cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[Help] SMTP_RESPONSE_OVERFLOW - Cause for concern?

Here to help

[Help] SMTP_RESPONSE_OVERFLOW - Cause for concern?

Hi all,

 

In conjunction with this event, there's the "SMTP_COMMAND_OVERFLOW" message. Is this cause for any major concern? I'm not sure how to track this down and (if possible) mitigate the issue. I'm new to security in general and while I've read the linked CVE/Snort information, it didn't provide me with anything particularly useful. 

 

Can anyone give me some better insight as to what's causing these IDS messages to pop up? In a week we'll get anywhere from 1800-2500 of these events.

 

chrome_2018-06-05_08-22-07.png

 

Thanks in advance.

2 REPLIES 2
Kind of a big deal

Re: [Help] SMTP_RESPONSE_OVERFLOW - Cause for concern?

I'm not sure about that specific alert but does the source indicate a client, or perhaps a mail server on your network?  I typically use the source and destination to try to start running captures to gain more insight into what is going on.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
Here to help

Re: [Help] SMTP_RESPONSE_OVERFLOW - Cause for concern?

Hey Adam, thanks for the reply --

 

Its the IP for our load balancer and will direct traffic to one of two mail servers so you're correct. I'd run packet captures but I'm not 100% sure what I would be looking for.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.