onMailFrom hits, but onData does not

[Redsandro]

I'm receiving a lot of mails (probably spam or hacking attempts) that trigger onMailFrom, but not onData.

onMailFrom just prints a message and fires the callback. Nothing is filtered here.

const onMailFrom = _onMailFrom.bind(this, secure)
function _onMailFrom(secure, address, session, callback) {
    const sec = secure ? 'secure' : 'INSECURE'
    const message = `Incoming ${sec} mail from ${address.address}`

    if (secure) logger.info(message)
    else logger.warn(message)

    return callback()
}

I was under the impression that onData always fires next. However, in the case of this spam attack, it is not fired.

Again, I am not doing any filtering. Why is onData not fired?

Note: In this case, the result is actually desirable. However I don't feel comfortable not knowing why this is happening.

[andris9]

Are you sure that they are actually trying to send anything? Some scanners only make the RCPT TO command to check if recipient is accepted or not.

[Redsandro]

@andris9 no I am actually not sure. I just assumed because I am not rejecting anyone in the onMailFrom function.

Unfortunately now that I've added more verbose logging around the functions, the unknown host stopped spamming. It did about 3 requests every second for about 5 hours.

[Redsandro]

@andris9 is there a way for me to console.log() the entire session? So that I can monitor EHLO, MAIL, RCPT, DATA etc when this is going on?

[andris9]

Use the logger option as shown here.

[Redsandro]

I missed that option. I will try this and see if I can catch it. It doesn't happen often.