Forum for things that doesn't really have anything to do with hMailServer. Such as php.ini, beer, etc etc.
-
RvdH
- Senior user
- Posts: 3235
- Joined: 2008-06-27 14:42
- Location: The Netherlands
Post
by RvdH » 2021-05-01 17:23
Today i noticed hundreds of connection attempts, originating from domain mailboxvalidator.com
Code: Select all
"SMTPD" 8472 14728 "2021-05-01 15:46:57.359" "149.56.101.37" "SENT: 220 mail.domain.com ESMTP"
"SMTPD" 2136 14728 "2021-05-01 15:46:57.454" "149.56.101.37" "RECEIVED: HELO mailboxvalidator.com"
"SMTPD" 2136 14728 "2021-05-01 15:46:57.625" "149.56.101.37" "SENT: 250 Hello."
"SMTPD" 2136 14728 "2021-05-01 15:46:57.719" "149.56.101.37" "RECEIVED: MAIL FROM:<support@mailboxvalidator.com>"
"SMTPD" 2136 14728 "2021-05-01 15:46:57.735" "149.56.101.37" "SENT: 250 OK"
"SMTPD" 8472 14728 "2021-05-01 15:46:57.828" "149.56.101.37" "RECEIVED: RCPT TO:<genevie.gloria.mungoland@domain.com>"
"SMTPD" 8472 14728 "2021-05-01 15:46:57.828" "149.56.101.37" "SENT: 550 Unknown user"
"SMTPD" 9136 14728 "2021-05-01 15:46:57.922" "149.56.101.37" "RECEIVED: QUIT"
"SMTPD" 9136 14728 "2021-05-01 15:46:57.922" "149.56.101.37" "SENT: 221 goodbye"
Their website claims:
Secure and reliable email validation service to check for invalid email addresses. It connects to the mail server and checks whether the mailbox exists or not. It reduces email bounce rate & costs. It increases conversion rate & sender reputation.
But if you ask me, this is just a nasty email address harvester, and i ban it from more harvesting from now on, added OnSMTPData for mail coming from backup-mx
Code: Select all
Sub OnHELO(oClient)
REM https://www.mailboxvalidator.com/
strRegEx = "^.*(mailboxvalidator\.com)$"
If Lookup(strRegEx, oClient.HELO) Then
Result.Value = 1
Call Disconnect(oClient.IPAddress)
End if
End Sub
Sub OnSMTPData(oClient, oMessage)
REM https://www.mailboxvalidator.com/
strRegEx = "\@(.+\.)?mailboxvalidator\.com"
If Lookup(strRegEx, oMessage.FromAddress) Then
Result.Value = 1
Call Disconnect(oClient.IPAddress)
End if
End Sub
Function Lookup(strRegEx, strMatch)
If strRegEx = "" Then Exit Function
With CreateObject("VBScript.RegExp")
.Global = False
.Pattern = strRegEx
.IgnoreCase = True
Lookup = .Test(strMatch)
End With
End Function
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
-
RvdH
- Senior user
- Posts: 3235
- Joined: 2008-06-27 14:42
- Location: The Netherlands
Post
by RvdH » 2021-05-01 17:31
Mmm, although OnSMTPData is to late to block them i think, as this triggers after
Code: Select all
"SMTPD" 4168 16827 "2021-05-01 17:29:38.857" "xxx-xxx-xxx-xxx" "RECEIVED: RCPT TO:<something@domain.com>"
"SMTPD" 4168 16827 "2021-05-01 17:29:38.857" "xxx-xxx-xxx-xxx" "SENT: 250 OK"
"SMTPD" 4168 16827 "2021-05-01 17:29:38.857" "xxx-xxx-xxx-xxx" "RECEIVED: QUIT"
"SMTPD" 4168 16827 "2021-05-01 17:29:38.857" "xxx-xxx-xxx-xxx" "SENT: 221 goodbye"
No disconnect but AutoBan then it seems...
