offering PLAIN and discard it - is an admin config mistake doing PLAIN if it is not offered - is a client fault and will be counted doing wrong authentication - is a client fault and will be counted
>now this sounds like a bug to me no - this is a feature and will be NOT changed (WHY ? - see below) >its "fail count" should be reset to zero no no no .... :) ! Seems you had a bad night and you need a very strong coffee this morning :):):) Yeah Andrea - I also suffer on the shorter and shorter daylight. If the counter would be set to zero immediatly after a successfull login, someone with a valid login account would be able to brutforce logins. a possible sequence with the counter reset to zero after 235 - can be: .... AUTH brutforce-CEO-try1 535 - AUTH failed (counter = 1) AUTH brutforce-CEO-try2 535 - AUTH failed (counter = 2) AUTH good-user 235 authenticated (counter = 0) QUIT .... AUTH brutforce-CEO-try3 535 - AUTH failed (counter = 1) AUTH brutforce-CEO-try4 535 - AUTH failed (counter = 2) AUTH good-user 235 authenticated (counter = 0) QUIT ... infinity repetition This sequence will work without any delay, which makes it possible to use a script. Now the same with 'MaxAuthErrors' set to 3 and the current code (count the error-counter backward every five minutes) .... AUTH brutforce-CEO-try1 535 - AUTH failed (counter = 1) (in five minutes the counter will be reduced to 0) AUTH brutforce-CEO-try2 535 - AUTH failed (counter = 2) (in five minutes the counter will be reduced to 1) AUTH good-user 235 authenticated (counter = 2) (in five minutes the counter will be reduced to 1) QUIT .... AUTH brutforce-CEO-try3 535 - AUTH failed (counter = 3) connection closed - "too many auth failures" (counter = 3 - in five minutes from this moment, the counter will be reduced to 2) ..... AUTH brutforce-CEO-try4 521 $myName does not accept mail - closing transmission - too many previouse AUTH errors from $ip - (counter = 3 ) ..... AUTH good-user (but this is never verified ! - means, sent to the MTA) 521 $myName does not accept mail - closing transmission - too many previouse AUTH errors from $ip - (counter = 3 ) ..... AUTH brutforce-CEO-try5 521 $myName does not accept mail - closing transmission - too many previouse AUTH errors from $ip - (counter = 3) After five minutes assp will accept the next AUTH command - and there are two options: AUTH brutforce-CEO-try6 535 - AUTH failed (counter = 3) connection closed - "too many auth failures" (counter = 3 - in five minutes from this moment, the counter will be reduced to 2) or AUTH good-user 235 authenticated (counter = 2) (in five minutes the counter will be reduced to 1) Thomas Von: Grayhat <gray...@gmx.net> An: assp-test@lists.sourceforge.net Datum: 16.10.2015 08:29 Betreff: [Assp-test] Possible auth bug I'm running the latest version of ASSP and I've possibly spotted a bug; some clients try authenticating with "PLAIN" login, fail, retry using the "LOGIN" mechanism and succeed, here's a log snippet info: authentication - plain is used info: authentication (PLAIN) realms - foruser:u...@domain.xyz, user:u...@domain.xyz [SMTP Error] 535 Authentication failed. Restarting authentication process. info: authentication - login is used info: authentication (LOGIN) realms - user:u...@domain.xyz authenticated to 192.0.2.1 now, the problem is that (apparently) after the successful authentication ASSP does not reset the "failed login count" for the sending IP, so, if the client sends a number of messages, after a while ASSP locks out the IP due to "too many auth failures"; now this sounds like a bug to me, since, after the IP successfully authenticates, its "fail count" should be reset to zero ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
------------------------------------------------------------------------------
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
