>> Oct-01-11 20:58:06 [Worker_1] 10.1.10.149 [SMTP Error] 554 5.7.1
>> Misbehaved SMTP session (EarlyTalker)
What is assp doing?
ASSP analyzes the SMTP command handshake (sequence of command and reply)
of the client and server.
Every client and server has to follow the SMTP RFC's.
An valid SMTP session start looks as follows:
1. client connects to the server over TCP
2. server sends '220 welcome or any other text'
it is also possible to send more than one line in the server greeting -
for example:
220-welcome to me
220-please follow the RFC
220 mail server is now ready
notice the '220-' and '220 ' - every client has to wait until he receives
the line '220 ' (without the '-')
If the client sends any command (the first has to be HELO or EHLO) before
he received the '220 ....' greeting, this is a misbehave in SMTP and this
is penalized by assp.
Currently all sessions with this misbehave are dropped immediatly.
My idea was, to allow such a misbehave for all outgoing mails and
'accepAllMail' IP's - but I'm not sure if this idea is a good one. Because
if a local PC gets highjacked by a bot - this check could help to ban it.
I'll revert my currently done code changes. ASSP should not allow any SMTP
misbehave - how ever, this check could be disabled in the next release by
setting 'etValencePB' to zero.
Thomas
Von: Paul Farrow <[email protected]>
An: ASSP development mailing list <[email protected]>
Datum: 03.10.2011 03:33
Betreff: Re: [Assp-test] Antwort: Re: Thunderbird SSL/TLS with ASSP
Version 2
Thanks Thomas
What I don't understand is this is Thunderbird 7.0.1 we are talking
about not some unknown mail client. Surely its unlikely that the client
is the problem is it???
My friend is using Thunderbird (although I don't know what version at
this stage) and he doesn't appear to have this problem with ASSP Version
2 which is why I question is it something to do with my setup.
Thanks
Paul
On Sun, 2 Oct 2011 18:51:03 +0200, Thomas Eckardt wrote:
>>that ASSP Version 2 has this issue
>
> This is not an ASSP issue - your client is doing bad SMTP.
>
>>when is the next release planned
>
> possibly tomorrow
>
> Thomas
>
>
>
>
> Von: Paul Farrow <[email protected]>
> An: ASSP development mailing list
> <[email protected]>
> Datum: 02.10.2011 13:43
> Betreff: Re: [Assp-test] Thunderbird SSL/TLS with ASSP Version
> 2
>
>
>
>
>
> Hi Thomas
>
> I kinda find it hard to believe that ASSP Version 2 has this issue, I
> wondered if it was something more to do with my setup. There must be
> lots of peeps out there that use Thunderbird. My next question is
> when
> is the next release planned as I would really like to get my
> Thunderbird
> clients working again without having to switch off SSL?
>
> Thanks for your quick reply and all you do for the ASSP project.
>
> Paul
>
> On Sun, 2 Oct 2011 11:21:06 +0200, Thomas Eckardt wrote:
>> Your client '10.1.10.149' is talking before the MTA has sent the
>> '220
>> ...'
>> greeting - this is a SMTP misbehave.
>> The next release will ignore this mistake, if the mail is outgoing
>> or
>> the
>> sending IP matches accepAllMail.
>>
>> Thomas
>>
>>
>>
>>
>> Von: Paul Farrow <[email protected]>
>> An: <[email protected]>
>> Datum: 02.10.2011 03:09
>> Betreff: [Assp-test] Thunderbird SSL/TLS with ASSP Version 2
>>
>>
>>
>>
>>
>> Hi Guys
>>
>> I have just switched from ASSP Version 1 to ASSP Version 2 and can't
>> get my Thunderbird (Mac or PC) clients to authenticate over SSL/TLS.
>>
>> The error I see is
>>
>> Oct-01-11 20:58:06 [Worker_1] Connected: 10.1.10.149:49514 >
>> 70.88.29.81:465 > 70.88.29.81:45014 > 70.88.29.81:125 , 7-16
>> Oct-01-11 20:58:06 [Worker_1] 10.1.10.149 Message-Score: added 25
>> for
>> EarlyTalker, total score for this message is now 25
>> Oct-01-11 20:58:06 [Worker_1] 10.1.10.149 [SMTP Error] 554 5.7.1
>> Misbehaved SMTP session (EarlyTalker)
>> Oct-01-11 20:58:06 [Worker_1] Disconnected: 10.1.10.149 - command
>> list
>> was 'n/a' - used 1 SocketCalls
>>
>> I have QMail as the MTA behind ASSP if that is a clue and my android
>> phone authenticates over SSL/TLS no problem.
>>
>> It all worked fine over ASSP Version 1 except for the known odd SSL
>> timeout error with attachments.
>>
>> Thanks in advance.
>>
>> Paul
>>
>>
>>
>>
>>
>
>
------------------------------------------------------------------------------
>> All of the data generated in your IT infrastructure is seriously
>> valuable.
>> Why? It contains a definitive record of application performance,
>> security
>> threats, fraudulent activity, and more. Splunk takes this data and
>> makes
>> sense of it. IT sense. And common sense.
>> http://p.sf.net/sfu/splunk-d2dcopy2
>> _______________________________________________
>> Assp-test mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>>
>>
>>
>> DISCLAIMER:
>> *******************************************************
>> This email and any files transmitted with it may be confidential,
>> legally
>> privileged and protected in law and are intended solely for the use
>> of the
>>
>> individual to whom it is addressed.
>> This email was multiple times scanned for viruses. There should be
>> no
>> known virus in this email!
>> *******************************************************
>
>
>
>
>
------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously
> valuable.
> Why? It contains a definitive record of application performance,
> security
> threats, fraudulent activity, and more. Splunk takes this data and
> makes
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2dcopy2
> _______________________________________________
> Assp-test mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
> legally
> privileged and protected in law and are intended solely for the use
> of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
