Search found 57 matches

by mpfrench
2018-11-06 16:47
Forum: Feature requests
Topic: Country Code IP Block / Allow ( GeoIP )
Replies: 39
Views: 12764

Re: Country Code IP Block / Allow ( GeoIP )

MattG and SorenR, thank you for your insightful comments. The sophistication of your code examples above shows quite a bit of development time spent on solving this problem. Perhaps I should give SpamAssassin another try. I ran it for a short while a couple years ago but did not see much improvement...
by mpfrench
2018-11-05 22:27
Forum: Feature requests
Topic: Country Code IP Block / Allow ( GeoIP )
Replies: 39
Views: 12764

Re: Country Code IP Block / Allow ( GeoIP )

Soren, your code is a very nice piece of work! I have very few users for my system and can simplify the logic a bit. I'll try to implement prohibiting connections from undesirable countries upon first connection attempt on all ports thereby avoiding placing these prohibited connections in any table....
by mpfrench
2018-11-05 16:56
Forum: Feature requests
Topic: Country Code IP Block / Allow ( GeoIP )
Replies: 39
Views: 12764

Re: Country Code IP Block / Allow ( GeoIP )

Thanks Matt for your suggestion to use OnClientConnect. I may be able to cook something up using the match value returned by zz.countries.nerd.dk.

If I develop something that works properly, I'll post it in this thread.
by mpfrench
2018-11-04 14:18
Forum: Feature requests
Topic: Country Code IP Block / Allow ( GeoIP )
Replies: 39
Views: 12764

Re: Country Code IP Block / Allow ( GeoIP )

Thank you all for suggesting and detailing the use of the DNSBL method to prevent the delivery of messages from selected countries. I've run HMS with this configuration for a couple days and found that it works well. This is a big help to me. However, I would still like to find a more comprehensive ...
by mpfrench
2018-11-02 22:00
Forum: Feature requests
Topic: Country Code IP Block / Allow ( GeoIP )
Replies: 39
Views: 12764

Re: Country Code IP Block / Allow ( GeoIP )

Running HMS 5.6.8-B2431 I realize that this thread is over four years old and I don't find this capability in today's version of HMS. However, I would still like to accomplish this goal. In addition to maxmind.com which is a paid service, I've found IP2Location.com which has both paid and free versi...
by mpfrench
2017-10-31 23:35
Forum: Feature requests
Topic: Check that host has a Reverse DNS (PTR Record)
Replies: 3
Views: 1839

Re: Check that host has a Reverse DNS (PTR Record)

Thanks for the reply. Since you posted on github May 26, 2016, perhaps Martin didn't see it or forgot about it.
by mpfrench
2017-10-31 21:16
Forum: Feature requests
Topic: Check that host has a Reverse DNS (PTR Record)
Replies: 3
Views: 1839

Check that host has a Reverse DNS (PTR Record)

As an anti-spam measure, add a check that the mail server that connects to hMailserver has a valid reverse DNS record, i.e., PTR. This would be placed in the HMS "Anti-spam/Spam tests" tab with a user-assignable spam score. HMS is already gathering the data as shown by my log excerpt from 5.6.7-B241...
by mpfrench
2017-06-09 18:07
Forum: Feature requests
Topic: Add a Black List to the HMS Anti-Spam Config
Replies: 11
Views: 2953

Re: Add a Black List to the HMS Anti-Spam Config

I don't run my own DNS. Also, since I use an off-site MX, finding the IP address that connected to my MX would require some sophisticated scripting on my part. Since HMS has this scripting built-in when one populates the Incoming Relays section, the best way to handle what I want to accomplish is ad...
by mpfrench
2017-06-09 16:55
Forum: Feature requests
Topic: Add a Black List to the HMS Anti-Spam Config
Replies: 11
Views: 2953

Add a Black List to the HMS Anti-Spam Config

I'm currently running HMS 5.6.7-B2407. It does a very good job of using DNS Black Lists to fight spammers. However, spammers have found ways to avoid being listed on SpamCop and Spamhaus. These resourceful spammers seem to be using very large blocks of IP addresses to spread their load to stay below...
by mpfrench
2017-06-05 20:06
Forum: General discussions
Topic: Good, Free, Command Line Scanner for HMS
Replies: 3
Views: 1000

