Hi Suricata Folks,
is there any reason why Suricata does have an app-layer parser / protocol support for SMTP, but no SMTP keywords are available for use in rules?
We want to create some custom ruleset matching malicious e-mail addresses, but we are not able to find any appropriate keyword matching MAIL FROM: <address>
as a buffer in the current documentation.
This question is regarding Suricata 6.x.
Thanks for your answers
Andreas