Hi, I'm seeing an increase in distributed systems attempting to bruteforce logins via SMTP AUTH. I'm sure ASSP's MAXAuthErrors feature slows them down a bit, but I'd like to just completely block these IPs at the firewall once they hit a trigger number of AUTH failures.
Unfortunately, I can't just block the attempts as I would prefer, because the log scanner only sees the ASSP proxy address in the dovecot logs for failed authentications. And it seems that I can't really configure the log scanner to check the assp log instead, since there doesn't appear to be a clear indication of when the attempted SMTP AUTH login actually failed in the ASSP log. It just says "authentication - login is used", without an indication if the login was successful or not. So, I'd like to ask if it's possible to add additional logging info so that ASSP can log the SMTP AUTH attempts in a manner to distinguish failures? thanks, -C ------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