Good, Free, Command Line Scanner for HMS

I'm running hMailServer-5.6.7-B2407 on Windows 7 Ultimate. I've successfully used the various incarnations of AVG Free for several years as an external malware scanner with HMS. However, AVG 2017 (AVG 17) Free removed the command line interface. See https://support.avg.com/answers?id=906b0000000Dc30...
by mpfrench
2017-01-17 04:31
Forum: General discussions
Topic: 5.6.7-B2405 Works Great
Replies: 1
Views: 640

5.6.7-B2405 Works Great

I've been running v. 5.6.7-B2405 since 6 Jan 2017 and found that it works great.
by mpfrench
2017-01-07 04:13
Forum: General discussions
Topic: Documentation Update Regarding External Virus Scanners
Replies: 18
Views: 3451

Re: Documentation Update Regarding External Virus Scanners

I've prepared a MS Word document in track-changes format which shows the precise additions and deletions. However, I cannot get the forum system to let me attach it. The system gives me an error message that the file extension is invalid. I've tried docx and rtf. Mattg, if you send me your e-mail ad...
by mpfrench
2017-01-06 16:15
Forum: General discussions
Topic: Documentation Update Regarding External Virus Scanners
Replies: 18
Views: 3451

Documentation Update Regarding External Virus Scanners

The section on configuring an external virus scanner is now incorrect on page https://www.hmailserver.com/documentation/latest/?page=reference_antivirus . The free version of AVG is now up to 16 and installs itself in "C:\Program Files (x86)\AVG" on 64-bit versions of Windows. The syntax of the comm...
by mpfrench
2016-07-19 15:03
Forum: Development & alpha discussions
Topic: 5.6.5-B2367 Spam Check Failures
Replies: 38
Views: 14772

Re: 5.6.5-B2367 Spam Check Failures

Mattg, the wording you proposed is an improvement. However, it is a bit wordy and I'm afraid a user may get lost. The most important fact which must come across to the reader is the fact that all of the possible IP addresses that are associated with an external MX must be defined in the Incoming Rel...
by mpfrench
2016-07-19 02:33
Forum: Development & alpha discussions
Topic: 5.6.5-B2367 Spam Check Failures
Replies: 38
Views: 14772

Re: 5.6.5-B2367 Spam Check Failures

I've been experimenting a bit and found a way to make 5.6.5-B2367 spam checking work correctly with my off-site MX. The lesson I learned was that one must populate the Incoming Relays sections with all the IP addresses that one's off-site MX could use, including its own internal hand-off IPs. Eviden...
by mpfrench
2016-06-21 13:27
Forum: Development & alpha discussions
Topic: 5.6.5-B2367 Spam Check Failures
Replies: 38
Views: 14772

Re: 5.6.5-B2367 Spam Check Failures

Another SPF checker [http://tools.bevhost.com/spf/] that I stumbled upon gives slightly different results. The Choicehotels example yeilds a permerror while the Homedepot example yields a pass. I don't see a valid reason for the double quotes in the SPF TXT records but I'm not sure that they are tec...
by mpfrench
2016-06-21 03:26
Forum: Development & alpha discussions
Topic: 5.6.5-B2367 Spam Check Failures
Replies: 38
Views: 14772

Re: 5.6.5-B2367 Spam Check Failures

I'll be happy to suggest some documentation changes as soon as I convince myself that I really understand how to use the Incoming Relays section in HMS. I've been running with the HMS Incoming Relays section set to my two MXs [smtp.dnsexit.com], 64.182.101.45, and 67.214.161.149. I have not noticed ...
by mpfrench
2016-06-20 01:47
Forum: Development & alpha discussions
Topic: 5.6.5-B2367 Spam Check Failures
Replies: 38
Views: 14772

Re: 5.6.5-B2367 Spam Check Failures

I initially had the Incoming Relays defined as all the dnsexit servers that deliver mail to mpfrench.com. This did not allow HMS to work correctly. It makes more sense to me that I need to tell HMS what my MXs IPs are so that it can start the spam checks on the IP address that connects to my MX. I h...
by mpfrench
2016-06-19 19:31
Forum: Development & alpha discussions
Topic: 5.6.5-B2367 Spam Check Failures
Replies: 38
Views: 14772

