Back to Community Threads
Security / SMTP EHLO Blocks - IP Address
Problem reported by Curtis Kropar www.HawaiianHope.org - Yesterday at 10:19 PM
Submitted
We are currently on Build 9014 (Is there any way, even in a newer version to...)
Today I am looking though the SMTP logs and realize we have thousands of authentication attempts, and most of them are connecting with a "EHLO" that is an IP address.This is just some of them.

[2025.08.26] 00:20:40.492 [190.149.234.185][23550932] cmd: EHLO [190.149.234.185]
[2025.08.26] 01:28:36.557 [107.189.46.127][26230297] cmd: EHLO [107.189.46.127]
[2025.08.26] 01:28:54.060 [13.68.214.34][33933126] cmd: EHLO [13.68.214.34]
[2025.08.26] 01:28:56.143 [98.102.148.242][63490115] cmd: EHLO [98.102.148.242]
[2025.08.26] 01:29:34.781 [121.73.169.96][56211651] cmd: EHLO [121.73.169.96]
[2025.08.26] 01:59:40.460 [73.231.102.189][4727703] cmd: EHLO [73.231.102.189]
[2025.08.26] 02:00:04.559 [70.91.135.181][13716335] cmd: EHLO [70.91.135.181]
[2025.08.26] 03:19:44.312 [34.169.155.199][27116654] cmd: ehlo [10.88.0.4]
Take notice, the last one is also a private IP address, and it has been banging away at us for days.
So, Several questions.
1) When Smartermail gets an IP Address as the EHLO, and not a domain, are the brackets [ ] included as part of the inbound data ? Or does SmarterMail add those in to signify a domain ?  If I set up an SMTP Block should the block be for " [10.88.* "   or just " 10.88.* " ?
2) Is there any way, even in a newer version, to simply say reject any EHLO attempts that is an IP address and not a domain ?  
3) Is it possible to use single space question marks, instead of Asterisk wild cards ?  So to block "???.???.???.???"  or some RegEx method to signify an IP address ?

4) Are there really legit mail servers that are on IP addresses only for the EHLO ?

www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !
J. LaDow Replied
Today at 4:01 AM
Lots of Android devices fail to properly identify when connecting as clients, and revert to an IP address - we had this issue and could not block EHLO with just IP recognition.  Otherwise, there are no legit servers we've seen in 10 years.

It would be nice to be able to enforce a rule that if the server connects and IDs with IP only, that the supplied IP matches the detected physical IP and not something mismatched. That would knock down a LOT of it.
MailEnable survivor / convert --
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Slow 250 response after Mail From command is issued during an SMTP session.SmarterMail > Troubleshooting
Resolving SMTP Failures on AWS-based ServerSmarterMail > Server Configuration and Management
SmarterMail for Linux – SSL/TLS & Certificate ReferenceSmarterMail > Server Configuration and Management
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Hybrid Setup Using SmarterMail and Microsoft (Office) 365SmarterMail > Installation and Configuration