D-Link DFL-2500 User Manual

When this IDP Rule has been created, an action must also be created, specifying what signatures the IDP should
use when scanning data matching the IDP Rule, and what NetDefendOS should do in case an intrusion is
discovered. Intrusion attempts should cause the connection to be dropped, so Action is set to Protect. Severity
is set to Attack, in order to match all SMTP attacks. Signatures is set to IPS_MAIL_SMTP in order to use
signatures that describe attacks from the external network, dealing with the SMTP protocol.

1.

Go to IDP > IDP Rules > IDPMailSrvRule > Add > IDP Rule Action

2.

Now enter:

•

Action: Protect

•

Severity: All

•

Signatures: IPS_MAIL_SMTP

•

Click OK

In summary, the following will occur: If traffic from the external network to the mail server occurs, IDP will be
activated. If traffic matches any of the signatures in the IPS_MAIL_SMTP signature group, the connection will be
dropped, thus protecting the mail server.

6.5.8. SMTP Log Receiver for IDP
Events

Chapter 6. Security Mechanisms

197