The only mail that will appear is that which comes in from your "clients" via submission port (usually 587/TLS or 465/SSL). I'm not criticizing and this is probably not what you intended to write but it does make it look like 587 uses TLS and 465 uses SSL. For future readers: Port 587 uses "explici...

Will that fix also prevent responses being sent for RCPTs that are streamed/pipelined in or just prevent them being logged? Part of the problem appears to be that 550 responses are sent for all pipelined RCPTs. That allows harvesting of a valid recipient address if the harvester is able to hit one a...

Hi Tim,

Probably you are seeing the same thing described in this thread:

https://www.mailenable.com/forum/viewtopic.php?p=117502#p117502

Cheers,
Phil

MailEnable does not support the pipelining SMTP extension. RFC 2920 SMTP for Command Pipelining September 2000 1. Introduction . This memo uses the mechanism described in [RFC-1869] to define an extension to the SMTP service whereby an SMTP server can declare that it is capable of handling pipeline...

When a friend and I had these attacks, I was able to see that the client "pipelines" RCPT commands without waiting for the server's 250-PIPELINING response. It seems as though ME doesn't detect this unauthorized pipelining and accepts all the RCPT commands.

dcol, I sent you a PM

As I mentioned in the other thread, zen.spamhaus.org caught all of these harvesters/spammers. Although my sample size was small (only saw 6 harvesting attempts), it may well be worth a try. I haven't seen any further hits in the past week and I guess they gave up. Just be careful you are not using a...

I've seen the same attempts but only a handful of source IPs. Using zen.spamhaus.org for DNSBL has caught them all. See: https://www.mailenable.com/documentation/10.0/Standard/SMTP_props_-Security.html "Drop a connection when the failed number of commands or recipients reaches" Alternatively. "Restr...

Apologies if you had already worked this out but the postfix log is saying that, after establishing a TCP connection, it waited for 30 seconds for an SMTP greeting from your ME server but that never arrived. delays=0.03/0.03/30/0, . . . (lost connection with mail.myserver.co.uk[xx.xx.xx.xx] while re...

Fair enough. I'm only running a personal mail server and can pretty easily deal with any false positives.

I'm not aware of anything that would help you. Hopefully someone else will have some suggestions.

[quote=kiamori post_id=118762 time=1662078762 user_id=18984] spamhaus has to many false positives, Notice the X-RBL-Result: Generic, Fail we already use 0spam.org which is great for catching spam like this and filtering it into junk but I am looking for a way to filter based on sender data alone and...

Try using zen.spamhaus.org to check the connecting IP. https://www.mailenable.com/kb/content/article.asp?ID=ME020084 Have a look at this: https://check.spamhaus.org/listed/?searchterm=185.173.176.61 IMHO, the whole 185.0.0.0/8 is a steaming pile of $#!+ BTW, did you notice the dates in the headers? ...

Hi Jan, If that is true (ME uses only RCPT TO address, and thus not looking at any other headers) ... That's the way all mail servers (or, more specifically, all Mail Transfer Agents) work. ... I assume the DNSBL test used a domain to get to this IP. The IP is simply the address of the host that mad...

But ME will only use the RCPT TO address to decide a) whether the addressee is valid and b) which mailbox to deliver the message to. Just like snail mail: the postman only reads the envelope. The details on the letter inside may be completely different from what's on the envelope and the "headers" o...

Hi Jan,

Assuming your search and replace was good, the email was sent to your email address:

2021-08-02 18:20:07 62.75.207.34 SMTP-IN company.com ##.##.##.## 1728 RCPT RCPT+TO:<jvdbroek@company.com> 250+Requested+mail+action+okay,+completed WIN-SERVER 43 37 -

Interesting option.

One thing I had wondered about was the ban time that Mailenable's built-in RDNS implements.

I assume it's not "forever" but I couldn't find any information on that.