🐛: Many SMTP RCPT TO commands from IP fails to ban

[tonyhardcode]

What happened?

I adjusted my Automatic Banning settings to:

Auth failures 10/1 day
Abuse attempts 10/1 day
Loitering 150/1 day

In my Stalwart logs I have 100 lines of variations of this one after another with the same timestamp and IP:

2025-01-28T07:05:11Z INFO SMTP RCPT TO command (smtp.rcpt-to) listenerId = "smtp", localPort = 25, remoteIp = 180.7.189.51, remotePort = 51465, to = "[email protected]"
2025-01-28T07:05:11Z INFO SMTP RCPT TO command (smtp.rcpt-to) listenerId = "smtp", localPort = 25, remoteIp = 180.7.189.51, remotePort = 51465, to = "[email protected]"
2025-01-28T07:05:11Z INFO SMTP RCPT TO command (smtp.rcpt-to) listenerId = "smtp", localPort = 25, remoteIp = 180.7.189.51, remotePort = 51465, to = "[email protected]"
2025-01-28T07:05:11Z INFO SMTP RCPT TO command (smtp.rcpt-to) listenerId = "smtp", localPort = 25, remoteIp = 180.7.189.51, remotePort = 51465, to = "[email protected]"
2025-01-28T07:05:11Z INFO SMTP RCPT TO command (smtp.rcpt-to) listenerId = "smtp", localPort = 25, remoteIp = 180.7.189.51, remotePort = 51465, to = "[email protected]"
2025-01-28T07:05:11Z INFO SMTP RCPT TO command (smtp.rcpt-to) listenerId = "smtp", localPort = 25, remoteIp = 180.7.189.51, remotePort = 51465, to = "[email protected]"
2025-01-28T07:05:11Z INFO SMTP RCPT TO command (smtp.rcpt-to) listenerId = "smtp", localPort = 25, remoteIp = 180.7.189.51, remotePort = 51465, to = "[email protected]"
2025-01-28T07:05:11Z INFO SMTP RCPT TO command (smtp.rcpt-to) listenerId = "smtp", localPort = 25, remoteIp = 180.7.189.51, remotePort = 51465, to = "[email protected]"
2025-01-28T07:05:11Z INFO SMTP RCPT TO command (smtp.rcpt-to) listenerId = "smtp", localPort = 25, remoteIp = 180.7.189.51, remotePort = 51465, to = "[email protected]"
2025-01-28T07:05:11Z INFO SMTP RCPT TO command (smtp.rcpt-to) listenerId = "smtp", localPort = 25, remoteIp = 180.7.189.51, remotePort = 51465, to = "[email protected]"
2025-01-28T07:05:11Z INFO SMTP RCPT TO command (smtp.rcpt-to) listenerId = "smtp", localPort = 25, remoteIp = 180.7.189.51, remotePort = 51465, to = "[email protected]"

But in my Security > Blocked IPs does not list 180.7.189.51

I think the Abuse attempts banning system should catch this correct? I am guessing Stalwart might have an issue with the timestamp all being the exact same time?

How can we reproduce the problem?

I can reproduce the problem by doing the following steps:

Send a lot of SMTP RCPT TO commands

Version

v0.11.x

What database are you using?

RocksDB

What blob storage are you using?

RocksDB

Where is your directory located?

Internal

What operating system are you using?

Docker

Relevant log output

Code of Conduct

• I agree to follow this project's Code of Conduct

[mdecimus]

Try setting the log level to trace and please share the full log with the error message that Stalwart is returning to the client.