Ip Ranges - Internet config

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
eliassal
Normal user
Normal user
Posts: 221
Joined: 2010-08-15 18:05
Contact:

Ip Ranges - Internet config

Post by eliassal » 2020-01-08 13:43

I have a question about the default configuration in the IP Ranges for internet
Lower 0.0.0.0 Upper 255.255.255.255
which I understand that any IP on earth can use this mail server.

Since I opened smtp and POP3 ports on the firewall, I started seeing the following log in hMailserver
"TCPIP" 156 "2020-01-07 12:18:47.254" "TCP - 45.148.10.151 connected to 192.168.10.34:25."
"DEBUG" 156 "2020-01-07 12:18:47.254" "Client connection from 45.148.10.151 was not accepted. Blocked either by IP range or by connection limit."
"DEBUG" 156 "2020-01-07 12:18:47.254" "Ending session 172"
"DEBUG" 156 "2020-01-07 12:18:47.347" "Creating session 174"
"TCPIP" 156 "2020-01-07 12:18:47.348" "TCP - 45.148.10.151 connected to 192.168.10.34:25."
Of course I right away blacklisted the IP in the firewall, my question is what made hMailserver refuse the connection and what measures should be implemented on my hMailServer? is it possible to have alerts when this thing happen again from other IPs?

eliassal
Normal user
Normal user
Posts: 221
Joined: 2010-08-15 18:05
Contact:

Re: Ip Ranges - Internet config

Post by eliassal » 2020-01-08 14:16

subscribed to notification

palinka
Senior user
Senior user
Posts: 1737
Joined: 2017-09-12 17:57

Re: Ip Ranges - Internet config

Post by palinka » 2020-01-08 16:24

It means the connection was rejected by autoban.

User avatar
mattg
Moderator
Moderator
Posts: 20634
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Ip Ranges - Internet config

Post by mattg » 2020-01-08 16:42

Autoban is NOT turned on be default
Autoban is caused by multiple incorrect guesses at passwords

You could script to be notified, but seriously on my VERY locked down system, there is a new ip about 15 times per day

Welcome to the internet
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

eliassal
Normal user
Normal user
Posts: 221
Joined: 2010-08-15 18:05
Contact:

Re: Ip Ranges - Internet config

Post by eliassal » 2020-01-08 17:03

Thanks no script available to use? if I should write 1, where it should located and its name?

User avatar
mattg
Moderator
Moderator
Posts: 20634
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Ip Ranges - Internet config

Post by mattg » 2020-01-08 23:50

How to >> https://www.hmailserver.com/documentati ... ce_scripts

A heap of script samples >> https://www.hmailserver.com/forum/viewforum.php?f=9
I don't remember one that does exactly this though
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

palinka
Senior user
Senior user
Posts: 1737
Joined: 2017-09-12 17:57

Re: Ip Ranges - Internet config

Post by palinka » 2020-01-09 01:13

If you're using hmailserver 5.7, then you can use OnClientLogon to trigger failed logons (which trigger autobans).

Code: Select all

Function Lookup(strRegEx, strMatch) : Lookup = False
   With CreateObject("VBScript.RegExp")
      .Pattern = strRegEx
      .Global = False
      .MultiLine = True
      .IgnoreCase = True
      If .Test(strMatch) Then Lookup = True
   End With
End Function

Function NotifyFailedLogon(xUserName, xIPAddress)
	Dim oMessage 
	Set oMessage = CreateObject("hMailServer.Message")
	oMessage.From = "Notifier <notify@mydomain.com>"
	oMessage.FromAddress = "notify@mydomain.com" 
	oMessage.Subject = "Failed Logon" 
	oMessage.AddRecipient "My Name", "myname@mydomain.com"
	oMessage.Body = "Failed Logon at for user " & xUserName & " from IP: " & xIPAddress
	oMessage.Save 
End Function

Sub OnClientLogon(oClient)
	If oClient.Authenticated Then
		' YAY!
	Else
		strRegEx = "@mydomain1.com|@mydomain2.com|@mydomain3.com"
		If Lookup(strRegEx, oClient.Username) Then
			Call SendSMS(SMSNumber, sMSG)
		End If
		Call NotifyFailedLogon(oClient.Username, oClient.IPAddress)
	End if
End Sub

palinka
Senior user
Senior user
Posts: 1737
Joined: 2017-09-12 17:57

Re: Ip Ranges - Internet config

Post by palinka » 2020-01-09 02:02

Oops... Remnants from my own OnClientLogon. Fixed here.

Code: Select all

Sub OnClientLogon(oClient)
	If oClient.Authenticated Then
		' YAY!
	Else
		Dim strRegEx : strRegEx = "@mydomain1.com|@mydomain2.com|@mydomain3.com"
		If Lookup(strRegEx, oClient.Username) Then
			Call NotifyFailedLogon(oClient.Username, oClient.IPAddress)
		End If
	End if
End Sub
Or....

Code: Select all

Sub OnClientLogon(oClient)
	If NOT oClient.Authenticated Then 
		Dim strRegEx : strRegEx = "@mydomain1.com|@mydomain2.com|@mydomain3.com"
		If Lookup(strRegEx, oClient.Username) Then
			Call NotifyFailedLogon(oClient.Username, oClient.IPAddress)
		End If
	End if
End Sub

Post Reply