Back to Community Threads
session info
Problem reported by Sabatino - 2/18/2026 at 6:58 AM
Submitted
Sorry.
Does anyone have any idea what a session like this is?
Always open the connection until 
rsp: 250 OK <user@domain.tld> Recipient ok

and then send the quit


[2026.02.18] 14:46:14.392 [xxx.yyy.53.132][64171561] Connection initiated
[2026.02.18] 14:46:14.392 [xxx.yyy.53.132][64171561] rsp: 220 smtp.mailserver.tld
[2026.02.18] 14:46:14.394 [xxx.yyy.53.132][64171561] connected at 2/18/2026 2:46:14 PM
[2026.02.18] 14:46:14.394 [xxx.yyy.53.132][64171561] Country code: HU
[2026.02.18] 14:46:14.413 [xxx.yyy.53.132][64171561] cmd: HELO s388.hubucoapp.com
[2026.02.18] 14:46:14.413 [xxx.yyy.53.132][64171561] rsp: 250 smtp.mailserver.tld Hello [xxx.yyy.53.132]
[2026.02.18] 14:46:14.433 [xxx.yyy.53.132][64171561] cmd: MAIL FROM:<info@hubucoapp.com>
[2026.02.18] 14:46:14.433 [xxx.yyy.53.132][64171561] senderEmail(1): info@hubucoapp.com
[2026.02.18] 14:46:14.823 [xxx.yyy.53.132][64171561] rsp: 250 OK <info@hubucoapp.com> Sender ok
[2026.02.18] 14:46:14.823 [xxx.yyy.53.132][64171561] Sender accepted. Weight: 10. Failed checks: UCEProtect Level 2 (10)
[2026.02.18] 14:46:14.843 [xxx.yyy.53.132][64171561] cmd: RCPT TO:<user@domain.tld>
[2026.02.18] 14:46:14.844 [xxx.yyy.53.132][64171561] rsp: 250 OK <user@domain.tld> Recipient ok
[2026.02.18] 14:46:14.864 [xxx.yyy.53.132][64171561] cmd: QUIT
[2026.02.18] 14:46:14.864 [xxx.yyy.53.132][64171561] rsp: 221 OK
[2026.02.18] 14:46:14.864 [xxx.yyy.53.132][64171561] disconnected at 2/18/2026 2:46:14 PM
Sabatino Traini
      Chief Information Officer
Genial s.r.l. 
Martinsicuro - Italy
Andrew Barker Replied
2/18/2026 at 7:10 AM
Employee Post
This form of session is typically used to confirm whether a specific account exists. Depending on your specific setup, it could be an incoming gateway trying to determine if it should accept a message for that recipient. At the other end of the scale, it could be a third party trying to harvest email addresses.
Andrew Barker Lead Software Developer SmarterTools Inc. www.smartertools.com
Sabatino Replied
2/18/2026 at 7:24 AM
Here's another one I don't understand

