Search found 39 matches

by EduardoFoltran
2019-07-24 14:19
Forum: Off-topic discussions
Topic: New DNSBL designed for hMailServer
Replies: 33
Views: 1893

Re: New DNSBL designed for hMailServer

"IDS BAN" means to many connects and no actual mail received (IDS Add with no immediate following IDS Delete). Limit is 3 connects in 180 minutes and no mail = BAN. Handler is run every 1 minute so sometimes additional concurrent connects are registered before the BAN is in place. That is an excell...
by EduardoFoltran
2019-07-21 12:58
Forum: Off-topic discussions
Topic: New DNSBL designed for hMailServer
Replies: 33
Views: 1893

Re: New DNSBL designed for hMailServer

I know personally four more people who disagree with you. They are my users. What you call a false positive I call an early detection of a threat. If someone is sending emails using the same tools as spammers do, such as domestic connections and dynamic domain names, they are not to be taken serious...
by EduardoFoltran
2019-07-20 20:38
Forum: Off-topic discussions
Topic: New DNSBL designed for hMailServer
Replies: 33
Views: 1893

Re: New DNSBL designed for hMailServer

My apologies. It appears I used the wrong IP address. :oops: a1i600.smtp2go.com 43.228.186.88 is one of their relay IPs. Name: 88.186.228.43.dnsbl.spamdonkey.com Address: 127.0.0.2 Still too many false positives for me. Good luck. This is not a false positive. SMTP2GO sends messages for third parts...
by EduardoFoltran
2019-07-20 19:18
Forum: Off-topic discussions
Topic: New DNSBL designed for hMailServer
Replies: 33
Views: 1893

Re: New DNSBL designed for hMailServer

That's my relay, SMTP2GO. I'm on a residential IP which is why I use a relay. I'm not worried about my IP. I'm not on any blacklists except for policy lists, but my mail gets through to everywhere except mail servers that reject using Spamdonkey, apparently. I recommend you to find a better relay s...
by EduardoFoltran
2019-07-20 17:40
Forum: Off-topic discussions
Topic: New DNSBL designed for hMailServer
Replies: 33
Views: 1893

Re: New DNSBL designed for hMailServer

Dynamic IPs don't get listed on spamhaus unless it's associated with spam. Except of course on the PBL, but that is a different return code which mail administrators can choose to use or not. Well, you have a point there! I am not SpamHaus. SpamHaus is too soft and that is the reason I build SpamDo...
by EduardoFoltran
2019-07-20 15:55
Forum: Off-topic discussions
Topic: New DNSBL designed for hMailServer
Replies: 33
Views: 1893

Re: New DNSBL designed for hMailServer

SpamDonkey hit: 207.38.69.194 - mail.dynu.com - United States at 2019-07-20 07:32:02.299 Zulu. Time included is USA EDT (New York) Yep. It is dynamic IP domain provider. I have 30 IPs listed under this domain and all have also hits on my spam traps. I cleaned their servers listed on the SPF record,...
by EduardoFoltran
2019-07-20 15:07
Forum: Off-topic discussions
Topic: New DNSBL designed for hMailServer
Replies: 33
Views: 1893

Re: New DNSBL designed for hMailServer

Would you please explain ALL of your listing criteria for each level? It does not appear to be available on your website. The only one we know of is if rDNS fails it goes straight to level 5. I can’t tell you ALL my listing criteria. Most of them are fails I identified on the way spammers behave an...
by EduardoFoltran
2019-07-19 20:09
Forum: Off-topic discussions
Topic: New DNSBL designed for hMailServer
Replies: 33
Views: 1893

Re: New DNSBL designed for hMailServer

RvdH wrote:
2019-07-19 19:17
My ISP used to block port 25 as well, but no longer... guess it has something to do with all those IOT devices in almost every household nowadays
IoT devices should communicate via MQTT, not SMTP on port 25.
by EduardoFoltran
2019-07-19 19:09
Forum: Off-topic discussions
Topic: New DNSBL designed for hMailServer
Replies: 33
Views: 1893

