On 2014-01-20 17:55, Rusty Nejdl wrote:
> On 2014-01-20 09:46, Fritz Borgstedt wrote: > rnejdl@ringofsaturn.comschreibt: I know that there is another field that can > be used _(denySMTPConnectionsFrom)_ but using it is not nearly as easy as I > have to copy the IP, scroll down to the configuration item and paste it on > the end, vs the other where I can just click on the IP and add it to the > block list file. The handling is the same if files are used for both. If you > do not use a file, it will not appear on the pull down menu. I am running > 1.9.9(14031): the code is the same as in 13359. Fritz, I'm not quite sure how to troubleshoot this then. This is an example of a connection from a bot trying to harvest valid logins: Jan-20-14 17:48:39 85.214.85.40 disconnected (2 seconds); Jan-20-14 17:48:39 85.214.85.40 warning: SMTP authentication failed; Jan-20-14 17:48:39 85.214.85.40 info: authentication (LOGIN) realms - user:besadmin; Jan-20-14 17:48:38 85.214.85.40 info: authentication - login is used; Clicking on the IP gives me: RESULTS FOR ACTION ------------------------- GENERAL IP-MATCHES FOR 85.214.85.40 : matches in DENYSMTPCONNECTIONSFROMALWAYS with 85.214.85.40/32 _(DoDenySMTPstrict)_ is set to Block. Any ideas? Still troubleshooting this. I have spam lovers that get spam protection and I have denied IP's that are allowed to try to authenticate: Jan-30-14 14:45:25 200.93.84.77 disconnected (3 seconds); Jan-30-14 14:45:24 200.93.84.77 warning: SMTP authentication failed; Jan-30-14 14:45:24 [DenyIPStrict] 200.93.84.77 info: authentication (PLAIN) realms - foruser:, user:a...@xxxxxxxxx.com; Jan-30-14 14:45:24 [DenyIPStrict] 200.93.84.77 info: authentication - plain is used; I am on the latest ASSP now and haven't noticed an improvement here. It's not in a test mode because it is definitely doing spam protection but it is ignoring a number of configuration items even when it sees that. Rusty ------------------------------------------------------------------------------ WatchGuard Dimension instantly turns raw network data into actionable security intelligence. It gives you real-time visual feedback on key security issues and trends. Skip the complicated setup - simply import a virtual appliance and go from zero to informed in seconds. http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