Re: 5.6.5-B2367 Spam Check Failures

I may have setup the Incoming Relay definition incorrectly previously. I've changed it to match the A records of smtp.dnsexit.com, 64.182.101.45 and 67.214.161.149, which are my MX IP addresses. I'll run this way for a while and report the results after I've double-checked HMS's operation. The HMS d...
by mpfrench
2016-06-19 18:24
Forum: Development & alpha discussions
Topic: 5.6.5-B2367 Spam Check Failures
Replies: 38
Views: 14772

Re: 5.6.5-B2367 Spam Check Failures

Here is what the HMS 5.6 documentation says about Incoming Relays: "When hMailServer performs anti-spam tests on a message it will use the connecting IP address to determine where the message is arriving from. When hMailServer receives an email from a MX backup server, hMailServer can't use the send...
by mpfrench
2016-06-19 17:52
Forum: Development & alpha discussions
Topic: 5.6.5-B2367 Spam Check Failures
Replies: 38
Views: 14772

Re: 5.6.5-B2367 Spam Check Failures

Here is a better example of the SPF problem in HMS. The following is the message header: Return-Path: JCPenney@e.jcpenney.com Received: from smtp3.dnsexit.com (nd196.dnsexit.com [64.182.102.196]) by mpfrench.com with ESMTP ; Sun, 19 Jun 2016 04:21:45 -0500 Received: from localhost (smtp-rx4 [64.182....
by mpfrench
2016-06-18 23:00
Forum: Development & alpha discussions
Topic: 5.6.5-B2367 Spam Check Failures
Replies: 38
Views: 14772

Re: 5.6.5-B2367 Spam Check Failures

Here is the HMS log for the HELO spam check failure that I originally posted. "DEBUG" 6880 "2016-06-17 14:31:16.233" "TCP connection started for session 574" "SMTPD" 6880 574 "2016-06-17 14:31:16.233" "67.214.161.140" "SENT: 220 mpfrench.com ready" "SMTPD" 1700 574 "2016-06-17 14:31:16.280" "67.214....
by mpfrench
2016-06-18 02:21
Forum: Development & alpha discussions
Topic: 5.6.5-B2367 Spam Check Failures
Replies: 38
Views: 14772

5.6.5-B2367 Spam Check Failures

I've run 5.6.5-B2367 for a couple days and noticed that it does not perform SPF and HELO spam checks properly and flags things that it should not. Here are examples of each: Here is an example where HMS should not have flagged a HELO spam failure. I use the servers at dnsexit.com as my MX and have H...
by mpfrench
2016-06-17 22:10
Forum: Development & alpha discussions
Topic: 5.6.5 and 5.7
Replies: 17
Views: 12693

Re: 5.6.5 and 5.7

I ran 5.6.5-B2367 for a couple of days. The spam checks for MX and HELO do not work correctly and flag things that they should not. I am using an off-site MX but have HMS set to recognize these MXs in the Relay section.

Martin, I sent you a couple e-mails that document the problems.

Thanks,
Mike
by mpfrench
2016-05-06 17:53
Forum: General discussions
Topic: Spam Check Ignored Unless FQDN is Presented in HELO
Replies: 26
Views: 5335

Re: Spam Check Ignored Unless FQDN is Presented in HELO

Yes, I believe that the problem is common to all using HMS, relays or not. HMS does not perform any spam checking unless it finds a fully qualified domain name presented by the mail server that connects to HMS or to the incoming relay specified in HMS's configuration. I've verified that HMS does not...
by mpfrench
2016-05-06 02:21
Forum: General discussions
Topic: Spam Check Ignored Unless FQDN is Presented in HELO
Replies: 26
Views: 5335

Re: Spam Check Ignored Unless FQDN is Presented in HELO

It's been a while. Is anyone working to fix this problem in HMS?
by mpfrench
2016-04-02 19:51
Forum: General discussions
Topic: Spam Check Ignored Unless FQDN is Presented in HELO
Replies: 26
Views: 5335

Re: Spam Check Ignored Unless FQDN is Presented in HELO

I ran SpamAssasin for a while and found that it does everything well. However, I found it too labor intensive for me. Viewing the HMS log above, it is clear that HMS did not attempt any blocking list queries. This is different from the bug we saw recently where the queries were failing. The fact tha...
by mpfrench
2016-04-02 03:41
Forum: General discussions
Topic: Spam Check Ignored Unless FQDN is Presented in HELO
Replies: 26
Views: 5335

