Bug ?

Reading this thread from a few years ago would seem to indicate a bug ?

https://portal.smartertools.com/community/a2611/re-brute-force-attack-ylmf-pc.aspx

yes, it gives error This is not a valid domain when try to add "ylmf-pc" with EHLO Domain

Definitely a bug. The HELO/EHLO Domain can be a FQDN but it isn't required to be (and many times, as in the case of ymlf-pc botnet it is not a FQDN). The SMTP Blocks form should not be doing input .tld validation on HELO/EHLO entries. This should be reported with a Support Ticket.

Gary, to work around it you could create a placeholder such as "ylmf-pc.com" in Smartermail, stop the Smartermail service, then manually modify the \Service\Settings\Settings.json so the address_to_block is just "ylmf-pc", and restart the SmarterMail service. I can confirm that v17/v100 works when address_to_block is set to just "ylmf-pc".

Hi Scarab,

Would above method work for SM16? 

i couldn't find \service\settings folder in SM16 or settings.json file

\Smartertools\smartermail\service but no Setting folder under it 

i have created placeholder ylmf-pc.com in Smtp Block for EHLO

Devang,

For v16 of SmarterMail it would be located in the \Service\mailConfig.xml, otherwise the process would be the same.

Scarab,

thanks it worked perfectly

still i am facing spam issue from one domain, i've disabled that domain but still thousand of mails keep coming in my spool, this is the mail which is in spool for more than 5 hours 

"This account is hacked! Renew your password immediately!
You do not know me me and you really are probably wanting to know why you're getting this letter, proper?
I'm ahacker who openedyour emailand all devicestwo months ago.
Do not make an attempt to talk to me or alternatively try to find me, it is definitely impossible, because I directed you an email from YOUR account that I've hacked.
I set up malware to the adult videos (porno) website and suppose that you enjoyed this website to have a good time (think you understand what I want to say).
While you were taking a look at movies, your browser started out to act as a RDP (Remote Control) that have a keylogger that provided me permission to access your screen and network camera.
Consequently, my software programaquiredall information.
You have entered passwords on the online resources you visited, I already caught them.
Surely, you are able modify each of them, or perhaps already modified them.
But it really does not matter, my spyware updates needed data regularly.
What actually did I do?
I compiled a reserve copy of your system. Of all the files and contact lists.
I got a dual-screen video recording. The 1st screen presents the clip you had been watching (you have got an interesting preferences, ha-ha...), and the 2nd part demonstrates the recording from your web camera.
What exactly must you do?
So, I think, 1000 USD is basically a inexpensive amount of money for our small riddle. You will make the deposit by bitcoins (if you do not know this, search “how to buy bitcoin” in Google)."
My bitcoin wallet address:
181EcKKiagjnE9Tk8xBkt8rysEy79XeoXd
(It is cAsE sensitive, so just copy and paste it).
Warning:
You have only 48 hours to make the payment. (I have an unique pixel in this email, and at this time I understand that you have read through this email).
To tracethe reading of a letterand the actionsinside it, I utilizea Facebook pixel. Thanks to them. (Anything thatis usedfor the authorities might actually helpus.)

In the event I fail to get bitcoins, I shall undoubtedly direct your video to all your contacts, along with relatives, colleagues, and so forth?

any idea what should i check?

Scarab,

Thanks for confirming my suspicion , and offering a solution, I  have opened ticket with ST for the bug.

The fix/change for this was released in the 7008 public build release.