You need to set ForceValidateHelo (not recommended), because the helo
check is done after the AUTH checks. If set - the helo is checked after
'MAIL FROM:'. The mail will be blocked and the ip will get added the score
of 'ihValencePB'.
To make it clear: if you disable AUTH and the host drops the connection
because of the 502...., the helo (block , score ....) check will never be
done!
In addition you need to set up the penaly box.
If 'ihValencePB' is set to 10 and an IP has tried 10 times it has a
penalty of 100.
DelayIPTime - can be used to delay such IP's.for some time.
PenaltyLimit and or DoPenaltyExtremeSMTP + DoPenaltyExtreme +
PenaltyExtreme can be used to block exrtreme IP's early.
Thomas
Von: Harley_1955 <[email protected]>
An: ASSP-TEST <[email protected]>
Datum: 13.01.2016 16:26
Betreff: [Assp-test] Stopping repeated auth logon connection
attempts
Hello everyone, I've got a problem of repeated auth logon connection
attempts that I'm trying to stop. ylmf-pc makes repeated attempts, 2000 of
them last night. I have put ylmf-pc into the "noAUTHHeloRe" file and that
stops the auth attempt, but it tries over and over again connecting to the
server. I'm wanting to disable connections from whatever ip it's using (it
changes) for X amount of time. Thought i could put ylmf-pc into the
"invalidFormatHeloRe" file and block "DoInvalidFormatHelo" the helo but it
doesn't seem to be working for me. Not sure if I'm not doing something
right or this is a bug in ASSP. Any suggestions?
Jan-13-16 00:55:49 Ylmf-pc matches ylmf-pc in noAUTHHeloRe
Jan-13-16 00:55:49 66.192.234.242 Disabled SMTP AUTH for HELO ylmf-pc (
matches noAUTHHeloRe )
Jan-13-16 00:55:49 66.192.234.242 info: removed '250-STARTTLS' from reply
Jan-13-16 00:55:49 66.192.234.242 [SMTP Reply] 250 HELP
Jan-13-16 00:55:49 [unsupported_AUTH] 66.192.234.242 AUTH not allowed
Jan-13-16 00:55:49 66.192.234.242 [SMTP Error] 502 AUTH not supported
Jan-13-16 00:55:49 66.192.234.242 info: no (more) data readable from
66.192.234.242 (connection closed by peer) - last command was 'AUTH'
Jan-13-16 00:55:49 Disconnected: session:22B450BC 66.192.234.242 - command
list was 'EHLO,AUTH' - used 3 SocketCalls - processing time 1 seconds -
damped 0 seconds
Jan-13-16 00:55:49 Ylmf-pc matches ylmf-pc in noAUTHHeloRe
Jan-13-16 00:55:49 66.192.234.242 Disabled SMTP AUTH for HELO ylmf-pc (
matches noAUTHHeloRe )
Jan-13-16 00:55:49 66.192.234.242 info: removed '250-STARTTLS' from reply
Jan-13-16 00:55:49 66.192.234.242 [SMTP Reply] 250 HELP
Jan-13-16 00:55:50 [unsupported_AUTH] 66.192.234.242 AUTH not allowed
Jan-13-16 00:55:50 66.192.234.242 [SMTP Error] 502 AUTH not supported
Jan-13-16 00:55:50 66.192.234.242 info: no (more) data readable from
66.192.234.242 (connection closed by peer) - last command was 'AUTH'
Jan-13-16 00:55:50 Disconnected: session:1F59500C 66.192.234.242 - command
list was 'EHLO,AUTH' - used 3 SocketCalls - processing time 1 seconds -
damped 0 seconds
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
