Easier to Find & Manage Blacklists
Idea shared by kevind - March 31, 2016 at 12:43 PM
Proposed
Using the new Spool Dashboard in v15, you can easily block spammers by both IP address and domain. But after you do, where do you manage the block lists? They are in 2 totally separate places!
 
  • Security->Blacklist                                               (intuitive)
  • Security->Advanced Settings->SMTP blocking   (***not intuitive***)
 
To clean this up, move "SMTP Blocking" so it's under Blacklist and have 2 tabs:
  • by IP            (current functionality)
  • by Name       (formerly SMTP blocking)
And you can use the same New, Edit, & Delete buttons to manage the lists!
 
Thanks,
Kevin

7 Replies

Reply to Thread
3
I thought this was a pretty good idea that would be easy to implement and help us manage our blacklists as it puts them all in one place. Can we add it to v16?
0
Great idea! I hope more can be done to manage the blacklists -- they can quickly become unmanageable after growing over time. We need some stats or something to tell us if the blacklists we put in place are still being used so we know if it is ok to remove them.
PS
0
SuperTechie, thanks for the support! Please vote this up if you haven't already.

Also, your idea for stats or a report showing the frequency that blacklists (including RBLs) are being used would be a nice addition.
2
Another blacklist feature that would be beautiful to add:  the ability to retroactively delete all email from an address as part of the blacklist process.  Lets say at 11:00 you discover really nasty spam or malware emails being sent from an address like 67.222.x.x, and blacklist them.  But if 100 emails from this nasty address were already received in the last 10 minutes -- wouldn't it be great to retroactively delete them?  Of course some users may have already received the nasty email, but odds are some could be saved from the unpleasantness. 
PS
0
If any here do not see the need, let me share a small edited sample from my SmarterMail smtp server logs (with about 100-200 users).  This sample is from this month so far, and shows spam (over 790 spams) from throughout a range of 8192 IP's from DFW Datacenter:  https://whois.arin.net/rest/net/NET-67-222-128-0-1.html
If some would like to see the whole sample, please message me privately (I don't think we can do attachments here?).  This sample shows:
1.  How spammers would appear to be in bed with some cheap hosting companies (like DFW)
2.  How spammers send out spam from a wide range of IP's over many days/months to fool the anti-spam engines.
3.  The need for the features requested above!  And this sample is only from 1 datacenter IP range of many!
4.  The following DFW IP ranges sent spam:
67.222.132.x
67.222.134.x
67.222.147.x
67.222.151.x
67.222.152.x
67.222.154.x
67.222.155.x
67.222.158.x
5.  It is debatable but to combat this type of spam, some would suggest the only way to beat it is to blacklist the entire IP range until such time as Cesspools like DFW either get their act together or go out of business.  But then there is the issue of removal . . .
6.  Existing anti-spam technology is primarily reactionary, and is not sufficient to stop this type of spam.  By the time an IP gets on a blacklist, the spammer has already moved to the next IP.
 
A little sample (private info replaced with generic):
 
[2016.11.02] 14:52:37 [67.222.152.35][28122905] rsp: 220 small.mailserver.net
[2016.11.02] 14:52:37 [67.222.152.35][28122905] connected at 11/2/2016 2:52:37 PM
[2016.11.02] 14:52:37 [67.222.152.35][28122905] cmd: EHLO fulltrendsbiz.com
[2016.11.02] 14:52:37 [67.222.152.35][28122905] rsp: 250-small.mailserver.net Hello [67.222.152.35]250-SIZE 104857600250-AUTH LOGIN CRAM-MD5250-8BITMIME250 OK
[2016.11.02] 14:52:37 [67.222.152.35][28122905] cmd: MAIL FROM:<violetclark@fulltrendsbiz.com> BODY=7BIT
[2016.11.02] 14:52:37 [67.222.152.35][28122905] rsp: 250 OK <violetclark@fulltrendsbiz.com> Sender ok
[2016.11.02] 14:52:37 [67.222.152.35][28122905] cmd: RCPT TO:<User1@domain1removed>
[2016.11.02] 14:52:37 [67.222.152.35][28122905] rsp: 250 OK <User1@domain1removed> Recipient ok
[2016.11.02] 14:52:37 [67.222.152.35][28122905] cmd: DATA
[2016.11.02] 14:52:37 [67.222.152.35][28122905] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2016.11.02] 14:52:38 [67.222.152.35][28122905] rsp: 250 OK
[2016.11.02] 14:52:38 [67.222.152.35][28122905] Data transfer succeeded, writing mail to 159841558.eml
[2016.11.02] 14:52:38 [67.222.152.35][28122905] cmd: QUIT
[2016.11.02] 14:52:38 [67.222.152.35][28122905] rsp: 221 Service closing transmission channel
[2016.11.02] 14:52:38 [67.222.152.35][28122905] disconnected at 11/2/2016 2:52:38 PM
 
