I'm running the latest version of ASSP and I've possibly spotted a bug; some clients try authenticating with "PLAIN" login, fail, retry using the "LOGIN" mechanism and succeed, here's a log snippet
info: authentication - plain is used info: authentication (PLAIN) realms - foruser:u...@domain.xyz, user:u...@domain.xyz [SMTP Error] 535 Authentication failed. Restarting authentication process. info: authentication - login is used info: authentication (LOGIN) realms - user:u...@domain.xyz authenticated to 192.0.2.1 now, the problem is that (apparently) after the successful authentication ASSP does not reset the "failed login count" for the sending IP, so, if the client sends a number of messages, after a while ASSP locks out the IP due to "too many auth failures"; now this sounds like a bug to me, since, after the IP successfully authenticates, its "fail count" should be reset to zero ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
