Menu
▾
▴
[Assp-user] Antwort: Re: Antwort: Early Talker
|
From: Thomas E. <Tho...@th...> - 2012-05-06 06:26:24
|
>already done that .... same issue persists ... Sorry, that's right. The host make two mistakes. First, the host talks early and second, the host is sending non-ASCII data. The second mistake is subject to kill assp. Setting 'etValencePB' to zero forces assp to ignore only the first mistake. For security reasons there is no way to force assp to generaly ignore the second mistake on the setting of 'etValencePB' for all IP's. It is possible to scip the 'Early Talker' check completely for any IP. The 'Early Talker' check is scipped for all IP's in whiteListedIPs ispip noPB noDelay noBlockingIPs noProcessingIPs noHelo and it is also scipped for all listeners except the 'listenPort'. How ever, I don't recommend to disable this check for IP's that are sending NON-ASCII data. There is no reason for a host or client to do this, except the attempt to confus your MTA and to start a DoS. Even to talk early breaks several RFC's. Thomas Von: Ian McBeth <ian...@gu...> An: For Users of ASSP <ass...@li...> Datum: 05.05.2012 18:07 Betreff: Re: [Assp-user] Antwort: Early Talker already done that .... same issue persists ... very very odd.... ________________________________________ From: Thomas Eckardt [Tho...@th...] Sent: May 5, 2012 1:46 AM To: For Users of ASSP Subject: [Assp-user] Antwort: Early Talker set 'etValencePB' to zero Thomas Von: Ian McBeth <ian...@gu...> An: "ass...@li..." <ass...@li...> Datum: 04.05.2012 22:04 Betreff: [Assp-user] Early Talker how can I disable the Early Talker Check? I am getting quite a bit of : May-04-12 13:48:04 [Worker_15] <IP> [EarlyTalker] got 'non printable hex data' from the client before the '220 ...' server greeting was sent - rejecting connection May-04-12 13:48:04 [Worker_15] <IP> [EarlyTalker] All connections from IP 99.75.108.83 will be rejected by assp for the next 15-30 minutes. May-04-12 13:48:04 [Worker_15] <IP> [SMTP Error] 554 5.7.1 Misbehaved SMTP session (EarlyTalker) which causes: May-04-12 13:48:38 [Worker_2] Info: Worker_2 got connection from MainThread May-04-12 13:48:38 [Worker_2] <IP> denied by internal EMERGENCY Blocker - this IP has possibly tried before to KILL assp May-04-12 13:48:38 [Worker_2] <IP> ATTENTION ! The EMERGENCY blocking for this IP will be lifted after an ASSP restart or at least in 15 minutes May-04-12 13:48:38 [Worker_2] [SMTP Error] 554 <assp-1.gtkcentral.net> Service denied, closing transmission channel Thanks Ian McBeth ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Assp-user mailing list Ass...@li... https://lists.sourceforge.net/lists/listinfo/assp-user DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Assp-user mailing list Ass...@li... https://lists.sourceforge.net/lists/listinfo/assp-user DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* |
