well, if you are reffering to telnet just because somebody brings up a telnet app to connect to a certain port, (in this case, 25) your signature would not be based on the correct conversation between the telnet client and smtp server...rather base it on incorrect/non standard/delayed conversations.
check out the rfc's (watch wrap) http://www.google.com/search?sourceid=navclient&querytime=4Cgy2&q=smtp+rfc and if you find that for some reason, yoru yahoo mail can't get through, make changes accordingly... Run tcpdump on a linux box simultaneously on the same port you have your mail server on and watch the conversation from various mail exchanges. there's only so many out there...regardless of frontend, it's going to be postfix, sendmail, groupwise,lotus,M$,etc...... -Patrick You may also want to try searching for signatures already built. http://www.google.com/search?hl=en&q=smtp+ids+signature >>> "Cisco Breaker" 04/16/02 02:51AM >>> Hi, Is it possible to block telnet to SMTP server from port 25 with IDS. I want to create a custom signature for this but I don't know how this can be done. If I write a signature beginning with hello it will block all mail traffic because all of them starts with hello as I know. And are there any resources that tells how to write a custom signature. We are using CSPM 2.3.3i. Any help will be appreciated. Best regards, Cisco Breaker >>>>>>>>>>>>> Confidentiality Disclaimer <<<<<<<<<<<<<<<< This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. ("WellStar") and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. ================================================================ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41609&t=41565 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
