Configure Server properly - Blacklisted by spamhouse

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
ashtec014
New user
New user
Posts: 22
Joined: 2019-09-05 11:56

Configure Server properly - Blacklisted by spamhouse

Post by ashtec014 » 2019-10-16 18:56

Hello,

I am hoping that someone can help me. I spent many days to browse related issue as mine. I followed settings recommended here but no luck.

I am having trouble with my server and can't figure out what's going on. Our IP address is always blacklisted by spam-house, I knew that my configuration is working well and can send/received emails. However, I dunno why we are keep blocking every other day. I cannot figure out what's going on. I've ran Virus scanning on the server and nothing is found. Is there any issues on my configuration, can you please help me too. I am newbie and it is my first time running this server, I followed all tutorials posted here.

I've read this post: https://www.hmailserver.com/forum/viewt ... 54#p215554 and my issue is quite similar, I followed the recommendation but seems to be not working.

Here is my configurations:

Code: Select all

2019-10-16   Hmailserver: 5.6.7-B2425

DOMAINS

   "Domain1.com" - arxxxxxxxxx               Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: True    Max size:                0   Enabled: True    
  APPEND           Max message size:        0   Header:   Relaxed  Plus addressing: False
  Replies:  True   Max size of accounts: 10000   Body:     Relaxed
  Local:    True                                Algorithm: SHA256  Greylisting:     False
                                                Private key: c:\program files (x86)\hmailserver\data\Domain1.com\dkim.Domain1.com.pem
                                                Selector:    dkim

   "Domain2.com" - saxxxxxxxxxxxxxxxx            Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: True    Max size:                0   Enabled: True    
  APPEND           Max message size:        0   Header:   Relaxed  Plus addressing: False
  Replies:  True   Max size of accounts: 10000   Body:     Relaxed
  Local:    True                                Algorithm: SHA256  Greylisting:     False
                                                Private key: c:\program files (x86)\hmailserver\data\Domain2.com\dkim.Domain2.com.pem
                                                Selector:    dkim

   "Domain3.com" - texxxxxxxxxxxxxxxxxxx       Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: True    Max size:                0   Enabled: True    
  APPEND           Max message size:        0   Header:   Relaxed  Plus addressing: False
  Replies:  True   Max size of accounts: 10000   Body:     Relaxed
  Local:    True                                Algorithm: SHA256  Greylisting:     False
                                                Private key: c:\program files (x86)\hmailserver\data\Domain3.com\dkim.Domain3.com.pem
                                                Selector:    dkim
-----------------------------------------------------------------------------------------------

IP RANGES

IP: 127.0.0.1 - 127.0.0.1     Priority: 25     Name: My computer

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External - False           


IP: 0.0.0.0 - 255.255.255.255     Priority: 20     Name: Internet

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External - False           


   !!  Warning:  DEFAULT DOMAIN is SET  !! - "Domain2.com"
------------------------------------------------------
AUTOBANNED Local Addresses:
    No entries

-----------------------------------------------------------------------------------------------

AUTOBAN
  Autoban Enabled: True       Max invalid logon attempts:      2
                              Minutes Before Reset:         1500  (25.00 hours, 1.04 days)
                              Minutes to Autoban:          10140  (169.00 hours, 7.04 days)

There is a total of 3 auto-ban IP ranges.
-----------------------------------------------------------------------------------------------

INCOMING RELAYS
   No entries
-----------------------------------------------------------------------------------------------

MIRRORING         Disabled
-----------------------------------------------------------------------------------------------

PROTOCOLS

SMTP
GENERAL             DELIVERY                  RFC COMPLIANCE            ADVANCED
No. Connections:  0  No Retries:  4 Mins: 60   Plain Text:         True  Bind: 
                     Host: EXTERNAL.TLD        Empty sender:       True  Batch recipients:   100
Max Msg Size: 20480  Relay:-                   Incorrect endings:  True  Use STARTTLS:      True
                     (none entered)            Disc. on invalid:   True  Delivered-To hdr: False
                                               Max number commands: 100  Loop limit:           5
                                                                         Recipient hosts:     15
  Routes:
    Domain1.com              - S: Local   R: Local  - Addr: All         !! POINTS TO SERVER'S LAN IP ADDRESS !!
    Domain2.com              - S: Local   R: Local  - Addr: All         !! POINTS TO SERVER'S LAN IP ADDRESS !!
    Domain3.com              - S: Local   R: Local  - Addr: All         !! POINTS TO SERVER'S LAN IP ADDRESS !!

POP3
  No. Connections: 0

IMAP
 GENERAL                   PUBLIC FOLDERS                    ADVANCED
  No. Connections:   0      Public folder name: #Public       IMAP sort:  True
                                                              IMAP Quota: True
                                                              IMAP Idle:  True
                                                              IMAP ACL:   True
                                                              Delim: "."
-----------------------------------------------------------------------------------------------

ANTISPAM

GENERAL                              SPAM TESTS              Score   SPAMASSASSIN
  Spam Mark:                  5       Use SPF:            True - 3    Use Spamassassin:    True
  Add X-HmailServer-Spam:     True    Check HELO host:    True - 2    Hostname:       127.0.0.1
  Add X-HmailServer-Reason:   True    Check MX records:   True - 2    Port:                 783
  Add X-HmailServer-Subject:  True    Verify DKIM:       False        Use SA score: False -   5
              Subject Text: "[SPAM]"
  Spam delete threshold: 8         Maximum message size: 1024

DNSBL ENTRIES:
                  zen.spamhaus.org      Score: 5     Result: 127.0.0.2-8|127.0.0.10-11
                    bl.spamcop.net      Score: 3     Result: 127.0.0.2
            b.barracudacentral.org      Score: 2     Result: 127.0.0.2
     hostkarma.junkemailfilter.com      Score: 2     Result: 127.0.0.2|127.0.0.4
           bl.spameatingmonkey.net      Score: 2     Result: 127.0.0.2-3
                   cbl.abuseat.org      Score: 2     Result: 127.0.0.2
              zz.countries.nerd.dk      Score: 5     Result: 127.0.0.158|127.0.2.131|127.0.2.198

SURBL ENTRIES:
                   multi.surbl.org      Score: 3

GREYLISTING:
  Greylisting:   True       Defer mins: 10       Days Unused: 2      Days Used: 72
                            Bypass SPF: False    Bypass A/MX: False

Greylist WHITELIST ENTRIES:
   No entries

Greylist DOMAINS enabled:
  !! No active domains enabled - GREYLISTING INEFFECTIVE !!

WHITELISTING
              0.0.0.0            to    255.255.255.255              *[@t]***[dot]com[dot]sa
              0.0.0.0            to    255.255.255.255              *[@t]*****[dot]com[dot]sa
-----------------------------------------------------------------------------------------------

ANTIVIRUS

GENERAL:
  When found - Delete Attachments.

  Max Message Size: 26214
     CLAM AV:   True       Hostname: localhost    Port: 3310
     CLAMWIN:   False
     CUSTOMAV:  False

  Block Attachments: True
               *.bat             Batch processing file
               *.cmd             Command file for Windows NT
               *.com             Command
               *.cpl             Windows Control Panel extension
               *.csh             CSH script
               *.docm            Macro enabled Office
               *.dotm            Macro enabled Office
               *.exe             Executable file
               *.gif             Graphics Interchange Format
               *.inf             Setup file
               *.lnk             Windows link file
               *.msi             Windows Installer file
               *.msp             Windows Installer patch
               *.pif             Program Information file
               *.reg             Registration key
               *.scf             Windows Explorer command
               *.scr             Windows Screen saver
               *.vbs             Microsoft Visual Basic Scripting
               *.xlsm            Macro enabled Office
               *.xltm            Macro enabled Office
               *.zip             
               .js               JavaScript
-----------------------------------------------------------------------------------------------

SSL CERTIFICATES
   SSL
       Certificate: C:\Program Files (x86)\hMailServer\SSLCertificate\certificate.crt
       Private key: C:\Program Files (x86)\hMailServer\SSLCertificate\private.key
-----------------------------------------------------------------------------------------------

SSL/TLS
             SSL 3.0 :   True
             TLS 1.0 :   True
             TLS 1.1 :   True
             TLS 1.2 :   True                Verify Remote SSL/TLS Certs:   True
SslCipherList  :

ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256   - ECDHE-RSA-AES256-GCM-SHA384     
ECDHE-ECDSA-AES256-GCM-SHA384   - DHE-RSA-AES128-GCM-SHA256       - DHE-DSS-AES128-GCM-SHA256       
kEDH+AESGCM                     - ECDHE-RSA-AES128-SHA256         - ECDHE-ECDSA-AES128-SHA256       
ECDHE-RSA-AES128-SHA            - ECDHE-ECDSA-AES128-SHA          - ECDHE-RSA-AES256-SHA384         
ECDHE-ECDSA-AES256-SHA384       - ECDHE-RSA-AES256-SHA            - ECDHE-ECDSA-AES256-SHA          
DHE-RSA-AES128-SHA256           - DHE-RSA-AES128-SHA              - DHE-DSS-AES128-SHA256           
DHE-RSA-AES256-SHA256           - DHE-DSS-AES256-SHA              - DHE-RSA-AES256-SHA              
AES128-GCM-SHA256               - AES256-GCM-SHA384               - ECDHE-RSA-RC4-SHA               
ECDHE-ECDSA-RC4-SHA             - AES128                          - AES256                          
RC4-SHA                         - HIGH                            - !aNULL                          
!eNULL                          - !EXPORT                         - !DES                            
!3DES                           - !MD5                            - !PSK;                           
-----------------------------------------------------------------------------------------------

TCPIP PORTS                                         Connection Sec
               0.0.0.0         / 25    / SMTP   -   StartTLS Required   !! External Email Blocked !!  Cert:****
               0.0.0.0         / 110   / POP3   -   None                
               0.0.0.0         / 143   / IMAP   -   None                
               0.0.0.0         / 465   / SMTP   -   StartTLS Required   Cert: ***
               0.0.0.0         / 993   / IMAP   -   SSL/TLS             Cert: ***
               0.0.0.0         / 995   / POP3   -   SSL/TLS             Cert: ***
-----------------------------------------------------------------------------------------------

LOGGING      Logging Enabled: True

  Paths:-
    Current:  C:\Program Files (x86)\hMailServer\Logs\hmailserver_2019-10-16.log
    Error:    C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2019-10-16.log - !! ERRORS PRESENT !!
    Event:    C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Last Event: 2019/10/16
    Awstats:  C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
                        APPLICATION -    True
                        SMTP        -    True
                        POP3        -      .
                        IMAP        -      .
                        TCPIP       -      .
                        DEBUG       -      .
                        AWSTATS     -    True
-----------------------------------------------------------------------------------------------

SYSTEM TESTS

Database type: MySQL

IPv6 support is available in operating system.

