summaryrefslogtreecommitdiff
path: root/crates/smtp/src/inbound/rcpt.rs
diff options
context:
space:
mode:
Diffstat (limited to 'crates/smtp/src/inbound/rcpt.rs')
-rw-r--r--crates/smtp/src/inbound/rcpt.rs34
1 files changed, 28 insertions, 6 deletions
diff --git a/crates/smtp/src/inbound/rcpt.rs b/crates/smtp/src/inbound/rcpt.rs
index e7bdafed..f95098af 100644
--- a/crates/smtp/src/inbound/rcpt.rs
+++ b/crates/smtp/src/inbound/rcpt.rs
@@ -8,7 +8,7 @@ use common::{config::smtp::session::Stage, listener::SessionStream, scripts::Scr
use smtp_proto::{
RcptTo, RCPT_NOTIFY_DELAY, RCPT_NOTIFY_FAILURE, RCPT_NOTIFY_NEVER, RCPT_NOTIFY_SUCCESS,
};
-use trc::SmtpEvent;
+use trc::{SecurityEvent, SmtpEvent};
use crate::{
core::{Session, SessionAddress},
@@ -315,11 +315,33 @@ impl<T: SessionStream> Session<T> {
if self.data.rcpt_errors < self.params.rcpt_errors_max {
Ok(())
} else {
- trc::event!(
- Smtp(SmtpEvent::TooManyInvalidRcpt),
- SpanId = self.data.session_id,
- Limit = self.params.rcpt_errors_max,
- );
+ match self
+ .core
+ .core
+ .is_rcpt_fail2banned(self.data.remote_ip)
+ .await
+ {
+ Ok(true) => {
+ trc::event!(
+ Security(SecurityEvent::BruteForceBan),
+ SpanId = self.data.session_id,
+ RemoteIp = self.data.remote_ip,
+ );
+ }
+ Ok(false) => {
+ trc::event!(
+ Smtp(SmtpEvent::TooManyInvalidRcpt),
+ SpanId = self.data.session_id,
+ Limit = self.params.rcpt_errors_max,
+ );
+ }
+ Err(err) => {
+ trc::error!(err
+ .span_id(self.data.session_id)
+ .caused_by(trc::location!())
+ .details("Failed to check if IP should be banned."));
+ }
+ }
self.write(b"421 4.3.0 Too many errors, disconnecting.\r\n")
.await?;
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-10-22 21:54:21 +0000