Search found 135 matches

by mikedibella
2019-06-05 19:58
Forum: General discussions
Topic: HMAIL to Office365 without IMAP/POP
Replies: 25
Views: 900

Re: HMAIL to Office365 without IMAP/POP

If you don't have administrative access to the Office 365 tenant, but you do have the ability to login to Outlook Web Access, you can create a server-side rule for the mailbox to redirect mail to another mailbox. https://support.office.com/en-ie/article/forward-email-from-office-365-to-another-email...
by mikedibella
2019-06-05 05:37
Forum: General discussions
Topic: HMAIL to Office365 without IMAP/POP
Replies: 25
Views: 900

Re: HMAIL to Office365 without IMAP/POP

I'll try to lay out my recommendation to you more clearly. You have a mailbox on your Office 365 domain, let's call it mailbox@public-domain.com. You used to be able to download mail from that remote mailbox into a local mailbox hosted on hMailServer using the POP3 protocol. Now POP3 protocol access...
by mikedibella
2019-06-04 19:16
Forum: General discussions
Topic: HMAIL to Office365 without IMAP/POP
Replies: 25
Views: 900

Re: HMAIL to Office365 without IMAP/POP

Both Mail Users and Mail Contacts are created from ECP on the Recipients > Contacts tab.
by mikedibella
2019-06-04 16:52
Forum: General discussions
Topic: HMAIL to Office365 without IMAP/POP
Replies: 25
Views: 900

Re: HMAIL to Office365 without IMAP/POP

What I do with a couple of email addresses on my Office 365 tenant is to create them as distribution lists and set delivery management to allow sender inside and outside the organization to submit emails the the group. Next I setup a single contact with the external address I want to forward to. Add...
by mikedibella
2019-06-03 21:10
Forum: General discussions
Topic: HMAIL to Office365 without IMAP/POP
Replies: 25
Views: 900

Re: HMAIL to Office365 without IMAP/POP

Put another way, you should press client on why TLS encapsulation of HTTP is secure enough but TLS encapsulation of SMTP and IMAP is not. hMailServer can support either TLS encapsulation either of the whole connection sequence or via STARTTLS for SMTP, POP3, and IMAP, but cannot support using Active...
by mikedibella
2019-05-31 20:56
Forum: General discussions
Topic: Error Type SMTP 550-verification failed
Replies: 5
Views: 253

Re: Error Type SMTP 550-verification failed

Couple of issues I see. Your MX record is pointing to insyscr.com, I recommend changing it to point to mail.insyscr.com instead and use mail.insyscr.com as your hMailserver hostname. Create an A record in DNS for mail.insyscr.com to point to the public IP address for hMailserver. DNS does record an ...
by mikedibella
2019-05-31 18:30
Forum: General discussions
Topic: hmailserver & Cloudflare
Replies: 13
Views: 639

Re: hmailserver & Cloudflare

Login into the Cloudflare portal and select the domain corresponding to the right-hand side of your email address (i.e. email = my-name@my-domain, then select my-domain). Choose the DNS tile from the top. Using the Add Record button, add the following records: Type, Name, Value, TTL A, mail, public ...
by mikedibella
2019-05-31 17:34
Forum: General discussions
Topic: Error Type SMTP 550-verification failed
Replies: 5
Views: 253

Re: Error Type SMTP 550-verification failed

You cannot send mail to domains that use sender verification using a sender address (From: address) that does not exist at the sending domain. If you send a message From: from-name@from-domain, then a mailbox must exist in the from-domain mail servers for from-name.
by mikedibella
2019-05-31 05:55
Forum: General discussions
Topic: Error Type SMTP 550-verification failed
Replies: 5
Views: 253

Re: Error Type SMTP 550-verification failed

The remote server you are trying to send mail to implements sender verification (https://en.wikipedia.org/wiki/Callback_verification) and the sending address MX does not host that user. To fix, only send using senders from domains that you control, and make sure that you host a mailbox for those use...
by mikedibella
2019-05-10 15:53
Forum: Scripting
Topic: Move emails to top of the queue based on certain priority header flags
Replies: 45
Views: 1774

Re: Move emails to top of the queue based on certain priority header flags

I missed the FileCopy and RefreshContent methods being used as a work-around for the missing load-from-file method on the Message object. I'd also suggest you run the code using the cscript.exe interpreter and not the default wscript.exe interpreter. As you've seen, wscript will throw a modal dialog...
by mikedibella
2019-05-10 03:38
Forum: Scripting
Topic: Move emails to top of the queue based on certain priority header flags
Replies: 45
Views: 1774

