
None. This rule does not block anything. ASL merely reports access attempts to courier pop3 or imap servers.
[edit] Tuning Guidance
If you wish to shun on these alerts, just set Active Response in the ASL rule manager for rule 3901 to "yes".
Disabling this rule will not prevent your courier server from logging access events. It will simply "silence" the alert in ASL. Your courier server will continue to log these events. We do not recommend you disable this rule.
If you do not wish to see this alert, just set it to a lower level that the default in the ASL gui. Byt default the level is 3.
This rule also does not send email alerts by default.
[edit] Additional Information
[edit] Similar Rules
None.
[edit] Knowledge Base Articles
None.
[edit] Outside References
None.
[edit] Example log messages
Oct 8 11:37:08 plesk3 courier-pop3d: Connection, ip=[::ffff:223.206.246.224]