Block IPs

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
eliassal
Normal user
Normal user
Posts: 221
Joined: 2010-08-15 18:05
Contact:

Re: Block IPs

Post by eliassal » 2020-03-04 21:12

max IPs added in a single day = 8 x 1.2 = 9.6 rounded to nearest 10 = 10
max IPs blocked in a single day = 11 x 1.2 = 13.2 rounded to nearest 10 = 10
max total blocks in a single day = ~ 5900 x 1.2 = 7080 rounded to nearest 1000 = 7000
another question, what is the reason you chose to divide by 1.2 ? any scientific or programming constraints

eliassal
Normal user
Normal user
Posts: 221
Joined: 2010-08-15 18:05
Contact:

Re: Block IPs

Post by eliassal » 2020-03-04 21:44

Because there are two for each dial: today's data and max data

the other 2 diq...don't the issue of group by

palinka
Senior user
Senior user
Posts: 2178
Joined: 2017-09-12 17:57

Re: Block IPs

Post by palinka » 2020-03-04 22:13

eliassal wrote:
2020-03-04 21:12
max IPs added in a single day = 8 x 1.2 = 9.6 rounded to nearest 10 = 10
max IPs blocked in a single day = 11 x 1.2 = 13.2 rounded to nearest 10 = 10
max total blocks in a single day = ~ 5900 x 1.2 = 7080 rounded to nearest 1000 = 7000
another question, what is the reason you chose to divide by 1.2 ? any scientific or programming constraints
Nothing scientific. I wanted the red/yellow line to be 100%. I could have assigned the query to be 100% and then multiplied that by 1.2 to get to 120% (red line max). Its just the way I chose to do it. I wanted red to be record breaking, so its obvious.

eliassal
Normal user
Normal user
Posts: 221
Joined: 2010-08-15 18:05
Contact:

Re: Block IPs

Post by eliassal » 2020-03-05 19:45

I have port 25 and 465 open and DisableAUTHList=25. My users use 465 (SSL) to send and I receive (external-to-local) on port 25.
I am trying to follow your recommendation and try to make all internal users use port 465 or 587 with a Certificate.
The account I use to configure outlook works fine and can send emails through port 587 and receive at port 995 m I remember at first connection i was asked if i accept the certificate and i did.

The other users, one of them is a user I configured for sqlserver to send and receive. With port 25 and 110, it works fine but when I configure sending to port 465 or 487, TLS/SSL shakehands always fails. I eveny took the .crt file certificate and installed it on the sql but no way. Hre is the error I am getting
"TCPIP" 5640 "2020-03-05 18:18:30.650" "TCP - mysqlip connected to my hMailServerIP:587."
"DEBUG" 5640 "2020-03-05 18:18:30.665" "Executing event OnClientConnect"
"DEBUG" 5640 "2020-03-05 18:18:30.681" "Event completed"
"DEBUG" 5640 "2020-03-05 18:18:30.681" "TCP connection started for session 250"
"DEBUG" 5640 "2020-03-05 18:18:30.681" "Performing SSL/TLS handshake for session 250. Verify certificate: False"
"TCPIP" 2664 "2020-03-05 18:18:30.681" "TCPConnection - TLS/SSL handshake failed. Session Id: 250, Remote IP: mysqlip, Error code: 335544539, Message: short read"
"DEBUG" 2664 "2020-03-05 18:18:30.681" "Ending session 250"
or
"TCPIP" 5640 "2020-03-05 18:24:41.893" "TCP - mysqlip connected to hMailServerIP:465."
"DEBUG" 5640 "2020-03-05 18:24:41.898" "Executing event OnClientConnect"
"DEBUG" 5640 "2020-03-05 18:24:41.898" "Event completed"
"DEBUG" 5640 "2020-03-05 18:24:41.898" "TCP connection started for session 270"
"DEBUG" 5640 "2020-03-05 18:24:41.914" "Performing SSL/TLS handshake for session 270. Verify certificate: False"
"TCPIP" 5640 "2020-03-05 18:25:01.732" "TCPConnection - TLS/SSL handshake failed. Session Id: 268, Remote IP: mysqlip, Error code: 335544539, Message: short read"
"DEBUG" 5640 "2020-03-05 18:25:01.732" "Ending session 268"
"TCPIP" 2664 "2020-03-05 18:25:25.081" "TCPConnection - TLS/SSL handshake failed. Session Id: 270, Remote IP: mysqlip.69, Error code: 335544539, Message: short read"
"DEBUG" 2664 "2020-03-05 18:25:25.081" "Ending session 270"

palinka
Senior user
Senior user
Posts: 2178
Joined: 2017-09-12 17:57

Re: Block IPs

Post by palinka » 2020-03-05 20:34

Use port 587 with starttls set to OPTIONAL.