Backup directory E:\EmailServerBackUp is writable.

Relative message paths are stored in the database for all messages.

-----------------------------------------------------------------------------------------------

HMAILSERVER.INI

[Directories]
Program folder:  C:\Program Files (x86)\hMailServer\
Database folder: 
Data folder:     C:\Program Files (x86)\hMailServer\Data
Log folder:      C:\Program Files (x86)\hMailServer\Logs
Temp folder:     C:\Program Files (x86)\hMailServer\Temp
Event folder:    C:\Program Files (x86)\hMailServer\Events

[Database]
Type=              MYSQL
Username=          *****
PasswordEncryption=1
Port=              3306
Server=            localhost
Internal=          0
-----------------------------------------------------------------------------------------------

tolberjj
New user
New user
Posts: 12
Joined: 2019-10-15 20:09

Re: Configure Server properly - Blacklisted by spamhouse

Post by tolberjj » 2019-10-16 19:38

Generally speaking, just in my experience, blacklisting is due more to what is sent out from your server, than how it is configured, though configuration is of course the key. Spam servers don't come and inspect your server, they read what they are sent.

There's a number of tools you should start with if you have not done so.

https://mxtoolbox.com/diagnostic.aspx

https://www.dmarcanalyzer.com/spf/checker/

https://emailsecuritygrader.com/

Post results from these as a starting point and I'll see if I can help.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8157
Joined: 2011-09-08 17:48

Re: Configure Server properly - Blacklisted by spamhouse

Post by jimimaseye » 2019-10-16 19:50

Did you see the report and heed the southbound of !! (as the script post advised you) ?

Give domains.

Remove 'Default domain' unless you have a reason to set it

Check and post logs of SMTPD entries.

Are you on a static ip address?

Post the contrents of that error.log

Why do you have routes pointing to itself? (Remove or change them)

[Entered by mobile. Excuse my spelling.]
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 20231
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Configure Server properly - Blacklisted by spamhouse

Post by mattg » 2019-10-16 23:59

ALSO

You've set your internet IP range to a priority of 20. That should be UNDER 20 for Autoban to work
Change it to 15

Your whitelisting range seems to include too wide a group

Turn off SSLv3.0 in SSL
StartTLS REQUIRED on port 25 will reject a lot of incoming mail
Port 465 should be SSL/TLS

Port 587 (not set) should be StartTLS Required for SMTP


One of the SPamHaus lists is due to residential dynamic IP address


ALWAYS the weakest link is user passwords

Lets see that error log as a starting point
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jim.bus
Senior user
Senior user
Posts: 304
Joined: 2011-05-28 11:49
Location: US

Re: Configure Server properly - Blacklisted by spamhouse

Post by jim.bus » 2019-10-17 08:00

mattg wrote:
2019-10-16 23:59
ALSO

You've set your internet IP range to a priority of 20. That should be UNDER 20 for Autoban to work
Change it to 15

Your whitelisting range seems to include too wide a group

Turn off SSLv3.0 in SSL
StartTLS REQUIRED on port 25 will reject a lot of incoming mail
Port 465 should be SSL/TLS

Port 587 (not set) should be StartTLS Required for SMTP


One of the SPamHaus lists is due to residential dynamic IP address


ALWAYS the weakest link is user passwords

Lets see that error log as a starting point
For Port 465 'StartTLS Required' also works. It is what I use for Port 465 even though in the Outlook Client I use I specify TLS because there is no option for StartTLS in Outlook 2010.

User avatar
mattg
Moderator
Moderator
Posts: 20231
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Configure Server properly - Blacklisted by spamhouse

Post by mattg » 2019-10-17 08:21

jim.bus wrote:
2019-10-17 08:00
For Port 465 'StartTLS Required' also works. It is what I use for Port 465 even though in the Outlook Client I use I specify TLS because there is no option for StartTLS in Outlook 2010.
Yes it works, it just isn't standard

Similarly port 1926 will work if you set it up work
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

ashtec014
New user
New user
Posts: 22
Joined: 2019-09-05 11:56

Re: Configure Server properly - Blacklisted by spamhouse

Post by ashtec014 » 2019-10-17 08:38

Hello Guys,

Thank you for your prompt response.

I followed all your recommendation and changed it as of this writing. However, when I change the IP range of Internet to 15, I got this error:
Image

I tried to do the testing again as of this posting but I got an error: "Timeout waiting for response after 15 seconds. : Completed Connect" because I put this https://www.hmailserver.com/forum/viewt ... 42#p209542 on my EventHandlers as suggested by Soren just to minimize the bots coming in.

As for dmarcanalyzer, here is the result:
v=spf1 a mx a:mail.domain.com ip4:****** -all
A/AAAA - domain.com
111.111.111.111
111.111.111.111
1111:1111:11:1:1:1:1111:1111
1111:1111:11:1:1:1:1111:1111
A/AAAA - mail.domain.com
111.111.111.111
MX - domain.com
mail.domain.com - 111.111.111.111
IP
111.111.111.111
(note: IP address and domain edited)

Using email security grader diagnostic, here is the result:
Image


This is now my current settings. My hmailserver is no longer working because of the error above as of this posting. :(

Code: Select all

2019-10-17   Hmailserver: 5.6.7-B2425

DOMAINS

   "Domain1.com" - arxxxxxx.com               Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: True    Max size:                0   Enabled: True    
  APPEND           Max message size:        0   Header:   Relaxed  Plus addressing: False
  Replies:  True   Max size of accounts: 10000   Body:     Relaxed
  Local:    True                                Algorithm: SHA256  Greylisting:     False
                                                Private key: c:\program files (x86)\hmailserver\data\Domain1.com\dkim.Domain1.com.pem
                                                Selector:    dkim

   "Domain2.com" - saxxxxxxxxxxxxx.com            Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: True    Max size:                0   Enabled: True    
  APPEND           Max message size:        0   Header:   Relaxed  Plus addressing: False
  Replies:  True   Max size of accounts: 10000   Body:     Relaxed
  Local:    True                                Algorithm: SHA256  Greylisting:     False
                                                Private key: c:\program files (x86)\hmailserver\data\Domain2.com\dkim.Domain2.com.pem
                                                Selector:    dkim

   "Domain3.com" - texxxxxxxxxxxxxxxxxx.com       Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: True    Max size:                0   Enabled: True    
  APPEND           Max message size:        0   Header:   Relaxed  Plus addressing: False
  Replies:  True   Max size of accounts: 10000   Body:     Relaxed
  Local:    True                                Algorithm: SHA256  Greylisting:     False
                                                Private key: c:\program files (x86)\hmailserver\data\Domain3.com\dkim.domain3.com.pem
                                                Selector:    dkim
-----------------------------------------------------------------------------------------------

IP RANGES

IP: 127.0.0.1 - 127.0.0.1     Priority: 25     Name: My computer

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External - False           


IP: 0.0.0.0 - 255.255.255.255     Priority: 15     Name: Internet

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External - False           


------------------------------------------------------
AUTOBANNED Local Addresses:
    No entries

-----------------------------------------------------------------------------------------------

AUTOBAN
  Autoban Enabled: True       Max invalid logon attempts:      2
                              Minutes Before Reset:         1500  (25.00 hours, 1.04 days)
                              Minutes to Autoban:          10140  (169.00 hours, 7.04 days)

There is a total of 9 auto-ban IP ranges.
-----------------------------------------------------------------------------------------------

INCOMING RELAYS
   No entries
-----------------------------------------------------------------------------------------------

MIRRORING         Disabled
-----------------------------------------------------------------------------------------------

PROTOCOLS

SMTP
GENERAL             DELIVERY                  RFC COMPLIANCE            ADVANCED
No. Connections:  0  No Retries:  4 Mins: 60   Plain Text:         True  Bind: 
                     Host: EXTERNAL.TLD        Empty sender:       True  Batch recipients:   100
Max Msg Size: 20480  Relay:-                   Incorrect endings:  True  Use STARTTLS:      True
                     (none entered)            Disc. on invalid:   True  Delivered-To hdr: False
                                               Max number commands: 100  Loop limit:           5
                                                                         Recipient hosts:     15
  Routes:
     No routes defined.

POP3
  No. Connections: 0

IMAP
 GENERAL                   PUBLIC FOLDERS                    ADVANCED
  No. Connections:   0      Public folder name: #Public       IMAP sort:  True
                                                              IMAP Quota: True
                                                              IMAP Idle:  True
                                                              IMAP ACL:   True
                                                              Delim: "."
-----------------------------------------------------------------------------------------------

ANTISPAM

GENERAL                              SPAM TESTS              Score   SPAMASSASSIN
  Spam Mark:                  5       Use SPF:            True - 3    Use Spamassassin:    True
  Add X-HmailServer-Spam:     True    Check HELO host:    True - 2    Hostname:       127.0.0.1
  Add X-HmailServer-Reason:   True    Check MX records:   True - 2    Port:                 783
  Add X-HmailServer-Subject:  True    Verify DKIM:       False        Use SA score: False -   5
              Subject Text: "[SPAM]"
  Spam delete threshold: 8         Maximum message size: 1024

DNSBL ENTRIES:
                  zen.spamhaus.org      Score: 5     Result: 127.0.0.2-8|127.0.0.10-11
                    bl.spamcop.net      Score: 3     Result: 127.0.0.2
            b.barracudacentral.org      Score: 2     Result: 127.0.0.2
     hostkarma.junkemailfilter.com      Score: 2     Result: 127.0.0.2|127.0.0.4
           bl.spameatingmonkey.net      Score: 2     Result: 127.0.0.2-3
                   cbl.abuseat.org      Score: 2     Result: 127.0.0.2
              zz.countries.nerd.dk      Score: 5     Result: 127.0.0.158|127.0.2.131|127.0.2.198

SURBL ENTRIES:
                   multi.surbl.org      Score: 3

GREYLISTING:
  Greylisting:  False

WHITELISTING
   No entries
-----------------------------------------------------------------------------------------------

ANTIVIRUS

GENERAL:
  When found - Delete Attachments.

