Deny by EHLO string

[dc79]

Hello,
I have a persistent person that continues to attempt an SMTP AUTH in an attempt to use our SMTP Relay. They appear to be spoofing their originating IP address as I see many many many different originating IP addresses being used for the same EHLO string. I have been denying based on IP address in the interim but would like to deny based on specific EHLO string being supplied. Since they are spoofing IP address it is an ongoing maintenance chore I'd like to eliminate. I see there is an SMTP-Inbound script capability that can be fired on the following SMTP statements (MAIL FROM, RCPT TO, and DATA). How can this script or another script be fired on EHLO or AUTH commands?

I am running Mailenable Professional v8.0

Thank you in advance

[psmithza]

I have almost a similar prblem , My problem is that the Hacker is trying to use credentials that isn't valid anymore. I would like to get him to stop trying to log in because he is flooding my server with login attempts and I can't block all the IP's he is using.

I thought of looking maybe at mac address filtering via the firewall but my hosting company doesn't allow me to make changes to their firewall.

I have no idea how to do it otherwise would like someone to shed some light on how to block those annoying people that try to hack the server

[ShawnKHall]

I know I'm late, but I hate to see so many unanswered questions on here.

To answer the original question, you can use "EHLO blocking". open ME Admin, Servers, <server>, Services and Connectors. Right click on SMTP and select properties. Select the Security tab, then "configure blocks" at the bottom within the "EHLO Blocking" section. Enter the specific EHLO string you want to block (such as "localhost" and "127.0.0.1"). Click OK. Restart SMTP.

[Brett Rowbotham]

Why necro a 6 year old thread ? It's highly unlikely the OP is still awaiting an answer.

Cheers,
Brett

[cmiller@atcomm.com]

I thought it to be a useful necro. I had a similar problem last year and used this forum to get the answer even if it was a few years old.

[ShawnKHall]

Why necro a 6 year old thread ?

Because I had the answer and had looked for it myself when I setup a server a year or so ago. MailEnable isn't answering most of the questions on here, so anyone looking for how to do anything ends up landing on dead threads and wasting their time through trial and error instead of what should be a quick peer-to-peer support option. It's almost as if MailEnable has abandoned their entire user base.

Right now, on the first page of the ME Pro forum 28% of the threads are unanswered even though they've had over 20,550 views. Much of the rest of the forum is even worse. The first page of the ME Enterprise forum has almost 50% of the threads unanswered with over 25,000 views on those threads, and the first page of the ME Developer forum has almost 60% of the threads unanswered with over 128,000 views on those threads. Those numbers are only that low because I actually answered a couple the other day. Note that these are only the ones with no replies - a quick perusal of those questions with 1 or even several replies are mostly "me, too" comments or the OP trying to add context or detail but still without an actual answer.

These numbers indicate that the ME forum is an almost complete waste of time for people trying to get the help they want from MailEnable and from their MailEnable peers.

[MailEnable-Ian]

Hi,

The MailEnable forum is a discussion board and should be not used for managed support. We have not abandoned our user base and try to answer and provide help where we can. We provide a managed support system and recommend lodging tickets as its easier for the client to provide log files, configuration details etc that contain sensitive data that cannot be posted on the forum.

For this particular post the "EHLO string" block option was added in version 9 a year after when the this post was submitted and therefore went unanswered. Our documentation was updated at the time of the release containing details relating to the security option.
https://www.mailenable.com/documentation/9.0/Professional/webframe.html#SMTP_props_-Security.html

[ShawnKHall]

Then wouldn't it be better to respond with "not within the product itself" or "not at this time" instead of leaving half your forum posts unanswered? I just don't understand why so many questions (including almost all of mine) go unanswered. Btw, "Discussion Forum" is listed under Support on your front page. Should I lodge a ticket to ask where documentation is?