:: On Mon, 9 Nov 2015 12:36:00 +0100 :: <20151109123600.00003...@gmx.net> :: Grayhat <gray...@gmx.net> wrote:
> No, ok, seriously, sounds like Thomas fixed it with #15313; as for the > feature, the idea is to attempt protecting the mail system from bots > attempting to abuse stolen credentials to pump out spam; ASSP already > has a rate limiter which helps detecting "mass mailing", slowing them > down and alerting the admin but, till now, ASSP had no way to deal > with a flock of bots with a bunch of different IPs authenticating > using some stolen credentials and sending (say) 1 or 2 messages each; > both issues can now be taken care of using the new feature :) hmmm... maybe I'm wrong, but after a quick eyeball at the code it sounds like the "$AUTHUserIPfrequency" only works with *FAILED* auth attempts while, to be effective it should work with *successful* ones so that, if a given user account gets successful authentication from a number of different IPs in less than a given time T, then we could assume that the account got compromised and is being abused by bots, but the above makes sense only if the check is performed on *valid* auth not on errors ------------------------------------------------------------------------------ Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911&iu=/4140 _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test