  Max Message Size: 26214
     CLAM AV:   True       Hostname: localhost    Port: 3310
     CLAMWIN:   False
     CUSTOMAV:  False

  Block Attachments: True
               *.bat             Batch processing file
               *.cmd             Command file for Windows NT
               *.com             Command
               *.cpl             Windows Control Panel extension
               *.csh             CSH script
               *.docm            Macro enabled Office
               *.dotm            Macro enabled Office
               *.exe             Executable file
               *.gif             Graphics Interchange Format
               *.inf             Setup file
               *.lnk             Windows link file
               *.msi             Windows Installer file
               *.msp             Windows Installer patch
               *.pif             Program Information file
               *.reg             Registration key
               *.scf             Windows Explorer command
               *.scr             Windows Screen saver
               *.vbs             Microsoft Visual Basic Scripting
               *.xlsm            Macro enabled Office
               *.xltm            Macro enabled Office
               .js               JavaScript
-----------------------------------------------------------------------------------------------

SSL CERTIFICATES
   STL SSL
       Certificate: C:\Program Files (x86)\hMailServer\SSLCertificate\certificate.crt
       Private key: C:\Program Files (x86)\hMailServer\SSLCertificate\private.key
-----------------------------------------------------------------------------------------------

SSL/TLS
             SSL 3.0 :  False
             TLS 1.0 :   True
             TLS 1.1 :   True
             TLS 1.2 :   True                Verify Remote SSL/TLS Certs:   True
SslCipherList  :

ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256   - ECDHE-RSA-AES256-GCM-SHA384     
ECDHE-ECDSA-AES256-GCM-SHA384   - DHE-RSA-AES128-GCM-SHA256       - DHE-DSS-AES128-GCM-SHA256       
kEDH+AESGCM                     - ECDHE-RSA-AES128-SHA256         - ECDHE-ECDSA-AES128-SHA256       
ECDHE-RSA-AES128-SHA            - ECDHE-ECDSA-AES128-SHA          - ECDHE-RSA-AES256-SHA384         
ECDHE-ECDSA-AES256-SHA384       - ECDHE-RSA-AES256-SHA            - ECDHE-ECDSA-AES256-SHA          
DHE-RSA-AES128-SHA256           - DHE-RSA-AES128-SHA              - DHE-DSS-AES128-SHA256           
DHE-RSA-AES256-SHA256           - DHE-DSS-AES256-SHA              - DHE-RSA-AES256-SHA              
AES128-GCM-SHA256               - AES256-GCM-SHA384               - ECDHE-RSA-RC4-SHA               
ECDHE-ECDSA-RC4-SHA             - AES128                          - AES256                          
RC4-SHA                         - HIGH                            - !aNULL                          
!eNULL                          - !EXPORT                         - !DES                            
!3DES                           - !MD5                            - !PSK;                           
-----------------------------------------------------------------------------------------------

TCPIP PORTS                                         Connection Sec
               0.0.0.0         / 25    / SMTP   -   StartTLS Required   !! External Email Blocked !!  Cert: STL SSL
               0.0.0.0         / 110   / POP3   -   None                
               0.0.0.0         / 143   / IMAP   -   None                
               0.0.0.0         / 465   / SMTP   -   SSL/TLS             Cert: STL SSL
               0.0.0.0         / 587   / SMTP   -   StartTLS Required   Cert: STL SSL
               0.0.0.0         / 993   / IMAP   -   SSL/TLS             Cert: STL SSL
               0.0.0.0         / 995   / POP3   -   SSL/TLS             Cert: STL SSL
-----------------------------------------------------------------------------------------------

LOGGING      Logging Enabled: True

  Paths:-
    Current:  C:\Program Files (x86)\hMailServer\Logs\hmailserver_2019-10-17.log
    Error:    C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2019-10-17.log
    Event:    C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Last Event: 2019/10/17
    Awstats:  C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
                        APPLICATION -    True
                        SMTP        -    True
                        POP3        -      .
                        IMAP        -      .
                        TCPIP       -      .
                        DEBUG       -      .
                        AWSTATS     -    True
-----------------------------------------------------------------------------------------------

SYSTEM TESTS

Database type: MySQL

IPv6 support is available in operating system.

Backup directory E:\EmailServerBackUp is writable.

Relative message paths are stored in the database for all messages.

-----------------------------------------------------------------------------------------------

HMAILSERVER.INI

[Directories]
Program folder:  C:\Program Files (x86)\hMailServer\
Database folder: 
Data folder:     C:\Program Files (x86)\hMailServer\Data
Log folder:      C:\Program Files (x86)\hMailServer\Logs
Temp folder:     C:\Program Files (x86)\hMailServer\Temp
Event folder:    C:\Program Files (x86)\hMailServer\Events

[Database]
Type=              MYSQL
Username=          *****
PasswordEncryption=1
Port=              3306
Server=            localhost
Internal=          0
-----------------------------------------------------------------------------------------------

Generated by HMSSettingsDiagnostics v1.96, Hmailserver Forum.

ashtec014
New user
New user
Posts: 22
Joined: 2019-09-05 11:56

Re: Configure Server properly - Blacklisted by spamhouse

Post by ashtec014 » 2019-10-17 08:57

I temporarily change the Internet Range to 25 and My Computer to 30 and it is now working, however my problem is, getting a lot of these things and thats where my IP block by spamhouse. As for the question of Jimmi about our IP, Yes it is static IP and have reverse DNS thru our ISP provider:

"SMTPD" 14036 13 "2019-10-17 09:52:41.239" "200.0.0.103" "SENT: 220 mail.domain.com"
"SMTPD" 9324 13 "2019-10-17 09:52:41.790" "200.0.0.103" "RECEIVED: EHLO [45.82.153.131]"
"SMTPD" 9324 13 "2019-10-17 09:52:41.790" "200.0.0.103" "SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD" 14036 13 "2019-10-17 09:52:42.185" "200.0.0.103" "RECEIVED: AUTH PLAIN"
"SMTPD" 14036 13 "2019-10-17 09:52:42.186" "200.0.0.103" "SENT: 334 Log on"
"SMTPD" 10472 13 "2019-10-17 09:52:42.453" "200.0.0.103" "RECEIVED: aly@rfpb.com ***"
"SMTPD" 10472 13 "2019-10-17 09:52:42.455" "200.0.0.103" "SENT: 535 Authentication failed. Restarting authentication process."
"SMTPD" 14036 25 "2019-10-17 09:52:43.492" "200.0.0.103" "SENT: 220 mail.domain.com"
"SMTPD" 10472 25 "2019-10-17 09:52:44.002" "200.0.0.103" "RECEIVED: EHLO [45.82.153.131]"
"SMTPD" 10472 25 "2019-10-17 09:52:44.003" "200.0.0.103" "SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD" 14036 25 "2019-10-17 09:52:44.448" "200.0.0.103" "RECEIVED: AUTH PLAIN"
"SMTPD" 14036 25 "2019-10-17 09:52:44.448" "200.0.0.103" "SENT: 334 Log on"
"SMTPD" 10472 25 "2019-10-17 09:52:45.014" "200.0.0.103" "RECEIVED: aly ***"
"SMTPD" 10472 25 "2019-10-17 09:52:45.015" "200.0.0.103" "SENT: 535 Authentication failed. Too many invalid logon attempts."
"SMTPD" 6220 23 "2019-10-17 09:52:49.114" "200.0.0.103" "SENT: 220 mail.domain.com"

User avatar
jimimaseye
Moderator
Moderator
Posts: 8157
Joined: 2011-09-08 17:48

Re: Configure Server properly - Blacklisted by spamhouse

Post by jimimaseye » 2019-10-17 10:09

Code: Select all

0.0.0.0    / 25 /     SMTP - StartTLS Required   !! External Email Blocked !!
1, Do you see this warning? Change it to starttls optional.

2, From the logs above: presumably 200.0.0.103 is not known to you. In this case don't worry about it. It's standard. Just someone trying to connect that is not authorised.

3, you have changed your ip range priorities to above 20. This will now make your autobans useless. Change them back to 10 (internet) and 15 like they should be.

[Entered by mobile. Excuse my spelling.]
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

ashtec014
New user
New user
Posts: 22
Joined: 2019-09-05 11:56

Re: Configure Server properly - Blacklisted by spamhouse

Post by ashtec014 » 2019-10-17 10:16

jimimaseye wrote:
2019-10-17 10:09

Code: Select all

0.0.0.0    / 25 /     SMTP - StartTLS Required   !! External Email Blocked !!
1, Do you see this warning? Change it to starttls optional.

2, From the logs above: presumably 200.0.0.103 is not known to you. In this case don't worry about it. It's standard. Just someone trying to connect that is not authorised.

3, you have changed your ip range priorities to above 20. This will now make your autobans useless. Change them back to 10 (internet) and 15 like they should be.

[Entered by mobile. Excuse my spelling.]
Hi Jim, thanks for your prompt reply. This IP: 200.0.0.103 is our internal default gateway. I changed IP range priority to the one you suggested and now, I got this error:

Image

Here's the current configurations:

Code: Select all

[code]2019-10-17   Hmailserver: 5.6.7-B2425

DOMAINS

   "Domain1.com" - arxxxxxx.com                Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: True    Max size:                0   Enabled: True    
  APPEND           Max message size:        0   Header:   Relaxed  Plus addressing: False
  Replies:  True   Max size of accounts: 10000   Body:     Relaxed
  Local:    True                                Algorithm: SHA256  Greylisting:     False
                                                Private key: c:\program files (x86)\hmailserver\data\Domain1.com\dkim.Domain1.com.pem
                                                Selector:    dkim

   "Domain2.com" - saxxxxxxxxxxxxx.com            Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: True    Max size:                0   Enabled: True    
  APPEND           Max message size:        0   Header:   Relaxed  Plus addressing: False
  Replies:  True   Max size of accounts: 10000   Body:     Relaxed
  Local:    True                                Algorithm: SHA256  Greylisting:     False
                                                Private key: c:\program files (x86)\hmailserver\data\Domain2.com\dkim.Domain2.com.pem
                                                Selector:    dkim

   "Domain3.com" - texxxxxxxxxxxxxxxxxx.com       Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: True    Max size:                0   Enabled: True    
  APPEND           Max message size:        0   Header:   Relaxed  Plus addressing: False
  Replies:  True   Max size of accounts: 10000   Body:     Relaxed
  Local:    True                                Algorithm: SHA256  Greylisting:     False
                                                Private key: c:\program files (x86)\hmailserver\data\Domain3.com\dkim.domain3.com.pem
                                                Selector:    dkim
-----------------------------------------------------------------------------------------------

IP RANGES

IP: 127.0.0.1 - 127.0.0.1     Priority: 15     Name: My computer

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External - False           


IP: 0.0.0.0 - 255.255.255.255     Priority: 10     Name: Internet

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External - False           


------------------------------------------------------
AUTOBANNED Local Addresses:
    No entries

-----------------------------------------------------------------------------------------------

AUTOBAN
  Autoban Enabled: True       Max invalid logon attempts:      2
                              Minutes Before Reset:         1500  (25.00 hours, 1.04 days)
                              Minutes to Autoban:          10140  (169.00 hours, 7.04 days)

There is a total of 20 auto-ban IP ranges.
-----------------------------------------------------------------------------------------------

INCOMING RELAYS
   No entries
-----------------------------------------------------------------------------------------------

MIRRORING         Disabled
-----------------------------------------------------------------------------------------------

PROTOCOLS

SMTP
GENERAL             DELIVERY                  RFC COMPLIANCE            ADVANCED
No. Connections:  0  No Retries:  4 Mins: 60   Plain Text:         True  Bind: 
                     Host: EXTERNAL.TLD        Empty sender:       True  Batch recipients:   100
Max Msg Size: 20480  Relay:-                   Incorrect endings:  True  Use STARTTLS:      True
                     (none entered)            Disc. on invalid:   True  Delivered-To hdr: False
                                               Max number commands: 100  Loop limit:           5
                                                                         Recipient hosts:     15
  Routes:
     No routes defined.

