>So, there is no way of blocking such brute force attempts to use smtp
What is unclear in my answer?
>It would be nice, if, let's say, after 10-th attempt, remote ip would
>have been blocked.
Because of what ? Your misconfigured MTA or a software that does'nt work
RFC conform?
Your MTA is unable to process the AUTH request and replies the '454' -
reconfigure your MTA to process the AUTH request and to answer '535' if
the AUTH failes (or '235' on success)
If your MTA will reply right, this feature will work like expected.
AGAIN (to be clear): the '454' does NOT indicate that the authentication
has been failed - it indicates a temporary internal processing error of
the MTA.
Thomas
Von: "[email protected]" <[email protected]>
An: ASSP development mailing list <[email protected]>,
Datum: 01.05.2013 09:36
Betreff: Re: [Assp-test] Antwort: MaxAUTHErrors
On 01.05.2013 10:12, Thomas Eckardt wrote:
> The AUTHerror check is skipped for:
> - outgoing mails
> - noprocessing mails
> - whitelisted mails
> - IPSIP's
>
> - I'm missing the skip for 'noBlockingIPs' in the code - this will be
> corrected
>
> - adding 'autValencePB' is skipped for 'noPB'
>
> - counted are only attempts that are replied with '535' by the MTA - the
> '454 oops ...' is not a valid reply for an AUTH error - in terms of the
> RFC2554 (http://www.networksorcery.com/enp/rfc/rfc2554.txt) it means
'the
> MTA is unable to process the AUTH request', which is not an error caused
> by the client !
Thank you Thomas!
So, there is no way of blocking such brute force attempts to use smtp
auth against local addresses ?
It would be nice, if, let's say, after 10-th attempt, remote ip would
have been blocked.
Thanks,
Slava
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
