[Help] SMTP_RESPONSE_OVERFLOW - Cause for concern?

Ixbalanque
Here to help

[Help] SMTP_RESPONSE_OVERFLOW - Cause for concern?

Hi all,

 

In conjunction with this event, there's the "SMTP_COMMAND_OVERFLOW" message. Is this cause for any major concern? I'm not sure how to track this down and (if possible) mitigate the issue. I'm new to security in general and while I've read the linked CVE/Snort information, it didn't provide me with anything particularly useful. 

 

Can anyone give me some better insight as to what's causing these IDS messages to pop up? In a week we'll get anywhere from 1800-2500 of these events.

 

chrome_2018-06-05_08-22-07.png

 

Thanks in advance.

2 REPLIES 2
Adam
Kind of a big deal

I'm not sure about that specific alert but does the source indicate a client, or perhaps a mail server on your network?  I typically use the source and destination to try to start running captures to gain more insight into what is going on.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

Hey Adam, thanks for the reply --

 

Its the IP for our load balancer and will direct traffic to one of two mail servers so you're correct. I'd run packet captures but I'm not 100% sure what I would be looking for.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.