POP3
  No. Connections: 0

IMAP
 GENERAL                   PUBLIC FOLDERS                    ADVANCED
  No. Connections:   0      Public folder name: #Public       IMAP sort:  True
                                                              IMAP Quota: True
                                                              IMAP Idle:  True
                                                              IMAP ACL:   True
                                                              Delim: "."
-----------------------------------------------------------------------------------------------

ANTISPAM

GENERAL                              SPAM TESTS              Score   SPAMASSASSIN
  Spam Mark:                  5       Use SPF:            True - 3    Use Spamassassin:    True
  Add X-HmailServer-Spam:     True    Check HELO host:    True - 2    Hostname:       127.0.0.1
  Add X-HmailServer-Reason:   True    Check MX records:   True - 2    Port:                 783
  Add X-HmailServer-Subject:  True    Verify DKIM:       False        Use SA score: False -   5
              Subject Text: "[SPAM]"
  Spam delete threshold: 8         Maximum message size: 1024

DNSBL ENTRIES:
                  zen.spamhaus.org      Score: 5     Result: 127.0.0.2-8|127.0.0.10-11
                    bl.spamcop.net      Score: 3     Result: 127.0.0.2
            b.barracudacentral.org      Score: 2     Result: 127.0.0.2
     hostkarma.junkemailfilter.com      Score: 2     Result: 127.0.0.2|127.0.0.4
           bl.spameatingmonkey.net      Score: 2     Result: 127.0.0.2-3
                   cbl.abuseat.org      Score: 2     Result: 127.0.0.2
              zz.countries.nerd.dk      Score: 5     Result: 127.0.0.158|127.0.2.131|127.0.2.198

SURBL ENTRIES:
                   multi.surbl.org      Score: 3

GREYLISTING:
  Greylisting:  False

WHITELISTING
              0.0.0.0            to    255.255.255.255              *[@t]domain[dot]com[dot]sa
-----------------------------------------------------------------------------------------------

ANTIVIRUS

GENERAL:
  When found - Delete Attachments.

  Max Message Size: 26214
     CLAM AV:   True       Hostname: localhost    Port: 3310
     CLAMWIN:   False
     CUSTOMAV:  False

  Block Attachments: True
               *.bat             Batch processing file
               *.cmd             Command file for Windows NT
               *.com             Command
               *.cpl             Windows Control Panel extension
               *.csh             CSH script
               *.docm            Macro enabled Office
               *.dotm            Macro enabled Office
               *.exe             Executable file
               *.gif             Graphics Interchange Format
               *.inf             Setup file
               *.lnk             Windows link file
               *.msi             Windows Installer file
               *.msp             Windows Installer patch
               *.pif             Program Information file
               *.reg             Registration key
               *.scf             Windows Explorer command
               *.scr             Windows Screen saver
               *.vbs             Microsoft Visual Basic Scripting
               *.xlsm            Macro enabled Office
               *.xltm            Macro enabled Office
               .js               JavaScript
-----------------------------------------------------------------------------------------------

SSL CERTIFICATES
   STL SSL
       Certificate: C:\Program Files (x86)\hMailServer\SSLCertificate\certificate.crt
       Private key: C:\Program Files (x86)\hMailServer\SSLCertificate\private.key
-----------------------------------------------------------------------------------------------

SSL/TLS
             SSL 3.0 :  False
             TLS 1.0 :   True
             TLS 1.1 :   True
             TLS 1.2 :   True                Verify Remote SSL/TLS Certs:   True
SslCipherList  :

ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256   - ECDHE-RSA-AES256-GCM-SHA384     
ECDHE-ECDSA-AES256-GCM-SHA384   - DHE-RSA-AES128-GCM-SHA256       - DHE-DSS-AES128-GCM-SHA256       
kEDH+AESGCM                     - ECDHE-RSA-AES128-SHA256         - ECDHE-ECDSA-AES128-SHA256       
ECDHE-RSA-AES128-SHA            - ECDHE-ECDSA-AES128-SHA          - ECDHE-RSA-AES256-SHA384         
ECDHE-ECDSA-AES256-SHA384       - ECDHE-RSA-AES256-SHA            - ECDHE-ECDSA-AES256-SHA          
DHE-RSA-AES128-SHA256           - DHE-RSA-AES128-SHA              - DHE-DSS-AES128-SHA256           
DHE-RSA-AES256-SHA256           - DHE-DSS-AES256-SHA              - DHE-RSA-AES256-SHA              
AES128-GCM-SHA256               - AES256-GCM-SHA384               - ECDHE-RSA-RC4-SHA               
ECDHE-ECDSA-RC4-SHA             - AES128                          - AES256                          
RC4-SHA                         - HIGH                            - !aNULL                          
!eNULL                          - !EXPORT                         - !DES                            
!3DES                           - !MD5                            - !PSK;                           
-----------------------------------------------------------------------------------------------

TCPIP PORTS                                         Connection Sec
               0.0.0.0         / 25    / SMTP   -   StartTLS Optional   Cert: STL SSL
               0.0.0.0         / 110   / POP3   -   None                
               0.0.0.0         / 143   / IMAP   -   None                
               0.0.0.0         / 465   / SMTP   -   SSL/TLS             Cert: STL SSL
               0.0.0.0         / 587   / SMTP   -   StartTLS Required   Cert: STL SSL
               0.0.0.0         / 993   / IMAP   -   SSL/TLS             Cert: STL SSL
               0.0.0.0         / 995   / POP3   -   SSL/TLS             Cert: STL SSL
-----------------------------------------------------------------------------------------------

LOGGING      Logging Enabled: True

  Paths:-
    Current:  C:\Program Files (x86)\hMailServer\Logs\hmailserver_2019-10-17.log
    Error:    C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2019-10-17.log
    Event:    C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Last Event: 2019/10/17
    Awstats:  C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
                        APPLICATION -    True
                        SMTP        -    True
                        POP3        -      .
                        IMAP        -      .
                        TCPIP       -      .
                        DEBUG       -      .
                        AWSTATS     -    True
-----------------------------------------------------------------------------------------------

SYSTEM TESTS

Database type: MySQL

IPv6 support is available in operating system.

Backup directory E:\EmailServerBackUp is writable.

Relative message paths are stored in the database for all messages.

-----------------------------------------------------------------------------------------------

HMAILSERVER.INI

[Directories]
Program folder:  C:\Program Files (x86)\hMailServer\
Database folder: 
Data folder:     C:\Program Files (x86)\hMailServer\Data
Log folder:      C:\Program Files (x86)\hMailServer\Logs
Temp folder:     C:\Program Files (x86)\hMailServer\Temp
Event folder:    C:\Program Files (x86)\hMailServer\Events

[Database]
Type=              MYSQL
Username=          *****
PasswordEncryption=1
Port=              3306
Server=            localhost
Internal=          0
-----------------------------------------------------------------------------------------------

Generated by HMSSettingsDiagnostics v1.96, Hmailserver Forum.
[/code]
Last edited by ashtec014 on 2019-10-17 10:21, edited 1 time in total.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8157
Joined: 2011-09-08 17:48

Re: Configure Server properly - Blacklisted by spamhouse

Post by jimimaseye » 2019-10-17 10:20

Create a third ip range from / to 200.0.0.103 and set the priority as 25. Use the same values as the 127.0.0.1 range.

Delete all existing autobans (to reset).

Given that all incoming connections are registering as this same address then external Autoban will not happen.

[Entered by mobile. Excuse my spelling.]
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

ashtec014
New user
New user
Posts: 22
Joined: 2019-09-05 11:56

Re: Configure Server properly - Blacklisted by spamhouse

Post by ashtec014 » 2019-10-17 10:27

jimimaseye wrote:
2019-10-17 10:20
Create a third ip range from / to 200.0.0.103 and set the priority as 25. Use the same values as the 127.0.0.1 range.

Given that all incoming connections are registering add this same address then external Autoban will not happen.

[Entered by mobile. Excuse my spelling.]
Hi Jim, thank you. Am I doing it right? Please see attachment. I apologize I am not that too technical. I just followed all your recommendations and tutorial posted here. :)

Image

User avatar
jimimaseye
Moderator
Moderator
Posts: 8157
Joined: 2011-09-08 17:48

Re: Configure Server properly - Blacklisted by spamhouse

Post by jimimaseye » 2019-10-17 10:31

Lower and Upper ip address needs to be the same 200.....

[Entered by mobile. Excuse my spelling.]
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

ashtec014
New user
New user
Posts: 22
Joined: 2019-09-05 11:56

Re: Configure Server properly - Blacklisted by spamhouse

Post by ashtec014 » 2019-10-17 10:36

jimimaseye wrote:
2019-10-17 10:31
Lower and Upper ip address needs to be the same 200.....

