Hello everyone, I've got a problem of repeated auth logon connection attempts that I'm trying to stop. ylmf-pc makes repeated attempts, 2000 of them last night. I have put ylmf-pc into the "noAUTHHeloRe" file and that stops the auth attempt, but it tries over and over again connecting to the server. I'm wanting to disable connections from whatever ip it's using (it changes) for X amount of time. Thought i could put ylmf-pc into the "invalidFormatHeloRe" file and block "DoInvalidFormatHelo" the helo but it doesn't seem to be working for me. Not sure if I'm not doing something right or this is a bug in ASSP. Any suggestions?
Jan-13-16 00:55:49 Ylmf-pc matches ylmf-pc in noAUTHHeloRe Jan-13-16 00:55:49 66.192.234.242 Disabled SMTP AUTH for HELO ylmf-pc ( matches noAUTHHeloRe ) Jan-13-16 00:55:49 66.192.234.242 info: removed '250-STARTTLS' from reply Jan-13-16 00:55:49 66.192.234.242 [SMTP Reply] 250 HELP Jan-13-16 00:55:49 [unsupported_AUTH] 66.192.234.242 AUTH not allowed Jan-13-16 00:55:49 66.192.234.242 [SMTP Error] 502 AUTH not supported Jan-13-16 00:55:49 66.192.234.242 info: no (more) data readable from 66.192.234.242 (connection closed by peer) - last command was 'AUTH' Jan-13-16 00:55:49 Disconnected: session:22B450BC 66.192.234.242 - command list was 'EHLO,AUTH' - used 3 SocketCalls - processing time 1 seconds - damped 0 seconds Jan-13-16 00:55:49 Ylmf-pc matches ylmf-pc in noAUTHHeloRe Jan-13-16 00:55:49 66.192.234.242 Disabled SMTP AUTH for HELO ylmf-pc ( matches noAUTHHeloRe ) Jan-13-16 00:55:49 66.192.234.242 info: removed '250-STARTTLS' from reply Jan-13-16 00:55:49 66.192.234.242 [SMTP Reply] 250 HELP Jan-13-16 00:55:50 [unsupported_AUTH] 66.192.234.242 AUTH not allowed Jan-13-16 00:55:50 66.192.234.242 [SMTP Error] 502 AUTH not supported Jan-13-16 00:55:50 66.192.234.242 info: no (more) data readable from 66.192.234.242 (connection closed by peer) - last command was 'AUTH' Jan-13-16 00:55:50 Disconnected: session:1F59500C 66.192.234.242 - command list was 'EHLO,AUTH' - used 3 SocketCalls - processing time 1 seconds - damped 0 seconds ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
