local_mail_addr : pattern
Email addresses matching this pattern are considered to be local. This is used to detect relaying.
smtp_log : file
The file into which SMTP-related alerts are written.
smtp_sessions : table[conn_id] of smtp_session_info
A table of smtp_session_info
records tracking SMTP-related
state for a given connection.
process_smtp_relay : bool
If true (default = F), processing is done to check for mail relaying.
Note: This variable isconst
, so may only be changed viaredef
.type smtp_session_info: record { id: count; connection_id: conn_id; external_orig: bool; in_data: bool; num_cmds: count; num_replies: count; cmds: smtp_cmd_info_list; in_header: bool; keep_current_header: bool; # a hack till MIME rewriter is ready recipients: string; subject: string; content_hash: string; num_lines_in_body: count; # lines in RFC 822 body before MIME decoding num_bytes_in_body: count; # bytes in entity bodies after MIME decoding content_gap: bool; # whether there is content gap in conversation relay_1_rcpt: string; # external recipients relay_2_from: count; # session id of same recipient relay_2_to: count; relay_3_from: count; # session id of same msg id relay_3_to: count; relay_4_from: count; # session id of same content hash relay_4_to: count; };
smtp_legal_cmds : set[string]
The set of allowed SMTP commands (not currently used). Fixme: Is it used somewhere?
smtp_hot_cmds : table[string] of pattern
If an SMTP command matching an index into the table has an argument matching the associated pattern, then the request and its reply are logged.
smtp_sensitive_cmds : set[string]
If an SMTP command is in this set, the request and its reply are logged.