Is the sql server in your LAN or outside? If inside, encryption is not really necessary unless you put your unsecured open wifi on the same subnet, which you surely didn't, did you? :mrgreen:

eliassal
Normal user
Normal user
Posts: 221
Joined: 2010-08-15 18:05
Contact:

Re: Block IPs

Post by eliassal » 2020-03-05 21:13

Use port 587 with starttls set to OPTIONAL.
I really have no idea what starttls is :lol: , are there steps to follow as TLS and creating certificates
Is the sql server in your LAN or outside? If inside, encryption is not really necessary unless you put your unsecured open wifi on the same subnet, which you surely didn't, did you? :mrgreen:
My wifi is secure and have a guest wifi also secured with key and isolated from my internal network, but the other wifi is on the same subnet as sql

Sometimes when I am in another country, I need to use the email to send and receive, that I why I need to use certificates

palinka
Senior user
Senior user
Posts: 2178
Joined: 2017-09-12 17:57

Re: Block IPs

Post by palinka » 2020-03-05 22:56

eliassal wrote:
2020-03-05 21:13
I really have no idea what starttls is :lol: , are there steps to follow as TLS and creating certificates
Look in the tutorials section.

Also, run this and post the results: https://www.hmailserver.com/forum/viewt ... 20&t=30914

I think the problem is on your client's end. Best way to deal with that is to not attempt to connect with tls.

eliassal
Normal user
Normal user
Posts: 221
Joined: 2010-08-15 18:05
Contact:

Re: Block IPs

Post by eliassal » 2020-03-05 23:29

Here you go the config settings

Code: Select all

2020-03-05   Hmailserver: 5.6.6-B2383

DOMAINS

   "Domain1.com" - prxxxxxxxxxxx.saxxx.net        Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: False   Max size:                0   Enabled: False   
                   Max message size:        0                      Plus addressing: False
                   Max size of accounts:    0                    
                                                                   Greylisting:     False

   "Domain2.com" - saxxx.hd.frxx.fr               Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: False   Max size:                0   Enabled: True    
                   Max message size:        0   Header:   Relaxed  Plus addressing: False
                   Max size of accounts:    0   Body:     Relaxed
                                                Algorithm: SHA256  Greylisting:     False
                                                Private key: c:\program files (x86)\hmailserver\data\Domain2.com\dkim.Domain2.com.pem
                                                Selector:    dkim
-----------------------------------------------------------------------------------------------

GLOBAL RULES
  1, mboconnect2019@hotmail.com   Criteria:  Use AND
             From                      Equals          mboconnect2019@hotmail.com
                                  -----Actions-----
             Delete
 ---------------------------------------------------------------------
  2, evil9dead@hotmail.com        Criteria:  Use AND
             From                      Equals          evil9dead@hotmail.com
                                  -----Actions-----
             Delete
 ---------------------------------------------------------------------
  3, spameri@tiscali.it           Criteria:  Use AND
             From                      Equals          spameri@tiscali.it
                                  -----Actions-----
             Delete
-----------------------------------------------------------------------------------------------

IP RANGES

IP: 127.0.0.1 - 127.0.0.1     Priority: 15     Name: myserver.mynetwork.net

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External - False           


IP: 0.0.0.0 - 255.255.255.255     Priority: 10     Name: Internet

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True
     IMAP:  False                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External - False           


------------------------------------------------------
AUTOBANNED Local Addresses:
    No entries

-----------------------------------------------------------------------------------------------

AUTOBAN
  Autoban Enabled: True       Max invalid logon attempts:      6
                              Minutes Before Reset:            5  (0.08 hours, 0.00 days)
                              Minutes to Autoban:              5  (0.08 hours, 0.00 days)

No problems were found in the IP range configuration.
-----------------------------------------------------------------------------------------------

INCOMING RELAYS
                    xxx.xxx.x.14     -   xxx.xxx.x.14 
-----------------------------------------------------------------------------------------------

MIRRORING         Disabled
-----------------------------------------------------------------------------------------------

PROTOCOLS

SMTP
GENERAL             DELIVERY                  RFC COMPLIANCE            ADVANCED
No. Connections:  0  No Retries:  4 Mins: 60   Plain Text:        False  Bind: 
                     Host: Domain1.com         Empty sender:       True  Batch recipients:   100
Max Msg Size: 20480  Relay:-                   Incorrect endings:  True  Use STARTTLS:      True
                     (none entered)            Disc. on invalid:  False  Delivered-To hdr: False
                                                                         Loop limit:           5
                                                                         Recipient hosts:     15
  Routes:
     No routes defined.

