policy/protocols/smtp/detect-suspicious-orig.bro

SMTP
Namespace:SMTP
Imports:base/frameworks/notice/main.bro, base/protocols/smtp/main.bro
Source File:/scripts/policy/protocols/smtp/detect-suspicious-orig.bro

Summary

Options

SMTP::suspicious_origination_countries: set &redef Places where it’s suspicious for mail to originate from represented as all-capital, two character country codes (e.g., US).
SMTP::suspicious_origination_networks: set &redef  

Redefinitions

Notice::Type: enum  

Detailed Interface

Options

SMTP::suspicious_origination_countries
Type:set [string]
Attributes:&redef
Default:{}

Places where it’s suspicious for mail to originate from represented as all-capital, two character country codes (e.g., US). It requires libGeoIP support built in.

SMTP::suspicious_origination_networks
Type:set [subnet]
Attributes:&redef
Default:{}
Copyright 2016, The Bro Project. Last updated on December 15, 2017. Created using Sphinx 1.5.2.