HIDS 3901

From Atomicorp Wiki
Revision as of 10:45, 8 October 2015 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Rule 3901
Status Active
Information Message New courier (imap/pop3) connection.

Contents

Description

This event does not block anything and is not caused by ASL.

This rule simply reports when a courier imap or pop3 connection has occurred. It does not block anything.

Details

This rule is designed to report when an imap or pop3 connection has occurred. It does not block anything and is simply a log message.

ASL merely reports when this occurs. If your pop or imap server is denying access to a user, this rule is not causing it. Please contact your courier server vendor for assistance with this issue.

ASL does not block and will not shun, by default, on these events however if you wish to have ASL shun an IP address on these events please see the Tuning Advice section below.

Disabling this rule will not prevent your imap or pop3 server from reporting access. It will simply "silence" the alert in ASL, however your pop or imap server will continue to record these events. We do not recommend you disable this rule.

Troubleshooting

False Positives

None. This rule does not block anything. ASL merely reports access attempts to courier pop3 or imap servers.

Tuning Guidance

If you wish to shun on these alerts, just set Active Response in the ASL rule manager for rule 3901 to "yes".

Disabling this rule will not prevent your courier server from logging access events. It will simply "silence" the alert in ASL. Your courier server will continue to log these events. We do not recommend you disable this rule.

If you do not wish to see this alert, just set it to a lower level that the default in the ASL gui. Byt default the level is 3.

This rule also does not send email alerts by default.

Additional Information

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Example log messages

Oct 8 11:37:08 plesk3 courier-pop3d: Connection, ip=[::ffff:223.206.246.224]

Personal tools