[Entered by mobile. Excuse my spelling.]
Thank you Jim. I changed it and this is now my current configurations:

Code: Select all

[code]2019-10-17   Hmailserver: 5.6.7-B2425

DOMAINS

   "Domain1.com" - arxxxxxx.com                Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: True    Max size:                0   Enabled: True    
  APPEND           Max message size:        0   Header:   Relaxed  Plus addressing: False
  Replies:  True   Max size of accounts: 10000   Body:     Relaxed
  Local:    True                                Algorithm: SHA256  Greylisting:     False
                                                Private key: c:\program files (x86)\hmailserver\data\Domain1.com\dkim.Domain1.com.pem
                                                Selector:    dkim

   "Domain2.com" - saxxxxxxxxxxxxx.com            Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: True    Max size:                0   Enabled: True    
  APPEND           Max message size:        0   Header:   Relaxed  Plus addressing: False
  Replies:  True   Max size of accounts: 10000   Body:     Relaxed
  Local:    True                                Algorithm: SHA256  Greylisting:     False
                                                Private key: c:\program files (x86)\hmailserver\data\Domain2.com\dkim.Domain2.com.pem
                                                Selector:    dkim

   "Domain3.com" - texxxxxxxxxxxxxxxxxx.com       Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: True    Max size:                0   Enabled: True    
  APPEND           Max message size:        0   Header:   Relaxed  Plus addressing: False
  Replies:  True   Max size of accounts: 10000   Body:     Relaxed
  Local:    True                                Algorithm: SHA256  Greylisting:     False
                                                Private key: c:\program files (x86)\hmailserver\data\Domain3.com\dkim.domain3.com.pem
                                                Selector:    dkim
-----------------------------------------------------------------------------------------------

IP RANGES

IP: 200.0.0.103 - 200.0.0.103     Priority: 25     Name: Internal Gateway

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External - False           


IP: 127.0.0.1 - 127.0.0.1     Priority: 15     Name: My computer

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External - False           


IP: 0.0.0.0 - 255.255.255.255     Priority: 10     Name: Internet

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External - False           


------------------------------------------------------
AUTOBANNED Local Addresses:
    No entries

-----------------------------------------------------------------------------------------------

AUTOBAN
  Autoban Enabled: True       Max invalid logon attempts:      2
                              Minutes Before Reset:         1500  (25.00 hours, 1.04 days)
                              Minutes to Autoban:          10140  (169.00 hours, 7.04 days)

There is a total of 22 auto-ban IP ranges.
-----------------------------------------------------------------------------------------------

INCOMING RELAYS
   No entries
-----------------------------------------------------------------------------------------------

MIRRORING         Disabled
-----------------------------------------------------------------------------------------------

PROTOCOLS

SMTP
GENERAL             DELIVERY                  RFC COMPLIANCE            ADVANCED
No. Connections:  0  No Retries:  4 Mins: 60   Plain Text:         True  Bind: 
                     Host: EXTERNAL.TLD        Empty sender:       True  Batch recipients:   100
Max Msg Size: 20480  Relay:-                   Incorrect endings:  True  Use STARTTLS:      True
                     (none entered)            Disc. on invalid:   True  Delivered-To hdr: False
                                               Max number commands: 100  Loop limit:           5
                                                                         Recipient hosts:     15
  Routes:
     No routes defined.

POP3
  No. Connections: 0

IMAP
 GENERAL                   PUBLIC FOLDERS                    ADVANCED
  No. Connections:   0      Public folder name: #Public       IMAP sort:  True
                                                              IMAP Quota: True
                                                              IMAP Idle:  True
                                                              IMAP ACL:   True
                                                              Delim: "."
-----------------------------------------------------------------------------------------------

ANTISPAM

GENERAL                              SPAM TESTS              Score   SPAMASSASSIN
  Spam Mark:                  5       Use SPF:            True - 3    Use Spamassassin:    True
  Add X-HmailServer-Spam:     True    Check HELO host:    True - 2    Hostname:       127.0.0.1
  Add X-HmailServer-Reason:   True    Check MX records:   True - 2    Port:                 783
  Add X-HmailServer-Subject:  True    Verify DKIM:       False        Use SA score: False -   5
              Subject Text: "[SPAM]"
  Spam delete threshold: 8         Maximum message size: 1024

DNSBL ENTRIES:
                  zen.spamhaus.org      Score: 5     Result: 127.0.0.2-8|127.0.0.10-11
                    bl.spamcop.net      Score: 3     Result: 127.0.0.2
            b.barracudacentral.org      Score: 2     Result: 127.0.0.2
     hostkarma.junkemailfilter.com      Score: 2     Result: 127.0.0.2|127.0.0.4
           bl.spameatingmonkey.net      Score: 2     Result: 127.0.0.2-3
                   cbl.abuseat.org      Score: 2     Result: 127.0.0.2
              zz.countries.nerd.dk      Score: 5     Result: 127.0.0.158|127.0.2.131|127.0.2.198

SURBL ENTRIES:
                   multi.surbl.org      Score: 3

GREYLISTING:
  Greylisting:  False

WHITELISTING
              0.0.0.0            to    255.255.255.255              *[@t]domain[dot]com[dot]sa
-----------------------------------------------------------------------------------------------

ANTIVIRUS

GENERAL:
  When found - Delete Attachments.

  Max Message Size: 26214
     CLAM AV:   True       Hostname: localhost    Port: 3310
     CLAMWIN:   False
     CUSTOMAV:  False

  Block Attachments: True
               *.bat             Batch processing file
               *.cmd             Command file for Windows NT
               *.com             Command
               *.cpl             Windows Control Panel extension
               *.csh             CSH script
               *.docm            Macro enabled Office
               *.dotm            Macro enabled Office
               *.exe             Executable file
               *.gif             Graphics Interchange Format
               *.inf             Setup file
               *.lnk             Windows link file
               *.msi             Windows Installer file
               *.msp             Windows Installer patch
               *.pif             Program Information file
               *.reg             Registration key
               *.scf             Windows Explorer command
               *.scr             Windows Screen saver
               *.vbs             Microsoft Visual Basic Scripting
               *.xlsm            Macro enabled Office
               *.xltm            Macro enabled Office
               .js               JavaScript
-----------------------------------------------------------------------------------------------

SSL CERTIFICATES
   STL SSL
       Certificate: C:\Program Files (x86)\hMailServer\SSLCertificate\certificate.crt
       Private key: C:\Program Files (x86)\hMailServer\SSLCertificate\private.key
-----------------------------------------------------------------------------------------------

SSL/TLS
             SSL 3.0 :  False
             TLS 1.0 :   True
             TLS 1.1 :   True
             TLS 1.2 :   True                Verify Remote SSL/TLS Certs:   True
SslCipherList  :

ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256   - ECDHE-RSA-AES256-GCM-SHA384     
ECDHE-ECDSA-AES256-GCM-SHA384   - DHE-RSA-AES128-GCM-SHA256       - DHE-DSS-AES128-GCM-SHA256       
kEDH+AESGCM                     - ECDHE-RSA-AES128-SHA256         - ECDHE-ECDSA-AES128-SHA256       
ECDHE-RSA-AES128-SHA            - ECDHE-ECDSA-AES128-SHA          - ECDHE-RSA-AES256-SHA384         
ECDHE-ECDSA-AES256-SHA384       - ECDHE-RSA-AES256-SHA            - ECDHE-ECDSA-AES256-SHA          
DHE-RSA-AES128-SHA256           - DHE-RSA-AES128-SHA              - DHE-DSS-AES128-SHA256           
DHE-RSA-AES256-SHA256           - DHE-DSS-AES256-SHA              - DHE-RSA-AES256-SHA              
AES128-GCM-SHA256               - AES256-GCM-SHA384               - ECDHE-RSA-RC4-SHA               
ECDHE-ECDSA-RC4-SHA             - AES128                          - AES256                          
RC4-SHA                         - HIGH                            - !aNULL                          
!eNULL                          - !EXPORT                         - !DES                            
!3DES                           - !MD5                            - !PSK;                           
-----------------------------------------------------------------------------------------------

TCPIP PORTS                                         Connection Sec
               0.0.0.0         / 25    / SMTP   -   StartTLS Optional   Cert: STL SSL
               0.0.0.0         / 110   / POP3   -   None                
               0.0.0.0         / 143   / IMAP   -   None                
               0.0.0.0         / 465   / SMTP   -   SSL/TLS             Cert: STL SSL
               0.0.0.0         / 587   / SMTP   -   StartTLS Required   Cert: STL SSL
               0.0.0.0         / 993   / IMAP   -   SSL/TLS             Cert: STL SSL
               0.0.0.0         / 995   / POP3   -   SSL/TLS             Cert: STL SSL
-----------------------------------------------------------------------------------------------

LOGGING      Logging Enabled: True

  Paths:-
    Current:  C:\Program Files (x86)\hMailServer\Logs\hmailserver_2019-10-17.log
    Error:    C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2019-10-17.log
    Event:    C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Last Event: 2019/10/17
    Awstats:  C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
                        APPLICATION -    True
                        SMTP        -    True
                        POP3        -      .
                        IMAP        -      .
                        TCPIP       -      .
                        DEBUG       -      .
                        AWSTATS     -    True
-----------------------------------------------------------------------------------------------

SYSTEM TESTS

Database type: MySQL

IPv6 support is available in operating system.

Backup directory E:\EmailServerBackUp is writable.

Relative message paths are stored in the database for all messages.

-----------------------------------------------------------------------------------------------

HMAILSERVER.INI

[Directories]
Program folder:  C:\Program Files (x86)\hMailServer\
Database folder: 
Data folder:     C:\Program Files (x86)\hMailServer\Data
Log folder:      C:\Program Files (x86)\hMailServer\Logs
Temp folder:     C:\Program Files (x86)\hMailServer\Temp
Event folder:    C:\Program Files (x86)\hMailServer\Events

[Database]
Type=              MYSQL
Username=          ***
PasswordEncryption=1
Port=              3306
Server=            localhost
Internal=          0
-----------------------------------------------------------------------------------------------

Generated by HMSSettingsDiagnostics v1.96, Hmailserver Forum.
[/code]

ashtec014
New user
New user
Posts: 22
Joined: 2019-09-05 11:56

Re: Configure Server properly - Blacklisted by spamhouse

Post by ashtec014 » 2019-10-17 10:41

ashtec014 wrote:
2019-10-17 10:36
jimimaseye wrote:
2019-10-17 10:31
Lower and Upper ip address needs to be the same 200.....