Re: Spam Check Ignored Unless FQDN is Presented in HELO

dnsexit.com relays mail to me using any of the following four IP addresses: 64.182.102.196 64.182.103.22 67.214.161.138 67.214.161.140 I have HMS set to recognize these relays by entering them in the Incoming Relays section of the Advanced tab. (I was going to include a screen shot, but could not fi...
by mpfrench
2016-04-02 02:01
Forum: General discussions
Topic: Spam Check Ignored Unless FQDN is Presented in HELO
Replies: 26
Views: 5335

Re: Spam Check Ignored Unless FQDN is Presented in HELO

The root cause of this problem is not related to local DNS reliability. I've exhaustively checked my DNS using Steve Gibson's tools (https://www.grc.com/dns/benchmark.htm). My local DNS is rock solid. I have HMS running on a Windows 7 system but am not running my own DNS server but using my ISP's DN...
by mpfrench
2016-04-01 19:32
Forum: General discussions
Topic: Spam Check Ignored Unless FQDN is Presented in HELO
Replies: 26
Views: 5335

Spam Check Ignored Unless FQDN is Presented in HELO

The subject problem is a generalization of the one that I wrote about in https://www.hmailserver.com/forum/viewtopic.php?f=7&t=29470 and is likely due to the same root cause. I have the most detailed HMS log entries selected in my setup and have the following spam tools enabled: Spamhaus, SpamCop, A...
by mpfrench
2016-03-30 22:45
Forum: General discussions
Topic: Spam Check Ignored When Literal IP Address is Presented
Replies: 20
Views: 4487

Re: Spam Check Ignored When Literal IP Address is Presented

Thanks to all for your help in running this issue to ground. I just sent Martin an e-mail, asking him to fix the problem.
by mpfrench
2016-03-30 19:44
Forum: General discussions
Topic: Spam Check Ignored When Literal IP Address is Presented
Replies: 20
Views: 4487

Re: Spam Check Ignored When Literal IP Address is Presented

Jimimaseye, I have all the HMS logging enabled, every box. What I showed above is all that is available in this version of HMS. Here is an example of my HMS log when HMS is working as it should: -------------------------- "DEBUG" 1808 "2016-03-30 12:28:28.133" "TCP connection started for session 629...
by mpfrench
2016-03-30 18:03
Forum: General discussions
Topic: Spam Check Ignored When Literal IP Address is Presented
Replies: 20
Views: 4487

Re: Spam Check Ignored When Literal IP Address is Presented

SorenR, time is not going backwards. The time zones are different. Yes, dnsexit relays mail to my server on any of four IP addresses which I have HMS set to recognize.
by mpfrench
2016-03-30 17:06
Forum: General discussions
Topic: Spam Check Ignored When Literal IP Address is Presented
Replies: 20
Views: 4487

Re: Spam Check Ignored When Literal IP Address is Presented

Mattg, the log that I posted is all that HMS gave me. I have all available option boxes checked. All, I have HMS set to recognize my off-site MX as a relay and HMS spam checking does process the IP address of the machine that connected to my MX for all cases where a domain name is presented to my MX...
by mpfrench
2016-03-30 06:45
Forum: General discussions
Topic: Spam Check Ignored When Literal IP Address is Presented
Replies: 20
Views: 4487

Re: Spam Check Ignored When Literal IP Address is Presented

I forgot to mention that I am running HMS 5.6.5-B2329. I have HMS set to flag Spamhaus, SpamCop, Abuseat, SURBL, HELO discrepancies, missing DNS-MX entries, and SPF errors. Here is the HMS log for the message in question. ----------------------------- "DEBUG" 1808 "2016-03-29 12:39:25.563" "Creating...
by mpfrench
2016-03-29 21:06
Forum: General discussions
Topic: Spam Check Ignored When Literal IP Address is Presented
Replies: 20
Views: 4487

