offering PLAIN and discard it - is an admin config mistake
doing PLAIN if it is not offered - is a client fault and will be counted
doing wrong authentication - is a client fault and will be counted
>now this sounds like a bug to me
no - this is a feature and will be NOT changed (WHY ? - see below)
>its "fail count" should be reset to zero
no no no :) ! Seems you had a bad night and you need a very strong
coffee this morning :):):)
Yeah Andrea - I also suffer on the shorter and shorter daylight.
If the counter would be set to zero immediatly after a successfull login,
someone with a valid login account would be able to brutforce logins.
a possible sequence with the counter reset to zero after 235 - can be:
AUTH brutforce-CEO-try1
535 - AUTH failed (counter = 1)
AUTH brutforce-CEO-try2
535 - AUTH failed (counter = 2)
AUTH good-user
235 authenticated (counter = 0)
QUIT
AUTH brutforce-CEO-try3
535 - AUTH failed (counter = 1)
AUTH brutforce-CEO-try4
535 - AUTH failed (counter = 2)
AUTH good-user
235 authenticated (counter = 0)
QUIT
... infinity repetition
This sequence will work without any delay, which makes it possible to use
a script.
Now the same with 'MaxAuthErrors' set to 3 and the current code (count the
error-counter backward every five minutes)
AUTH brutforce-CEO-try1
535 - AUTH failed (counter = 1) (in five minutes the counter will be
reduced to 0)
AUTH brutforce-CEO-try2
535 - AUTH failed (counter = 2) (in five minutes the counter will be
reduced to 1)
AUTH good-user
235 authenticated (counter = 2) (in five minutes the counter will be
reduced to 1)
QUIT
AUTH brutforce-CEO-try3
535 - AUTH failed (counter = 3)
connection closed - "too many auth failures" (counter = 3 - in five
minutes from this moment, the counter will be reduced to 2)
.
AUTH brutforce-CEO-try4
521 $myName does not accept mail - closing transmission - too many
previouse AUTH errors from $ip - (counter = 3 )
.
AUTH good-user (but this is never verified ! - means, sent to the MTA)
521 $myName does not accept mail - closing transmission - too many
previouse AUTH errors from $ip - (counter = 3 )
.
AUTH brutforce-CEO-try5
521 $myName does not accept mail - closing transmission - too many
previouse AUTH errors from $ip - (counter = 3)
After five minutes assp will accept the next AUTH command - and there are
two options:
AUTH brutforce-CEO-try6
535 - AUTH failed (counter = 3)
connection closed - "too many auth failures" (counter = 3 - in five
minutes from this moment, the counter will be reduced to 2)
or
AUTH good-user
235 authenticated (counter = 2) (in five minutes the counter will be
reduced to 1)
Thomas
Von:Grayhat
An: assp-test@lists.sourceforge.net
Datum: 16.10.2015 08:29
Betreff:[Assp-test] Possible auth bug
I'm running the latest version of ASSP and I've possibly spotted a bug;
some clients try authenticating with "PLAIN" login, fail, retry using
the "LOGIN" mechanism and succeed, here's a log snippet
info: authentication - plain is used
info: authentication (PLAIN) realms - foruser:u...@domain.xyz,
user:u...@domain.xyz
[SMTP Error] 535 Authentication failed. Restarting authentication process.
info: authentication - login is used
info: authentication (LOGIN) realms - user:u...@domain.xyz
authenticated to 192.0.2.1
now, the problem is that (apparently) after the successful
authentication ASSP does not reset the "failed login count" for the
sending IP, so, if the client sends a number of messages, after a while
ASSP locks out the IP due to "too many auth failures"; now this sounds
like a bug to me, since, after the IP successfully authenticates, its
"fail count" should be reset to zero
--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
***
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
***
--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test