Amazon SES
Idea shared by Chris - 8/5/2020 at 11:49 AM
We are seeing more companies using Amazon SES for smtp outbound services. Some are legitimate emails and some are spam. These emails somehow come hiding the "from" email address so you can't block an email address, domain, or EHLO domain on the SMTP Block list. The only way to block it at the SMTP level is to put amazonses.com on the SMTP blocklist, which will block all legitimate emails for other companies. Is anyone else having this issue? It would be nice to have Smartermail intelligently look at how they configured the "from address" so we can block it at SMTP. 

6 Replies

Reply to Thread
We are having similar issues. 
I have not seen this particular problem, but I encourage you to look at Declude, which permits you to create filter rules based on multiple criteria.   

Declude has built-in tests for HELO, REVDNS, and MAILFROM (SMTP Address).    Testing the Message-From address requires regular expressions.   Here is a filter clause to evaluate whether the Message From ends with @example.com:
    HEADERS 1 PCRE (\n\r*From:[^@]+@example\.com)

Most of the "Email Service Providers" (ESPs) use their own domain in the SMTP From Address, which ensures that the message will pass SPF.   Then the Message-From address indicates the client domain.   These ESP organizations can have some clients whose messages are important to you, and other clients whose messages are toxic.    Consequently, you need to be able to filter on the combination of SMTP From address and Message From address.    Declude is the only product that I have found which can do this well, and they do it affordably.   Some of the outrageously expensive cloud services may be able to do it, but their capabilities are not confirmed because I was scared away by their pricing.

A couple of ESPs send so much toxic content that I quarantine their messages by default.   I exempt the few acceptable client domains as they become identified.   If you want to know my hated ESP list, send me a private message.

Declude is dependent on text file parsing.  This may become problematic with highly complex configurations or very high volume operations.   But unlike my commercial appliance products, Declude is extensible.   I have created custom filters to migrate most of my filtering logic into a SQL database.  This has simplified my configuration while improving performance.
Just noticed age of this thread... the below however still stands :)

We are actually seeing the OPPOSITE issue.
Clients receiving emails from some non-profit emailer, using amazonses as the sender, those are getting blocked coming into our server.  They appear in the message archive, have no errors in the logs, but never reach the users mailbox.
Have  you checked the user's spam configuration?   I had a user accidentally block her manager's address, then complain that messages from her boss were not being delivered.
Yup, no rules in place to block anything outside overall on the server.
Nothing at the domain level.
Nothing at the user level.
Both the domain and user have "allows" set for amazonses.com and in.amazonses.com 

Zach Sylvester Replied
Employee Post
Hey Rod, 

Please open a ticket with us so we can review your logs. It might be DMARC or SMTP blocking potentially.

Kind Regards,  
Zach Sylvester System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com

Reply to Thread