Page 1 of 1
Ossec rule fore detecting full mailboxes
Posted: Fri Jan 14, 2011 12:30 pm
by biggles
When a users mailbox is full I would like to get an ossec notification. One way of noticing it is by checkg for the following message in the maillog:
Code: Select all
qmail-local-handlers[29736]: cannot reinject message to 'username@customerdomain.se'
For me this would be a great ASL enhancement.
PS I guess I could just write a local rule for it, but there are probably others who could benefit from this...
Re: Ossec rule fore detecting full mailboxes
Posted: Fri Jan 14, 2011 12:54 pm
by scott
Great idea, I added that to the list
Re: Ossec rule fore detecting full mailboxes
Posted: Fri Jan 14, 2011 3:15 pm
by mikeshinn
PS I guess I could just write a local rule for it, but there are probably others who could benefit from this...
BTW, this reminds me, we're interested in what you guys think we can do encourage and support community contributions, such as ossec rules, modsec rules, etc.
Re: Ossec rule fore detecting full mailboxes
Posted: Fri Jan 14, 2011 4:07 pm
by BruceLee
Hopefully I understand your invitation correct.
I don't know if it's useful or not, if it's a good addition or not, or if ASL covers all of it (I think it does cover all security related things)...but mentioning it does not hurt:
http://www.greensql.net
Re: Ossec rule fore detecting full mailboxes
Posted: Sat Jan 15, 2011 10:33 am
by scott
We actually added that one to the list back in 1.0 days