Code: Select all
Sub OnHELO(oClient)
REM https://www.mailboxvalidator.com/
strRegEx = "^.*(mailboxvalidator\.com)$"
If Lookup(strRegEx, oClient.HELO) Then
Call AutoBan(oClient.IPAddress, oClient.HELO, 1, "d")
End if
End Sub
Last edited by
RvdH on 2021-05-01 17:42, edited 3 times in total.
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
-
RvdH
- Senior user
- Posts: 3235
- Joined: 2008-06-27 14:42
- Location: The Netherlands
Post
by RvdH » 2021-05-01 17:38
I think we need an new Event Handler Søren, OnSMTPTo(oClient, oMessage)
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
-
RvdH
- Senior user
- Posts: 3235
- Joined: 2008-06-27 14:42
- Location: The Netherlands
Post
by RvdH » 2021-05-01 17:47
I just now noticed, the IP address ended up being detected/blocked by Søren's IDS.... only a bit too late (IDS handler runs every minute)
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
-
SorenR
- Senior user
- Posts: 6315
- Joined: 2006-08-21 15:38
- Location: Denmark
Post
by SorenR » 2021-05-01 18:09
"RECEIVED: HELO mailboxvalidator.com"
oClient.HELO is available in OnHELO()
"RECEIVED: MAIL FROM:<
support@mailboxvalidator.com>"
oMessage.FromAddress is available in OnSMTPData()
Both
oClient.HELO and
oMessage.FromAddress contain "mailboxvalidator.com"
You need to check both subs when you get mail via a BackupMX. I generally bypass all script code in OnClientConnect and OnHELO when connection is from BackupMX ... I trust my BackupMX
However ...
I have this function that I call from OnAcceptMessage() that will extract original HELO and IPADDR.
Code: Select all
Function setEnvelope(oClient, oMessage)
Dim i, a, strTo, strOriginalTo, strIP, strRegEx, oMatch, oMatchCollection
If Lookup("from " & BACKUPMX, oMessage.HeaderValue("Received")) Then
For i = 0 To oMessage.Headers.Count-1
If (oMessage.Headers(i).Name = "Received") Then
If Lookup("by " & BACKUPMX & " with", oMessage.Headers(i).Value) Then
a = Split( oMessage.Headers(i).Value, " " )
oMessage.HeaderValue("X-Envelope-HELO") = Trim(a(1))
strRegEx = "(?:\[)((?:[0-9]{1,3}\.){3}[0-9]{1,3})(?:\])"
Set oMatchCollection = oLookup(strRegEx, oMessage.Headers(i).Value, False)
For Each oMatch In oMatchCollection
If oMatch.SubMatches.Count > 0 Then
oMessage.HeaderValue("X-Envelope-IP") = oMatch.SubMatches(0)
Else
oMessage.HeaderValue("X-Envelope-IP") = ""
End If
Next
Exit For
End If
End If
Next
Else
oMessage.HeaderValue("X-Envelope-HELO") = Trim(oClient.HELO)
oMessage.HeaderValue("X-Envelope-IP") = Trim(oClient.IPAddress)
End If
For i = 0 To oMessage.Recipients.Count-1
If (i = 0) Then
strTo = oMessage.Recipients(i).Address
strOriginalTo = oMessage.Recipients(i).OriginalAddress
Else
strTo = strTo & ", " & oMessage.Recipients(i).Address
strOriginalTo = strOriginalTo & ", " & oMessage.Recipients(i).OriginalAddress
End If
Next
oMessage.HeaderValue("X-Envelope-To") = strTo
oMessage.HeaderValue("X-Envelope-OriginalTo") = strOriginalTo
oMessage.HeaderValue("X-Envelope-From") = oMessage.FromAddress
oMessage.Save
Set oMatch = Nothing
Set oMatchCollection = Nothing
End Function
On the other hand ... My BackupMX is sitting next to my hMailServer on the shelf so I can run a subset of my Eventhandler on it. AutoBan works across both servers via a homemade REST API and they also share a few database tables. They also share the LAN but have different default gateways and ISP's.
