| raw e-mail | index | archive | help
diff --git a/contrib/blocklist/bin/blocklistd.c b/contrib/blocklist/bin/blocklistd.c
index 4846b507c8d1..03a1dbbf056c 100644
--- a/contrib/blocklist/bin/blocklistd.c
+++ b/contrib/blocklist/bin/blocklistd.c
@@ -222,19 +222,16 @@ process(bl_t bl)
switch (bi->bi_type) {
case BL_ABUSE:
/*
- * If the application has signaled abusive behavior, set the
- * number of fails to be two less than the configured limit.
- * Fall through to the normal BL_ADD and BL_BADUSER processing,
- * which will increment the failure count to the threshhold, and
- * block the abusive address.
+ * If the application has signaled abusive behavior,
+ * set the number of fails to be one less than the
+ * configured limit. Fallthrough to the normal BL_ADD
+ * processing, which will increment the failure count
+ * to the threshhold, and block the abusive address.
*/
if (c.c_nfail != -1)
- dbi.count = c.c_nfail - 2;
+ dbi.count = c.c_nfail - 1;
/*FALLTHROUGH*/
case BL_ADD:
- dbi.count++; /* will become += 2 */
- /*FALLTHROUGH*/
- case BL_BADUSER:
dbi.count++;
dbi.last = ts.tv_sec;
if (c.c_nfail != -1 && dbi.count >= c.c_nfail) {
@@ -263,6 +260,9 @@ process(bl_t bl)
dbi.count = 0;
dbi.last = 0;
break;
+ case BL_BADUSER:
+ /* ignore for now */
+ break;
default:
(*lfun)(LOG_ERR, "unknown message %d", bi->bi_type);
}
diff --git a/contrib/blocklist/lib/libblocklist.3 b/contrib/blocklist/lib/libblocklist.3
index 7a016625a047..fd6eb93eb756 100644
--- a/contrib/blocklist/lib/libblocklist.3
+++ b/contrib/blocklist/lib/libblocklist.3
@@ -106,20 +106,26 @@ The
.Ar action
parameter can take these values:
.Bl -tag -width ".Dv BLOCKLIST_ABUSIVE_BEHAVIOR"
-.It Va BLOCKLIST_BAD_USER
-The sending daemon has determined the username presented for
-authentication is invalid.
-This is considered as one failure count.
-.It Va BLOCKLIST_AUTH_FAIL
+.It Dv BLOCKLIST_AUTH_FAIL
There was an unsuccessful authentication attempt.
-This is considered as two failure counts together.
-.It Va BLOCKLIST_ABUSIVE_BEHAVIOR
-The sending daemon has detected abusive behavior from the remote system.
-This is considered as a total immediate failure.
-The remote address will be blocked as soon as possible.
-.It Va BLOCKLIST_AUTH_OK
-A valid user successfully authenticated.
-Any entry for the remote address will be removed as soon as possible.
+.It Dv BLOCKLIST_AUTH_OK
+A user successfully authenticated.
+.It Dv BLOCKLIST_ABUSIVE_BEHAVIOR
+The sending daemon has detected abusive behavior
+from the remote system.
+The remote address should
+be blocked as soon as possible.
+.It Dv BLOCKLIST_BAD_USER
+The sending daemon has determined the username
+presented for authentication is invalid.
+The
+.Xr blocklistd 8
+daemon compares the username to a configured list of forbidden
+usernames and
+blocks the address immediately if a forbidden username matches.
+(The
+.Dv BLOCKLIST_BAD_USER
+support is not currently available.)
.El
.Pp
The
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?>