POP3
  No. Connections: 0

IMAP
 GENERAL                   PUBLIC FOLDERS                    ADVANCED
  No. Connections:   0      Public folder name: #Public       IMAP sort:  True
                                                              IMAP Quota: True
                                                              IMAP Idle:  True
                                                              IMAP ACL:   True
                                                              Delim: "."
-----------------------------------------------------------------------------------------------

ANTISPAM

GENERAL                              SPAM TESTS              Score   SPAMASSASSIN
  Spam Mark:                  5       Use SPF:            True - 3    Use Spamassassin:    True
  Add X-HmailServer-Spam:     True    Check HELO host:   False        Hostname:       127.0.0.1
  Add X-HmailServer-Reason:   True    Check MX records:   True - 2    Port:                 783
  Add X-HmailServer-Subject:  True    Verify DKIM:        True - 5    Use SA score: False -   5
              Subject Text: "[SPAM]"
  Spam delete threshold: 20         Maximum message size: 1024

DNSBL ENTRIES:
                  zen.spamhaus.org      Score: 3     Result: 127.0.0.2-8|127.0.0.10-11
                    bl.spamcop.net      Score: 3     Result: 127.0.0.4
            b.barracudacentral.org      Score: 0     Result: 127.0.0.2

SURBL ENTRIES:
   No 'enabled' entries

GREYLISTING:
  Greylisting:   True       Defer mins: 30       Days Unused: 1      Days Used: 36
                            Bypass SPF: True     Bypass A/MX: False

Greylist WHITELIST ENTRIES:
   No entries

Greylist DOMAINS enabled:
  !! No active domains enabled - GREYLISTING INEFFECTIVE !!

WHITELISTING
   No entries
-----------------------------------------------------------------------------------------------

ANTIVIRUS

GENERAL:
  When found - Delete email. Notify Sender: False,  Notify Receiver: True

  Max Message Size: 0
     CLAM AV:   True       Hostname: localhost    Port: 3310
     CLAMWIN:   False
     CUSTOMAV:  False

  Block Attachments: True
               *.bat             Batch processing file
               *.cmd             Command file for Windows NT
               *.com             Command
               *.cpl             Windows Control Panel extension
               *.csh             CSH script
               *.exe             Executable file
               *.inf             Setup file
               *.lnk             Windows link file
               *.msi             Windows Installer file
               *.msp             Windows Installer patch
               *.reg             Registration key
               *.scf             Windows Explorer command
               *.scr             Windows Screen saver
-----------------------------------------------------------------------------------------------

SSL CERTIFICATES
   FromFedoraFeb142020
       Certificate: C:\Program Files (x86)\hMailServer\Certificates\Domain2.com.crt
       Private key: C:\Program Files (x86)\hMailServer\Certificates\Domain2.com.key
-----------------------------------------------------------------------------------------------

SSL/TLS
             SSL 3.0 :  False
             TLS 1.0 :   True
             TLS 1.1 :   True
             TLS 1.2 :   True                Verify Remote SSL/TLS Certs:   True
SslCipherList  :

ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256   - ECDHE-RSA-AES256-GCM-SHA384     
ECDHE-ECDSA-AES256-GCM-SHA384   - DHE-RSA-AES128-GCM-SHA256       - DHE-DSS-AES128-GCM-SHA256       
kEDH+AESGCM                     - ECDHE-RSA-AES128-SHA256         - ECDHE-ECDSA-AES128-SHA256       
ECDHE-RSA-AES128-SHA            - ECDHE-ECDSA-AES128-SHA          - ECDHE-RSA-AES256-SHA384         
ECDHE-ECDSA-AES256-SHA384       - ECDHE-RSA-AES256-SHA            - ECDHE-ECDSA-AES256-SHA          
DHE-RSA-AES128-SHA256           - DHE-RSA-AES128-SHA              - DHE-DSS-AES128-SHA256           
DHE-RSA-AES256-SHA256           - DHE-DSS-AES256-SHA              - DHE-RSA-AES256-SHA              
AES128-GCM-SHA256               - AES256-GCM-SHA384               - ECDHE-RSA-RC4-SHA               
ECDHE-ECDSA-RC4-SHA             - AES128                          - AES256                          
RC4-SHA                         - HIGH                            - !aNULL                          
!eNULL                          - !EXPORT                         - !DES                            
!3DES                           - !MD5                            - !PSK;                           
-----------------------------------------------------------------------------------------------