SørenR.
Woke is Marxism advancing through Maoist cultural revolution.
-
RvdH
- Senior user
- Posts: 3235
- Joined: 2008-06-27 14:42
- Location: The Netherlands
Post
by RvdH » 2021-05-01 18:16
The point is they never try to send a message so they never reach OnAcceptMessage()
they just verify SENT: 250 OK is send after RCPT TO: mail@adres is received as it seems (they send QUIT command immediately after that)
I do use your Function isAutoBan(oMessage) to block blocked ip addresses that come thru through backup MX
So to be able to really target such "service" i think really something like OnSMTPRCPT is needed....but now i noticed it eventually triggered IDS I'm not so sure if it worth it
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
-
RvdH
- Senior user
- Posts: 3235
- Joined: 2008-06-27 14:42
- Location: The Netherlands
Post
by RvdH » 2021-05-01 20:45
Just thinking out loud... what if we could trigger a event on "Unknown user"?
Then we possibly would be able to script something like Søren's IDS or adopt it to IDS to catch/block senders that trigger the "Unknown user" more then
X times in a period of time
Concept, quick and dirty copied from OnSMTPDATA trigger
Code: Select all
if (!recipientOK)
{
SendErrorResponse_(550, "Unknown user");
if (Configuration::Instance()->GetUseScriptServer())
{
std::shared_ptr<ScriptObjectContainer> pContainer = std::shared_ptr<ScriptObjectContainer>(new ScriptObjectContainer);
std::shared_ptr<ClientInfo> pClientInfo = std::shared_ptr<ClientInfo>(new ClientInfo);
pClientInfo->SetUsername(username_);
pClientInfo->SetIPAddress(GetIPAddressString());
pClientInfo->SetPort(GetLocalEndpointPort());
pClientInfo->SetHELO(helo_host_);
pClientInfo->SetIsAuthenticated(isAuthenticated_);
pContainer->AddObject("HMAILSERVER_CLIENT", pClientInfo, ScriptObject::OTClient);
pContainer->AddObject("HMAILSERVER_MESSAGE", current_message_, ScriptObject::OTMessage);
String sEventCaller = "OnRecipientUnknown(HMAILSERVER_CLIENT, HMAILSERVER_MESSAGE)";
ScriptServer::Instance()->FireEvent(ScriptServer::EventOnRecipientUnknown, sEventCaller, pContainer);
}
return;
}
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
-
SorenR
- Senior user
- Posts: 6315
- Joined: 2006-08-21 15:38
- Location: Denmark
Post
by SorenR » 2021-05-01 22:01
Perhaps redefine "OnDeliveryFailure()" ??
"OnEventFailure(oMessage, sRecipient, sErrorMessage)"
1: Unknown account
2: Message delivery cancelled during virus scanning
3: Message delivery cancelled during global rules
4: Message delivery cancelled during OnDeliverMessage-event
5: Delivery timeout
6: Recipient does not exist
7: Cannot resolve domain
...
X: ... ?
SørenR.
Woke is Marxism advancing through Maoist cultural revolution.
-
RvdH
- Senior user
- Posts: 3235
- Joined: 2008-06-27 14:42
- Location: The Netherlands
Post
by RvdH » 2021-05-01 22:23
SorenR wrote: ↑2021-05-01 22:01
Perhaps redefine "OnDeliveryFailure()" ??
"OnEventFailure(oMessage, sRecipient, sErrorMessage)"
1: Unknown account
2: Message delivery cancelled during virus scanning
3: Message delivery cancelled during global rules
4: Message delivery cancelled during OnDeliverMessage-event
5: Delivery timeout
6: Recipient does not exist
7: Cannot resolve domain
...
X: ... ?
