I added an EHLO blocking entry for any server impersonating my own (see rationale below). This resulted in my server disconnecting on itself (127.0.0.1) when trying to send bounce messages back to senders.
So I added 127.0.0.1 to the SMTP whitelist. Unfortunately, the whitelist doesn't work for EHLO blocking, and it still disconnected on itself.
EHLO blocking should never apply to 127.0.0.1 and whitelisting any IP address should allow it to bypass the EHLO blocking tests.
Rationale: Spammers and hackers often connect with a domain's MX server name or domain name. So if you run the domain foo.com with an MX server of mail.foo.com, they will connect with "HELO mail.foo.com" or "HELO foo.com." Obviously, most admins don't want to accept spam, login attempts, or even email, from remote hosts impersonating their own mail server.
EHLO blocking and/or SMTP whitelisting bug
Re: EHLO blocking and/or SMTP whitelisting bug
This remains a problem in 9.54. When entering strings to be blocked, the following wording is shown:
Again, I want to block remote servers impersonating my server (like the dialog box says). If a spammer connects with an EHLO that identifies itself as my server, I want to drop it (since it is, without a doubt, trying to deliver spam, phishing emails, or malware-laden attachments).
Yet the connection is dropped when 127.0.0.1 connects with a string in the EHLO block list, blocking bounce messages since my own server name is in the list.Enter the strings you want to block at the EHLO command.
When a remote server connects and sends the EHLO
command with a string you are blocking the connection will be
dropped.
Again, I want to block remote servers impersonating my server (like the dialog box says). If a spammer connects with an EHLO that identifies itself as my server, I want to drop it (since it is, without a doubt, trying to deliver spam, phishing emails, or malware-laden attachments).
