cloudapp.net on stmp
Question asked by help - April 11 at 5:57 AM
Answered
these lines keep repeating in STMP log - is there way to find out more info about it:

02:48:35 [13.66.169.174][42864301] rsp: 220 mydomain.net
02:48:35 [13.66.169.174][42864301] connected at 4/11/2019 2:48:35 AM
02:48:35 [13.66.169.174][42864301] cmd: EHLO iesltserver.cloudapp.net
02:48:35 [13.66.169.174][42864301] rsp: 250-mydomain.net Hello [13.66.169.174]250-SIZE 2147483647250-AUTH LOGIN CRAM-MD5250-8BITMIME250 OK
02:48:35 [13.66.169.174][42864301] cmd: QUIT

thanks,

4 Replies

Reply to Thread
1
Scarab Replied
I'm assuming that that you have Detailed SMTP Logs set in MANAGE > TROUBLESHOOTING > OPTIONS? If you do then there isn't any more information that you could get from the logs.

From what you posted it would appear that the sender's Mail Server is sending a QUIT command immediately upon receiving a rsp:250 from your SmarterMail installation. Termination of the connection gracefully is occurring on the other end of the connection.

If I had to venture a guess it would look like some sort of MX testing app that is just checking your server and not interested in actually delivering any email. I have also seen these happen when a crafty spambot is systematically attempting to determine why their messages aren't being accepted for delivery; to isolate whether it is blocked by EHLO/HELO, or by IP Address, or by RBL, or by a blocked sender address.
0
help Replied
is it safe to block them via EHLO?
I see a lot of AbuseIP reported on those IP addresses.

how do i make sure all sites have no open mail relay?

thank you

1
Scarab Replied
Marked As Answer
Although cloudapp.net is a legitimate Microsoft Azure service, I honestly have yet to see any legitimate traffic actually come from them...only Spam. Although I would be hesitant to block them wholesale myself (and would just block specific IPs with a poor reputation that are being troublesome or abusive), you certainly can block them by EHLO using a wildcard if you are on SM 13 or higher. Can't honestly remember where it was in older versions (SECURITY > ADVANCED SETTINGS > SMTP BLOCKING maybe?) but on v17 it is under SETTINGS > SECURITY > SMTP BLOCKS. Just add a EHLO Domain block as shown below:

0
help Replied
Thanks Scarab 

Reply to Thread