OnDeliveryFailure? Therefor the message first have to be accepted, and that (still) is the point....that is not the case here
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
-
SorenR
- Senior user
- Posts: 6315
- Joined: 2006-08-21 15:38
- Location: Denmark
Post
by SorenR » 2021-05-01 22:39
RvdH wrote: ↑2021-05-01 22:23
SorenR wrote: ↑2021-05-01 22:01
Perhaps redefine "OnDeliveryFailure()" ??
"OnEventFailure(oMessage, sRecipient, sErrorMessage)"
1: Unknown account
2: Message delivery cancelled during virus scanning
3: Message delivery cancelled during global rules
4: Message delivery cancelled during OnDeliverMessage-event
5: Delivery timeout
6: Recipient does not exist
7: Cannot resolve domain
...
X: ... ?
OnDeliveryFailure? Therefor the message first have to be accepted, and that (still) is the point....that is not the case here
Rename it to "OnEventFailure()" or something like that and make it trigger at any time during message handling ...
SørenR.
Woke is Marxism advancing through Maoist cultural revolution.
-
RvdH
- Senior user
- Posts: 3235
- Joined: 2008-06-27 14:42
- Location: The Netherlands
Post
by RvdH » 2021-05-01 22:43
SorenR wrote: ↑2021-05-01 22:39
RvdH wrote: ↑2021-05-01 22:23
SorenR wrote: ↑2021-05-01 22:01
Perhaps redefine "OnDeliveryFailure()" ??
"OnEventFailure(oMessage, sRecipient, sErrorMessage)"
1: Unknown account
2: Message delivery cancelled during virus scanning
3: Message delivery cancelled during global rules
4: Message delivery cancelled during OnDeliverMessage-event
5: Delivery timeout
6: Recipient does not exist
7: Cannot resolve domain
...
X: ... ?
OnDeliveryFailure? Therefor the message first have to be accepted, and that (still) is the point....that is not the case here
Rename it to "OnEventFailure()" or something like that and make it trigger at any time during message handling ...
message handling? As said, we don't have a message at that stage....the message is rejected as the user is unknown
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
-
RvdH
- Senior user
- Posts: 3235
- Joined: 2008-06-27 14:42
- Location: The Netherlands
Post
by RvdH » 2021-05-01 22:47
@matt
Code: Select all
"SMTPD" 5016 78 "2021-05-01 22:44:54.851" "149.56.101.37" "SENT: 220 mail.domain.com ESMTP"
"SMTPD" 8892 78 "2021-05-01 22:44:54.944" "149.56.101.37" "RECEIVED: HELO mailboxvalidator.com"
"SMTPD" 8892 78 "2021-05-01 22:44:55.085" "149.56.101.37" "SENT: 554 Oooops LOL"
"SMTPD" 5016 89 "2021-05-01 22:45:02.783" "149.56.101.37" "SENT: 220 mail.mail.domain.com ESMTP"
"SMTPD" 10668 89 "2021-05-01 22:45:02.861" "149.56.101.37" "RECEIVED: HELO mailboxvalidator.com"
"SMTPD" 10668 89 "2021-05-01 22:45:02.970" "149.56.101.37" "SENT: 554 Oooops LOL"
"SMTPD" 5016 93 "2021-05-01 22:45:06.424" "149.56.101.37" "SENT: 220 mail.mail.domain.com ESMTP"
"SMTPD" 6632 93 "2021-05-01 22:45:06.518" "149.56.101.37" "RECEIVED: HELO mailboxvalidator.com"
"SMTPD" 6632 93 "2021-05-01 22:45:06.642" "149.56.101.37" "SENT: 554 Hasta la vista, Baby"
"SMTPD" 10668 96 "2021-05-01 22:45:09.373" "149.56.101.37" "SENT: 220 mail.domain.com ESMTP"
