policy/protocols/smtp/detect-suspicious-orig.zeek¶
-
SMTP
¶
- Namespace
SMTP
- Imports
base/frameworks/notice/main.zeek, base/protocols/smtp/main.zeek
Summary¶
Runtime Options¶
Places where it’s suspicious for mail to originate from represented as all-capital, two character country codes (e.g., US). |
|
Redefinitions¶
Detailed Interface¶
Runtime Options¶
- SMTP::suspicious_origination_countries¶
-
Places where it’s suspicious for mail to originate from represented as all-capital, two character country codes (e.g., US). It requires Zeek to be built with GeoIP support.