Byteplant Forum

Home » CleanMail Support » CleanMail Server Talk » HostRejectList
HostRejectList [message #787] Sat, 17 July 2004 23:34
bobn
Messages: 2
Registered: July 2004
Junior Member
Just turned on the HostRejectList param. This is great!!
I have a number of customers who do no business outside of the US.
They block all foreign registry IP addresses. This gets rid of alot of SPAM.
It became impossible to do this with the mail server, once we started using NST because the server only sees 127.0.0.1 as the incoming IP address.

One question, though.
It appears that a conversation still takes place, even though the connection is rejected.

When an IP Address is rejected, shouldn't the NST proxy just say "Goodbye" to the connection?

Here's an example...

Jul 17, 2004, 14:14:36 session 0: Connection from 217.129.26.193 accepted
Jul 17, 2004, 14:14:37 session 0: HELO es-217-129-26-193.netvisao.pt
Jul 17, 2004, 14:14:37 session 0: Rejecting all recipients for host/helo 217.129.26.193/es-217-129-26-193.netvisao.pt
Jul 17, 2004, 14:14:37 session 0: 250 Requested mail action okay, completed
Jul 17, 2004, 14:14:38 session 0: MAIL FROM:
Jul 17, 2004, 14:14:38 session 0: 250 Requested mail action okay, completed
Jul 17, 2004, 14:14:38 session 0: RCPT TO:
Jul 17, 2004, 14:14:38 session 0: Rejecting recipient: baldwin@pc4u.com
Jul 17, 2004, 14:14:38 session 0: 550 Recipient address not accepted
Jul 17, 2004, 14:14:39 session 0: QUIT
Jul 17, 2004, 14:14:39 session 0: 221 Service closing transmission channel
Jul 17, 2004, 14:14:39 session 0: Transmission complete - closing
Jul 17, 2004, 14:14:39 session 0: Connection from 217.129.26.193 closed

Re: HostRejectList [message #788 is a reply to message #787] Mon, 19 July 2004 13:42 Go to previous message
support
Messages: 918
Registered: April 2004
Senior Member
> It appears that a conversation still takes place, even though
> the connection is rejected.
>
> When an IP Address is rejected, shouldn't the NST proxy just
> say "Goodbye" to the connection?

The reason is in the HeloRejectList. Once HELO negotitiation is under progress, SMTP has no provision to terminate the session permanently and cleanly, therefore we reject all recipient addresses until the client disconnects.

With HostRejectList it would be possible for NST to reply "554 No SMTP service here" right after the connection is established. But to keep it simple, we decided to handle the HostRejectList similar to the HeloRejectList, hence the conversation you were watching.



Customer Support
Byteplant GmbH
Re: HostRejectList [message #789 is a reply to message #787] Mon, 19 July 2004 18:23 Go to previous message
bobn
Messages: 2
Registered: July 2004
Junior Member
Thanks. That helps me to understand what's going on.

The reason that I asked the question is that I get many connections where the email addresses seem to come out of nowhere. It forces the mail server to process each one of these.

Here's a longer example:
All of these email addresses are completely bogus.