"SMTPD" 6632 96 "2021-05-01 22:45:09.451" "149.56.101.37" "RECEIVED: HELO mailboxvalidator.com"
"SMTPD" 6632 96 "2021-05-01 22:45:09.560" "149.56.101.37" "SENT: 554 Have you tried switching it off and then on again"
"SMTPD" 10668 97 "2021-05-01 22:45:10.084" "149.56.101.37" "SENT: 220 mail.domain.com ESMTP"
"SMTPD" 6632 97 "2021-05-01 22:45:10.162" "149.56.101.37" "RECEIVED: HELO mailboxvalidator.com"
"SMTPD" 6632 97 "2021-05-01 22:45:10.271" "149.56.101.37" "SENT: 554 I'm sorry Jim, I can't do that"
"SMTPD" 5016 102 "2021-05-01 22:45:14.390" "149.56.101.37" "SENT: 220 mail.domain.com ESMTP"
"SMTPD" 10404 102 "2021-05-01 22:45:14.484" "149.56.101.37" "RECEIVED: HELO mailboxvalidator.com"
"SMTPD" 10404 102 "2021-05-01 22:45:14.593" "149.56.101.37" "SENT: 554 It's hard to have a battle of wits with someone who is half armed"
"SMTPD" 5016 104 "2021-05-01 22:45:20.802" "149.56.101.37" "SENT: 220 mail.domain.com ESMTP"
"SMTPD" 4636 104 "2021-05-01 22:45:20.896" "149.56.101.37" "RECEIVED: HELO mailboxvalidator.com"
"SMTPD" 4636 104 "2021-05-01 22:45:21.021" "149.56.101.37" "SENT: 554 Oooops LOL"
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
-
SorenR
- Senior user
- Posts: 6315
- Joined: 2006-08-21 15:38
- Location: Denmark
Post
by SorenR » 2021-05-01 22:49
oMessage object has been created with "MAiL FROM" so we have a message.
SørenR.
Woke is Marxism advancing through Maoist cultural revolution.
-
RvdH
- Senior user
- Posts: 3235
- Joined: 2008-06-27 14:42
- Location: The Netherlands
Post
by RvdH » 2021-05-01 22:53
SorenR wrote: ↑2021-05-01 22:49
oMessage object has been created with "MAiL FROM" so we have a message.
Wanna make a bet? I say $100 we have no 'complete' oMessage object
If most of the oMessage object is not available in OnSMTPData (as it is not send to us yet) it surely won't be available right before, and RCPT To is required before DATA
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
-
mattg
- Moderator
- Posts: 22437
- Joined: 2007-06-14 05:12
- Location: 'The Outback' Australia
Post
by mattg » 2021-05-02 07:06
RvdH wrote: ↑2021-05-01 22:47
@matt
Thanks, added that domain name to my OnHELO
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
-
RvdH
- Senior user
- Posts: 3235
- Joined: 2008-06-27 14:42
- Location: The Netherlands
Post
by RvdH » 2021-05-02 09:10
@matt
Yes, this mailboxvalidator.com is easily stopped on OnHELO (as long they keep using this EHLO/HELO command)
But sometimes it's not that easy to block e-mailadres harvesters/spammers like this, eg:
Code: Select all
"SMTPD" 10700 9108 "2021-05-02 08:53:59.603" "5.188.206.163" "SENT: 220 mail.domain.com ESMTP"
"SMTPD" 7820 9108 "2021-05-02 08:53:59.947" "5.188.206.163" "RECEIVED: EHLO [5.188.206.171]"
"DEBUG" 7820 "2021-05-02 08:53:59.947" "Executing event OnHELO"
"DEBUG" 7820 "2021-05-02 08:53:59.993" "Event completed"
"SMTPD" 7820 9108 "2021-05-02 08:53:59.993" "5.188.206.163" "SENT: 250-mail.domain.com[nl]250-SIZE 51200000[nl]250-STARTTLS[nl]250 HELP"
