Functionality
Here is a list of some of the key features:
- Microsoft Windows desktop application that sits on your desktop or mobile device
- Graphically select a date and load the raw SMTP log for that date
- Parse the SMTP log with the click of a button and show
-
- Validation successes
- Validation failures
- No email address exists (internal and external)
- IP/EHLO addresses that sent mail to a particular email address
- Automatically create a IP address block list and ability to review
- Blacklist Management
-
- Load existing blacklist
- Add item(s) to the blacklist with a single button click, single or range
- Delete item(s) from the blacklist with a single button click, single or range
- Mail Servers Supported: SmarterMail
- Product support: If you have an issue, contact us
- We will introduce support for newer versions of supported SMTP Mail Servers as they become released and we are made aware of the update.
- Suggest new features! We listen.
Uses: Spam Mitigation
There are two types of spam email, those that try and sell you something and ones that try and phish data or lay a virus. The former by definition is from a source that you did not request.
The latter type not only tries to gain data or corrupt your machine, but also uses your machine to send its payload to other computers. Think of a pyramid scheme. An initial computer affects one computer. That computer infects however many. Each of those computers infects however many more. Sadly, infected computers do not just try and send out email just once to other computers, but repeatedly. I had three of my old email addresses get flooded with emails to the point that I had to change the email address.
This tool allows you to easily spot these nefarious computers, but block them out of your server, so that they cannot affect anyone on your server. With about a couple of minutes a day (might be more depending upon complexity), you can start blacklisting those spamming servers and clean up your server.
The thought is not to dissimilar from services that block everything for a huge monthly fee, some of which are seriously quite expensive, and then whitelist only those addresses that do some sort of validation.
This feature can either be a replacement to these services or in addition to. These services are not that full proof, as you might think. Again, there is no magic incantation that gets instant security.
Uses: Hacking Intrusion Mitigation
Another type of intrusion to your server is quite below the radar. I fell subject to this one. A primary hacker adds your domain to a virus. Infected computers do not send you emails, but rather try and guess your passwords. They quite literally try and log in. They all work in tandem reporting back to the central server. Each infected computer tries repeatedly, sometimes ever few seconds, trying to guess the password. Imagine a hundred computers each every few seconds trying to guess a password. How many weeks or months do you think it will take?
The vast majority of administrators do not guard against this type of attack. It is quiet and goes under the radar until a breach, and then you get slammed. Once slammed, you get on their list as an easy target, so changing passwords just breeds another attack and the word spreading that you are an easy mark to other hackers. I know what I am talking about from experience, and no t-shirt came my way.
The solution is to quickly and easily determine the entire list of computers that are trying to hack into your computer and blacklisting them with the touch of a button.
SMTP is the solution and guards against this type of attack.
Uses: Email Address Validity
Your Domain
There is a nice name that exists for this type of hack. Sadly, I forgot what that is. Anyone reading this paragraph and knows, please drop me a line.
The thought here is that hackers try to find out valid email addresses for a domain. They keep hitting the domain with various possible addresses in hopes of finding a real address. If a hacker receives the response, “No such user here”, they have a bad email address, however if they do not get a failure message, then they have an email address that they can target. I definitely have seen this type of attack and you should guard against it.
Other Domains
Interestingly enough, many hackers will try and find the validity of email addresses on other domains, think of a relay. I did not know email servers could do that, but I have definitely seen that. This type of attack is also quite popular, and one that you should monitor. You should add IP addresses that perform these type of attacks to the blacklist as well.
Uses: Server Backup and Move
Any administrator, who has ever tried to migrate to another server, knows the pain involved. One task that should be easy but is not is moving your blacklist to the new computer.
SmtpMaster takes the pain out of the task. Simply download the entire blacklist to a text document with a single click of a button, paste another instance of SmtpMaster, and upload to the new server with a click of a button. The text document can be a simple select the text from the first instance copying to the clipboard and pasting to the second instance. The entire process takes but a few seconds, literally. SmtpMaster does the rest.
Blacklisting
There are two types of blacklisting: SMTP Server and OS firewall. To properly guard your server, you should add the offending IP addresses to both servers: the firewall and the mail server blacklist.
A fascinating point is that the OS firewall blocking does not automatically prevent access to the mail server. I have seen that too. Blocking the IP address from the mail server is by far the most important.
Uses: Suggest a Use
If you found other ways to use a product, please let us know. This tool is designed to be your tool to make your administration easier and your server more secure.
Note for Users / Backstory
From: Sarah Weinberger
(Here is my soapbox time!)