[Entered by mobile. Excuse my spelling.]
Thank you Jim. I changed it and this is now my current configurations:

Code: Select all

[code]2019-10-17   Hmailserver: 5.6.7-B2425

DOMAINS

   "Domain1.com" - arxxxxxx.com                Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: True    Max size:                0   Enabled: True    
  APPEND           Max message size:        0   Header:   Relaxed  Plus addressing: False
  Replies:  True   Max size of accounts: 10000   Body:     Relaxed
  Local:    True                                Algorithm: SHA256  Greylisting:     False
                                                Private key: c:\program files (x86)\hmailserver\data\Domain1.com\dkim.Domain1.com.pem
                                                Selector:    dkim

   "Domain2.com" - saxxxxxxxxxxxxx.com            Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: True    Max size:                0   Enabled: True    
  APPEND           Max message size:        0   Header:   Relaxed  Plus addressing: False
  Replies:  True   Max size of accounts: 10000   Body:     Relaxed
  Local:    True                                Algorithm: SHA256  Greylisting:     False
                                                Private key: c:\program files (x86)\hmailserver\data\Domain2.com\dkim.Domain2.com.pem
                                                Selector:    dkim

   "Domain3.com" - texxxxxxxxxxxxxxxxxx.com       Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: True    Max size:                0   Enabled: True    
  APPEND           Max message size:        0   Header:   Relaxed  Plus addressing: False
  Replies:  True   Max size of accounts: 10000   Body:     Relaxed
  Local:    True                                Algorithm: SHA256  Greylisting:     False
                                                Private key: c:\program files (x86)\hmailserver\data\Domain3.com\dkim.domain3.com.pem
                                                Selector:    dkim
-----------------------------------------------------------------------------------------------

IP RANGES

IP: 200.0.0.103 - 200.0.0.103     Priority: 25     Name: Internal Gateway

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External - False           


IP: 127.0.0.1 - 127.0.0.1     Priority: 15     Name: My computer

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External - False           


IP: 0.0.0.0 - 255.255.255.255     Priority: 10     Name: Internet

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External - False           


------------------------------------------------------
AUTOBANNED Local Addresses:
    No entries

-----------------------------------------------------------------------------------------------

AUTOBAN
  Autoban Enabled: True       Max invalid logon attempts:      2
                              Minutes Before Reset:         1500  (25.00 hours, 1.04 days)
                              Minutes to Autoban:          10140  (169.00 hours, 7.04 days)

There is a total of 22 auto-ban IP ranges.
-----------------------------------------------------------------------------------------------

INCOMING RELAYS
   No entries
-----------------------------------------------------------------------------------------------

MIRRORING         Disabled
-----------------------------------------------------------------------------------------------

PROTOCOLS

SMTP
GENERAL             DELIVERY                  RFC COMPLIANCE            ADVANCED
No. Connections:  0  No Retries:  4 Mins: 60   Plain Text:         True  Bind: 
                     Host: EXTERNAL.TLD        Empty sender:       True  Batch recipients:   100
Max Msg Size: 20480  Relay:-                   Incorrect endings:  True  Use STARTTLS:      True
                     (none entered)            Disc. on invalid:   True  Delivered-To hdr: False
                                               Max number commands: 100  Loop limit:           5
                                                                         Recipient hosts:     15
  Routes:
     No routes defined.

POP3
  No. Connections: 0

IMAP
 GENERAL                   PUBLIC FOLDERS                    ADVANCED
  No. Connections:   0      Public folder name: #Public       IMAP sort:  True
                                                              IMAP Quota: True
                                                              IMAP Idle:  True
                                                              IMAP ACL:   True
                                                              Delim: "."
-----------------------------------------------------------------------------------------------

ANTISPAM

GENERAL                              SPAM TESTS              Score   SPAMASSASSIN
  Spam Mark:                  5       Use SPF:            True - 3    Use Spamassassin:    True
  Add X-HmailServer-Spam:     True    Check HELO host:    True - 2    Hostname:       127.0.0.1
  Add X-HmailServer-Reason:   True    Check MX records:   True - 2    Port:                 783
  Add X-HmailServer-Subject:  True    Verify DKIM:       False        Use SA score: False -   5
              Subject Text: "[SPAM]"
  Spam delete threshold: 8         Maximum message size: 1024

DNSBL ENTRIES:
                  zen.spamhaus.org      Score: 5     Result: 127.0.0.2-8|127.0.0.10-11
                    bl.spamcop.net      Score: 3     Result: 127.0.0.2
            b.barracudacentral.org      Score: 2     Result: 127.0.0.2
     hostkarma.junkemailfilter.com      Score: 2     Result: 127.0.0.2|127.0.0.4
           bl.spameatingmonkey.net      Score: 2     Result: 127.0.0.2-3
                   cbl.abuseat.org      Score: 2     Result: 127.0.0.2
              zz.countries.nerd.dk      Score: 5     Result: 127.0.0.158|127.0.2.131|127.0.2.198

SURBL ENTRIES:
                   multi.surbl.org      Score: 3

GREYLISTING:
  Greylisting:  False

WHITELISTING
              0.0.0.0            to    255.255.255.255              *[@t]domain[dot]com[dot]sa
-----------------------------------------------------------------------------------------------

ANTIVIRUS

GENERAL:
  When found - Delete Attachments.

  Max Message Size: 26214
     CLAM AV:   True       Hostname: localhost    Port: 3310
     CLAMWIN:   False
     CUSTOMAV:  False

  Block Attachments: True
               *.bat             Batch processing file
               *.cmd             Command file for Windows NT
               *.com             Command
               *.cpl             Windows Control Panel extension
               *.csh             CSH script
               *.docm            Macro enabled Office
               *.dotm            Macro enabled Office
               *.exe             Executable file
               *.gif             Graphics Interchange Format
               *.inf             Setup file
               *.lnk             Windows link file
               *.msi             Windows Installer file
               *.msp             Windows Installer patch
               *.pif             Program Information file
               *.reg             Registration key
               *.scf             Windows Explorer command
               *.scr             Windows Screen saver
               *.vbs             Microsoft Visual Basic Scripting
               *.xlsm            Macro enabled Office
               *.xltm            Macro enabled Office
               .js               JavaScript
-----------------------------------------------------------------------------------------------

SSL CERTIFICATES
   STL SSL
       Certificate: C:\Program Files (x86)\hMailServer\SSLCertificate\certificate.crt
       Private key: C:\Program Files (x86)\hMailServer\SSLCertificate\private.key
-----------------------------------------------------------------------------------------------

SSL/TLS
             SSL 3.0 :  False
             TLS 1.0 :   True
             TLS 1.1 :   True
             TLS 1.2 :   True                Verify Remote SSL/TLS Certs:   True
SslCipherList  :

ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256   - ECDHE-RSA-AES256-GCM-SHA384     
ECDHE-ECDSA-AES256-GCM-SHA384   - DHE-RSA-AES128-GCM-SHA256       - DHE-DSS-AES128-GCM-SHA256       
kEDH+AESGCM                     - ECDHE-RSA-AES128-SHA256         - ECDHE-ECDSA-AES128-SHA256       
ECDHE-RSA-AES128-SHA            - ECDHE-ECDSA-AES128-SHA          - ECDHE-RSA-AES256-SHA384         
ECDHE-ECDSA-AES256-SHA384       - ECDHE-RSA-AES256-SHA            - ECDHE-ECDSA-AES256-SHA          
DHE-RSA-AES128-SHA256           - DHE-RSA-AES128-SHA              - DHE-DSS-AES128-SHA256           
DHE-RSA-AES256-SHA256           - DHE-DSS-AES256-SHA              - DHE-RSA-AES256-SHA              
AES128-GCM-SHA256               - AES256-GCM-SHA384               - ECDHE-RSA-RC4-SHA               
ECDHE-ECDSA-RC4-SHA             - AES128                          - AES256                          
RC4-SHA                         - HIGH                            - !aNULL                          
!eNULL                          - !EXPORT                         - !DES                            
!3DES                           - !MD5                            - !PSK;                           
-----------------------------------------------------------------------------------------------

TCPIP PORTS                                         Connection Sec
               0.0.0.0         / 25    / SMTP   -   StartTLS Optional   Cert: STL SSL
               0.0.0.0         / 110   / POP3   -   None                
               0.0.0.0         / 143   / IMAP   -   None                
               0.0.0.0         / 465   / SMTP   -   SSL/TLS             Cert: STL SSL
               0.0.0.0         / 587   / SMTP   -   StartTLS Required   Cert: STL SSL
               0.0.0.0         / 993   / IMAP   -   SSL/TLS             Cert: STL SSL
               0.0.0.0         / 995   / POP3   -   SSL/TLS             Cert: STL SSL
-----------------------------------------------------------------------------------------------

LOGGING      Logging Enabled: True

  Paths:-
    Current:  C:\Program Files (x86)\hMailServer\Logs\hmailserver_2019-10-17.log
    Error:    C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2019-10-17.log
    Event:    C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Last Event: 2019/10/17
    Awstats:  C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
                        APPLICATION -    True
                        SMTP        -    True
                        POP3        -      .
                        IMAP        -      .
                        TCPIP       -      .
                        DEBUG       -      .
                        AWSTATS     -    True
-----------------------------------------------------------------------------------------------

SYSTEM TESTS

Database type: MySQL

IPv6 support is available in operating system.

Backup directory E:\EmailServerBackUp is writable.

Relative message paths are stored in the database for all messages.

-----------------------------------------------------------------------------------------------

HMAILSERVER.INI

[Directories]
Program folder:  C:\Program Files (x86)\hMailServer\
Database folder: 
Data folder:     C:\Program Files (x86)\hMailServer\Data
Log folder:      C:\Program Files (x86)\hMailServer\Logs
Temp folder:     C:\Program Files (x86)\hMailServer\Temp
Event folder:    C:\Program Files (x86)\hMailServer\Events

[Database]
Type=              MYSQL
Username=          ***
PasswordEncryption=1
Port=              3306
Server=            localhost
Internal=          0
-----------------------------------------------------------------------------------------------

Generated by HMSSettingsDiagnostics v1.96, Hmailserver Forum.
[/code]
After doing your settings recommendation, I got this logs from SMTPD from the same host. I don't know where this coming from. There is a total of 22 autoban IP ranges as of this posting.

