Snort Blocking pop3 emails

Networking & Firewalls
1

Hi Guys,

am still new to pfsense and have done some deployments using snort and pfblockerng to manage my small network. I have configured snort on the LAN port and enabled blocking of offenders. my challenge is pop3 stops working when block offenders is enabled. i have tried adding an exception rule directly from the firewall logs, after restarting the box it works for a while then blocks again. How can i get snort to let ports 587 and 993 pass through while it applies custome rules that i have defined on the interface.

2

Once you remove a rule it should not trigger again. I have a video here showing how to tune the rules. It works pretty much the same for Snort & Suricata.

3

Went through the video and managed to tune the rules to allows email flow without interruptions. have been monitoring for almost 2 weeks now with no issues. Thank you for pointing me in the right direction.

2 Likes