Back to Community Threads
Return 544 Status Code to Blacklisted-IP Senders
Problem reported by Jay Dubb - 3/24/2026 at 6:36 AM
Submitted
J
When an IP is blacklisted, spammers get the following response:

421 Server is busy, try again later.

This encourages the sender to keep trying-- which they do for as much as 12-24 hours, which serves no purpose other than consuming resources and bloating the SMTP logs.  

SUGGESTION:  For IP addresses that have been admin-added to the Blacklist and intended to be permanent, return a '544 - IP Rejected' or '550 5.7.1 - Sending IP is Blocked' or similar status code to create a hard-failure that stops the sender from retrying.
 
J
J. LaDow Replied
3/24/2026 at 6:57 AM
- OR AT LEAST GIVE US THE CHOICE-

I've asked for this for years.
MailEnable survivor / convert --
J
J. LaDow Replied
3/24/2026 at 7:00 AM
ALSO NEW FORUMS BUG - upvoting the primary post does not work right - sometimes resulting in a negative number:
MailEnable survivor / convert --
D
Douglas Foster Replied
3/25/2026 at 7:22 AM
If providing options, I would suggest one more:   "No Reply / Dead Silence".
Silence is my preferred response to all malicious traffic.   "Rejected IP" gives them a hint that they might get through if they change addresses.   I don't want to give them any helpful advice.
J
Jay Dubb Replied
3/26/2026 at 12:55 PM
You have to provide some type of response if the connection is allowed to establish.  I suppose it could be simply "550 5.7.1" or whatever, as long as it's a 500-series error which says go away and don't try back.... versus a 400-series which indicates a soft failure that can be retried later.

It would probably be even better if the sending server wasn't allowed to even complete the handshake, but I suspect the network stack has to answer the phone before the app (Smartermail) can reject the call.
 
D
Douglas Foster Replied
3/26/2026 at 1:37 PM
Right, but if all that arrives is a HELO, you have the option of sending no response because it is not established.   This would be equivalent to a block at the firewall 
D
Douglas Foster Replied
4/1/2026 at 5:35 AM
I  am surprised that ST has not weighed in on this.  But this topic is illuminated by the way that they handle SMTP blocks .   This is game theory:   if I give a particular signal, how will the other party respond?

SM has implemented a strategy to minimize the amount of useful information provided to the attacker.  For IP blocks, the fear is that if the attacker knows he is blocked, then he will move to another IP address.   If he knows that his HELO is blocked, he will change the HELO name (which is trivial).  If he knows that his Mail From domain is blocked, he will change to a different domain.

So IP blocks are handled as Temp Errors, because it increases the likelihood that he will continue to attack from the same address, rather than moving to a new one.   HELO and SMTP Domain blocks are handled by making all recipient submissions invalid.   The invalid recipient block may be the most effective, because it may cause him to purge some addresses from his attack list.

I can support making these choices configurable, but I can also understand why they are configured the way they are now.
J
Jay Dubb Replied
4/2/2026 at 6:42 AM
+1 for making them configurable.  Give us a dropdown on how SM will respond to blacklisted IPs.
421 Try again Later
571 IP blocked
550 No such user

If you have high confidence that anything coming from a blacklisted IP would be garbage, the "550 No such user" would be brilliant.  

But it these custom errors would HAVE to apply ***ONLY*** to manually blacklisted IPs.  Seriously.  It would be horrible if the IDS auto-bans an IP for 10 minutes because one PC in the office is misbehaving and suddenly their coworkers start getting NDRs because the system returns 550 errors when the rest of the team emails each other.
 
D
Dave Replied
4/2/2026 at 7:24 AM
Agree, having the ability to choose the bounce message would be great.

If we could also have some sort of ability to put it custom text that could help too.

Some mail admins need a small nudge so a bounce message that we could add info to would be good.
Others need a bat to the head so the standard 550 would be fine

----------------------------------------------------------------------------------------

A bit of OT humor we have a postfix box running some filtering rules for some customers before it hits their mail servers.

Mose rejects are 
554 ACL Your IP / Domain has been blocked for sending spam.

The ones that even after 1000's and 1000's of blocks keep sending get:
554 ACL SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM

Keep annoying me and get:
554 ACL You are a spammer that probably has sex with farm animals.

And for the REALLY persistent ones that are not just bulk spammers but the sales people who don't honor opt-outs and other places get this [Warning lots of bad words]:
554 ACL SPAMMER please see https://youtu.be/KleseAAmUKw?t=6
After I posted the above link someone here mentioned that I might need a vacation.
J
J. LaDow Replied
4/2/2026 at 7:43 AM
@Dave -- I wish we had this ability... 

Just being able to block a range and have the server respond with "Blocked for Abuse" instead of "try again later" would be great. 

Being able to choose the response at the IDS configuration would be another good enhancement as well.
MailEnable survivor / convert --
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Remote Server returned: '602' errorSmarterMail > Troubleshooting
Key Feature and Version Milestones in SmarterMailSmarterMail
Messages from Trusted Senders are going to my Junk folderSmarterMail > Troubleshooting
Find a Compromised AccountSmarterMail > Troubleshooting
SmarterMail for Linux – SSL/TLS & Certificate ReferenceSmarterMail > Server Configuration and Management