Just checked this again. worker_1 - AUTH failes and switched on DelayIP for the IP worker_2 - DelayIP delays the IP
ExtremeIP is checked very much later. Thomas Von: "Dirk Kulmsee" <d.kulm...@netgroup.de> An: <assp-test@lists.sourceforge.net> Datum: 12.11.2021 14:47 Betreff: [Assp-test] PenaltyExtreme not used? Hi all, I'm currently running ASSP 2.6.6. (21306) on Linux with Perl 5.32. I have set both DoPenaltyExtreme and DoPenaltyExtremeSMTP to "block". My ExtremePenaltyTheshold (PenaltyExtreme) is set to 1500. In the log I see a candidate for extreme treatment, but the log lines do not mention the "Extreme" status. The following lines show two concurrent connections from the same IP, one ends up in damping (Worker_1), the second one gets delayed (Worker_2): Nov 12 14:02:29 localhost assp.pl[446339]: [Main_Thread] Info: Main_Thread got connection request Nov 12 14:02:29 localhost assp.pl[446339]: [Main_Thread] Info: Main_Thread freed by idle Worker_1 in 0.004 seconds and zero cycles - got (ok) Nov 12 14:02:29 localhost assp.pl[446339]: [Worker_1] Worker_1 wakes up Nov 12 14:02:29 localhost assp.pl[446339]: [Worker_1] Info: Worker_1 got connection from MainThread Nov 12 14:02:29 localhost assp.pl[446339]: [Worker_1] IP 45.144.225.61 matches debugIP - with 45.144.225.61/32 Nov 12 14:02:29 localhost assp.pl[446339]: [Worker_1] Info: try to connect to server at 127.0.0.1:125 Nov 12 14:02:29 localhost assp.pl[446339]: [Worker_1] Info: connected to server at 127.0.0.1:125 Nov 12 14:02:29 localhost assp.pl[446339]: [Worker_1] Connected: session:7F0F3C318670 45.144.225.61:42832 > 192.168.101.242:25 > 127.0.0.1:38320 > 127.0.0.1:125 , 1558-1560 Nov 12 14:02:30 localhost assp.pl[446339]: [Worker_1] Info: sent DNS query for '45.144.225.61' type 'PTR' to nameserver 192.168.101.222 ID 22692 Nov 12 14:02:30 localhost assp.pl[446339]: [Worker_1] Info: got valid DNS NON-DATA answer 'NXDOMAIN' from nameserver 192.168.101.222 ID 22692 Nov 12 14:02:30 localhost assp.pl[446339]: [Worker_1] 45.144.225.61 info: injected '250-STARTTLS' offer in to EHLO reply Nov 12 14:02:30 localhost assp.pl[446339]: [Worker_1] 45.144.225.61 info: send '250-STARTTLS' - injected for 127.0.0.1 Nov 12 14:02:30 localhost assp.pl[446339]: [Worker_1] 45.144.225.61 info: removed '250-STARTTLS' - it was already injected Nov 12 14:02:30 localhost assp.pl[446339]: m1-22150-05202 [Worker_1] [unsupported_AUTH] 45.144.225.61 AUTH not allowed Nov 12 14:02:30 localhost assp.pl[446339]: [Worker_1] Info: no skip condition detected for check: main::AUTHErrorsOK Nov 12 14:02:30 localhost assp.pl[446339]: m1-22150-05202 [Worker_1] 45.144.225.61 Message-Score: added 60 (autValencePB) for too many (111) AUTH errors from 45.144.225.0, total score for this message is now 60 Nov 12 14:02:30 localhost assp.pl[446339]: m1-22150-05202 [Worker_1] 45.144.225.61 PB-IP-Score for '45.144.225.61' is 13740, added 60 for AUTHErrors Nov 12 14:02:30 localhost assp.pl[446339]: m1-22150-05202 [Worker_1] 45.144.225.61 [SMTP Error] 502 AUTH not supported Nov 12 14:02:30 localhost assp.pl[446339]: m1-22150-05202 [Worker_1] 45.144.225.61 info: start damping (58 s) Nov 12 14:02:48 localhost assp.pl[446339]: [Main_Thread] Info: Main_Thread got connection request Nov 12 14:02:48 localhost assp.pl[446339]: [Main_Thread] Info: Main_Thread freed by idle Worker_2 in 0.006 seconds and zero cycles - got (ok) Nov 12 14:02:48 localhost assp.pl[446339]: [Worker_2] Worker_2 wakes up Nov 12 14:02:48 localhost assp.pl[446339]: [Worker_2] Info: Worker_2 got connection from MainThread Nov 12 14:02:48 localhost assp.pl[446339]: [Worker_2] IP 45.144.225.61 matches debugIP - with 45.144.225.61/32 Nov 12 14:02:49 localhost assp.pl[446339]: [Worker_2] [SMTP Status] 451 4.7.1 Please try again later Nov 12 14:02:49 localhost assp.pl[446339]: [Worker_2] Delayed ip 45.144.225.61, because PBBlack(13740) is higher than DelayIP(500)- last penalty reason was: AUTHErrors Nov 12 14:02:49 localhost assp.pl[446339]: [Worker_2] Worker_2 will sleep now Nov 12 14:03:29 localhost assp.pl[446339]: m1-22150-05202 [Worker_1] 45.144.225.61 info: damping - stolen 58 seconds Nov 12 14:04:26 localhost assp.pl[446339]: m1-22150-05202 [Worker_1] 45.144.225.61 info: PB-IP-Score for '45.144.225.61' is 13740, added 60 in this session Nov 12 14:04:26 localhost assp.pl[446339]: m1-22150-05202 [Worker_1] 45.144.225.61 disconnected: session:7F0F3C318670 45.144.225.61 - command list was 'EHLO,RSET,AUTH,QUIT' - used 4 SocketCalls - processing time 117 seconds - damped 116 seconds Nov 12 14:04:26 localhost assp.pl[446339]: [Worker_1] Worker_1 will sleep now Why the different behaviour on these two connections? And shouldn't there be log lines, that refer to the IP score beyond PenaltyExtreme? I'm curious what I did wrong this time 😉 Best regards Dirk _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
