diff --git a/ChangeLog b/ChangeLog index 590edfa6..a9e02d68 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,8 @@ ver. 0.8.11 (2013/XX/XXX) - wanna-be-released - New Features: - Enhancements: + Daniel Black + * filter.d/assp -- regex hardening ver. 0.8.10 (2013/06/12) - wanna-be-secure diff --git a/config/filter.d/assp.conf b/config/filter.d/assp.conf index b1bfc082..4b8f5caf 100644 --- a/config/filter.d/assp.conf +++ b/config/filter.d/assp.conf @@ -20,9 +20,9 @@ # Dec-30-12 04:01:47 [SSL-out] 81.82.232.66 max sender authentication errors (5) exceeded __assp_actions = (dropping|refusing) -failregex = max sender authentication errors \(\d{,3}\) exceeded -- %(__assp_actions)s connection - after reply: \d{3} \d{1}\.\d{1}.\d{1} Error: authentication failed: [a-zA-Z0-9]+;$ - SSL negotiation with client failed: SSL accept attempt failed with unknown error.*:unknown protocol;$ - Blocking - too much AUTH errors \(\d{,3}\);$ +failregex = ^ \[SSL-out\] max sender authentication errors \(\d{,3}\) exceeded -- %(__assp_actions)s connection - after reply: \d{3} \d{1}\.\d{1}.\d{1} Error: authentication failed: \w+;$ + ^ \[SSL-out\] SSL negotiation with client failed: SSL accept attempt failed with unknown error.*:unknown protocol;$ + ^ Blocking - too much AUTH errors \(\d{,3}\);$ # Option: ignoreregex