EHLO blocking - extension

Brett Rowbotham
Posts: 491
Joined: Mon Nov 03, 2003 7:48 am
Location: Cape Town

EHLO blocking - extension

Postby Brett Rowbotham » Fri May 06, 2016 9:36 am

In addition to the current EHLO blocking by specified name, it would be great to have EHLO blocking done when only an IP address is supplied in the call.

EHLO [181.66.3.214]

I see many such connections to my server, all of which try to send email using our email addresses. This will fail because we require authentication before sending but it is wasting processing time, we could be dropping the connections at EHLO stage.

jdissing
Posts: 7
Joined: Fri Feb 06, 2004 9:09 pm
Location: Denmark
Contact:

Re: EHLO blocking - extension

Postby jdissing » Sun May 29, 2016 1:08 pm

Hi

I see the same as Brett. And I agree that it would be nice to have EHLO blocking done when only IP adress is supplied.

Looking forward to see this feature in mailenable :D

virmix
Posts: 30
Joined: Tue Nov 10, 2015 12:12 am

Re: EHLO blocking - extension

Postby virmix » Sun May 29, 2016 1:21 pm

I agree too.

bitechbobbrenner
Posts: 22
Joined: Tue Jan 20, 2015 4:57 pm

Re: EHLO blocking - extension

Postby bitechbobbrenner » Tue Jul 12, 2016 3:21 pm

+1

bitechbobbrenner
Posts: 22
Joined: Tue Jan 20, 2015 4:57 pm

Re: EHLO blocking - extension

Postby bitechbobbrenner » Tue Sep 20, 2016 1:49 pm

This is STILL needed please. As we are using MagicSpam as a gateway with very excellent results being able to block with wild cards and IP masking without specific IP numbers as in ###.###.###.### or 1##.###.### etc would a BIG improvement. Any comments from other users and ME programers???

telecomputers
Posts: 43
Joined: Sat Dec 04, 2004 3:59 pm

Re: EHLO blocking - extension

Postby telecomputers » Tue Nov 01, 2016 10:03 pm

I agree - stopping bad mail at the EHLO results would be a good solution.

I have been working with EHLO blocking today and cannot see where it is doing what it is supposed to.
Does anyone know where the ME log file would be to see the EHLO block results?
Looking in ex(date).log I can see the EHLO results BUT not if it is blocked (or working).
SMTP Properties | Security Tab | ELHO Blocking (at bottom) | Configure Blocks

Also since there is very little in the way of documentation on EHLO Blocking what is the format allowed when you Configure Blocks?
I am assuming these would all work:

*.yinksoft.com
YLMF-PC
mycomputer
*.stream
localhost
ADMIN-PC
wan-ip
device.lan
example.com
null.host.com
SH3LLS-56959

Thanks -
j@mes

MEpro 9.61
JAM Software - SpamAssassin in a Box
ClamAV / Sanesecurity

Brett Rowbotham
Posts: 491
Joined: Mon Nov 03, 2003 7:48 am
Location: Cape Town

Re: EHLO blocking - extension

Postby Brett Rowbotham » Wed Nov 02, 2016 4:14 am

The wildcard option, as far as I know, will not work. You need to specify the full name as supplied by the EHLO command from the host you want to block.

As far as seeing that it is working, in the SMTP activity file you will just see the EHLO from the remote server then nothing further in the way of a SMTP conversation as the connection is dropped immediately.

Cheers,
Brett

telecomputers
Posts: 43
Joined: Sat Dec 04, 2004 3:59 pm

Re: EHLO blocking - extension

Postby telecomputers » Wed Nov 02, 2016 4:54 am

Thanks Brett - I appreciate your taking the time to reply.

It seems this could really be an opportunity to kill spam before it enters the system.
Perhaps if ME were to broaden the scope of the EHLO Blocking function - it would be a good tool to present an early detector of bad mail.
j@mes

MEpro 9.61
JAM Software - SpamAssassin in a Box
ClamAV / Sanesecurity

Admin
Site Admin
Posts: 774
Joined: Mon Jun 10, 2002 6:31 pm
Location: Melbourne, Victoria, Australia

Re: EHLO blocking - extension

Postby Admin » Thu Dec 01, 2016 5:38 am

Hi,

The next minor update includes using wildcards, which was not possible before, so you will be able to add the following as a block:

[*.*.*.*]

Hope this helps, thanks!

telecomputers
Posts: 43
Joined: Sat Dec 04, 2004 3:59 pm

Re: EHLO blocking - extension

Postby telecomputers » Thu Dec 01, 2016 5:49 am

Thanks for the heads up about this.

This looks to be for IP addresses? Yes?
[*.*.*.*]

What about *.stream and the others I mentioned?
j@mes

MEpro 9.61
JAM Software - SpamAssassin in a Box
ClamAV / Sanesecurity

Admin
Site Admin
Posts: 774
Joined: Mon Jun 10, 2002 6:31 pm
Location: Melbourne, Victoria, Australia

Re: EHLO blocking - extension

Postby Admin » Thu Dec 01, 2016 10:48 pm

Yes, it will work as well, so you can use:

*.yinksoft.com
*.stream
*.yinksoft.*

etc.

telecomputers
Posts: 43
Joined: Sat Dec 04, 2004 3:59 pm

Re: EHLO blocking - extension

Postby telecomputers » Sat Dec 10, 2016 7:03 pm

Excellent!
This is going to be in the next release 9.54?
Thank you.
j@mes

MEpro 9.61
JAM Software - SpamAssassin in a Box
ClamAV / Sanesecurity

Brett Rowbotham
Posts: 491
Joined: Mon Nov 03, 2003 7:48 am
Location: Cape Town

Re: EHLO blocking - extension

Postby Brett Rowbotham » Thu Jan 26, 2017 10:46 am

Can it please be confirmed that the wildcard feature mentioned by @Admin is available in 9.54. There is no mention of it in the changelog.

Regards,
Brett

telecomputers
Posts: 43
Joined: Sat Dec 04, 2004 3:59 pm

Re: EHLO blocking - extension

Postby telecomputers » Wed Feb 01, 2017 5:49 pm

Hello Brett,

Yes the function is working in 9.54.

I have found a minor bug and have already reported it.
Basically if you have *.br blocked and the HELO name is static.bringit.br it doesn't get stopped.
Apparently the code checks the first .br finds .bringit and then lets it pass.

The function in SMTP Properties | Security TAB - at the bottom "Configure Blocks" is now working and will add your phrases into the list. It was not working in 9.53 or before.
j@mes

MEpro 9.61
JAM Software - SpamAssassin in a Box
ClamAV / Sanesecurity

Brett Rowbotham
Posts: 491
Joined: Mon Nov 03, 2003 7:48 am
Location: Cape Town

Re: EHLO blocking - extension

Postby Brett Rowbotham » Fri Feb 10, 2017 12:21 pm

I happily added the [*.*.*.*] entry for EHLO blocking only to find that all the company Android and Apple devices could no longer send email. They were being rejected as they all use their IP address for EHLO/HELO and I can find no way to change this behaviour.

Who is online

Users browsing this forum: No registered users and 1 guest