smtp

[2026.02.17] 18:42:55.836 [xxx.yyy.67.226][50751313] Connection initiated
[2026.02.17] 18:42:55.837 [xxx.yyy.67.226][50751313] rsp: 220 smtp.mailserver.tld
[2026.02.17] 18:42:55.838 [xxx.yyy.67.226][50751313] connected at 2/17/2026 6:42:55 PM
[2026.02.17] 18:42:55.838 [xxx.yyy.67.226][50751313] Country code: IT
[2026.02.17] 18:42:55.869 [xxx.yyy.67.226][50751313] cmd: EHLO smtpclient.apple
[2026.02.17] 18:42:55.870 [xxx.yyy.67.226][50751313] rsp: 250-smtp.mailserver.tld Hello [xxx.yyy.67.226]250-SIZE 699050666250-AUTH PLAIN LOGIN CRAM-MD5250-STARTTLS250-8BITMIME250-SMTPUTF8250-DSN250 OK
[2026.02.17] 18:42:55.899 [xxx.yyy.67.226][50751313] cmd: STARTTLS
[2026.02.17] 18:42:55.899 [xxx.yyy.67.226][50751313] rsp: 220 Start TLS negotiation
[2026.02.17] 18:42:56.040 [xxx.yyy.67.226][50751313] cmd: EHLO smtpclient.apple
[2026.02.17] 18:42:56.040 [xxx.yyy.67.226][50751313] rsp: 250-smtp.mailserver.tld Hello [xxx.yyy.67.226]250-SIZE 699050666250-AUTH PLAIN LOGIN CRAM-MD5250-8BITMIME250-SMTPUTF8250-DSN250 OK
[2026.02.17] 18:42:56.091 [xxx.yyy.67.226][50751313] cmd: AUTH PLAIN fddsfgfsdfgsggfsdgs
[2026.02.17] 18:42:56.091 [xxx.yyy.67.226][50751313] Authenticating as user1@domain1.tld
[2026.02.17] 18:42:56.093 [xxx.yyy.67.226][50751313] rsp: 235 Authentication successful
[2026.02.17] 18:42:56.093 [xxx.yyy.67.226][50751313] Authenticated as user1@domain1.tld
[2026.02.17] 18:42:56.119 [xxx.yyy.67.226][50751313] cmd: MAIL FROM:<user1@domain1.tld>
[2026.02.17] 18:42:56.119 [xxx.yyy.67.226][50751313] senderEmail(1): user1@domain1.tld
[2026.02.17] 18:42:56.119 [xxx.yyy.67.226][50751313] rsp: 250 OK <user1@domain1.tld> Sender ok
[2026.02.17] 18:42:56.119 [xxx.yyy.67.226][50751313] Sender accepted. Weight: 0. 
[2026.02.17] 18:42:56.145 [xxx.yyy.67.226][50751313] cmd: RCPT TO:<user2@domain2.tld>
[2026.02.17] 18:42:56.146 [xxx.yyy.67.226][50751313] rsp: 250 OK <user2@domain2.tld> Recipient ok
[2026.02.17] 18:42:56.172 [xxx.yyy.67.226][50751313] cmd: DATA
[2026.02.17] 18:42:56.172 [xxx.yyy.67.226][50751313] Performing PTR host name lookup for xxx.yyy.67.226
[2026.02.17] 18:42:56.189 [xxx.yyy.67.226][50751313] PTR host name for xxx.yyy.67.226 resolved as host-xxx-yyyy-67-226.business.telecomitalia.it
[2026.02.17] 18:42:56.191 [xxx.yyy.67.226][50751313] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2026.02.17] 18:42:56.220 [xxx.yyy.67.226][50751313] senderEmail(2): user1@domain1.tld parsed using FROM: Antonio<user1@domain1.tld>
[2026.02.17] 18:44:59.123 [xxx.yyy.67.226][50751313] rsp: 421 Command timeout, closing transmission channel
[2026.02.17] 18:44:59.124 [xxx.yyy.67.226][50751313] Successfully wrote to the HDR file. (D:/SmarterMail/Spool/SubSpool6/59076544.hdr)
[2026.02.17] 18:44:59.124 [xxx.yyy.67.226][50751313] data transfer failed. EndAsyncProcessing:NotInDataMode
[2026.02.17] 18:44:59.124 [xxx.yyy.67.226][50751313] rsp: EndAsyncProcessing:NotInDataMode
[2026.02.17] 18:44:59.124 [xxx.yyy.67.226][50751313] disconnected at 2/17/2026 6:44:59 PM



delivery


[2026.02.17] 18:42:58.141 [59076544] Delivery started for user1@domain1.tld at 6:42:58 PM
[2026.02.17] 18:45:01.656 [59076544] Delivery failed for user1@domain1.tld at 6:45:01 PM    [id:59076544]




and

are existing local users.

The delivery fails without specifying any reason.
Sabatino Traini Chief Information Officer Genial s.r.l. Martinsicuro - Italy
Sabatino Replied
2/18/2026 at 7:31 AM
Sorry...
I'll answer myself

I didn't see the 
data transfer failed

:-(
Sabatino Traini Chief Information Officer Genial s.r.l. Martinsicuro - Italy
D
Douglas Foster Replied
2/18/2026 at 11:28 AM
I found the information below about hubucoapp.com, which confirms that they are performing directory harvesting against your system, so that they can sell lists of email addresses to anybody with cash.   

Directory Harvesting is one of the reasons that I started doing recipient verification in Declude, after the SMTP session is closed, and after the message is "accepted".   I quickly detect and discard messages with no valid recipient.  This amounts to 65% of all incoming traffic.   Some of that 65% is from legitimate senders to terminated employees, but a lot of it is from directory harvesters.

From Google search AI Overview:

HuBuCo (hubucoapp.com) is an email verification service, now associated with MillionVerifier, designed to help businesses clean email lists, reduce bounce rates, and protect sender reputation. It offers bulk and real-time API verification to detect 
 
Key details about HuBuCo include:
  • Services: Provides syntax checks, domain validation, MX record checks, and spam trap detection.
  • Capabilities: Known for fast, automated bulk email verification.
  • Association: The platform directs to MillionVerifier, indicating a merger or rebranding of the service. 
It is targeted at email marketers, e-commerce companies, and digital marketers looking to improve email deliverability. 
Sabatino Replied
2/19/2026 at 8:37 AM
This rule should intercept it.


The problem is that they do it very slowly and perhaps with different IPs so as not to trigger IDs.
Sabatino Traini Chief Information Officer Genial s.r.l. Martinsicuro - Italy
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Slow 250 response after Mail From command is issued during an SMTP session.SmarterMail > Troubleshooting
Resolving SMTP Failures on AWS-based ServerSmarterMail > Server Configuration and Management
Migrate SmarterMail to a Different ServerSmarterMail > Installation and Configuration
Using Fiddler on WindowsSmarterMail > Troubleshooting
Email Migration Options to SmarterMail from an External MTA.SmarterMail > Installation and Configuration