Jul 19, 2004, 09:06:24 session 1: Connection from 201.135.99.38 accepted
Jul 19, 2004, 09:06:24 session 1: 220 pc4u.com SMTP Welcome to the IA eMailServer Corporate Edition Version: 5.2.2. Build: 1051 by True North Software, Inc.
Jul 19, 2004, 09:06:27 session 1: HELO 201.135.99.38
Jul 19, 2004, 09:06:27 session 1: Rejecting all recipients for host/helo 201.135.99.38/201.135.99.38
Jul 19, 2004, 09:06:27 session 1: 250 Requested mail action okay, completed
Jul 19, 2004, 09:06:34 session 1: MAIL FROM:
Jul 19, 2004, 09:06:34 session 1: 250 Requested mail action okay, completed
Jul 19, 2004, 09:06:36 session 1: RCPT TO:
Jul 19, 2004, 09:06:36 session 1: Rejecting recipient: willis@pc4u.com
Jul 19, 2004, 09:06:36 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:06:39 session 1: RCPT TO:
Jul 19, 2004, 09:06:39 session 1: Rejecting recipient: moreno@pc4u.com
Jul 19, 2004, 09:06:39 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:06:42 session 1: RCPT TO:
Jul 19, 2004, 09:06:42 session 1: Rejecting recipient: sims@pc4u.com
Jul 19, 2004, 09:06:42 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:06:44 session 1: RCPT TO:
Jul 19, 2004, 09:06:44 session 1: Rejecting recipient: harvey@pc4u.com
Jul 19, 2004, 09:06:44 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:06:47 session 1: RCPT TO:
Jul 19, 2004, 09:06:47 session 1: Rejecting recipient: matthews@pc4u.com
Jul 19, 2004, 09:06:47 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:06:49 session 1: RCPT TO:
Jul 19, 2004, 09:06:49 session 1: Rejecting recipient: franklin@pc4u.com
Jul 19, 2004, 09:06:49 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:06:52 session 1: RCPT TO:
Jul 19, 2004, 09:06:52 session 1: Rejecting recipient: ray@pc4u.com
Jul 19, 2004, 09:06:52 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:06:54 session 1: RSET
Jul 19, 2004, 09:06:55 session 1: 250 Requested mail action okay, completed
Jul 19, 2004, 09:07:07 session 1: MAIL FROM:
Jul 19, 2004, 09:07:07 session 1: 250 Requested mail action okay, completed
Jul 19, 2004, 09:07:09 session 1: RCPT TO:
Jul 19, 2004, 09:07:09 session 1: Rejecting recipient: holmes@pc4u.com
Jul 19, 2004, 09:07:09 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:07:15 session 1: RCPT TO:
Jul 19, 2004, 09:07:15 session 1: Rejecting recipient: weaver@pc4u.com
Jul 19, 2004, 09:07:15 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:07:17 session 1: RCPT TO:
Jul 19, 2004, 09:07:17 session 1: Rejecting recipient: wolfe@pc4u.com
Jul 19, 2004, 09:07:17 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:07:23 session 1: RCPT TO:
Jul 19, 2004, 09:07:23 session 1: Rejecting recipient: lucas@pc4u.com
Jul 19, 2004, 09:07:23 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:07:25 session 1: RCPT TO:
Jul 19, 2004, 09:07:25 session 1: Rejecting recipient: barrett@pc4u.com
Jul 19, 2004, 09:07:25 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:07:28 session 1: RCPT TO:
Jul 19, 2004, 09:07:28 session 1: Rejecting recipient: rodgers@pc4u.com
Jul 19, 2004, 09:07:28 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:07:30 session 1: RCPT TO:
Jul 19, 2004, 09:07:30 session 1: Rejecting recipient: chapman@pc4u.com
Jul 19, 2004, 09:07:30 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:07:33 session 1: RSET
Jul 19, 2004, 09:07:33 session 1: 250 Requested mail action okay, completed
Jul 19, 2004, 09:07:36 session 1: MAIL FROM:
Jul 19, 2004, 09:07:36 session 1: 250 Requested mail action okay, completed
Jul 19, 2004, 09:07:39 session 1: RCPT TO:
Jul 19, 2004, 09:07:39 session 1: Rejecting recipient: cobb@pc4u.com
Jul 19, 2004, 09:07:39 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:07:44 session 1: RCPT TO:
Jul 19, 2004, 09:07:44 session 1: Rejecting recipient: cunningham@pc4u.com
