Is there a way, at the server level, to block all email from a specific TLD for instance *@*.bar
Question asked by Michael Gillespie - 8/11/2021 at 8:15 AM
Been seeing a lot of "Once a squirter...." email all coming from *@*.bar and while it is obviously spam, it is not being caught.  Currently have the trial versions of Message Sniffer  and Cyren Premium Antispam enabled and while I am seeing a lot of possible spam coming through, these are not being blocked and I don't want each user to have to block each different sender.

7 Replies

Reply to Thread
Tony Scholz Replied
Employee Post Marked As Answer
Hello Michael, 

Yes, If you wish to block all incoming messages from *.TLD you can add this to the SMTP block list

In the SMTP session, you will see this

Connecting to mail server.
220 ascholz.local
EHLO ascholz
250-sup-ascholz.st.local Hello []
250-SIZE 139810133
250 OK
250 OK
MAIL FROM: <tony@domain.com>
550 Sender is not allowed.

Error: SMTP protocol error. 550 Sender is not allowed..
Failed to send message
And in the server SMTP logs you will see this

[2021.08.11] 09:02:12.883 [][40218278] rsp: 220 ascholz.local
[2021.08.11] 09:02:12.899 [][40218278] connected at 8/11/2021 9:02:12 AM
[2021.08.11] 09:02:12.930 [][40218278] Country code: Unknown
[2021.08.11] 09:02:12.946 [][40218278] cmd: EHLO sup-ascholz
[2021.08.11] 09:02:12.946 [][40218278] rsp: 250-ascholz.local Hello []250-SIZE 139810133250-AUTH LOGIN CRAM-MD5250-8BITMIME250-DSN250 OK
[2021.08.11] 09:02:13.055 [][40218278] cmd: RSET
[2021.08.11] 09:02:13.055 [][40218278] rsp: 250 OK
[2021.08.11] 09:02:13.055 [][40218278] cmd: MAIL FROM: <tony@domain.com>
[2021.08.11] 09:02:13.071 [][40218278] senderEmail(1): tony@domain.com parsed using: <tony@domain.com>
[2021.08.11] 09:02:13.086 [][40218278] rsp: 550 Sender is not allowed.
[2021.08.11] 09:02:13.086 [][40218278] disconnected at 8/11/2021 9:02:13 AM

Here is a better shot of the SMTP BLOCK

I  hope this helps. 

Tony Scholz
System/Network Administrator
SmarterTools Inc.
(877) 357-6278
Michael Gillespie Replied
Thanks for the help, easy enough to add the rule.
Hasham Wahaib Replied
Is it Possible to Add Multiple Domains in one entry ?
Rene Eisenmann Replied
we receive spam from .su Domain(s) and using Smartermail 8629 August 2023 and i cant find the SMTP Block option :) Where can i find SMTP Block in the Administration

J. LaDow Replied
Logged in as an Administrator, Go to the Settings tab at the top, then Security on the left, then SMTP Blocks will be in the bar across the top.

MailEnable survivor / convert --
Rene Eisenmann Replied
Hi i added an  Ehlo Block to SMTP Blocks as on my screenshot unfortunally i get the following when check the smtp log . Does the Smtp Block not work or do i need to add something else?


[2023.09.15] 11:08:55.541 [][13921684] rsp: 220 Start TLS negotiation
[2023.09.15] 11:08:55.572 [][13921684] cmd: EHLO mail.code-poetry.de
[2023.09.15] 11:08:55.572 [][13921684] rsp: 250-mail.xodox.de Hello []250-SIZE 142606336250-AUTH LOGIN CRAM-MD5250-8BITMIME250-DSN250 OK
[2023.09.15] 11:08:55.572 [][13921684] cmd: MAIL FROM:<ezxypjk@vikliss.azerbaijan.su> SIZE=175639
[2023.09.15] 11:08:55.572 [][13921684] senderEmail(1): ezxypjk@vikliss.azerbaijan.su
[2023.09.15] 11:08:55.572 [][13921684] rsp: 250 OK <ezxypjk@vikliss.azerbaijan.su> Sender ok
[2023.09.15] 11:08:55.572 [][13921684] Sender accepted. Weight: 0. Block threshold: 35. 
[2023.09.15] 11:08:55.588 [][13921684] cmd: RCPT TO:<email > ORCPT=rfc822;email
[2023.09.15] 11:08:55.588 [][13921684] rsp: 452 <email> Domain size limit exceeded
[2023.09.15] 11:08:55.635 [][13921684] cmd: RSET
[2023.09.15] 11:08:55.635 [][13921684] rsp: 250 OK
[2023.09.15] 11:08:55.651 [][13921684] cmd: QUIT

Howell Dell Replied
Keep in mind that you can also filter on EHLO Domain option. While spammers often send fake EHLO content and often are not a valid FQDN. 

Sometimes you also might find that they use a "standard" default EHLO text which you can filter out given the rise of off-the-shelf spammer software.  Keep in mind that spammers can also generate random content for a per period of time or even on each eMail or Session.

This is just another way to keep some eMails out...

Reply to Thread