Menu
▾
▴
Re: [SSHGuard-users] [PATCH] A new rule for sendmail for consideration
|
From: Jonathan W. <jw...@at...> - 2016-11-27 23:01:27
|
On Fri, Nov 25, 2016 at 11:52:32AM -0800, Kevin Zheng wrote: > On 10/16/2016 16:26, Jonathan Woithe wrote: > > Our mail host logs a large number of repeated sendmail messages of the > > following form: > > > > <address> did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA > > > > : > > Find below a patch which adds such a rule to sshguard 1.7.0. ... > > Sorry for the delay. Committed with changes in 928839c, thanks! All good. Thanks for including it in sshguard. > There was an issue with your patch (the "SENDMAIL_NOISSUE_PREF addr > SENDMAIL_NOISSUE_SUFF;" line in attack_parser.y) that prevented the > subsequent rules from being matched. Ah, I see. Sorry about that. The machine I was running the original patch on functions only as a mail server and isn't subjected to regular triggers for the following rules so I didn't notice the lack of matches against other rules after activating the new rule. Thanks for noticing. Regards jonathan |
