No @m.traeumner, that error means that he has not activated a “special” rule which needs to be silenced on fax servers because of false alarms.
The rule:
http://doc.emergingthreats.net/2011124
If you enable that rule, you have to suppress it if the destination is the NethServer itself. If we don’t suppress it, ids logs will be full of false alerts if the fax server runs on nethserver.
I’m sorry, I can’t explain it better.
Summary: that error is common, it is harmless.
I never found a way to handle this problem better.
Hylafax uses a custom FTP protocol, that’s why the above rule causes false alarms.