Re: New DNSBL designed for hMailServer

They won't...they only allow/do this for business accounts I believe is better to be safe than sorry. The vast majority of emails on my spam trap with ransomware, phishing and scams come from home computers infected with all sorts of malware. Here in Brazil most IPS block port 25 on domestic connec...
by EduardoFoltran
2019-07-19 17:22
Forum: Off-topic discussions
Topic: New DNSBL designed for hMailServer
Replies: 33
Views: 1893

Re: New DNSBL designed for hMailServer

But how do you check it? Do you take the domain & tld part from the received e-mail FROM header? Next lookup the A-record for that domain and then check if the PTR-records contains the domain name from the FROM header? I don’t have access to what the client said on the EHLO or HELO, neither to the ...
by EduardoFoltran
2019-07-19 14:32
Forum: Off-topic discussions
Topic: New DNSBL designed for hMailServer
Replies: 33
Views: 1893

Re: New DNSBL designed for hMailServer

SorenR wrote:
2019-07-19 13:16

Perhaps the fact that I have a different rDNS (my domain) from all the rest of the subscriber base ?
Yep! If your rDNS is your own domain, you will not be listed.
by EduardoFoltran
2019-07-19 12:44
Forum: Off-topic discussions
Topic: New DNSBL designed for hMailServer
Replies: 33
Views: 1893

Re: New DNSBL designed for hMailServer

That is weird and a bit harsh because not all home IP's are spammers, I pay my ISP quitte a bit to have a static home IP and to be allowed to run my own mailserver. As SpamDonkey scores me with the highest possible ranking i think it is useless for me... spamhaus at least has an option to get home ...
by EduardoFoltran
2019-07-19 12:16
Forum: Off-topic discussions
Topic: New DNSBL designed for hMailServer
Replies: 33
Views: 1893

Re: New DNSBL designed for hMailServer

Love the name. How do you obtain IPs to score? As anyone, I have spamtraps. Other than that, I collect intelligence about the IP. I check the PTR record, look if it matches with DNS record, check for SPF record, check WHOIS to see how old the domain is, check for key words on the domain, check if t...
by EduardoFoltran
2019-07-19 11:22
Forum: Off-topic discussions
Topic: New DNSBL designed for hMailServer
Replies: 33
Views: 1893

Re: New DNSBL designed for hMailServer

I am a bit anxious to use it, as my own home private IP Address, whilst not on any blacklist, is listed as Level 5 in SpamDonkey :shock: :roll: Wonder how this is scored? All home IPs are automatically blocked by SpamDonkey. During the development of the service I notice that most email containing ...
by EduardoFoltran
2019-07-18 15:32
Forum: Off-topic discussions
Topic: New DNSBL designed for hMailServer
Replies: 33
Views: 1893

New DNSBL designed for hMailServer

Greetings! As anyone who manages an email service, I struggle against spammers. Since I started to use hMailServer, this task became much easier. Among the options I have tried, the amount of resources embedded on hMailServer to help decide if a message is legitimate has no match. However, when exte...
by EduardoFoltran
2018-08-03 17:19
Forum: Feature requests
Topic: Minutes Between The Sending For IP Warming Up
Replies: 3
Views: 1480

Re: Minutes Between The Sending For IP Warming Up

Hi! Indeed! This is a very useful feature for those who want to use HMS to send spam. One is not blacklisted just for sending emails, but for sending lots of emails to spam traps. As my main goal for the last 8 months has being to fight spammers, I am very concerned about their behaviour and this im...
by EduardoFoltran
2018-07-31 15:46
Forum: Feature requests
Topic: SPF hard and softfail
Replies: 6
Views: 4979

Re: SPF hard and softfail

I believe any implementation that gives more fine tunning on spams is welcome. It may not be excencial and I am sure experienced people will always find a workarround, but having it easily configurable does help and saves a lot of time.
by EduardoFoltran
2018-07-30 19:49
Forum: Feature requests
Topic: Improved Auto-Ban
Replies: 3
Views: 1228

