EHLO blocking - extension
-
- Posts: 560
- Joined: Mon Nov 03, 2003 7:48 am
- Location: Cape Town
EHLO blocking - extension
In addition to the current EHLO blocking by specified name, it would be great to have EHLO blocking done when only an IP address is supplied in the call.
EHLO [181.66.3.214]
I see many such connections to my server, all of which try to send email using our email addresses. This will fail because we require authentication before sending but it is wasting processing time, we could be dropping the connections at EHLO stage.
EHLO [181.66.3.214]
I see many such connections to my server, all of which try to send email using our email addresses. This will fail because we require authentication before sending but it is wasting processing time, we could be dropping the connections at EHLO stage.
Re: EHLO blocking - extension
Hi
I see the same as Brett. And I agree that it would be nice to have EHLO blocking done when only IP adress is supplied.
Looking forward to see this feature in mailenable
I see the same as Brett. And I agree that it would be nice to have EHLO blocking done when only IP adress is supplied.
Looking forward to see this feature in mailenable
-
- Posts: 41
- Joined: Tue Jan 20, 2015 4:57 pm
Re: EHLO blocking - extension
This is STILL needed please. As we are using MagicSpam as a gateway with very excellent results being able to block with wild cards and IP masking without specific IP numbers as in ###.###.###.### or 1##.###.### etc would a BIG improvement. Any comments from other users and ME programers???
-
- Posts: 48
- Joined: Sat Dec 04, 2004 3:59 pm
Re: EHLO blocking - extension
I agree - stopping bad mail at the EHLO results would be a good solution.
I have been working with EHLO blocking today and cannot see where it is doing what it is supposed to.
Does anyone know where the ME log file would be to see the EHLO block results?
Looking in ex(date).log I can see the EHLO results BUT not if it is blocked (or working).
SMTP Properties | Security Tab | ELHO Blocking (at bottom) | Configure Blocks
Also since there is very little in the way of documentation on EHLO Blocking what is the format allowed when you Configure Blocks?
I am assuming these would all work:
*.yinksoft.com
YLMF-PC
mycomputer
*.stream
localhost
ADMIN-PC
wan-ip
device.lan
example.com
null.host.com
SH3LLS-56959
Thanks -
I have been working with EHLO blocking today and cannot see where it is doing what it is supposed to.
Does anyone know where the ME log file would be to see the EHLO block results?
Looking in ex(date).log I can see the EHLO results BUT not if it is blocked (or working).
SMTP Properties | Security Tab | ELHO Blocking (at bottom) | Configure Blocks
Also since there is very little in the way of documentation on EHLO Blocking what is the format allowed when you Configure Blocks?
I am assuming these would all work:
*.yinksoft.com
YLMF-PC
mycomputer
*.stream
localhost
ADMIN-PC
wan-ip
device.lan
example.com
null.host.com
SH3LLS-56959
Thanks -
j@mes
MEpro 10.20
JAM Software - SpamAssassin in a Box
MEpro 10.20
JAM Software - SpamAssassin in a Box
-
- Posts: 560
- Joined: Mon Nov 03, 2003 7:48 am
- Location: Cape Town
Re: EHLO blocking - extension
The wildcard option, as far as I know, will not work. You need to specify the full name as supplied by the EHLO command from the host you want to block.
As far as seeing that it is working, in the SMTP activity file you will just see the EHLO from the remote server then nothing further in the way of a SMTP conversation as the connection is dropped immediately.
Cheers,
Brett
As far as seeing that it is working, in the SMTP activity file you will just see the EHLO from the remote server then nothing further in the way of a SMTP conversation as the connection is dropped immediately.
Cheers,
Brett
-
- Posts: 48
- Joined: Sat Dec 04, 2004 3:59 pm
Re: EHLO blocking - extension
Thanks Brett - I appreciate your taking the time to reply.
It seems this could really be an opportunity to kill spam before it enters the system.