Jul 19, 2004, 09:07:44 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:07:47 session 1: RCPT TO:
Jul 19, 2004, 09:07:47 session 1: Rejecting recipient: murray@pc4u.com
Jul 19, 2004, 09:07:47 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:07:50 session 1: RCPT TO:
Jul 19, 2004, 09:07:50 session 1: Rejecting recipient: austin@pc4u.com
Jul 19, 2004, 09:07:50 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:07:52 session 1: RCPT TO:
Jul 19, 2004, 09:07:52 session 1: Rejecting recipient: byrd@pc4u.com
Jul 19, 2004, 09:07:52 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:07:54 session 1: RSET
Jul 19, 2004, 09:07:54 session 1: 250 Requested mail action okay, completed
Jul 19, 2004, 09:07:56 session 1: MAIL FROM:
Jul 19, 2004, 09:07:56 session 1: 250 Requested mail action okay, completed
Jul 19, 2004, 09:07:59 session 1: RCPT TO:
Jul 19, 2004, 09:07:59 session 1: Rejecting recipient: larson@pc4u.com
Jul 19, 2004, 09:07:59 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:08:01 session 1: RCPT TO:
Jul 19, 2004, 09:08:01 session 1: Rejecting recipient: castillo@pc4u.com
Jul 19, 2004, 09:08:01 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:08:04 session 1: RCPT TO:
Jul 19, 2004, 09:08:04 session 1: Rejecting recipient: duncan@pc4u.com
Jul 19, 2004, 09:08:04 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:08:06 session 1: RSET
Jul 19, 2004, 09:08:06 session 1: 250 Requested mail action okay, completed
Jul 19, 2004, 09:08:08 session 1: MAIL FROM:
Jul 19, 2004, 09:08:08 session 1: 250 Requested mail action okay, completed
Jul 19, 2004, 09:08:11 session 1: RCPT TO:
Jul 19, 2004, 09:08:11 session 1: Rejecting recipient: goodwin@pc4u.com
Jul 19, 2004, 09:08:11 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:08:13 session 1: RCPT TO:
Jul 19, 2004, 09:08:13 session 1: Rejecting recipient: nichols@pc4u.com
Jul 19, 2004, 09:08:13 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:08:15 session 1: RCPT TO:
Jul 19, 2004, 09:08:15 session 1: Rejecting recipient: schultz@pc4u.com
Jul 19, 2004, 09:08:15 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:08:17 session 1: RCPT TO:
Jul 19, 2004, 09:08:17 session 1: Rejecting recipient: moody@pc4u.com
Jul 19, 2004, 09:08:17 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:08:19 session 1: RCPT TO:
Jul 19, 2004, 09:08:19 session 1: Rejecting recipient: cohen@pc4u.com
Jul 19, 2004, 09:08:19 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:08:21 session 1: RCPT TO:
Jul 19, 2004, 09:08:21 session 1: Rejecting recipient: marshall@pc4u.com
Jul 19, 2004, 09:08:21 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:08:22 session 1: RCPT TO:
Jul 19, 2004, 09:08:22 session 1: Rejecting recipient: keller@pc4u.com
Jul 19, 2004, 09:08:22 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:08:24 session 1: RCPT TO:
Jul 19, 2004, 09:08:24 session 1: Rejecting recipient: aguilar@pc4u.com
Jul 19, 2004, 09:08:24 session 1: 550 Recipient address not accepted
Jul 19, 2004, 09:08:26 session 1: QUIT
Jul 19, 2004, 09:08:26 session 1: 221 Service closing transmission channel
Jul 19, 2004, 09:08:26 session 1: Transmission complete - closing
Jul 19, 2004, 09:08:26 session 1: Connection from 201.135.99.38 closed
Re: HostRejectList [message #790 is a reply to message #789] Tue, 20 July 2004 11:07 Go to previous message
support
Messages: 918
Registered: April 2004
Senior Member
This is a failed directory harvesting attempt. The bogus addresses aren't forwarded to the server, they are handled in the proxy. The server only gets to see the HELO, MAIL FROM, and QUIT command, and keeps a connection open for about 2 minutes.



Customer Support
Byteplant GmbH
Previous Topic: Directory Harvest Attacks
Next Topic: Mail Addresses in Use
Goto Forum:
  


Current Time: Mon Sep 26 21:02:24 CEST 2016