Back to Community Threads
2
New server not yet active
Question asked by Lennart Eliasson - 2/24/2022 at 4:42 AM
Answered
We will change to a new server on aws soon. The address points to the old server. Still, we already get "visits" from various "hackers". Attaches a small excerpt from the SMTP log. Is there any way to block these? Any other ideas?

00:10:03 [167.71.213.231][51934436] rsp: 220 mail.xxxxxx.com
00:10:03 [167.71.213.231][51934436] connected at 2/24/2022 12:10:03 AM
00:10:03 [167.71.213.231][7889396] rsp: 220 mail.xxxxxx.com
00:10:03 [167.71.213.231][7889396] connected at 2/24/2022 12:10:03 AM
00:10:04 [167.71.213.231][7889396] cmd: helo ec2-xx-xx-xxx-xxx.eu-north-1.compute.amazonaws.com
00:10:04 [167.71.213.231][7889396] rsp: 250 mail.xxxxxx.com Hello [167.71.213.231]
00:10:04 [167.71.213.231][7889396] cmd: mail from: <it@ec2-xx-xx-xxx-xxx.eu-north-1.compute.amazonaws.com>
00:10:04 [167.71.213.231][7889396] rsp: 550 This is a submission only port. You must authenticate before sending mail
00:10:04 [167.71.213.231][7889396] cmd: rcpt to: <it@vdeassetmanagement.co.uk>
00:10:04 [167.71.213.231][7889396] rsp: 503 Bad sequence of commands
00:10:05 [167.71.213.231][7889396] cmd: quit
00:10:05 [167.71.213.231][7889396] rsp: 221 Service closing transmission channel
00:10:05 [167.71.213.231][7889396] disconnected at 2/24/2022 12:10:05 AM
00:10:05 [167.71.213.231][51934436] disconnected at 2/24/2022 12:10:05 AM

01:20:27 [50.116.61.171][12755849] rsp: 220 mail.xxxxxx.com
01:20:27 [50.116.61.171][12755849] connected at 2/24/2022 1:20:27 AM
01:20:27 [50.116.61.171][12755849] cmd: EHLO masscan
01:20:27 [50.116.61.171][12755849] rsp: 250-mail.xxxxxx.com Hello [50.116.61.171]250-SIZE 31457280250-AUTH LOGIN CRAM-MD5250-STARTTLS250-8BITMIME250 OK
01:20:27 [50.116.61.171][12755849] cmd: STARTTLS
01:20:27 [50.116.61.171][12755849] rsp: 220 Start TLS negotiation
01:20:28 Exception [Authentication failed because the remote party has closed the transport stream.]
01:20:28 [50.116.61.171][12755849] disconnected at 2/24/2022 1:20:28 AM

02:16:12 [88.68.44.80][21599033] rsp: 220 mail.xxxxxx.com
02:16:12 [88.68.44.80][21599033] connected at 2/24/2022 2:16:12 AM
02:16:12 [88.68.44.80][21599033] cmd: EHLO unread.dyndns.info
02:16:12 [88.68.44.80][21599033] rsp: 250-mail.xxxxxx.com Hello [88.68.44.80]250-SIZE 31457280250-AUTH LOGIN CRAM-MD5250-STARTTLS250-8BITMIME250 OK
02:16:12 [88.68.44.80][21599033] cmd: HELP
02:16:12 [88.68.44.80][21599033] rsp: 502 Command not implemented
02:16:12 [88.68.44.80][21599033] cmd: QUIT
02:16:12 [88.68.44.80][21599033] rsp: 221 Service closing transmission channel
02:16:12 [88.68.44.80][21599033] disconnected at 2/24/2022 2:16:12 AM

4 Replies

Reply to Thread
1
Kyle Kerst Replied
2/24/2022 at 7:28 AM
Employee Post
I'm sorry to hear you're having trouble with hackers and I would recommend reviewing the entries within Settings>Security>IDS Rules as these should block this type of connectivity with some modification to the settings.
Kyle Kerst IT Coordinator SmarterTools Inc. www.smartertools.com
0
Lennart Eliasson Replied
2/24/2022 at 8:21 AM
Thanks Kyle,

We still use SM 15.7

Manage/
Reports/
Settings/ No "Security" here
Security/ No "IDS Rules" here

/Lennart
1
Tony Scholz Replied
2/24/2022 at 3:02 PM
Employee Post Marked As Answer
Hello Lennart, 

In SmarterMail 15 you will need to add these. Go to Security and Abuse Detection


To give you an idea of what you will see in the current version ( and you can copy from if you want ) 


Hope this helps. 

Thank you 
Tony
Tony Scholz System/Network Administrator SmarterTools Inc. www.smartertools.com
0
Lennart Eliasson Replied
2/25/2022 at 12:12 AM
Thanks Tony,

We´ll try to make some adjustments.

/Lennart
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Recommended SPAM SettingsSmarterMail > Antispam and Antivirus
Sender Verification Shield and Incoming GatewaysSmarterMail > Server Configuration and Management
Slow 250 response after Mail From command is issued during an SMTP session.SmarterMail > Troubleshooting
Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Resolving SMTP Failures on AWS-based ServerSmarterMail > Server Configuration and Management