"SMTPD" 5016 9108 "2021-05-02 08:54:00.337" "5.188.206.163" "RECEIVED: MAIL FROM:<o8wh9vpuhonfml@kdeliciamj.com.br>"
"SMTPD" 5016 9108 "2021-05-02 08:54:00.790" "5.188.206.163" "SENT: 250 OK"
"SMTPD" 10700 9108 "2021-05-02 08:54:01.040" "5.188.206.163" "RECEIVED: RCPT TO:<info@domain.com>"
"SMTPD" 10700 9108 "2021-05-02 08:54:01.055" "5.188.206.163" "SENT: 250 OK"
"SMTPD" 10700 9108 "2021-05-02 08:54:01.055" "5.188.206.163" "RECEIVED: RCPT TO:<admin@domain.com>"
"SMTPD" 10700 9108 "2021-05-02 08:54:01.055" "5.188.206.163" "SENT: 550 Unknown user"
"DEBUG" 10700 "2021-05-02 08:54:01.055" "Executing event OnRecipientUnknown"
"DEBUG" 10700 "2021-05-02 08:54:01.086" "Event completed"
"SMTPD" 7820 9108 "2021-05-02 08:54:01.086" "5.188.206.163" "RECEIVED: RCPT TO:<contact@domain.com>"
"SMTPD" 7820 9108 "2021-05-02 08:54:01.086" "5.188.206.163" "SENT: 550 Unknown user"
"DEBUG" 7820 "2021-05-02 08:54:01.086" "Executing event OnRecipientUnknown"
"DEBUG" 7820 "2021-05-02 08:54:01.118" "Event completed"
"SMTPD" 8936 9108 "2021-05-02 08:54:01.118" "5.188.206.163" "RECEIVED: RCPT TO:<sales@domain.com>"
"SMTPD" 8936 9108 "2021-05-02 08:54:01.118" "5.188.206.163" "SENT: 550 Unknown user"
"DEBUG" 8936 "2021-05-02 08:54:01.118" "Executing event OnRecipientUnknown"
"DEBUG" 8936 "2021-05-02 08:54:01.133" "Event completed"
"SMTPD" 10700 9108 "2021-05-02 08:54:01.133" "5.188.206.163" "RECEIVED: RCPT TO:<adam@domain.com>"
"SMTPD" 10700 9108 "2021-05-02 08:54:01.133" "5.188.206.163" "SENT: 550 Unknown user"
"DEBUG" 10700 "2021-05-02 08:54:01.133" "Executing event OnRecipientUnknown"
"DEBUG" 10700 "2021-05-02 08:54:01.164" "Event completed"
"SMTPD" 7820 9108 "2021-05-02 08:54:01.164" "5.188.206.163" "RECEIVED: RCPT TO:<mail@domain.com>"
"SMTPD" 7820 9108 "2021-05-02 08:54:01.164" "5.188.206.163" "SENT: 550 Unknown user"
"DEBUG" 7820 "2021-05-02 08:54:01.164" "Executing event OnRecipientUnknown"
"DEBUG" 7820 "2021-05-02 08:54:01.196" "Event completed"
"SMTPD" 8936 9108 "2021-05-02 08:54:01.196" "5.188.206.163" "RECEIVED: RCPT TO:<office@domain.com>"
"SMTPD" 8936 9108 "2021-05-02 08:54:01.196" "5.188.206.163" "SENT: Too many invalid commands. Bye!"
"DEBUG" 8936 "2021-05-02 08:54:01.196" "Executing event OnTooManyInvalidCommands"
"DEBUG" 8936 "2021-05-02 08:54:01.227" "Event completed"
"DEBUG" 8936 "2021-05-02 08:54:01.227" "Deleting message file."
I'm running experiments with OnRecipientUnknown() and OnTooManyInvalidCommands() Experimental Events Handlers
OnRecipientUnknown() triggers, obviously, on every "Unknown user" command
OnTooManyInvalidCommands() triggers after te value defined in "Maximum number of invalid commands" under "RFC compliance" in Settings -> Protocols -> SMTP
Disconnect client after too many invalid commands
Using this setting you can disconnect clients which sends to many invalid commands. For example, some spammers try to send email to a lot of different addresses on your server, hoping that your server will accept at least one of them. Using this option, you can automatically disconnect clients that tries to do this.
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup