<p>As empty HELO greetings aren't RFC compliant we will probably have Mercury reject them by default in v5. Thanks for pointing this out!</p><p> </p>

<p>How to prevent any further communication if a connection comes in with an incomplete HELO/EHLO greeting message?</p><p>In this case the HELO/EHLO message is empty. The following snippet was logged: "11:38:06.427: >> EHLO<cr><lf>".</p><p> </p>

<p>This rule should catch that specific case and add the IP address to the shorttime blacklist:</p><p><span style="font-size: 10pt;">H,</span>"[EHeh][EHeh]LO<span style="font-size: 10pt;">??", RS,  "554 Illegal HELO, connection refused."</span></p><p> </p>

<p>Hmmm. This does not work. Mercury 4.80beta accepts further commands. I would expect that Mercury refuses the connection.</p> <p>01:00:14.121: >> EHLO<cr><lf> 01:00:14.152: << 250-foo.bar Hello ; ESMTPs are:<cr><lf>250-TIME<cr><lf> 01:00:14.152: << 250-SIZE 123456789<cr><lf> 01:00:14.152: << 250-STARTTLS<cr><lf> 01:00:14.152: << 250 HELP<cr><lf> 01:00:31.433: >> MAIL FROM: foobar@foo.bar<cr><lf> 01:00:31.433: << 250 Sender OK - send RCPTs.<cr><lf> 01:01:01.277: >> RCPT TO: foobar@foo.bar<cr><lf> 01:01:01.277: << 250 Recipient OK - send RCPT or DATA.<cr><lf> 01:01:11.949: >> DATA<cr><lf> 01:01:11.949: << 354 OK, send data, end with CRLF.CRLF<cr><lf> 01:01:13.980: >> .<cr><lf> 01:01:13.980: << 250 Data received OK.<cr><lf> 01:01:17.605: >> QUIT<cr><lf> 01:01:17.605: << 221 foo.bar Service closing channel.<cr><lf> 01:01:17.605: --- Connection closed normally at 26 Jul 2015, 1:01:17.605. --- 01:01:17.605:</lf></cr></lf></cr></lf></cr></lf></cr></lf></cr></lf></cr></lf></cr></lf></cr></lf></cr></lf></cr></lf></cr></lf></cr></lf></cr></lf></cr></lf></cr></lf></cr></p> <p> </p> <p> </p> <p>I will use a work-around until somebody posts a better solution. A test with the following filtering rule works as expected:</p> <p>M, "*foobar@foo.bar*", RS, "Mail from foobar@foo.bar - Connection refused"</p> <p>19:15:31.574: >> EHLO<cr><lf> 19:15:31.621: << 250-foo.bar Hello ; ESMTPs are:<cr><lf>250-TIME<cr><lf> 19:15:31.636: << 250-SIZE 123456789<cr><lf> 19:15:31.636: << 250-STARTTLS<cr><lf> 19:15:31.636: << 250 HELP<cr><lf> 19:15:31.933: << MAIL FROM: foobar@foo.bar<cr><lf> 19:15:31.933: << Mail from foobar@foo.bar - Connection refused<cr><lf> 19:15:32.246: >> RCPT TO: barfoo@bar.foo<cr><lf> 19:15:32.246: << 554 Shunned connection - only the QUIT command will be accepted.<cr><lf> 19:15:32.543: >>  19:15:32.558: --- Connection closed normally at 25 Jul 2015, 19:15:32.558. --- 19:15:32.558:</lf></cr></lf></cr></lf></cr></lf></cr></lf></cr></lf></cr></lf></cr></lf></cr></lf></cr></lf></cr></p>

<div>Damn, I made a config failure. After changing the rule position your posted rule<span style="font-size: 10pt; font-family: Tahoma, Arial, Helvetica;"> works now...</span></div><div> </div><div>15:00:25.347: --- 30 Jul 2015, 15:00:25.347 ---</div><div>15:00:25.363: Accepted connection from '222.124.200.250', timeout 60 seconds.</div><div>15:00:25.378: Connection from 222.124.200.250, Thu Jul 30 15:00:25 2015<lf></div><div>15:00:25.378: << 220-foo.bar ESMTP server ready.<cr><lf></div><div>15:00:25.722: >> EHLO<cr><lf></div><div>15:00:25.753: << 554 Illegal HELO, connection refused.<cr><lf></div><div>15:00:26.081: >> </div><div>15:00:26.081: --- Connection closed normally at 30 Jul 2015, 15:00:26.081. ---</div><div>15:00:26.081: </div><div> </div>