[2016.11.04] 08:55:03 [67.222.147.15][5143480] rsp: 220 small.mailserver.net
[2016.11.04] 08:55:03 [67.222.147.15][5143480] connected at 11/4/2016 8:55:03 AM
[2016.11.04] 08:55:03 [67.222.147.15][5143480] cmd: EHLO read1so.millionaireguidetime.top
[2016.11.04] 08:55:03 [67.222.147.15][5143480] rsp: 250-small.mailserver.net Hello [67.222.147.15]250-SIZE 104857600250-AUTH LOGIN CRAM-MD5250-8BITMIME250 OK
[2016.11.04] 08:55:03 [67.222.147.15][5143480] cmd: MAIL FROM:<James-Crowdy@read1so.millionaireguidetime.top> BODY=7BIT
[2016.11.04] 08:55:03 [67.222.147.15][5143480] rsp: 250 OK <james-crowdy@read1so.millionaireguidetime.top> Sender ok
[2016.11.04] 08:55:03 [67.222.147.15][5143480] cmd: RCPT TO:<User2@domain4removed>
[2016.11.04] 08:55:03 [67.222.147.15][5143480] rsp: 250 OK <User2@domain4removed> Recipient ok
[2016.11.04] 08:55:03 [67.222.147.15][5143480] cmd: DATA
[2016.11.04] 08:55:03 [67.222.147.15][5143480] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2016.11.04] 08:55:03 [67.222.147.15][5143480] rsp: 250 OK
[2016.11.04] 08:55:03 [67.222.147.15][5143480] Data transfer succeeded, writing mail to 159848301.eml
[2016.11.04] 08:55:04 [67.222.147.15][5143480] cmd: QUIT
[2016.11.04] 08:55:04 [67.222.147.15][5143480] rsp: 221 Service closing transmission channel
[2016.11.04] 08:55:04 [67.222.147.15][5143480] disconnected at 11/4/2016 8:55:04 AM
[2016.11.10] 00:56:57 [67.222.155.182][58729386] rsp: 220 small.mailserver.net
[2016.11.10] 00:56:57 [67.222.155.182][58729386] connected at 11/10/2016 12:56:57 AM
[2016.11.10] 00:56:57 [67.222.155.182][58729386] cmd: EHLO fuijio9.satisfybloodsugarlow.top
[2016.11.10] 00:56:57 [67.222.155.182][58729386] rsp: 250-small.mailserver.net Hello [67.222.155.182]250-SIZE 104857600250-AUTH LOGIN CRAM-MD5250-8BITMIME250 OK
[2016.11.10] 00:56:57 [67.222.155.182][58729386] cmd: MAIL FROM:<JanetMcCarthy@fuijio9.satisfybloodsugarlow.top> BODY=7BIT
[2016.11.10] 00:56:58 [67.222.155.182][58729386] rsp: 250 OK <janetmccarthy@fuijio9.satisfybloodsugarlow.top> Sender ok
[2016.11.10] 00:56:58 [67.222.155.182][58729386] cmd: RCPT TO:<User3@domain4removed>
[2016.11.10] 00:56:58 [67.222.155.182][58729386] rsp: 250 OK <User3@domain4removed> Recipient ok
[2016.11.10] 00:56:58 [67.222.155.182][58729386] cmd: DATA
[2016.11.10] 00:56:58 [67.222.155.182][58729386] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2016.11.10] 00:56:58 [67.222.155.182][58729386] rsp: 250 OK
[2016.11.10] 00:56:58 [67.222.155.182][58729386] Data transfer succeeded, writing mail to 159869284.eml
[2016.11.10] 00:56:58 [67.222.155.182][58729386] cmd: QUIT
[2016.11.10] 00:56:58 [67.222.155.182][58729386] rsp: 221 Service closing transmission channel
[2016.11.10] 00:56:58 [67.222.155.182][58729386] disconnected at 11/10/2016 12:56:58 AM
[2016.11.15] 09:09:30 [67.222.132.59][37524607] rsp: 220 small.mailserver.net
[2016.11.15] 09:09:30 [67.222.132.59][37524607] connected at 11/15/2016 9:09:30 AM
[2016.11.15] 09:09:30 [67.222.132.59][37524607] cmd: EHLO chunky.brainhealthmineway.top
[2016.11.15] 09:09:30 [67.222.132.59][37524607] rsp: 250-small.mailserver.net Hello [67.222.132.59]250-SIZE 104857600250-AUTH LOGIN CRAM-MD5250-8BITMIME250 OK
[2016.11.15] 09:09:30 [67.222.132.59][37524607] cmd: MAIL FROM:<Brain.Health.Tips@chunky.brainhealthmineway.top> BODY=7BIT
[2016.11.15] 09:09:30 [67.222.132.59][37524607] rsp: 250 OK <brain.health.tips@chunky.brainhealthmineway.top> Sender ok
[2016.11.15] 09:09:30 [67.222.132.59][37524607] cmd: RCPT TO:<User3@domain4removed>
[2016.11.15] 09:09:30 [67.222.132.59][37524607] rsp: 250 OK <User3@domain4removed> Recipient ok
[2016.11.15] 09:09:30 [67.222.132.59][37524607] cmd: DATA
[2016.11.15] 09:09:30 [67.222.132.59][37524607] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2016.11.15] 09:09:30 [67.222.132.59][37524607] rsp: 250 OK
[2016.11.15] 09:09:30 [67.222.132.59][37524607] Data transfer succeeded, writing mail to 164961530.eml
[2016.11.15] 09:09:30 [67.222.132.59][37524607] cmd: QUIT
[2016.11.15] 09:09:30 [67.222.132.59][37524607] rsp: 221 Service closing transmission channel
[2016.11.15] 09:09:30 [67.222.132.59][37524607] disconnected at 11/15/2016 9:09:30 AM
 
PS
0
Good idea. Might be difficult to actually delete messages once they are delivered to a person's Inbox. But maybe you could move them to the spam folder if they are still unread.

Also, it would be nice to clear out all the messages in the spool from that IP.
0
We would very much like to see the blacklist entries include a timestamp; and for that timestamp to be displayed and sortable. It's really good practice to delete blacklisted IPs after a certain amount of time--but we don't want to delete all of them.

Reply to Thread