Spam Check Ignored When Literal IP Address is Presented

Fighting spammers is a challenge. However, hMailServer has rather good spam fighting tools built in. The problem I'm having is that these tools are not used when the incoming server presents a literal IP address instead of a domain name. As an example, a SpamCop report is shown as follows for a mess...
by mpfrench
2016-03-27 00:08
Forum: SpamAssassin implementation discussions
Topic: Spam DNS Blacklists seem to have stopped working
Replies: 30
Views: 9327

Re: Spam DNS Blacklists seem to have stopped working

I've been running 5.6.5-B2329 for several days now and monitoring the log files. All the spam fighting tools are working as they should.
by mpfrench
2015-11-23 19:42
Forum: SpamAssassin implementation discussions
Topic: Spam DNS Blacklists seem to have stopped working
Replies: 30
Views: 9327

Re: Spam DNS Blacklists seem to have stopped working

I've observed the seemingly random DNS query failures for a while now and have exhaustively checked my system's DNS performance using Steve Gibson's tool (https://www.grc.com/dns/benchmark.htm) and found nothing wrong with my DNS. Moreover, when I notice HMS logging these DNS query failures, I can m...
by mpfrench
2015-11-15 05:45
Forum: SpamAssassin implementation discussions
Topic: Spam DNS Blacklists seem to have stopped working
Replies: 30
Views: 9327

Re: Spam DNS Blacklists seem to have stopped working

I had assumed that SURBL checking would be shown in the regular HMS log but it appears only in the debug view. It should be shown in the regular log as are SpamCop, Spamhaus, etc. I did re-run my test with the debug view activated and confirmed that SURBL works in v. 5.6.4-B2283 as shown by the foll...
by mpfrench
2015-11-14 05:37
Forum: SpamAssassin implementation discussions
Topic: Spam DNS Blacklists seem to have stopped working
Replies: 30
Views: 9327

Re: Spam DNS Blacklists seem to have stopped working

multi.surbl.org is not working but spamcop, spamhaus, and sorbs are working. I tried the suggested addition to hmailserver.ini: [Settings] LogLevel=99 but this did not fix anything. Here is a test message and HMS log entry that shows the problem. I am running v. 5.6.4-B2283: Complete Message: Return...
by mpfrench
2015-11-05 19:19
Forum: General discussions
Topic: Spam Detection with HMS Set to Accept Relays from an Offsite MX
Replies: 3
Views: 1020

Re: Spam Detection with HMS Set to Accept Relays from an Offsite MX

Thanks for your suggested work-arounds. The HMS log entry for the e-mail message above is shown below. My MX is at dnsexit.com which relays to mpfrench.com. Notice that the spamhaus and spamcop IPs that are checked are correct (96.114.154.161). However, when HMS performs the functions "Check Host in...
by mpfrench
2015-11-04 21:16
Forum: General discussions
Topic: Spam Detection with HMS Set to Accept Relays from an Offsite MX
Replies: 3
Views: 1020

Spam Detection with HMS Set to Accept Relays from an Offsite MX

I have hmailserver (HMS) v 5.6.4 set to receive relays from an offsite MX. However, HMS incorrectly labels messages as spam when I turn on the option "Check host in the HELO command". I have entered the MX's IP addresses in the Incoming Relays box and HMS correctly recognizes the delivering address ...
by mpfrench
2014-09-11 20:52
Forum: General discussions
Topic: OpenSSL 1.0.1i is available
Replies: 2
Views: 801

OpenSSL 1.0.1i is available

06-Aug-2014: OpenSSL 1.0.1i is now available, including bug and security fixes. See http://www.openssl.org/
by mpfrench
2014-06-13 14:14
Forum: General discussions
Topic: OpenSSL 1.0.1h Fixes Serious Bug
Replies: 18
Views: 8879

Re: OpenSSL 1.0.1h Fixes Serious Bug

Bill, I have been running your beta build for a week now without noticing any problems. I assume that this is equivalent to the latest production build that Martin released.
by mpfrench
2014-06-06 16:03
Forum: General discussions
Topic: OpenSSL 1.0.1h Fixes Serious Bug
Replies: 18
Views: 8879

Re: OpenSSL 1.0.1h Fixes Serious Bug

I just installed the new build and will let you know how it does after it runs a while.
by mpfrench
2014-06-06 03:10
Forum: General discussions
Topic: OpenSSL 1.0.1h Fixes Serious Bug
Replies: 18
Views: 8879