Re: Move emails to top of the queue based on certain priority header flags

I don't think this code will work. I see the code is getting the stored message filename by parsing the UndeliveredMessages property, and that a Message object is created to parse the message. This line: Set oMail = CreateObject("hMailServer.Message") Creates a new message object instance. But this ...
by mikedibella
2019-04-22 19:27
Forum: General discussions
Topic: Exchange Online - Unrecognized authentication type
Replies: 15
Views: 1049

Re: Exchange Online - Unrecognized authentication type

My understanding of your situation is that your legacy architecture included an on-premise Exchange server hosting mailboxes for your internal users, and additional mail-enabled endpoints that used the Exchange infrastructure as an SMTP relay to deliver messages to internal and external addresses. Y...
by mikedibella
2019-04-19 01:02
Forum: General discussions
Topic: Exchange Online - Unrecognized authentication type
Replies: 15
Views: 1049

Re: Exchange Online - Unrecognized authentication type

This has been covered in previous posts. Office 365 does not support external-to-external SMTP relay. This is by design. It is not a product to use for that type of mailings. If you want to route mail though Office 365 SMTP servers, either the sender or the recipient must be a local user.
by mikedibella
2019-04-18 21:49
Forum: General discussions
Topic: Exchange Online - Unrecognized authentication type
Replies: 15
Views: 1049

Re: Exchange Online - Unrecognized authentication type

There are other articles on this site that describe how to configure your systems so that mail sent directly (using MX record lookup) from HMS has the requisite reputation to be accepted as ham. Maybe Jim can provide a link to his favorite post on this subject. If you want HMS to deliver directly to...
by mikedibella
2019-04-18 19:49
Forum: General discussions
Topic: Exchange Online - Unrecognized authentication type
Replies: 15
Views: 1049

Re: Exchange Online - Unrecognized authentication type

You can achieve authenticated send with Office 365 using username/password authentication, which requires that the Sender address match the primary STMP proxy address (reply address) for the account. So if your sending appliances can support username/password AUTH, just make sure that the mail clien...
by mikedibella
2019-04-16 20:00
Forum: General discussions
Topic: Exchange Online - Unrecognized authentication type
Replies: 15
Views: 1049

Re: Exchange Online - Unrecognized authentication type

That error is raised when the Sender email address doesn't match the proxy address of the authenticated user. It is more difficult to configure Office 365 as a relay for any-sender to any-recipient use cases. You might want to take a look at SendGrid free tier.
by mikedibella
2019-04-16 17:40
Forum: General discussions
Topic: Exchange Online - Unrecognized authentication type
Replies: 15
Views: 1049

Re: Exchange Online - Unrecognized authentication type

Are you trying to submit authenticated mail to Office 365 on port 25? Office 365 accepts only local delivery on port 25. Relay mail must be submitted using port 587. https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-u...
by mikedibella
2019-04-10 20:50
Forum: General discussions
Topic: Can more than one return value be entered when configuring external AV?
Replies: 4
Views: 494

Re: Can more than one return value be entered when configuring external AV?

Wrap the .exe in a .cmd script and use if errorlevel and exit exitCode to merge 12 and 13 into a single return value. The line

if errorlevel 12 exit 13

with exit the script and set the exitCode to 13 if the previous command exits with 12 or greater.
by mikedibella
2019-02-25 22:11
Forum: General discussions
Topic: smtp relay AFTER direct delivery attempt
Replies: 2
Views: 590

Re: smtp relay AFTER direct delivery attempt

I don't think hMailServer can do that, but you could host Microsoft SMTP Service on the same machine on a custom listening port and configure it to use your Smart Host, but check the box "Attempt direct delivery before sending to smart host". Then configure hMailServer to use this local MTA as it's ...
by mikedibella
2019-02-20 19:29
Forum: General discussions
Topic: Force SMTP AUTH for specific port
Replies: 9
Views: 1185

Re: Force SMTP AUTH for specific port

Change Connection Security to STARTTLS Required. This will cause the connection to be initiated over TCP, but require STARTTLS to be completed before any other verbs can be used.
by mikedibella
2019-02-06 18:33
Forum: Scripting
Topic: SMTP relayer
Replies: 4
Views: 1023

Re: SMTP relayer

You could use SMTP route, but that would require another machine to do the sending
Or possibly run a different relay (i.e. MS-SMTP) on the same machine on a custom port and use a route to forward to that MTA, and then use MX lookup for next-hop.
by mikedibella
2018-11-07 03:20
Forum: Off-topic discussions
Topic: ALternative to Office 365 Message Encryption capabilities
Replies: 7
Views: 1228

Re: ALternative to Office 365 Message Encryption capabilities

For the use case I describe below, the portal needs to be published, but it doesn't store the encrypted PDF. The portal is used to generate the one-time password (OTP) to decrypt the PDF. The basic flow of an starts when an email sent to the gateway is decomposed and the body and attachments are pub...
by mikedibella
2018-11-07 01:42
Forum: Off-topic discussions
Topic: ALternative to Office 365 Message Encryption capabilities
Replies: 7
Views: 1228

Re: ALternative to Office 365 Message Encryption capabilities

I did get Ciphermail working again for PDF encryption. Let me know if you want to compare notes.
by mikedibella
2018-11-01 18:11
Forum: Off-topic discussions
Topic: ALternative to Office 365 Message Encryption capabilities
Replies: 7
Views: 1228

Re: ALternative to Office 365 Message Encryption capabilities

It has been a while since I evaluated it. I just looked at my VCB archive and the last image I took of the appliance was in 2015. So it is very possible the project as evolved/morphed into the Ciphermail appliance. I definitely remember it was offered as a virtual appliance. The UI looks a lot clean...
by mikedibella
2018-10-31 19:47
Forum: Off-topic discussions
Topic: ALternative to Office 365 Message Encryption capabilities
Replies: 7
Views: 1228

Re: ALternative to Office 365 Message Encryption capabilities

I looked at Djigzo a while back...http://freshmeat.sourceforge.net/projects/djigzo

I found the recipient UI too crude, might have matured since then.
by mikedibella
2018-10-09 22:17
Forum: General discussions
Topic: Having issues getting SSL certificate to work
Replies: 15
Views: 1688

Re: Having issues getting SSL certificate to work

Change connection security on port 25 from STARTTLS Required to STARTTLS Optional.
by mikedibella
2018-10-09 01:38
Forum: General discussions
Topic: Having issues getting SSL certificate to work
Replies: 15
Views: 1688

Re: Having issues getting SSL certificate to work

I also use Let's Encrypt and have had success with the instructions on this website: https://www.sslforfree.com/ The site will generate the keys for you securely on your own machine using browser extensions, so it is safe to use. Read the section about validation carefully because you can't generate...
by mikedibella
2018-10-08 19:24
Forum: General discussions
Topic: Having issues getting SSL certificate to work
Replies: 15
Views: 1688

Re: Having issues getting SSL certificate to work

The key pair generated must be used to generate the CSR that is submitted to request the certificate. The error message indicates that the private key does not match the public key in the certificate. You will need to regenerate the certificate, carefully following the steps provided in articles on ...
by mikedibella
2018-10-05 22:32
Forum: General discussions
Topic: Having issues getting SSL certificate to work
Replies: 15
Views: 1688

Re: Having issues getting SSL certificate to work

The certificate file you point to in the hMailServer configuration must have intermediates first and the leaf (server) certificate last. Assuming both of the files received from your CA are Base64 format (they have BEGIN CERTIFICATE sections), append the contents of mail_tgserver_com.crt to the end ...
by mikedibella
2018-10-04 20:00
Forum: General discussions
Topic: Having issues getting SSL certificate to work
Replies: 15
Views: 1688

Re: Having issues getting SSL certificate to work

Are you trying to enable connection security for MTA-to-MTA communications or for client-to-server communications? If you want to enable for MTA interconnections, change connection security on port 25 to STARTTLS. If you want to enable for client connections, either change connection security on por...
by mikedibella
2018-09-28 17:36
Forum: General discussions
Topic: Making LetsEncrypt Certificates usable for hMail
Replies: 6
Views: 3199

Re: Making LetsEncrypt Certificates usable for hMail

download openssl.exe and run the following command: openssl.exe pkcs12 -in file.pfx -nodes -out pem.txt Edit pem.txt and separate the sections into a certificate files and key files. Put all the certificate sections into one file with the intermediates first and leaf (server) certificate last. Put t...
by mikedibella
2018-08-31 23:16
Forum: General discussions
Topic: question about AD logins and UPNs
Replies: 7
Views: 563

Re: question about AD logins and UPNs

One thing to keep in mind, when you enable the "Active Directory account" option, you are mapping the mailbox identity to the "Domain" and "User name" values provided. When the client negotiates authentication, it will provide the mailbox identity and password, and HMS will use the mapped Domain and...
by mikedibella
2018-08-31 22:15
Forum: General discussions
Topic: question about AD logins and UPNs
Replies: 7
Views: 563

Re: question about AD logins and UPNs

Let me make sure I get this. You are saying that Outlook won't authenticate against HMS is unless the account configuration Email Address under User Information is the same as User Name under Login Information?
by mikedibella
2018-08-31 19:29
Forum: General discussions
Topic: question about AD logins and UPNs
Replies: 7
Views: 563

Re: question about AD logins and UPNs

Let me make sure I understand the requirement. You have existing Outlook users that were using explicit credentials (not Kerberos or Integrated authentication) to log into Exchange. The explicit credentials included a user ID that matched the Active Directory UPN for the user and the user's AD passw...
by mikedibella
2018-08-31 17:44
Forum: General discussions
Topic: question about AD logins and UPNs
Replies: 7
Views: 563

Re: question about AD logins and UPNs

Are you familiar with Alternative UPN Suffixes? See http://www.tutorialspoint.com/articles/ ... ory-domain.
by mikedibella
2018-03-23 21:52
Forum: General discussions
Topic: SSL Certificate
Replies: 7
Views: 964

Re: SSL Certificate

If you don't own, and exercise authoritative control over, a domain, no public CA will generate a certificate for you for that domain.
by mikedibella
2018-03-23 20:21
Forum: General discussions
Topic: SSL Certificate
Replies: 7
Views: 964

Re: SSL Certificate

if you want a wildcard that matches hostname.ex.geektek.com then you would enter *.ex.geektek.com in the "enter your website to secure" field and create a new TXT record with the _acme-challenge Name in the ex.geektek.com domain. Set the TTL of the record to 1 second. Wait for your secondaries to be...
by mikedibella
2018-03-23 01:28
Forum: General discussions
Topic: SSL Certificate
Replies: 7
Views: 964

Re: SSL Certificate

CA: https://letsencrypt.org

I use this website for manual certificate issuance: https://www.sslforfree.com/

But I suggest you generate your own CSR locally if you aren't sure if your browser can support local key generation.
by mikedibella
2018-03-22 23:20
Forum: General discussions
Topic: SSL Certificate
Replies: 7
Views: 964

Re: SSL Certificate

Is ex.geektek.com the mail domain (i.e. for the MX record Name attribute) or the server's hostname (for the MX record Data attribute)? The wildcard must match the hostname. If ex.geektek.com is the mail domain and mail.ex.geektek.com is the hostname, then you need a wildcard *.ex.geektek.com to matc...
by mikedibella
2018-03-14 22:04
Forum: General discussions
Topic: Suddenly nothing works!
Replies: 12
Views: 1521

Re: Suddenly nothing works!

Maybe:

Updates force reboot
4.1 starts first and binds port
5.6 starts can't bind
HMS starts and comms with 4.1
Disaster

Make sure you at least Disable 4.1 in SCM
by mikedibella
2018-03-02 03:50
Forum: Off-topic discussions
Topic: Windows Service Weirdness
Replies: 7
Views: 1847

Re: Windows Service Weirdness

I notice that the time between postings in the successful run is 3/100s of a second, but in the abnormal run the time differential is 1 minute and 29/100s of a second. Maybe there was some kind of failure that produced abend output?
by mikedibella
2018-03-02 00:13
Forum: Off-topic discussions
Topic: Windows Service Weirdness
Replies: 7
Views: 1847

Re: Windows Service Weirdness

Check each directory in your %PATH% for an executable named NET.EXE. If there is another executable named NET.EXE in a directory before %SYSTEMROOT%\System32, that program will be executed in your script. To fix, fully qualify the file (i.e. net -> %SYSTEMROOT%\System32\NET.EXE).
by mikedibella
2018-03-01 22:20
Forum: General discussions
Topic: Help with Exchange and hmailserver
Replies: 5
Views: 933

Re: Help with Exchange and hmailserver

It is possible to configure an Exchange 2010 Send Connector to use TLS (not STARTTLS).