Re: Improved Auto-Ban

Hi Mattg and SorenR Thanks for the feedback! I blocked login from port 25 and it indeed had an impact on auto-ban. I am studying SorenR’s script to see if I can do something without the OnHelo event. I am using Matin’s compilation and I am not planning to change it in a near future. I believe such e...
by EduardoFoltran
2018-07-27 16:59
Forum: Feature requests
Topic: Improved Auto-Ban
Replies: 3
Views: 1228

Improved Auto-Ban

Hi! I would like to suggest an implementation to improve the auto-ban security feature but first I believe it should be useful to put this proposal under context. I had some users with a severe problem of spam. Despite my best effort, I could not make a sensible impact on the amount of spam these pa...
by EduardoFoltran
2018-01-20 15:59
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 4264

Re: Intermitent problem with SSL comunication

Hi Matt It seems to me that neither HMS nor RC had anything to do with the problem. It is a OS "misconfiguration" caused by the update of last saturday. I had to do one more trick to put all back to track, that was update the RoundCube database in order to recover users contacts and configurations. ...
by EduardoFoltran
2018-01-20 13:19
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 4264

Re: Intermitent problem with SSL comunication

Hi I have one more peace to this puzzle. I was looking for a solution on RoundCube forum and among the many connection failure posts I found one with a different error but the same symptons. External email clientes could connect to port 993, but RC could not. Some one sugested to use de FQDN in the ...
by EduardoFoltran
2018-01-20 11:21
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 4264

Re: Intermitent problem with SSL comunication

@mattg, thanks for trying to help me. I have moderate a forum for about 7 year and I now how demanding it is. Shouldn't that be $config['default_host'] ='tls://localhost'; Although the fact that it is wrong may be why it is working Indeed. I had not noticed the misspelling. By changing to TLS it can...
by EduardoFoltran
2018-01-19 19:04
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 4264

Re: Intermitent problem with SSL comunication

Update My users running W7 suddenly are able to connect again. I was preparing to transfer data to the new server in order to make more tests and after I enable file sharing on the server, no more than 20 minutes after that, a user/friend reported his Outlook was working again. I checked with severa...
by EduardoFoltran
2018-01-19 17:30
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 4264

Re: Intermitent problem with SSL comunication

I'm assuming that port 143 is StartTLS Required on hMailserver (Diagnostics will confirm this and other relevant info, without disclosing private detail), and that roundcube is set to TLS. No, it is not. Port 143 is StartTLS Optional. I can't stablish a secure connection with RC. Before the issue b...
by EduardoFoltran
2018-01-18 15:24
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 4264

Re: Intermitent problem with SSL comunication

And you still think that you don't need a rule in your AWS firewall to NOT inspect SSL traffic?? I am trying to understand your thinking. The AWS firewall sits on a virtual RRAS, wich has not been changed since I first subscribed to AWS. The rules were set about 5 years ago and never changed ever s...
by EduardoFoltran
2018-01-18 12:21
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 4264

Re: Intermitent problem with SSL comunication

mattg wrote:Is this also an amazon server instance?
Yes, like the one before, that worked fine for one and a half years behind the same firewall.
by EduardoFoltran
2018-01-17 21:43
Forum: General discussions
Topic: suddenly i can't login via IMAP
Replies: 5
Views: 1099

Re: suddenly i can't login via IMAP

I am facing a similar problem that started suddenly as well.

viewtopic.php?f=7&t=32268

I am clueless.
by EduardoFoltran
2018-01-17 19:35
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 4264

Re: Intermitent problem with SSL comunication

I wish to thanks all of you for the tips so far. Although they have not solved the problem, they helped me to better understand what is going on. Not knowing anything about AWS, I just did some research and it seems to me that it does inbound and outbound packet inspection for SSL connections - This...
by EduardoFoltran
2018-01-16 20:19
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 4264

Re: Intermitent problem with SSL comunication

My server runs in a EC2 instance at Amazon AWS. The only thing accesseble by the outside world are the ports needed to perform e-mail operation. Every day I find some stange IP from China or Russia on the blocking list. Of course, they have to guess user name and password in order to invade an accou...
by EduardoFoltran
2018-01-16 17:44
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 4264

