6
Just a little more log info for blacklisted connections.
Idea shared by Opt-Out - November 16, 2014 at 5:57 PM
Completed
The day you added the connect-disconnect log entries for connections blocked by blacklisting was indeed a great day. It would be an even greater day if the "disconnected at..." log entry was changed to something like "disconnected by blacklist at...".
If there is already a way to search log files for blacklisted disconnects just let me know, I didn't see it.
 
Thank you!

5 Replies

Reply to Thread
2
Joe Wolf Replied
November 17, 2014 at 4:36 PM
I'd have to agree with this one.  I blacklisted one of my own IP Addresses just to test.  It blocked my SMTP attempt from that IP Address but the only information logged in the SMTP log is:
 
[2014.11.17] 17:30:37 [70.x.x.x][1075541] connected at 11/17/2014 5:30:37 PM
[2014.11.17] 17:30:37 [70.x.x.x][1075541] disconnected at 11/17/2014 5:30:37 PM
 
I think there should be a line added to the SMTP log indicating that the connection was blocked because the IP Address is on the Blacklist.
 
-Joe
Thanks,
-Joe
3
Robert Emmett Replied
November 18, 2014 at 9:17 AM
Employee Post
We have implemented additionally log information for SMTP, POP, IMAP, and XMPP disconnects due to blacklisting.  For example, the log will reflect the following:
 
[2014.11.18] 08:27:10 [70.x.x.x][56396980] connected at 11/18/2014 8:27:10 AM
[2014.11.18] 08:27:10 [70.x.x.x][56396980] on blacklist; dropping session...
[2014.11.18] 08:27:10 [70.x.x.x][56396980] disconnected at 11/18/2014 8:27:10 AM
 
It should be in the next minor release of SM 13.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Robert Emmett Replied
March 19, 2015 at 1:09 PM
Employee Post
Scott, any IP that violates the Abuse Detection policies automatically is added to the temporary blacklist (found under System Admin | Manage | Current IDS Blocks).  This is probably the reason why you are seeing this in the log without any permanent entry under Security | Blacklist.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
kenny.middleton Replied
May 14, 2015 at 8:06 PM
I am new to email servers with Smartermail 13 and have set up Smartermail using the ChicagoNet suggestions. Checking my SMTP logs I was seeing my own IP (webserver and email on the same IP) trying to authenticate live email addresses. Checking the ids block I also find my own IP indicated as DOS and Brute Force. 
 
I have checked the Online Users in User Activity and I find IP's from China and me as system admin. I don't have any Chinese users, in fact there are only 36 users in total. The IP my be spoofed from Baidu the Chinese search engine so I have blacklisted their entire IP range as a trial.
 
Initially the server SMTP logs showed thousands of rejections which were blacklisted so I thought I had resolved the issue. Now I am not so sure as checking the IDS Blocks I find my IP address in there again.
Kenny
0
Curtis Kropar www.HawaiianHope.org Replied
December 10, 2016 at 6:21 AM
I just found this.
This is awesome !
 
Question. We are using
  • SmarterMail Enterprise Edition
  • Version 14.4.5801
I am looking at the "view logs" section. As it hits each blacklist i am showing the logs say ""421 Server is busy, try again later." response returned."
 
Try again later ? is that the equivalent of a grey listing ?
Or can we get it to return a dead like 404, server not found or no recipient or something ?
www.HawaiianHope.org - Providing technology services to non profit organizations, homeless shelters, clean and sober houses and prisoner reentry programs. To date we have given away over 1,000 free computers.

Reply to Thread