Code: Select all

"SMTPD"	13888	1803	"2019-10-17 11:26:14.397"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	14200	1803	"2019-10-17 11:26:14.593"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	14200	1803	"2019-10-17 11:26:14.594"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	13128	1804	"2019-10-17 11:26:34.103"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	14200	1804	"2019-10-17 11:26:34.232"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	14200	1804	"2019-10-17 11:26:34.233"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	13128	1804	"2019-10-17 11:26:34.350"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	13128	1804	"2019-10-17 11:26:34.350"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	13128	1805	"2019-10-17 11:26:54.138"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	14200	1805	"2019-10-17 11:26:54.252"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	14200	1805	"2019-10-17 11:26:54.253"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	13128	1805	"2019-10-17 11:26:54.369"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	13128	1805	"2019-10-17 11:26:54.369"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	13128	1806	"2019-10-17 11:27:14.120"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	14200	1806	"2019-10-17 11:27:14.334"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	14200	1806	"2019-10-17 11:27:14.334"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	13128	1806	"2019-10-17 11:27:14.604"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	13128	1806	"2019-10-17 11:27:14.604"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	13128	1807	"2019-10-17 11:27:35.108"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	14200	1807	"2019-10-17 11:27:35.381"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	14200	1807	"2019-10-17 11:27:35.382"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	13128	1807	"2019-10-17 11:27:36.344"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	13128	1807	"2019-10-17 11:27:36.345"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	13128	1808	"2019-10-17 11:27:56.109"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	14200	1808	"2019-10-17 11:27:56.378"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	14200	1808	"2019-10-17 11:27:56.379"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	13128	1808	"2019-10-17 11:27:56.603"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	13128	1808	"2019-10-17 11:27:56.604"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	13128	1810	"2019-10-17 11:28:17.118"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	14200	1810	"2019-10-17 11:28:17.240"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	14200	1810	"2019-10-17 11:28:17.240"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	13128	1810	"2019-10-17 11:28:17.352"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	13128	1810	"2019-10-17 11:28:17.352"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	14200	1108	"2019-10-17 11:28:20.728"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	10652	1108	"2019-10-17 11:28:21.734"	"200.0.0.103"	"RECEIVED: EHLO [45.82.153.131]"
"SMTPD"	10652	1108	"2019-10-17 11:28:21.734"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	14200	1108	"2019-10-17 11:28:22.067"	"200.0.0.103"	"RECEIVED: AUTH PLAIN"
"SMTPD"	14200	1108	"2019-10-17 11:28:22.068"	"200.0.0.103"	"SENT: 334 Log on"
"SMTPD"	13888	1108	"2019-10-17 11:28:22.454"	"200.0.0.103"	"RECEIVED: 	aly@rfpb.com ***"
"SMTPD"	13888	1108	"2019-10-17 11:28:22.455"	"200.0.0.103"	"SENT: 535 Authentication failed. Restarting authentication process."
"SMTPD"	14200	1813	"2019-10-17 11:28:23.433"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	10652	1813	"2019-10-17 11:28:23.978"	"200.0.0.103"	"RECEIVED: EHLO [45.82.153.131]"
"SMTPD"	10652	1813	"2019-10-17 11:28:23.978"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	14200	1813	"2019-10-17 11:28:24.406"	"200.0.0.103"	"RECEIVED: AUTH PLAIN"
"SMTPD"	14200	1813	"2019-10-17 11:28:24.406"	"200.0.0.103"	"SENT: 334 Log on"
"SMTPD"	10652	1813	"2019-10-17 11:28:24.806"	"200.0.0.103"	"RECEIVED: 	aly ***"
"SMTPD"	10652	1813	"2019-10-17 11:28:24.808"	"200.0.0.103"	"SENT: 535 Authentication failed. Too many invalid logon attempts."
"SMTPD"	13128	1811	"2019-10-17 11:28:37.194"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	14200	1811	"2019-10-17 11:28:37.421"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	14200	1811	"2019-10-17 11:28:37.421"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	13128	1811	"2019-10-17 11:28:37.623"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	13128	1811	"2019-10-17 11:28:37.624"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	13128	1812	"2019-10-17 11:28:58.163"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	14200	1812	"2019-10-17 11:28:58.354"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	14200	1812	"2019-10-17 11:28:58.354"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	13128	1812	"2019-10-17 11:28:58.576"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	13128	1812	"2019-10-17 11:28:58.576"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	13128	1815	"2019-10-17 11:29:19.128"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	10652	1815	"2019-10-17 11:29:19.254"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	10652	1815	"2019-10-17 11:29:19.255"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	13128	1815	"2019-10-17 11:29:19.442"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	13128	1815	"2019-10-17 11:29:19.442"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	13128	1816	"2019-10-17 11:29:39.108"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	13888	1816	"2019-10-17 11:29:39.244"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	13888	1816	"2019-10-17 11:29:39.244"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	13128	1816	"2019-10-17 11:29:39.370"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	13128	1816	"2019-10-17 11:29:39.370"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	13128	1819	"2019-10-17 11:29:59.102"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	14200	1819	"2019-10-17 11:29:59.223"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	14200	1819	"2019-10-17 11:29:59.223"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	13128	1819	"2019-10-17 11:29:59.362"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	13128	1819	"2019-10-17 11:29:59.362"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	13128	1820	"2019-10-17 11:30:19.186"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	14200	1820	"2019-10-17 11:30:19.375"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	14200	1820	"2019-10-17 11:30:19.375"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	13128	1820	"2019-10-17 11:30:19.515"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	13128	1820	"2019-10-17 11:30:19.515"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	13128	1821	"2019-10-17 11:30:39.132"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	14200	1821	"2019-10-17 11:30:39.288"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	14200	1821	"2019-10-17 11:30:39.288"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	13128	1821	"2019-10-17 11:30:39.472"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	13128	1821	"2019-10-17 11:30:39.473"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	13128	1822	"2019-10-17 11:30:59.195"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	14200	1822	"2019-10-17 11:30:59.335"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	14200	1822	"2019-10-17 11:30:59.335"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	13128	1822	"2019-10-17 11:30:59.461"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	13128	1822	"2019-10-17 11:30:59.462"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	13128	1824	"2019-10-17 11:31:19.114"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	14200	1824	"2019-10-17 11:31:19.252"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	14200	1824	"2019-10-17 11:31:19.253"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	13128	1824	"2019-10-17 11:31:19.369"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	13128	1824	"2019-10-17 11:31:19.369"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	13128	1825	"2019-10-17 11:31:39.186"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	14200	1825	"2019-10-17 11:31:39.312"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	14200	1825	"2019-10-17 11:31:39.313"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	13128	1825	"2019-10-17 11:31:39.452"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	13128	1825	"2019-10-17 11:31:39.452"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	13128	1826	"2019-10-17 11:31:59.181"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	14200	1826	"2019-10-17 11:31:59.308"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	14200	1826	"2019-10-17 11:31:59.308"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	13128	1826	"2019-10-17 11:31:59.429"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	13128	1826	"2019-10-17 11:31:59.429"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	14200	1828	"2019-10-17 11:32:25.110"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	13128	1827	"2019-10-17 11:32:25.110"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	10652	1828	"2019-10-17 11:32:25.110"	"200.0.0.103"	"RECEIVED: EHLO zx1.quadmetrics.com"
"SMTPD"	10652	1828	"2019-10-17 11:32:25.111"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	10164	1827	"2019-10-17 11:32:25.250"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	10164	1827	"2019-10-17 11:32:25.250"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	10652	1827	"2019-10-17 11:32:25.436"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	10652	1827	"2019-10-17 11:32:25.437"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	10164	1832	"2019-10-17 11:33:00.201"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	14200	1829	"2019-10-17 11:33:00.201"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	10164	1829	"2019-10-17 11:33:00.321"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	10164	1829	"2019-10-17 11:33:00.322"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	13888	1829	"2019-10-17 11:33:00.467"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	13888	1829	"2019-10-17 11:33:00.468"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	14200	1814	"2019-10-17 11:33:07.107"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	10652	1814	"2019-10-17 11:33:07.743"	"200.0.0.103"	"RECEIVED: EHLO [45.82.153.131]"
"SMTPD"	10652	1814	"2019-10-17 11:33:07.743"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	14200	1814	"2019-10-17 11:33:08.172"	"200.0.0.103"	"RECEIVED: AUTH PLAIN"
"SMTPD"	14200	1814	"2019-10-17 11:33:08.172"	"200.0.0.103"	"SENT: 334 Log on"
"SMTPD"	10652	1814	"2019-10-17 11:33:08.646"	"200.0.0.103"	"RECEIVED: 	aly@rfpb.com ***"
"SMTPD"	10652	1814	"2019-10-17 11:33:08.648"	"200.0.0.103"	"SENT: 535 Authentication failed. Restarting authentication process."
"SMTPD"	14200	1835	"2019-10-17 11:33:09.559"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	10652	1835	"2019-10-17 11:33:10.180"	"200.0.0.103"	"RECEIVED: EHLO [45.82.153.131]"
"SMTPD"	10652	1835	"2019-10-17 11:33:10.180"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	14200	1835	"2019-10-17 11:33:10.491"	"200.0.0.103"	"RECEIVED: AUTH PLAIN"
"SMTPD"	14200	1835	"2019-10-17 11:33:10.491"	"200.0.0.103"	"SENT: 334 Log on"
"SMTPD"	10652	1835	"2019-10-17 11:33:10.944"	"200.0.0.103"	"RECEIVED: 	aly ***"
"SMTPD"	10652	1835	"2019-10-17 11:33:10.946"	"200.0.0.103"	"SENT: 535 Authentication failed. Too many invalid logon attempts."
"SMTPD"	10164	1833	"2019-10-17 11:33:20.113"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	14200	1833	"2019-10-17 11:33:20.315"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	14200	1833	"2019-10-17 11:33:20.316"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	10164	1833	"2019-10-17 11:33:20.446"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	10164	1833	"2019-10-17 11:33:20.447"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	14200	1839	"2019-10-17 11:33:54.156"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	10164	1834	"2019-10-17 11:33:54.156"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	14200	1834	"2019-10-17 11:33:54.276"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	14200	1834	"2019-10-17 11:33:54.276"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	10652	1834	"2019-10-17 11:33:54.396"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	10652	1834	"2019-10-17 11:33:54.396"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	14200	1840	"2019-10-17 11:34:14.174"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	10652	1840	"2019-10-17 11:34:14.295"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	10652	1840	"2019-10-17 11:34:14.295"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	14200	1840	"2019-10-17 11:34:14.408"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	14200	1840	"2019-10-17 11:34:14.408"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	14200	1841	"2019-10-17 11:34:34.175"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	14200	1841	"2019-10-17 11:34:34.287"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	14200	1841	"2019-10-17 11:34:34.288"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	10652	1841	"2019-10-17 11:34:34.444"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	10652	1841	"2019-10-17 11:34:34.444"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	14200	1842	"2019-10-17 11:34:54.129"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	10164	1842	"2019-10-17 11:34:54.290"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	10164	1842	"2019-10-17 11:34:54.290"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	14200	1842	"2019-10-17 11:34:54.441"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	14200	1842	"2019-10-17 11:34:54.441"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	14200	1845	"2019-10-17 11:35:14.142"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	13888	1845	"2019-10-17 11:35:14.255"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	13888	1845	"2019-10-17 11:35:14.255"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	14200	1845	"2019-10-17 11:35:14.373"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	14200	1845	"2019-10-17 11:35:14.373"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	14200	1848	"2019-10-17 11:35:34.140"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	13888	1848	"2019-10-17 11:35:34.744"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	13888	1848	"2019-10-17 11:35:34.745"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	14200	1848	"2019-10-17 11:35:34.884"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	14200	1848	"2019-10-17 11:35:34.885"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	14200	1849	"2019-10-17 11:35:55.171"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	13888	1849	"2019-10-17 11:35:55.282"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	13888	1849	"2019-10-17 11:35:55.282"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	14200	1849	"2019-10-17 11:35:55.401"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	14200	1849	"2019-10-17 11:35:55.402"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	14200	1850	"2019-10-17 11:36:15.190"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	10164	1850	"2019-10-17 11:36:15.343"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	10164	1850	"2019-10-17 11:36:15.344"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	13888	1850	"2019-10-17 11:36:15.526"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	13888	1850	"2019-10-17 11:36:15.527"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	14200	1851	"2019-10-17 11:36:35.146"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	13888	1851	"2019-10-17 11:36:36.106"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	13888	1851	"2019-10-17 11:36:36.107"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	14200	1851	"2019-10-17 11:36:38.431"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"
"SMTPD"	14200	1851	"2019-10-17 11:36:38.431"	"200.0.0.103"	"SENT: 530 A SSL/TLS-connection is required for authentication."
"SMTPD"	14200	1853	"2019-10-17 11:36:58.140"	"200.0.0.103"	"SENT: 220 mail.domain.com"
"SMTPD"	13888	1853	"2019-10-17 11:36:58.267"	"200.0.0.103"	"RECEIVED: EHLO ylmf-pc"
"SMTPD"	13888	1853	"2019-10-17 11:36:58.267"	"200.0.0.103"	"SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD"	14200	1853	"2019-10-17 11:36:58.383"	"200.0.0.103"	"RECEIVED: AUTH LOGIN"

