X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=contrib%2Fossec-testing%2Ftests%2Fopensmtpd.ini;fp=contrib%2Fossec-testing%2Ftests%2Fopensmtpd.ini;h=6bb28d562578a1a2b6104a22704438342f5273a4;hp=0000000000000000000000000000000000000000;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b

diff --git a/contrib/ossec-testing/tests/opensmtpd.ini b/contrib/ossec-testing/tests/opensmtpd.ini
new file mode 100644
index 0000000..6bb28d5
--- /dev/null
+++ b/contrib/ossec-testing/tests/opensmtpd.ini
@@ -0,0 +1,49 @@
+[message failed]
+log 1 pass = Aug 14 10:15:25 junction.example.com smtpd[28882]: smtp-in: Failed command on session 1f55bdcdf16e28a3: "MAIL FROM:<root@junction.example.com>  " => 421 4.3.0: Temporary Error
+
+rule = 53501
+alert = 3
+decoder = smtpd
+
+[new session]
+log 1 pass = Aug 17 01:26:02 ix smtpd[22704]: smtp-in: New session 08d856b172f69c5c from host ix.example.com [local]
+
+rule = 53502
+alert = 0
+decoder = smtpd
+
+[message accepted]
+log 1 pass = Aug 17 01:26:02 ix smtpd[22704]: smtp-in: Accepted message 4296f490 on session 08d856b172f69c5c: from=<root@ix.example.com>, to=<ddp@ix.example.com>, size=1746, ndest=1, proto=ESMTP
+
+rule = 53504
+alert = 0
+decoder = smtpd
+
+[session closed]
+log 1 pass = Aug 17 01:26:02 ix smtpd[22704]: smtp-in: Closing session 08d856b172f69c5c
+
+rule = 53503
+alert = 0
+decoder = smtpd
+
+[disconnect]
+log 1 pass = Mar  4 00:11:00 ix smtpd[22421]: smtp-in: Received disconnect from session 427e7493ebe154ae
+
+rule = 53500
+alert = 0
+decoder = smtpd
+
+[no ssl]
+log 1 pass = Mar  4 00:13:55 ix smtpd[22421]: smtp-in: Disconnecting session 427e7497e03518ef: IO error: No SSL error
+
+rule = 53507
+alert = 2
+decoder = smtpd
+
+[started tls]
+log 1 pass = Mar  4 00:13:55 ix smtpd[22421]: smtp-in: Started TLS on session 427e749c2e46f809: version=TLSv1.2, cipher=EDH-RSA-DES-CBC3-SHA, bits=112
+
+rule = 53500
+alert = 0
+decoder = smtpd
+