This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Laszlo
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Laszlo
05-04-2023
3Posts
0Likes
0Solutions
May 04, 2023Last Visited
User
Activity
User
Profile
Latest posts by Laszlo
| Subject | Views | Posted |
|---|---|---|
| 4672 | 01-04-2021 01:23 PM | |
| 5380 | 01-04-2021 08:53 AM | |
| 5706 | 12-09-2020 06:08 AM |
User Badges
Community Statistics
| Member Since | 10-25-2018 01:54 AM |
| Date Last Visited | 05-04-2023 06:00 AM |
| Posts | 3 |
01-04-2021
01:23 PM
Hi, I have seen 4 different threat IDs so far for non-RFC compliant SMTP traffic, so it's not like you have a very broad set of criteria that classifies traffic under one ID and that there could be a gazillion reasons. As I noted in my OP the sending server is a Postfix (SMTP) server, although an old one (7+ years), so I don't think it sends corrupt messages in any way and that it sent SMTP traffic, not something else. I used Thunderbird (latest as of OP's date) to send the mails via this server. Server adds a DKIM signature, which is validated OK by Google, so I don't see where the problem comes from. The problem started when we enabled SSL inspection and I believe my server was using STARTTLS with a valid certificate to encrypt traffic.
... View more
01-04-2021
08:53 AM
But why? Other threat IDs have links for more information, but these non-RFC SMTP ones don't have anything.
... View more
12-09-2020
06:08 AM
Hi, Is there a way to know what a specific threat ID checks for? We enabled SSL inspection for SMTP traffic and Palo started to flag every e-mail with threat ID 56951 (non-RFC compliant SMTP traffic), but ThreatDB does not provide anything useful as to what/how it is non-compliant. E-mails were received from a proper e-mail server running an older version of Postfix and using an older OpenSSL version for SSL encryption. Thanks, Morc
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
05-04-2023
06:00 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks