Page 1 of 1

Ip Ranges - Internet config

Posted: 2020-01-08 13:43
by eliassal
I have a question about the default configuration in the IP Ranges for internet
Lower 0.0.0.0 Upper 255.255.255.255
which I understand that any IP on earth can use this mail server.

Since I opened smtp and POP3 ports on the firewall, I started seeing the following log in hMailserver
"TCPIP" 156 "2020-01-07 12:18:47.254" "TCP - 45.148.10.151 connected to 192.168.10.34:25."
"DEBUG" 156 "2020-01-07 12:18:47.254" "Client connection from 45.148.10.151 was not accepted. Blocked either by IP range or by connection limit."
"DEBUG" 156 "2020-01-07 12:18:47.254" "Ending session 172"
"DEBUG" 156 "2020-01-07 12:18:47.347" "Creating session 174"
"TCPIP" 156 "2020-01-07 12:18:47.348" "TCP - 45.148.10.151 connected to 192.168.10.34:25."
Of course I right away blacklisted the IP in the firewall, my question is what made hMailserver refuse the connection and what measures should be implemented on my hMailServer? is it possible to have alerts when this thing happen again from other IPs?

Re: Ip Ranges - Internet config

Posted: 2020-01-08 14:16
by eliassal
subscribed to notification

Re: Ip Ranges - Internet config

Posted: 2020-01-08 16:24
by palinka
It means the connection was rejected by autoban.

Re: Ip Ranges - Internet config

Posted: 2020-01-08 16:42
by mattg
Autoban is NOT turned on be default
Autoban is caused by multiple incorrect guesses at passwords

You could script to be notified, but seriously on my VERY locked down system, there is a new ip about 15 times per day

Welcome to the internet

Re: Ip Ranges - Internet config

Posted: 2020-01-08 17:03
by eliassal
Thanks no script available to use? if I should write 1, where it should located and its name?

Re: Ip Ranges - Internet config

Posted: 2020-01-08 23:50
by mattg
How to >> https://www.hmailserver.com/documentati ... ce_scripts

A heap of script samples >> https://www.hmailserver.com/forum/viewforum.php?f=9
I don't remember one that does exactly this though

Re: Ip Ranges - Internet config

Posted: 2020-01-09 01:13
by palinka
If you're using hmailserver 5.7, then you can use OnClientLogon to trigger failed logons (which trigger autobans).

Code: Select all

Function Lookup(strRegEx, strMatch) : Lookup = False
   With CreateObject("VBScript.RegExp")
      .Pattern = strRegEx
      .Global = False
      .MultiLine = True
      .IgnoreCase = True
      If .Test(strMatch) Then Lookup = True
   End With
End Function

Function NotifyFailedLogon(xUserName, xIPAddress)
	Dim oMessage 
	Set oMessage = CreateObject("hMailServer.Message")
	oMessage.From = "Notifier <notify@mydomain.com>"
	oMessage.FromAddress = "notify@mydomain.com" 
	oMessage.Subject = "Failed Logon" 
	oMessage.AddRecipient "My Name", "myname@mydomain.com"
	oMessage.Body = "Failed Logon at for user " & xUserName & " from IP: " & xIPAddress
	oMessage.Save 
End Function

Sub OnClientLogon(oClient)
	If oClient.Authenticated Then
		' YAY!
	Else
		strRegEx = "@mydomain1.com|@mydomain2.com|@mydomain3.com"
		If Lookup(strRegEx, oClient.Username) Then
			Call SendSMS(SMSNumber, sMSG)
		End If
		Call NotifyFailedLogon(oClient.Username, oClient.IPAddress)
	End if
End Sub

Re: Ip Ranges - Internet config

Posted: 2020-01-09 02:02
by palinka
Oops... Remnants from my own OnClientLogon. Fixed here.

Code: Select all

Sub OnClientLogon(oClient)
	If oClient.Authenticated Then
		' YAY!
	Else
		Dim strRegEx : strRegEx = "@mydomain1.com|@mydomain2.com|@mydomain3.com"
		If Lookup(strRegEx, oClient.Username) Then
			Call NotifyFailedLogon(oClient.Username, oClient.IPAddress)
		End If
	End if
End Sub
Or....

Code: Select all

Sub OnClientLogon(oClient)
	If NOT oClient.Authenticated Then 
		Dim strRegEx : strRegEx = "@mydomain1.com|@mydomain2.com|@mydomain3.com"
		If Lookup(strRegEx, oClient.Username) Then
			Call NotifyFailedLogon(oClient.Username, oClient.IPAddress)
		End If
	End if
End Sub