On 01.05.2013 10:12, Thomas Eckardt wrote: > The AUTHerror check is skipped for: > - outgoing mails > - noprocessing mails > - whitelisted mails > - IPSIP's > > - I'm missing the skip for 'noBlockingIPs' in the code - this will be > corrected > > - adding 'autValencePB' is skipped for 'noPB' > > - counted are only attempts that are replied with '535' by the MTA - the > '454 oops ...' is not a valid reply for an AUTH error - in terms of the > RFC2554 (http://www.networksorcery.com/enp/rfc/rfc2554.txt) it means 'the > MTA is unable to process the AUTH request', which is not an error caused > by the client ! Thank you Thomas! So, there is no way of blocking such brute force attempts to use smtp auth against local addresses ? It would be nice, if, let's say, after 10-th attempt, remote ip would have been blocked.
Thanks, Slava ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
