>sounds like the "$AUTHUserIPfrequency" only works with *FAILED* auth attempts
No - the frequency is checked after the user name is known. Thomas Von: Grayhat <gray...@gmx.net> An: assp-test@lists.sourceforge.net Datum: 09.11.2015 16:57 Betreff: Re: [Assp-test] fixes in assp 2.4.6 build 15312 :: On Mon, 9 Nov 2015 12:36:00 +0100 :: <20151109123600.00003...@gmx.net> :: Grayhat <gray...@gmx.net> wrote: > No, ok, seriously, sounds like Thomas fixed it with #15313; as for the > feature, the idea is to attempt protecting the mail system from bots > attempting to abuse stolen credentials to pump out spam; ASSP already > has a rate limiter which helps detecting "mass mailing", slowing them > down and alerting the admin but, till now, ASSP had no way to deal > with a flock of bots with a bunch of different IPs authenticating > using some stolen credentials and sending (say) 1 or 2 messages each; > both issues can now be taken care of using the new feature :) hmmm... maybe I'm wrong, but after a quick eyeball at the code it sounds like the "$AUTHUserIPfrequency" only works with *FAILED* auth attempts while, to be effective it should work with *successful* ones so that, if a given user account gets successful authentication from a number of different IPs in less than a given time T, then we could assume that the account got compromised and is being abused by bots, but the above makes sense only if the check is performed on *valid* auth not on errors ------------------------------------------------------------------------------ Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911&iu=/4140 _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
------------------------------------------------------------------------------
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test