Re: Intermitent problem with SSL comunication

Do you run some fancy sort of Deep Packet inspection or Intrusion Detection Firewall? If the Client doesnt abort the connection by itself, typically a Firewall can intercept any connection and close ports or reject specific IPs according to your Firewall Rules. No, just regular Windows Server Firew...
by EduardoFoltran
2018-01-16 13:57
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 4264

Re: Intermitent problem with SSL comunication

So you don't have antivirus installed on that machine? I do. Clamwin is working fine and no virus or other issues detected. Here is the debug log: RoundCube [16-Jan-2018 09:44:54 -0200]: <emblcv14> IMAP Error: Login failed for eduardo@MyDomain.com from 187.xx.xx.26. Could not connect to ssl://local...
by EduardoFoltran
2018-01-16 10:51
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 4264

Re: Intermitent problem with SSL comunication

Hi! At this point, I'm going to guess that you have software doing a man-in-middle, that takes connections from your clients and connects to your server. Antivirus software on the server that does mail inspection will do this. Check your anti-virus on your hmailserver for settings like 'check encryp...
by EduardoFoltran
2018-01-15 21:41
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 4264

Re: Intermitent problem with SSL comunication

I checked the IMAP interface with the Comodo Tool. No problem detected. Cipher Suites Enabled Name (ID) Key Size (in bits) TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030) 256 ECDH 256-bit (P-256) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028) 256 ECDH 256-bit (P-256) TLS_ECDHE_RSA_WITH_AES_256_CBC_SH...
by EduardoFoltran
2018-01-15 19:41
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 4264

Re: Intermitent problem with SSL comunication

I already tryed to rollback all the updates, but the problem continues. Any change the update made remains even when it is removed. I received a feedback from a user that says she has two computers. Boths running Outlook 2016, but one on windows 10 and the other on windows 7. Outlook works on W10, b...
by EduardoFoltran
2018-01-15 17:37
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 4264

Re: Intermitent problem with SSL comunication

Hi! Nop. IPv6 has nothing to do. Things work the same with or without it. This are de errors I get: From RoundCube: [15-Jan-2018 13:27:57 -0200]: <fs2jni9d> IMAP Error: Login failed for MyEmail@MyDomain.com from 187.xx.xx.26. Could not connect to ssl://localhost:993: Unknown reason in C:\inetpub\www...
by EduardoFoltran
2018-01-15 15:22
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 4264

Intermitent problem with SSL comunication

Hi! Since saturday I have been struggling with my server. There was a routine update on Windows Server 2008 and after that I have a strange behaviour on secure ports. I have RoundCube as webmail software and it was the first I noticed a problem. It can no longer connect on IMAP port 993. I by-passed...
by EduardoFoltran
2017-12-09 12:21
Forum: User-submitted tutorials
Topic: HOW TO: get gMail certificates to validate
Replies: 11
Views: 8244

Re: HOW TO: get gMail certificates to validate

I would add that SSL v3 must be enable for it to work properly.Eduardo SSLv3.0 is very old, and completely broken - do not use it , do not enable it on your server, as some hacks start with highest security then downgrade security to lowest level then exploit it, or use low security to start with, ...
by EduardoFoltran
2017-12-08 21:07
Forum: User-submitted tutorials
Topic: HOW TO: get gMail certificates to validate
Replies: 11
Views: 8244

Re: HOW TO: get gMail certificates to validate

PS

Also it is needed to allow less secure apps in your Google account.
by EduardoFoltran
2017-12-08 17:58
Forum: User-submitted tutorials
Topic: HOW TO: get gMail certificates to validate
Replies: 11
Views: 8244

Re: HOW TO: get gMail certificates to validate

Thanks a lot for this post! Since last week I have been knocking my head on the wall trying to get emails from Gmail. Now it is working just fine!
I would add that SSL v3 must be enable for it to work properly.

Eduardo