On 11/8/2015 3:06 AM, Thomas Eckardt wrote:
> added:
>
> 'AUTHUserIPfrequency','Max IP Changes for AUTHentication per User'
> If the authentication methodes PLAIN or LOGIN are used by clients, two
> space separated values specify the
> number of different IP's and a timeframe in seconds, which should not be
> exeeded by a user.
> For example "2 600" - notice these are the minimum values for IP-number
> and seconds.
> The example disallows a user to authenticate (using PLAIN or LOGIN) from
> two or more different IP-addresses within
> 600 seconds. In other words - an user is allowed to authenticate from
> another IP-address, 601 seconds after
> the last authentication.
> Each attempt to authenticate is counted by this feature.
> MaxAUTHErrors is counted, if a user breakes this rule.
> Leave this blank to disable this feature.
This sounds like a great feature, but as soon as I turned it on (I used
3 600), EVERY user attempting to send email, even those connecting for
the first time (including myself) were blocked with a 4.7.1, and
subsequent attempts got them added to PBBlack as well. I had to turn it
off and clean out recent entries to PBBlack to get things back on track.
Here's what I got the very first time I tried to send an email after I
turned the feature on, when DB-AUTHIP was still empty:
Nov-08-15 11:48:29 [Worker_1] Worker_1 wakes up
Nov-08-15 11:48:29 [Worker_1] Info: Worker_1 got connection from MainThread
Nov-08-15 11:48:29 [Main_Thread] Info: Main_Thread freed by idle
Worker_1 in 0.083 seconds - got (ok)
Nov-08-15 11:48:29 [Worker_1] Info: try to connect to server at
127.0.0.1:1027
Nov-08-15 11:48:29 [Worker_1] Info: connected to server at 127.0.0.1:1027
Nov-08-15 11:48:29 [Worker_1] Connected: session:F91E41C {my IP
address}:58712 > 216.227.137.26:465 > 127.0.0.1:61433 > 127.0.0.1:1027 ,
24-36
Nov-08-15 11:48:29 [Main_Thread] IP 127.0.0.1 matches
allowStatConnectionsFrom - with 127.0.0.1/32
Nov-08-15 11:48:29 [Worker_1] [SSL-in] {my IP address} info:
authentication - plain is used
Nov-08-15 11:48:29 [Worker_1] [SSL-in] {my IP address} [SMTP Error] 521
mail.netbound.com does not accept mail - closing transmission - you are
not alloed to authenticate from IP {my IP address}
Nov-08-15 11:48:29 [Worker_1] [SSL-in] [AUTHUserIP] {my IP address} too
many authentication attempts for user 'myusern...@hollsco.com' from
different IP's
Nov-08-15 11:48:29 [Worker_1] [SSL-in] {my IP address} Message-Score:
added 60 (autValencePB) for AUTHErrors, total score for this message is
now 60
Nov-08-15 11:48:29 [Worker_1] [SSL-in] {my IP address} info: PB-IP-Score
for '{my IP address}' is 60, added 60 in this session
Nov-08-15 11:48:29 [Worker_1] Disconnected: session:F91E41C {my IP
address} - command list was 'EHLO,AUTH' - used 2 SocketCalls -
processing time 0 seconds
Nov-08-15 11:48:29 [Worker_1] Worker_1 will sleep now
------------------------------------------------------------------------------
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
