This Module detects internal hosts running unauthorized mail servers. It monitors ingress traffic over TCP protocol and destination ports 25 or 465 sent to hosts which are not designated mail servers. The Module reports all detected unauthorized email servers.
Data Collection Interval, sec
Module logic execution interval
min = 10 sec, max = 3600 sec, default = 600 sec
Known local mail servers (ipv4_dst_addr) list
List of IP addresses of known mail servers to be excluded from reporting