Re: OpenSSL 1.0.1h Fixes Serious Bug

Somebody corrected the date. It is OK now.
by mpfrench
2014-06-06 01:54
Forum: General discussions
Topic: OpenSSL 1.0.1h Fixes Serious Bug
Replies: 18
Views: 8879

Re: OpenSSL 1.0.1h Fixes Serious Bug

Bill, your log date is off by a month.
by mpfrench
2014-06-05 21:04
Forum: General discussions
Topic: OpenSSL 1.0.1h Fixes Serious Bug
Replies: 18
Views: 8879

OpenSSL 1.0.1h Fixes Serious Bug

Need to integrate OpenSSL 1.0.1h ASAP.
by mpfrench
2013-08-26 15:56
Forum: Archived feature requests
Topic: ssl/tls and starttls [50%]
Replies: 145
Views: 92310

Re: ssl/tls and starttls

By the way, the following is an excellent site to determine whether or not a mail server is implementing RFC-3207 correctly: CheckTLS.com
by mpfrench
2013-07-20 01:45
Forum: Archived feature requests
Topic: ssl/tls and starttls [50%]
Replies: 145
Views: 92310

Re: ssl/tls and starttls

I think that the reason that we're seeing so much interest in RFC-3207 (TLS SMTP server-to-SMTP server) is that the business community is getting tired of manually encrypting and decrypting messages in their mail clients using the S/MIME system or the PGP/GPG system. RFC-3207, for the most part, neg...
by mpfrench
2013-07-19 20:34
Forum: Archived feature requests
Topic: ssl/tls and starttls [50%]
Replies: 145
Views: 92310

Re: ssl/tls and starttls

I have been an hMailserver user for a few years and appreciate its usefulness. However, I have recently acquired some customers who insist upon my using RFC-3207 TLS server-to-server encryption which hMailserver currently does not perform. I voted for this feature in the poll. However, I would like ...
by mpfrench
2009-02-19 12:25
Forum: General discussions
Topic: .Net Framework
Replies: 5
Views: 1444

.Net Framework

I am very disappointed to find that hMailserver v 5 requires Microsoft's .Net Framework whereas previous versions did not. The .Net Framework is nothing but bloatware that noticeably slows my computer for all tasks. I won't run it.
by mpfrench
2008-10-25 03:47
Forum: Archived feature requests
Topic: SpamAssasin Integration
Replies: 49
Views: 40552

Re: SpamAssasin Integration

Actually, I've run hMailServer for over a year and rarely have any spam get through it. By activating the server's connection features (DNS Blacklist, MX verification, HELO name verification), I've blocked 99.99% of all spam before it gets delivered. The only drawback to this approach is that once i...
by mpfrench
2008-10-10 02:19
Forum: Archived feature requests
Topic: Build Webmail Directly Into hMailserver
Replies: 5
Views: 3491

Build Webmail Directly Into hMailserver

Suggestion: Add webmail into hMailserver, negating the need for any add-on such as Apache, PHP, and SquirrelMail. Then make the Internet port settable by the administrator. Also make the protocol selectable, i.e., http or https.
by mpfrench
2007-07-19 05:01
Forum: Archived feature requests
Topic: Reverse DNS Lookup for Servers Using Literal IP Address
Replies: 10
Views: 5376

Reverse DNS Lookup for Servers Using Literal IP Address

Frankly, fighting spam delivery to my domain is far more important to me than strictly following any RFC. The mail that my domain chooses to accept is my business alone.
by mpfrench
2007-07-18 19:29
Forum: Archived feature requests
Topic: Reverse DNS Lookup for Servers Using Literal IP Address
Replies: 10
Views: 5376

Reverse DNS Lookup for Servers Using Literal IP Address

I don't understand why you voted against this option feature since you were the author of a very similar request.
by mpfrench
2007-07-18 11:43
Forum: Archived feature requests
Topic: Reverse DNS Lookup for Servers Using Literal IP Address
Replies: 10
Views: 5376

Reverse DNS Lookup for Servers Using Literal IP Address

Spammers have begun using literal IP addresses in place of names in the HELO/EHLO line. Currently, hmailserver accepts such connections. My suggestion is to add an option to hmailserver to require a valid reverse DNS lookup in such cases. Spammers that use literal IP addresses in place of server nam...