It's frustrating to see pages of log files with one spam relay attempt after another, sometimes for hours at a time, all from the same IP address.
Provide a means of automatically adding an IP address to the banned IP address list after some number of unauthenticated relay attempts within some time period -- hopefully configurable to something like three attempts in 15 minutes, 5 attempts in 40 minutes, etc.
Ban IP That Repeatedly Tries To Relay Spam
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: Ban IP That Repeatedly Tries To Relay Spam
Hi,
http://www.mailenable.com/documentation ... icies.html - "Abuse detection and prevention" option.
http://www.mailenable.com/documentation ... icies.html - "Abuse detection and prevention" option.
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: Ban IP That Repeatedly Tries To Relay Spam
Hello Ian,
The description of that fearure is "IP addresses will be blocked if they are incorrectly authenticating" and "(eg: password dictionary attacks)."
In the case I'm talking about, the spammer is trying to relay without attempting to authenticate at all (no SMTP AUTH command). Does it address problems like this?
Note: Actual e-mail addresses from log file replaced with "{non-local e-mail address}" in order to prevent harvesting by spammers.
Thanks.
-- Fred
The description of that fearure is "IP addresses will be blocked if they are incorrectly authenticating" and "(eg: password dictionary attacks)."
In the case I'm talking about, the spammer is trying to relay without attempting to authenticate at all (no SMTP AUTH command). Does it address problems like this?
Note: Actual e-mail addresses from log file replaced with "{non-local e-mail address}" in order to prevent harvesting by spammers.
Code: Select all
05/23/14 07:26:21 SMTP-IN 07EB4438A3A1454E8745AD596751BB34.MAI 740 90.222.153.183 MAIL MAIL FROM: <{non-local e-mail address}> 250 Requested mail action okay, completed 43 44
05/23/14 07:26:22 SMTP-IN 07EB4438A3A1454E8745AD596751BB34.MAI 740 90.222.153.183 RCPT RCPT TO: <{non-local e-mail address}> 503 This mail server requires authentication when attempting to send to a non-local e-mail address. Please check your mail client settings or contact your administrator to verify that the domain or address is defined for this server. 235 30
05/23/14 07:28:12 SMTP-IN AC8E6BD8062C45ABAAE741CD41FAC4F7.MAI 728 90.222.153.183 220 {my mail server name} ESMTP Service Ready 0 0
05/23/14 07:28:12 SMTP-IN AC8E6BD8062C45ABAAE741CD41FAC4F7.MAI 728 90.222.153.183 EHLO EHLO 5ade99b7.bb.sky.com 250- {my mail server name} [90.222.153.183], this server offers 4 extensions 123 26
05/23/14 07:28:12 SMTP-IN AC8E6BD8062C45ABAAE741CD41FAC4F7.MAI 728 90.222.153.183 MAIL MAIL FROM: <{non-local e-mail address}> 250 Requested mail action okay, completed 43 42
05/23/14 07:28:12 SMTP-IN AC8E6BD8062C45ABAAE741CD41FAC4F7.MAI 728 90.222.153.183 RCPT RCPT TO: <{non-local e-mail address}> 503 This mail server requires authentication when attempting to send to a non-local e-mail address. Please check your mail client settings or contact your administrator to verify that the domain or address is defined for this server. 235 30
05/23/14 07:29:47 SMTP-IN D24F0763ECCC475EAAD2635DDC145469.MAI 188 90.222.153.183 220 {my mail server name} ESMTP Service Ready 0 0
05/23/14 07:29:47 SMTP-IN D24F0763ECCC475EAAD2635DDC145469.MAI 188 90.222.153.183 EHLO EHLO 5ade99b7.bb.sky.com 250- {my mail server name} [90.222.153.183], this server offers 4 extensions 123 26
05/23/14 07:29:47 SMTP-IN D24F0763ECCC475EAAD2635DDC145469.MAI 188 90.222.153.183 MAIL MAIL FROM: <{non-local e-mail address}> 250 Requested mail action okay, completed 43 47
05/23/14 07:29:47 SMTP-IN D24F0763ECCC475EAAD2635DDC145469.MAI 188 90.222.153.183 RCPT RCPT TO: <{non-local e-mail address}> 503 This mail server requires authentication when attempting to send to a non-local e-mail address. Please check your mail client settings or contact your administrator to verify that the domain or address is defined for this server. 235 37
05/23/14 07:34:50 SMTP-IN 5D1832530A2E4DF5A337D6ECCAF3829D.MAI 688 90.222.153.183 220 {my mail server name} ESMTP Service Ready 0 0
05/23/14 07:34:51 SMTP-IN 5D1832530A2E4DF5A337D6ECCAF3829D.MAI 688 90.222.153.183 EHLO EHLO 5ade99b7.bb.sky.com 250- {my mail server name} [90.222.153.183], this server offers 4 extensions 123 26
05/23/14 07:34:51 SMTP-IN 5D1832530A2E4DF5A337D6ECCAF3829D.MAI 688 90.222.153.183 MAIL MAIL FROM: <{non-local e-mail address}> 250 Requested mail action okay, completed 43 53
05/23/14 07:34:51 SMTP-IN 5D1832530A2E4DF5A337D6ECCAF3829D.MAI 688 90.222.153.183 RCPT RCPT TO: <{non-local e-mail address}> 503 This mail server requires authentication when attempting to send to a non-local e-mail address. Please check your mail client settings or contact your administrator to verify that the domain or address is defined for this server. 235 31
-- Fred
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: Ban IP That Repeatedly Tries To Relay Spam
Hi,
The abuse detection and prevention option will not ban the IP for invalid 503 attempts. Since the spammer is not able to relay the only way to stop these connections from hitting the MailEnable server would be to implement a spam gateway that has the ability to detect these types of attacks as MailEnable does not have the ability to stop these types of harvesting attacks.
The abuse detection and prevention option will not ban the IP for invalid 503 attempts. Since the spammer is not able to relay the only way to stop these connections from hitting the MailEnable server would be to implement a spam gateway that has the ability to detect these types of attacks as MailEnable does not have the ability to stop these types of harvesting attacks.
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: Ban IP That Repeatedly Tries To Relay Spam
Ian,
Thanks for your reply. So, I'm going to go back to my original request:
Provide a means of automatically adding an IP address to the banned IP address list after some number of unauthenticated relay attempts within some time period -- hopefully configurable to something like three attempts in 15 minutes, 5 attempts in 40 minutes, etc.
That would solve the problem. Spammer tries a few relay attempts. Spammer's IP is added to the blocked IP address list. SMTP server stops being available to spammer. Log file stops filling up.
Thanks for your reply. So, I'm going to go back to my original request:
Provide a means of automatically adding an IP address to the banned IP address list after some number of unauthenticated relay attempts within some time period -- hopefully configurable to something like three attempts in 15 minutes, 5 attempts in 40 minutes, etc.
That would solve the problem. Spammer tries a few relay attempts. Spammer's IP is added to the blocked IP address list. SMTP server stops being available to spammer. Log file stops filling up.
Re: Ban IP That Repeatedly Tries To Relay Spam
I would like to see this added in a future release as well.
+1 Vote from me.
+1 Vote from me.
Re: Ban IP That Repeatedly Tries To Relay Spam
It would be very useful.
+6 as I manage 6 Mailenable servers
+6 as I manage 6 Mailenable servers