Prior to 2014, I was mail server and cyber security ignorant. Attacks and hacking were always someone else’s problem. I am a small company, and who on Earth would want to waste their time breaking into my server. Well, that was until I got a rude wakeup call from my web hosting company stating that my mail server was being used to send out spam and they wanted to know what I was doing about the situation.
All hell broke loose. I was not able to send out any mail. All the mail server companies (Google, Microsoft, Yahoo, AOL, and various corporations blacklisted my IP. I got presented with an emergency. With help, I learned that someone cracked one of my email passwords and had sent out mail. I was previously smart enough to know to require SMTP authentication, but cracking the password renders that moot. Oh, I did not use simple passwords.
What I learned, was told, was that there is no magic to security. Security is an everyday thing and requires diligence.
I talk about different areas of attack here on this page and the why it is done. What I can say here is that I was dumbfounded to learn how many attacks I was receiving per day, per minute really, from computers trying to break into my server. The sheer magnitude was astounding.
That began the process to monitor my mail server and server logs and denying access to those IP addresses doing me harm. You should read the article above on what I learnt.
I quickly wanted a tool that would help me monitor and safeguard my server. There was none that did what I needed, so I decided to write my own utility, SmtpMaster. I know this utility is good, because I wrote it to solve a real need. I want other companies to benefit from what I have learned and developed, so I am offering the tool here to you.
Do let me know what you think. It is a tool to use by administrators like you. This tool is at your service, so please suggest new functionality. I did not create the problem, but I do want to be part of the cure.
If I missed an area or forgot to talk about something, let me know.
Here is How to Use this Tool
Brands
Supported Mail Servers
- SmarterTools SmarterMail
- MailEnable (coming soon)
If you would like support for another mail server, please contact us.
Configuration
The first time that you use the product, you must configure the settings, assuming that you elect to store the settings in the registry. There are two main areas: SMTP Mail Server and FTP account settings.
FTP Information: The first step is to go to the Configuration tab and enter the FTP information to your mail server log. You might have to configure an FTP account to point to that folder, not to mention share the folder, which contains your mail server logs. This program only reads the files, so there is absolutely no need for write permission.
SMTP: You must then go to the SMTP tab and enter your SMTP mail server credentials. These credentials can optionally store in the registry. See our website or application for up to date information on supported SMTP mail servers.
Steps: Simple/Summary
Once you configure these two areas, simply:
- Select the day in question
- Press the load log button
- Press the parse log button
- Do a quick analysis of the parsed IP addresses adding and removing IP addresses from the blacklist as desired
- Press the add to blacklist button
There are quite a few other uses that you for this tool, as already discussed, but the steps above is the basic one.
Simply reviewing the logs in an easy to read format is also a nice feature.
Steps: More Detailed Explanation
Here are the basic steps, however play around with the application, as there are many uses.
- Select the date in question from the Source tab.
- Press the button to load the file. This might take a moment depending on the size of the file and connection capabilities.
- If not already done, you should go to the "Receive To" tab and enter specific email addresses that you want to monitor. These email addresses do not have to be live on your server or even ever had been on your server. These are destination email addresses that you see or think that other servers might want to perpetually target and that you wish to block.
- Press the parse button. Note: You should seriously consider taking a glance at the SMTP log to make sure there is nothing funny. Software can only do so much.
- Review the "Receive To" list and add any IP addresses that you wish to block to the Sort and Trim tab.
- Press the button to trim the list. This action will delete all duplicate IP addresses and arrange them in order.
- Review the list. You may wish to consult a website like ip-lookup.net to find out where and what an IP address is.
- If you are satisified with the list and wish to add them to your blacklist, then press the add to blacklist button. This action can take a moment or two, so be patient.
- You may wish to download the complete blacklist and back it up somewhere, just in case.
- If you ever want to remove an IP address, then you can do that as well from the SMTP tab.
Remember, adding an IP address to the blacklist with SmtpMaster is a trivial task. What is not trivial if you blacklist an IP address that you really do not want to blacklist and then removing that from the list. Do not forget that the list can grow to many hundreds of IP addresses, so that task can be like finding a needle in a haystack.
Other Features
This product, like the others, is truly meant to to serve the community. Please do give your comments and suggestions for improvement. If you have a question, remember, the only stupid question is one that you have and do not ask. I mean that sincerely.
Also, plesae do recommend this tool and our other products to your community. Help spread the word. Do not assume that someone else will do it or that it just happens.
Lastly, if I missed something that should be on this page, please do let me know.