User avatar
jimimaseye
Moderator
Moderator
Posts: 8157
Joined: 2011-09-08 17:48

Re: Configure Server properly - Blacklisted by spamhouse

Post by jimimaseye » 2019-10-17 10:46

They are spam bots. Everyone has them. The problem here is that you cannot ban them to stop them because all incoming connections are being registered as your gateway address. (This is not normal. Figure out why your gateway isn't simply forwarding port 25 smtp requests).

[Entered by mobile. Excuse my spelling.]
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

ashtec014
New user
New user
Posts: 22
Joined: 2019-09-05 11:56

Re: Configure Server properly - Blacklisted by spamhouse

Post by ashtec014 » 2019-10-17 10:59

jimimaseye wrote:
2019-10-17 10:46
They are spam bots. Everyone has them. The problem here is that you cannot ban them to stop them because all incoming connections are being registered as your gateway address. (This is not normal. Figure out why your gateway isn't simply forwarding port 25 smtp requests).

[Entered by mobile. Excuse my spelling.]
I'm gonna ask our network admin about this "(This is not normal. Figure out why your gateway isn't simply forwarding port 25 smtp requests)."
I've checked our static IP if it is blacklisted using https://mxtoolbox.com and Yes, it is blacklisted again by MAILSPIKE. I've also checked using spamhouse and for now it is not yet there. We will observe today after these changes and get back to you with an update. Again, thank you so much for all your help. I really appreciate it.

User avatar
mattg
Moderator
Moderator
Posts: 20231
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Configure Server properly - Blacklisted by spamhouse

Post by mattg » 2019-10-17 11:41

jimimaseye wrote:
2019-10-17 10:46
(This is not normal. Figure out why your gateway isn't simply forwarding port 25 smtp requests).
This is often because the router is 'inspecting' smtp mail with an Antivirus or as an edge device...

I'm guessing that because you keep getting blacklisted that you have a bot on your network that is using your router to send via your hmailserver. or perhaps the router is poorly configured and allowing bots to connect externally and then sends all requests to your hmailserver for processing, and then not blocking this outgoing spam
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

ashtec014
New user
New user
Posts: 22
Joined: 2019-09-05 11:56

Re: Configure Server properly - Blacklisted by spamhouse

Post by ashtec014 » 2019-10-17 12:42

mattg wrote:
2019-10-17 11:41
jimimaseye wrote:
2019-10-17 10:46
(This is not normal. Figure out why your gateway isn't simply forwarding port 25 smtp requests).
This is often because the router is 'inspecting' smtp mail with an Antivirus or as an edge device...

I'm guessing that because you keep getting blacklisted that you have a bot on your network that is using your router to send via your hmailserver. or perhaps the router is poorly configured and allowing bots to connect externally and then sends all requests to your hmailserver for processing, and then not blocking this outgoing spam
Hi Matt, I relayed this over to our network admin to review the firewall configurations. It could be something in there. Thank you for your help. I appreciate it.

Now, I got too many logs from this bots.

"SMTPD" 13720 79 "2019-10-17 13:39:29.011" "200.0.0.103" "SENT: 220 mail.domain.com"
"SMTPD" 11896 79 "2019-10-17 13:39:29.527" "200.0.0.103" "RECEIVED: EHLO [45.82.153.131]"
"SMTPD" 11896 79 "2019-10-17 13:39:29.527" "200.0.0.103" "SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD" 13720 79 "2019-10-17 13:39:30.068" "200.0.0.103" "RECEIVED: AUTH PLAIN"
"SMTPD" 13720 79 "2019-10-17 13:39:30.069" "200.0.0.103" "SENT: 334 Log on"
"SMTPD" 11952 79 "2019-10-17 13:39:30.488" "200.0.0.103" "RECEIVED: aly@rfpb.com ***"
"SMTPD" 11952 79 "2019-10-17 13:39:30.490" "200.0.0.103" "SENT: 535 Authentication failed. Too many invalid logon attempts."
"SMTPD" 11952 110 "2019-10-17 13:39:31.422" "200.0.0.103" "SENT: 220 mail.domain.com"
"SMTPD" 11896 110 "2019-10-17 13:39:31.855" "200.0.0.103" "RECEIVED: EHLO [45.82.153.131]"
"SMTPD" 11896 110 "2019-10-17 13:39:31.855" "200.0.0.103" "SENT: 250-mail.domain.com[nl]250-SIZE 20480000[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD" 11952 110 "2019-10-17 13:39:32.278" "200.0.0.103" "RECEIVED: AUTH PLAIN"
"SMTPD" 11952 110 "2019-10-17 13:39:32.279" "200.0.0.103" "SENT: 334 Log on"
"SMTPD" 11896 110 "2019-10-17 13:39:32.585" "200.0.0.103" "RECEIVED: aly ***"

tolberjj
New user
New user
Posts: 12
Joined: 2019-10-15 20:09

Re: Configure Server properly - Blacklisted by spamhouse

Post by tolberjj » 2019-10-17 14:41

This ticket almost needs to be split into 2. There's the internal configuration part of your hmailserver, and there's the blacklist part. They may not be related in any way (but it's possible they are). Playing 52 card pickup with your mail server will likely make things worse, not better, at least in my experience.

You can get on blacklists by sending bulk mail improperly
You can get on blacklists by 1 user sending an email to a spam trap/honeypot due to a typo.
You can get on blacklists by having a compromised IOT coffepot in your network.
You can get blacklisted by a user sending a virus to their friend.
You can get blacklisted by having an open relay on your network you didn't even know existed, and NAT hides the actual IP. (This happened to me, it was ugly, I cursed, I found the issue, I recovered)
You can get blacklisted by your marketing department using things like constant contact.
Your domain can get blacklisted.
Your ip can get blacklisted.
Your ISP can get blacklisted because of the guy in the cabinet next to you in the datacenter.
Some users think it's funny to press the spam button in their email client.


Many blacklist providers will tell you nearly exactly why you are blacklisted, others are a little tougher.

I'd start here, but there's dozens if not hundreds of similar resources:
http://multirbl.valli.org/lookup/

Check your domain multiple ways (domain, ip's, server names) but start with domain. Leave each run open in a new tab so you don't have to re-run it again.

Go to the blacklist site linked on every row that's an issue, and most have an information page as to why you were blacklisted, and when. If it's due to an email, some will show you a snippet of the headers of the offending email, and perhaps even some of the subject/body. As annoying as they can be (SORBS), most are there to make the internet a better and safer place and have to tools to allow you to do so. They want you to be removed, as much as it sometimes feels they don't.

DO NOT REQUEST REMOVAL FROM BLACKLISTS until you find the ACTUAL problem, and fix the ACTUAL problem. You need to be 100% sure, and be prepared to document that "Mary" had "this" virus, on "this" device from *this* date until *that* date. You've taken action X to remove the virus, and action Y to ensure that no other device can be compromised in a similar way. Some blacklists are bots are as simple as "enter your IP and check the box" to be removed. Some you need to write an apology letter to an actual person.

You only get so many shots at removal. If you have a bot on your network and it's still there, you will go right back on, and your ban will be longer. Some have in instant removal option for first time offenders. When you go back on it's 7 days, 3rd offense 30, 4th offense is 1 year. Some are less tolerant.

ashtec014
New user
New user
Posts: 22
Joined: 2019-09-05 11:56

Re: Configure Server properly - Blacklisted by spamhouse

Post by ashtec014 » 2019-11-02 11:14

Hi Everyone,

I would like to give you an update about my hmailserver issue. After communicating with our network admin who manage our network firewall, we were able to fix the issue. It has something to do with the firewall configurations/policy/routing profiles. Basically, there was a botnet running in one of user PC connected to the network that keep using our IP to send spam outside the network and that is the reason why spamhouse keep blocking our IP.

I would like to express my appreciation to all of you guys helped me with the correct settings/configurations/tips, otherwise I would never have been able to solve the problem.

Thank you.

Post Reply