Perhaps if ME were to broaden the scope of the EHLO Blocking function - it would be a good tool to present an early detector of bad mail.
It seems this could really be an opportunity to kill spam before it enters the system.
Perhaps if ME were to broaden the scope of the EHLO Blocking function - it would be a good tool to present an early detector of bad mail.
j@mes
MEpro 10.20
JAM Software - SpamAssassin in a Box
MEpro 10.20
JAM Software - SpamAssassin in a Box
-
- Site Admin
- Posts: 1127
- Joined: Mon Jun 10, 2002 6:31 pm
- Location: Melbourne, Victoria, Australia
Re: EHLO blocking - extension
Hi,
The next minor update includes using wildcards, which was not possible before, so you will be able to add the following as a block:
[*.*.*.*]
Hope this helps, thanks!
The next minor update includes using wildcards, which was not possible before, so you will be able to add the following as a block:
[*.*.*.*]
Hope this helps, thanks!
-
- Posts: 48
- Joined: Sat Dec 04, 2004 3:59 pm
Re: EHLO blocking - extension
Thanks for the heads up about this.
This looks to be for IP addresses? Yes?
[*.*.*.*]
What about *.stream and the others I mentioned?
This looks to be for IP addresses? Yes?
[*.*.*.*]
What about *.stream and the others I mentioned?
j@mes
MEpro 10.20
JAM Software - SpamAssassin in a Box
MEpro 10.20
JAM Software - SpamAssassin in a Box
-
- Site Admin
- Posts: 1127
- Joined: Mon Jun 10, 2002 6:31 pm
- Location: Melbourne, Victoria, Australia
Re: EHLO blocking - extension
Yes, it will work as well, so you can use:
*.yinksoft.com
*.stream
*.yinksoft.*
etc.
*.yinksoft.com
*.stream
*.yinksoft.*
etc.
-
- Posts: 48
- Joined: Sat Dec 04, 2004 3:59 pm
Re: EHLO blocking - extension
Excellent!
This is going to be in the next release 9.54?
Thank you.
This is going to be in the next release 9.54?
Thank you.
j@mes
MEpro 10.20
JAM Software - SpamAssassin in a Box
MEpro 10.20
JAM Software - SpamAssassin in a Box
-
- Posts: 560
- Joined: Mon Nov 03, 2003 7:48 am
- Location: Cape Town
Re: EHLO blocking - extension
Can it please be confirmed that the wildcard feature mentioned by @Admin is available in 9.54. There is no mention of it in the changelog.
Regards,
Brett
Regards,
Brett
-
- Posts: 48
- Joined: Sat Dec 04, 2004 3:59 pm
Re: EHLO blocking - extension
Hello Brett,
Yes the function is working in 9.54.
I have found a minor bug and have already reported it.
Basically if you have *.br blocked and the HELO name is static.bringit.br it doesn't get stopped.
Apparently the code checks the first .br finds .bringit and then lets it pass.
The function in SMTP Properties | Security TAB - at the bottom "Configure Blocks" is now working and will add your phrases into the list. It was not working in 9.53 or before.
Yes the function is working in 9.54.
I have found a minor bug and have already reported it.
Basically if you have *.br blocked and the HELO name is static.bringit.br it doesn't get stopped.
Apparently the code checks the first .br finds .bringit and then lets it pass.
The function in SMTP Properties | Security TAB - at the bottom "Configure Blocks" is now working and will add your phrases into the list. It was not working in 9.53 or before.
j@mes
MEpro 10.20
JAM Software - SpamAssassin in a Box
MEpro 10.20
JAM Software - SpamAssassin in a Box
-
- Posts: 560
- Joined: Mon Nov 03, 2003 7:48 am
- Location: Cape Town
Re: EHLO blocking - extension
I happily added the [*.*.*.*] entry for EHLO blocking only to find that all the company Android and Apple devices could no longer send email. They were being rejected as they all use their IP address for EHLO/HELO and I can find no way to change this behaviour.