Hi all; looking at the logs noticed entries showing "authenticated connection" and related to various IPs but then, trying to grep the logs for those IPs there was no trace of whatever SMTP session
So, I decided to fathom this and found that those connections were (probably) from bots trying to authenticate with the server and using several different user/pass combos Now... the mailserver sitting behind ASSP does have a mechanism to prevent bruteforcing, so that, if a given IP fails logon for some times, it will be "locked off" for a given time... problem is that, since the server sits behind ASSP such a mechanism won't work (the server only sees the ASSP IP) So, I'm wondering if it may be possible to add to ASSP a mechanism to protect the backend mailserver from such bruteforce attacks; an idea may be to keep track of the AUTH commands and of the backend server replies and, in case a given IP generates more than "n" errors to block that IP from reconnecting to the ASSP (somewhat like PBextreme does) for a given amount of time I know, ASSP already has the "max errors" but that one will just drop the connection so the bot may just reconnect and go over and over; that's why I'm proposing to "lock it off" for some time May it be possible ? ------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
