Back to Community Threads
3
Strange EMail-Address accepted by SmarterMail.
Problem reported by Martin Schaible - 3/21/2022 at 6:41 AM
Submitted
Hello

SmarterMail accepts the E-Mail address sample@email.tst'||' as a valid recipient address.
Later on, SmarterMail reports an 600 Error for failing to resolve the DNS of the domain.

Should SmarterMail parse a E-Mail address better before it tries to continue?

Thanks

19 Replies

Reply to Thread
0
Kyle Kerst Replied
3/21/2022 at 12:14 PM
Employee Post
Hey there Martin! Can you outline how you're testing this for me so I can replicate here? Are you specifying the recipient via an established SMTP session or are you doing this via webmail?
Kyle Kerst
System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Martin Schaible Replied
3/21/2022 at 12:42 PM
The story is this:
A customer complained, that he gets tons of error messages from the mail server having this 600 error.
The source is a newsletter subscription form from his website. Typically for shops or WordPress without proper form vaildation. So it's a SMTP session.
The website uses a regular mail account on my SmarterMail server. So the attacker tried to register "sample@email.tst'||' " as a subscriber and the confirmation mail to "sample@email.tst'||' " failed.
 
Is this helpful?

Thanks! 
 
0
Kyle Kerst Replied
3/21/2022 at 1:08 PM
Employee Post
That is helpful, thank you. In this case your best bet is implementing form validation on the contact form itself, as those attackers will likely eventually find a way in. That said, I can definitely set up some testing on that here to see if I can replicate it and then ask development to implement validation for this. I'll keep you posted as I find out more on this. Have a good one!
Kyle Kerst
System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Martin Schaible Replied
3/21/2022 at 2:06 PM
Kyle, many thanks!

Btw, i had the idea, strange TLD's to block anyway. An "SMTP Blocking" targeting domains would make sense.
Do i have to add a TLD with or without a period? I guess with a period like ".tst", but the docs does pointing this out.

Thanks and have a good one too!
0
Kyle Kerst Replied
3/21/2022 at 2:21 PM
Employee Post
You're very welcome, happy to lend a hand and take a look. To outright block the domain you can implement an entry under Settings>Security>SMTP Blocks similar to this one below:
Kyle Kerst
System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Martin Schaible Replied
3/21/2022 at 3:05 PM
Ohh, only TLD blocking is not possible. Okay, need to find a different idea. Thanks!
0
Kyle Kerst Replied
3/21/2022 at 3:08 PM
Employee Post
I am not 100% sure on the TLD block but I'll do some testing on that for you as well :)
Kyle Kerst
System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Kyle Kerst Replied
3/21/2022 at 3:24 PM
Employee Post
One thing you can do in the meantime is add a custom spam check that adds a high spam weight to any messages originating from those TLDs that you want to block:
Kyle Kerst
System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
Martin Schaible Replied
3/22/2022 at 5:42 AM
I would like to block silly TLD's before any further actions of the mail server are taking place. Therefore an SMTP Block would be perfekt.
I could also check the generated error message from SmarterMail for those TLD's and then treat them as Spam.

Thanks!
1
Kyle Kerst Replied
3/22/2022 at 6:36 AM
Employee Post
That makes sense :-) I'll keep you posted on what I find out!
Kyle Kerst
System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Kyle Kerst Replied
3/24/2022 at 4:22 PM
Employee Post
Sorry for the delay on this Martin as this week ended up being a little busier than expected. I'm going to circle back to this in the new week though and should have some updates for you then. Have a good one!
Kyle Kerst
System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Martin Schaible Replied
3/24/2022 at 4:56 PM
Hi Kyle
Thanks for the update. We are not in a hurry, at least not this time :-)
0
Kyle Kerst Replied
3/31/2022 at 9:44 AM
Employee Post
Hey Martin :-) I was able to test with a TLD block via Settings>Security>SMTP Blocks and found this works as expected. Below you will find my TLD block example along with logs showing the subsequent rejections. Can you give that a shot for me on our latest release? I believe we have a release planned for later today so if not already upgraded you can hold off for that! :)

SMTP Block

** Essentially you just need a block for the domain *.TLD

Rejected SMTP Session
[2022.03.31] 09:40:12.854 [10.1.9.72][8785736] rsp: 220 mail.kyle.test.local
[2022.03.31] 09:40:12.870 [10.1.9.72][8785736] connected at 3/31/2022 9:40:12 AM
[2022.03.31] 09:40:12.933 [10.1.9.72][8785736] Country code: Unknown
[2022.03.31] 09:40:12.948 [10.1.9.72][8785736] cmd: EHLO mail.smartermonitor.com
[2022.03.31] 09:40:12.948 [10.1.9.72][8785736] rsp: 250-mail.kyle.test.local Hello [10.1.9.72]250-SIZE 699050666250-AUTH LOGIN CRAM-MD5250-8BITMIME250-DSN250 OK
[2022.03.31] 09:40:12.995 [10.1.9.72][8785736] cmd: MAIL FROM:<domain-admin@domain.test> SIZE=1203
[2022.03.31] 09:40:13.011 [10.1.9.72][8785736] senderEmail(1): domain-admin@domain.test parsed using: <domain-admin@domain.test>
[2022.03.31] 09:40:13.011 [10.1.9.72][8785736] rsp: 550 Sender is not allowed.
[2022.03.31] 09:40:13.011 [10.1.9.72][8785736] disconnected at 3/31/2022 9:40:13 AM
Kyle Kerst
System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Martin Schaible Replied
4/1/2022 at 6:13 AM
Hey Kyle, this sounds amazing. I wll update our box over the weekend with the new build.
Have a good one!

Many thanks
1
Jay Dubb Replied
4/1/2022 at 12:00 PM
Do the logs indicate anything after the ('||') in the TLD?  This almost reminds me of basic SQL injection attacks, because the double pipe is often used as a logical 'OR' operator.  If the logs show more string after the ||, it might be fishing for form handlers that don't perform sanity checks to use for nefarious purposes.  

I've seen form handlers used by spammers who inject long strings of email addresses into an unchecked / unbounded input field, and use the body for the message.  The form handler then relays the spam back out to the world.
 
0
Martin Schaible Replied
4/3/2022 at 11:58 AM
Yes, it is an not valided form as i wrote in the second post.
0
Jeffrey Wilkinson Replied
4/5/2022 at 1:32 PM
No, he meant anything after the '||" part of the string.
0
Kyle Kerst Replied
4/5/2022 at 4:06 PM
Employee Post
Hey Martin. Just wanted to check in to see if you were able to get upgraded, and if that SMTP Block worked as expected post-upgrade? Hope you're doing well! :-)
Kyle Kerst
System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Martin Schaible Replied
4/8/2022 at 10:36 AM
Hey Kyle
The mail server is updated, but i didn't had the opportunity to play around with the SMTP Block.
As soon i have results, i will post a feedback. Stay tuned. Thanks!
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Set Up a MAPI Account in Outlook 2016 and Above for WindowsSmarterMail > Desktop and Mobile Synchronization
Use LDAP with OutlookSmarterMail > Desktop and Mobile Synchronization
Copy Mail Sent To or From a MailboxSmarterMail > Domain/User Configuration and Management
Set up SmarterMail as an IIS Site in IIS 10SmarterMail > Server Configuration and Management
SmarterMail and Network Address Translation (NAT)SmarterMail > Troubleshooting