EHLO blocking - extension

Post your MailEnable suggestions here.
Brett Rowbotham
Posts: 560
Joined: Mon Nov 03, 2003 7:48 am
Location: Cape Town

EHLO blocking - extension

Post by Brett Rowbotham »

In addition to the current EHLO blocking by specified name, it would be great to have EHLO blocking done when only an IP address is supplied in the call.

EHLO [181.66.3.214]

I see many such connections to my server, all of which try to send email using our email addresses. This will fail because we require authentication before sending but it is wasting processing time, we could be dropping the connections at EHLO stage.

jdissing
Posts: 8
Joined: Fri Feb 06, 2004 9:09 pm
Location: Denmark

Re: EHLO blocking - extension

Post by jdissing »

Hi

I see the same as Brett. And I agree that it would be nice to have EHLO blocking done when only IP adress is supplied.

Looking forward to see this feature in mailenable :D

virmix
Posts: 66
Joined: Tue Nov 10, 2015 12:12 am

Re: EHLO blocking - extension

Post by virmix »

I agree too.

bitechbobbrenner
Posts: 41
Joined: Tue Jan 20, 2015 4:57 pm

Re: EHLO blocking - extension

Post by bitechbobbrenner »

+1

bitechbobbrenner
Posts: 41
Joined: Tue Jan 20, 2015 4:57 pm

Re: EHLO blocking - extension

Post by bitechbobbrenner »

This is STILL needed please. As we are using MagicSpam as a gateway with very excellent results being able to block with wild cards and IP masking without specific IP numbers as in ###.###.###.### or 1##.###.### etc would a BIG improvement. Any comments from other users and ME programers???

telecomputers
Posts: 48
Joined: Sat Dec 04, 2004 3:59 pm

Re: EHLO blocking - extension

Post by telecomputers »

I agree - stopping bad mail at the EHLO results would be a good solution.

I have been working with EHLO blocking today and cannot see where it is doing what it is supposed to.
Does anyone know where the ME log file would be to see the EHLO block results?
Looking in ex(date).log I can see the EHLO results BUT not if it is blocked (or working).
SMTP Properties | Security Tab | ELHO Blocking (at bottom) | Configure Blocks

Also since there is very little in the way of documentation on EHLO Blocking what is the format allowed when you Configure Blocks?
I am assuming these would all work:

*.yinksoft.com
YLMF-PC
mycomputer
*.stream
localhost
ADMIN-PC
wan-ip
device.lan
example.com
null.host.com
SH3LLS-56959

Thanks -
j@mes

MEpro 10.20
JAM Software - SpamAssassin in a Box

Brett Rowbotham
Posts: 560
Joined: Mon Nov 03, 2003 7:48 am
Location: Cape Town

Re: EHLO blocking - extension

Post by Brett Rowbotham »

The wildcard option, as far as I know, will not work. You need to specify the full name as supplied by the EHLO command from the host you want to block.

As far as seeing that it is working, in the SMTP activity file you will just see the EHLO from the remote server then nothing further in the way of a SMTP conversation as the connection is dropped immediately.

Cheers,
Brett

telecomputers
Posts: 48
Joined: Sat Dec 04, 2004 3:59 pm

Re: EHLO blocking - extension

Post by telecomputers »

Thanks Brett - I appreciate your taking the time to reply.

It seems this could really be an opportunity to kill spam before it enters the system.
Perhaps if ME were to broaden the scope of the EHLO Blocking function - it would be a good tool to present an early detector of bad mail.
j@mes

MEpro 10.20
JAM Software - SpamAssassin in a Box

Admin
Site Admin
Posts: 1127
Joined: Mon Jun 10, 2002 6:31 pm
Location: Melbourne, Victoria, Australia

Re: EHLO blocking - extension

Post by Admin »

Hi,

The next minor update includes using wildcards, which was not possible before, so you will be able to add the following as a block:

[*.*.*.*]

Hope this helps, thanks!

telecomputers
Posts: 48
Joined: Sat Dec 04, 2004 3:59 pm

Re: EHLO blocking - extension

Post by telecomputers »

Thanks for the heads up about this.

This looks to be for IP addresses? Yes?
[*.*.*.*]

What about *.stream and the others I mentioned?
j@mes

MEpro 10.20
JAM Software - SpamAssassin in a Box

Admin
Site Admin
Posts: 1127
Joined: Mon Jun 10, 2002 6:31 pm
Location: Melbourne, Victoria, Australia

Re: EHLO blocking - extension

Post by Admin »

Yes, it will work as well, so you can use:

*.yinksoft.com
*.stream
*.yinksoft.*

etc.

telecomputers
Posts: 48
Joined: Sat Dec 04, 2004 3:59 pm

Re: EHLO blocking - extension

Post by telecomputers »

Excellent!
This is going to be in the next release 9.54?
Thank you.
j@mes

MEpro 10.20
JAM Software - SpamAssassin in a Box

Brett Rowbotham
Posts: 560
Joined: Mon Nov 03, 2003 7:48 am
Location: Cape Town

Re: EHLO blocking - extension

Post by Brett Rowbotham »

Can it please be confirmed that the wildcard feature mentioned by @Admin is available in 9.54. There is no mention of it in the changelog.

Regards,
Brett

telecomputers
Posts: 48
Joined: Sat Dec 04, 2004 3:59 pm

Re: EHLO blocking - extension

Post by telecomputers »

Hello Brett,

Yes the function is working in 9.54.

I have found a minor bug and have already reported it.
Basically if you have *.br blocked and the HELO name is static.bringit.br it doesn't get stopped.
Apparently the code checks the first .br finds .bringit and then lets it pass.

The function in SMTP Properties | Security TAB - at the bottom "Configure Blocks" is now working and will add your phrases into the list. It was not working in 9.53 or before.
j@mes

MEpro 10.20
JAM Software - SpamAssassin in a Box

Brett Rowbotham
Posts: 560
Joined: Mon Nov 03, 2003 7:48 am
Location: Cape Town

Re: EHLO blocking - extension

Post by Brett Rowbotham »

I happily added the [*.*.*.*] entry for EHLO blocking only to find that all the company Android and Apple devices could no longer send email. They were being rejected as they all use their IP address for EHLO/HELO and I can find no way to change this behaviour.

Post Reply