TCPIP PORTS                                         Connection Sec
               xxx.xxx.x.34    / 25    / SMTP   -   None                
               xxx.xxx.x.34    / 110   / POP3   -   None                
               xxx.xxx.x.34    / 143   / IMAP   -   None                
               xxx.xxx.x.34    / 465   / SMTP   -   SSL/TLS             Cert: FromFedoraFeb142020
               xxx.xxx.x.34    / 587   / SMTP   -   SSL/TLS             Cert: FromFedoraFeb142020
               xxx.xxx.x.34    / 995   / POP3   -   SSL/TLS             Cert: FromFedoraFeb142020
-----------------------------------------------------------------------------------------------

LOGGING      Logging Enabled: True

  Paths:-
    Current:  C:\Program Files (x86)\hMailServer\Logs\hmailserver_2020-03-05.log
    Error:    C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2020-03-05.log - !! ERRORS PRESENT !!
    Event:    C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Not present
    Awstats:  C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
                        APPLICATION -    True
                        SMTP        -    True
                        POP3        -    True
                        IMAP        -    True
                        TCPIP       -    True
                        DEBUG       -    True
                        AWSTATS     -    True
-----------------------------------------------------------------------------------------------

SYSTEM TESTS

Database type: MSSQL

IPv6 support is available in operating system.

Backup directory E:\hMailServerBackup is writable.

Relative message paths are stored in the database for all messages.

-----------------------------------------------------------------------------------------------

HMAILSERVER.INI

[Directories]
Program folder:  C:\Program Files (x86)\hMailServer\
Database folder: 
Data folder:     C:\Program Files (x86)\hMailServer\Data
Log folder:      C:\Program Files (x86)\hMailServer\Logs
Temp folder:     C:\Program Files (x86)\hMailServer\Temp
Event folder:    C:\Program Files (x86)\hMailServer\Events

[Database]
Type=              MSSQL
Username=           
PasswordEncryption=1
Port=              0
Server=            SQL2K12\SC2K12
Internal=          0
-----------------------------------------------------------------------------------------------

Generated by HMSSettingsDiagnostics v1.98, Hmailserver Forum.

eliassal
Normal user
Normal user
Posts: 221
Joined: 2010-08-15 18:05
Contact:

Re: Block IPs

Post by eliassal » 2020-03-05 23:46

Use port 587 with starttls set to OPTIONAL.
I did but outlook client was not able to connect, switched back to ssl/tls

User avatar
jimimaseye
Moderator
Moderator
Posts: 8777
Joined: 2011-09-08 17:48

Re: Block IPs

Post by jimimaseye » 2020-03-06 00:24

What's in this:

Code: Select all

Error: C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2020-03-05.log - !! ERRORS PRESENT 
[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 21106
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Block IPs

Post by mattg » 2020-03-06 01:27

eliassal wrote:
2020-03-05 23:46
Use port 587 with starttls set to OPTIONAL.
I did but outlook client was not able to connect, switched back to ssl/tls
I'd use StartTLS is REQUIRED for port 587

Outlook may call starttls something different - depending on version they may call it TLS, with SSL being a separate option.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

palinka
Senior user
Senior user
Posts: 2178
Joined: 2017-09-12 17:57

Re: Block IPs

Post by palinka » 2020-03-06 01:34

mattg wrote:
2020-03-06 01:27
eliassal wrote:
2020-03-05 23:46
Use port 587 with starttls set to OPTIONAL.
I did but outlook client was not able to connect, switched back to ssl/tls
I'd use StartTLS is REQUIRED for port 587
I have mine set to optional with "require ssl/tls for authentication" on the internet IP range. Its a happy medium.

User avatar
mattg
Moderator
Moderator
Posts: 21106
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Block IPs

Post by mattg » 2020-03-06 01:42

The ONLY StartTLS optional that I have is port 25

All of my other StartTLS ports are StartTLS required, and all but a specific LAN IP address are set to 'Require SSL/TLS for AUTH'.

