EHLO blocking and/or SMTP whitelisting bug

fbmaxwell
Posts: 24
Joined: Mon Apr 14, 2014 3:52 pm

EHLO blocking and/or SMTP whitelisting bug

Postby fbmaxwell » Thu Jan 12, 2017 9:42 am

I added an EHLO blocking entry for any server impersonating my own (see rationale below). This resulted in my server disconnecting on itself (127.0.0.1) when trying to send bounce messages back to senders.

So I added 127.0.0.1 to the SMTP whitelist. Unfortunately, the whitelist doesn't work for EHLO blocking, and it still disconnected on itself.

EHLO blocking should never apply to 127.0.0.1 and whitelisting any IP address should allow it to bypass the EHLO blocking tests.

Rationale: Spammers and hackers often connect with a domain's MX server name or domain name. So if you run the domain foo.com with an MX server of mail.foo.com, they will connect with "HELO mail.foo.com" or "HELO foo.com." Obviously, most admins don't want to accept spam, login attempts, or even email, from remote hosts impersonating their own mail server.

fbmaxwell
Posts: 24
Joined: Mon Apr 14, 2014 3:52 pm

Re: EHLO blocking and/or SMTP whitelisting bug

Postby fbmaxwell » Sat Feb 04, 2017 12:37 pm

This remains a problem in 9.54. When entering strings to be blocked, the following wording is shown:

Enter the strings you want to block at the EHLO command.
When a remote server connects and sends the EHLO
command with a string you are blocking the connection will be
dropped.


Yet the connection is dropped when 127.0.0.1 connects with a string in the EHLO block list, blocking bounce messages since my own server name is in the list.

Again, I want to block remote servers impersonating my server (like the dialog box says). If a spammer connects with an EHLO that identifies itself as my server, I want to drop it (since it is, without a doubt, trying to deliver spam, phishing emails, or malware-laden attachments).

Who is online

Users browsing this forum: No registered users and 7 guests