See RequireTLS: https://technet.microsoft.com/en-us/lib ... .141).aspx
by mikedibella
2018-02-27 23:40
Forum: General discussions
Topic: How to execute a script in regular intervals
Replies: 4
Views: 777

Re: How to execute a script in regular intervals

I would create an external script using VBScript or JScript that does the following task: Creates an instance of the hMailserver COM Object Logs in For each Domain object in the Domains collection For each Account object in the Domain's Accounts collection If QuotaUsed is greater than a threshold va...
by mikedibella
2018-02-12 21:21
Forum: General discussions
Topic: Small Business Server 2011
Replies: 5
Views: 1101

Re: Small Business Server 2011

Port 587 typically uses STARTTLS connections, which start as unencrypted and switch to TLS using the STARTTLS SMTP verb. Port 465 typically requires TLS to be negotiated but any SMTP protocol is conducted. The attached article is for that type of connection. If your ISP isn't using a Public CA certi...
by mikedibella
2018-01-26 20:54
Forum: General discussions
Topic: Basic SMTP relay
Replies: 7
Views: 1284

Re: Basic SMTP relay

I search though some older code I had saved locally an see two references. One call when the generated eml filename already exists (SMTPConnection.cpp line 1194) and one when the filename or file could not be generated (not sure which, line 1657).
by mikedibella
2018-01-17 18:46
Forum: Off-topic discussions
Topic: MS-Exchange 2010/2013/2016 is such a moron
Replies: 4
Views: 1571

Re: MS-Exchange 2010/2013/2016 is such a moron

If you aren't planning to back up Exchange using an Exchange-aware backup tool, you should enable circular logging: https://technet.microsoft.com/en-us/library/dn756374(v=exchg.150).aspx Exchange transaction logs only get purged after successful backup, and will eventually consume all space on the l...
by mikedibella
2018-01-15 22:48
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 3799

Re: Intermitent problem with SSL comunication

If you are certain only the configuration of the server was changed and not the clients, you could try a System Restore to a checkpoint when the server was functional.

Beyond that, I'd probably use a packet trace to see the TLS negotiation traffic.
by mikedibella
2018-01-15 22:39
Forum: General discussions
Topic: SSL certificate help needed
Replies: 12
Views: 1279

Re: SSL certificate help needed

Depending on the client, an attempt may be made to autodiscover the account's server addresses based on the account sender address. So you may be seeing the sender's domain used as the incoming or outgoing server address as a product of the client's specific autodiscover process.
by mikedibella
2018-01-15 20:36
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 3799

Re: Intermitent problem with SSL comunication

You might want to run a report on the TLS configuration of the IMAP interface. Comodo has an online checker at https://sslanalyzer.comodoca.com/ that you can use. Another idea is to run a cipher test yourself. Here is the script I use: #!/usr/bin/env bash # OpenSSL requires the port number. SERVER=$...
by mikedibella
2018-01-15 18:55
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 3799

Re: Intermitent problem with SSL comunication

Do you know what update caused the problem to occur? Can you rollback or uninstall that update?

I looks to me like the either cipher list or cipher order has been modified on one of the endpoints and a mutual cipher can no longer be negotiated.
by mikedibella
2018-01-15 00:27
Forum: General discussions
Topic: SSL certificate help needed
Replies: 12
Views: 1279

Re: SSL certificate help needed

download and install openssl if you don't already have it and use the following command to generate a protocol trace for your server's IMAP port: openssl.exe s_client -connect your.server.hostname:143 -starttls imap -showcerts Review the protocol trace carefully. You are looking to see that multiple...
by mikedibella
2018-01-13 20:08
Forum: General discussions
Topic: mail delivery problem - verification failed from remote server
Replies: 21
Views: 2663

Re: mail delivery problem - verification failed from remote server

It is not required that the SSL certificate match the recipient domain. It is required that the subject Common Name of the SSL certificate match the DNS name used to connect to the server. This is the hostname returned as the "mail exchanger =" portion of the MX record query response. It is also bes...
by mikedibella
2018-01-12 18:41
Forum: General discussions
Topic: mail delivery problem - verification failed from remote server
Replies: 21
Views: 2663

Re: mail delivery problem - verification failed from remote server

The destination server is doing a callback validation based on the sender address and it is failing. This callback validation is typically done by looking up the sender address domain MX and making and connection to send mail, and passing or failing based on the MX response to RCPT TO verb. To pass,...
by mikedibella
2018-01-08 23:27
Forum: General discussions
Topic: Increase Spam score
Replies: 3
Views: 639

Re: Increase Spam score

OK, i think I solved my problem this way:

C1: sender contains bad domain
AND
C2: X-hMailServer-Reason-Score > 0
THEN delete
by mikedibella
2018-01-08 21:27
Forum: General discussions
Topic: Increase Spam score
Replies: 3
Views: 639

Re: Increase Spam score

Or, as an alternative, can I check the Spam Score within the Global Rule processing? In the logs I see DNSBL tests are completed before the rule is invoked. Is the score added to a Header value by the time a Global Rule is processed?