3
SMTP Block - Wildcard Blocking Not Working
Problem reported by Brantz - 1/8/2019 at 10:54 AM
Submitted
Hi - I'm trying to block every inbound message from the ICU domain - they all appear to be spam and most of them get through the SPAM filters.  I've added the following SMTP blocks:

*@*.icu        EHLO Domain    Incoming Messages
*@*.*.icu    EHLO Domain    Incoming Messages

Unfortunately I continue to receive messages from this domain - what am I doing wrong?

Thanks,

Brantz

10 Replies

Reply to Thread
0
Scarab Replied
An EHLO domain will never contain an @ sign as it must be a FQDN (i.e. mail.spamdomain.icu). Only Email Addresses will contain an @ sign (i.e. fraudster@spamdomain.icu). That is why it is not blocking any incoming messages for you.

To block an EHLO domain for all domains ending in .icu you would only need *.icu

Post-Script: I can't remember for certain if wildcards are inclusive of subdomains + domain in EHLO Blocking so you might want to have a second EHLO Domain rule for *.*.icu just to be certain. As not all .icu spam will use a HELO/EHLO of *.icu you would probably want corresponding STMP Blocks for Email Addresses of *@*.icu and *@*.*.icu to catch them all, regardless of the FQDN of their Outgoing Mail Server.
0
Brantz Replied
I think that's how I started.  I will now test with:

*.icu        EHLO Domain    Incoming Messages
*.*.icu      EHLO Domain    Incoming Messages

I'll report back if that solves it for me.

Thanks
0
David Jamell Replied
I have noticed that in v17/v100 that you can no longer use wildcards in the STMP Blocks for Email Addresses.  Frustrating.
0
Brantz Replied
Well, I'm running Build 6925 (Dec 17, 2018) and it took the wild cards and saved them.  I'm testing to see if it works now.

0
David Jamell Replied
Thanks Brantz.  Please let us know.
0
Brantz Replied
It still doesn't work.  I just received emails from a few .icu domains - here's an example address that got through:
the-choice-home-warranty@begepo.alexistoughstate.icu

That happened with these 2 blocks in place:
*.icu        EHLO Domain    Incoming Messages
*.*.icu      EHLO Domain    Incoming Messages 

Any ideas?

Thanks.
0
David Fisher Replied
Hi Brantz,

  EHLO blocking is on the initial connection, it doesn't have to be using the from email address, you would use SMTP Blocking E-Mail Address for that, you would want to check your SMTP logs for what they are sending as EHLO but more than likely the EHLO will be different each time.

  But if what was said in this Thread is true you might not be able to use wildcards anymore on the blocking.

  You could also create a content filter or antispam weighted filter to help mark these as spam and not have them in the inbox.

Hope this helps!
0
Brantz Replied
Ok - I guess what we really need is SMTP eMail blocking with wild cards.  I know this doesn't currently work - hopefully we can get that back.  I've never gotten an email from a .ICO or .INFO domain that wasn't spam and would happily block the entire domains - likely others too...

Thanks.
1
David Jamell Replied
Yes, I found that EHLO Blocking DOES allow wildcards.  SMTP Blocking for Email Addresses DOES NOT.

This is different from 15.x where they are allowed and I have many configured.

Sure wish we could get that back.
0
Software Operations Replied
Just a note here (in latest release of SmarterMail v16 at time of writing) that we can not save a wildcard email through the web interface.

However if we:
1. Add an accepted placeholder record through the web interface
2. edit service\mailConfig.xml to manually find the placeholder record and modify it to a wildcard
3. restart the SmarterMail service

The email blocking appears to work.

A bit of a bug with the user interface.

Reply to Thread