I think I better take back the one question about damping. The documentation clearly says that the MESSAGEscore is used to calculate damping, so score 60 divided by 5 would be 12 s. Sorry for partial blindness. Regards Dirk
Von: Dirk Kulmsee <d.kulm...@netgroup.de> Gesendet: Dienstag, 9. April 2019 12:45 An: assp-test@lists.sourceforge.net Betreff: [Assp-test] Delaying vs. DoPenaltyExtremeSMTP Hi all, I am currently running ASSP 2.6.4 (build 19086) on Linux with Perl 5.28. It is working fine, but there is some unexpected behaviour. Some detail: - I activated DisableExtAUTH - DoDamping is set to 5, maxDampingTime is set to 30 - DelayIP is set to 500 - DoPenaltyExtremeSMTP and DoPenaltyExtreme are both set to 1 (=block). - PenaltyExtreme is set to 5000 I would expect ASSP to delay an incoming connection when the corresponding IP has reached a score of 500 until it reaches the extreme score of 5000. At that point, the connection would be blocked without further discussion. Here is what I find in the log (excerpt, grep'ed for the IP): 2019-04-09 11:36:54 [Worker_1] Connected: session:7F5870F12FC0 115.29.197.41:35294 > 192.168.12.242:25 > 127.0.0.1:125 2019-04-09 11:36:54 [Worker_1] 115.29.197.41 Disabled SMTP AUTH for External IPs 2019-04-09 11:36:56 m1-02615-12116 [Worker_1] [unsupported_AUTH] 115.29.197.41 AUTH not allowed 2019-04-09 11:36:56 m1-02615-12116 [Worker_1] 115.29.197.41 Message-Score: added 60 (autValencePB) for too many (20) AUTH errors from 115.29.197.0, total score for this message is now 60 2019-04-09 11:36:56 m1-02615-12116 [Worker_1] 115.29.197.41 [SMTP Error] 502 AUTH not supported 2019-04-09 11:36:57 m1-02615-12116 [Worker_1] 115.29.197.41 info: start damping (12 s) 2019-04-09 11:37:20 m1-02615-12116 [Worker_1] 115.29.197.41 info: PB-IP-Score for '115.29.197.41' is 10500, added 60 in this session 2019-04-09 11:37:20 m1-02615-12116 [Worker_1] 115.29.197.41 disconnected: session:7F5870F12FC0 115.29.197.41 - processing time 26 seconds 2019-04-09 11:41:24 [Worker_1] Delayed ip 115.29.197.41, because PBBlack(10500) is higher than DelayIP(500)- last penalty reason was: AUTHErrors It appears that ASSP still delays the connection, although the IP score is way beyond the extreme limit. It appears, that at least with this IP the damping time does not reach its configured maximum of 30 seconds. It never gets higher than 12s. (If I remember correctly damping is done for every SMTP command, maybe that is the reason?) Why does the last log line (Delayed ip) pop up several minutes after it says "disconnected"? Another detail with logging: I disabled PenaltyUseNetblocks, but the logline still says "AUTH errors from 115.29.197.0", i.e. the /24 network is logged instead of the individual IP. This is probably cosmetic. Looking forward to learning more about ASSP. Keep up the good work! Regards Dirk _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test