I also only allow TLSv1.2 and TLSv1.3 connections from a strict cipher list

I still get more than a dozen IPs a day that try and logon from international IP addresses on non-SMTP ports, ie trying to guess usernames and passwords via IMAP or POP ports
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

palinka
Senior user
Senior user
Posts: 2178
Joined: 2017-09-12 17:57

Re: Block IPs

Post by palinka » 2020-03-06 01:58

mattg wrote:
2020-03-06 01:42
The ONLY StartTLS optional that I have is port 25

All of my other StartTLS ports are StartTLS required, and all but a specific LAN IP address are set to 'Require SSL/TLS for AUTH'.

I also only allow TLSv1.2 and TLSv1.3 connections from a strict cipher list

I still get more than a dozen IPs a day that try and logon from international IP addresses on non-SMTP ports, ie trying to guess usernames and passwords via IMAP or POP ports
Then you force clients on localhost to encrypt?

My understanding is that 'Require SSL/TLS for AUTH' forces connection upgrade on AUTH, so it offers the same "protection" as TLS/SSL required. Is that not correct? I prefer to leave localhost without encryption because it unnecessarily complicates things.

User avatar
mattg
Moderator
Moderator
Posts: 21106
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Block IPs

Post by mattg » 2020-03-06 04:19

palinka wrote:
2020-03-06 01:58
Then you force clients on localhost to encrypt?
Yes I would if I had mail clients on the machine with hMailserver, but I don't now that I moved my webmail to my Ubuntu server

hMailserver is not installed on my daily use machine
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

palinka
Senior user
Senior user
Posts: 2178
Joined: 2017-09-12 17:57

Re: Block IPs

Post by palinka » 2020-03-06 04:22

mattg wrote:
2020-03-06 04:19
palinka wrote:
2020-03-06 01:58
Then you force clients on localhost to encrypt?
Yes I would if I had mail clients on the machine with hMailserver, but I don't now that I moved my webmail to my Ubuntu server

hMailserver is not installed on my daily use machine
Ah.. I was thinking more along the lines of scripting.

User avatar
mattg
Moderator
Moderator
Posts: 21106
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Block IPs

Post by mattg » 2020-03-06 06:17

My scripts don't use SMTP to AUTH

My hMailserver scripts directly run from either eventhandlers.vbs or as standalone vbs files called via scheduled tasks

Even when I send (from other servers) automated scripted messages via CDO or Mail.NET I send via SSL(or StartTLS) connections, whether I authenticate or not

What scripts do you do that you need to AUTH via SMTP (or IMAP or POP3)??
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

eliassal
Normal user
Normal user
Posts: 221
Joined: 2010-08-15 18:05
Contact:

Re: Block IPs

Post by eliassal » 2020-03-06 12:47

Nothing scientific. I wanted the red/yellow line to be 100%. I could have assigned the query to be 100% and then multiplied that by 1.2
I think I have discovered a bug. This morning, after all scripts run, all gauges displayed nothing as follows (which caught my attention).
Image

I chekced the script in chrome, I see

Code: Select all

['Bans', 0]]);var options = { width: 100, height: 100, min: 0, max: 10.0, redFrom: 8.3333333333333, redTo: 10.0, yellowFrom: 6.25, yellowTo: 8.3333333333333, 		minorTicks: 10
I banned explicitly an IP, refreshed index page, hop Gauge displayed as before with 1 IP banned. So it seems that if 0 banned IP gauge does not display anything, in chrome I had
Image

Code: Select all

['Bans', 1]]);var options = { width: 100, height: 100, min: 0, max: 10.0, redFrom: 8.3333333333333, redTo: 10.0, yellowFrom: 6.25, yellowTo: 8.3333333333333, 		minorTicks: 10
The only difference is ['Bans', 0]]) and ['Bans', 1]])

Please note theat the other 2 gauges are behaving in the same way, I will check later

palinka
Senior user
Senior user
Posts: 2178
Joined: 2017-09-12 17:57

Re: Block IPs

Post by palinka » 2020-03-06 13:17

mattg wrote:
2020-03-06 06:17
What scripts do you do that you need to AUTH via SMTP (or IMAP or POP3)??
I have a couple of powershell scripts that use the built in smtp client. But I've been playing with com objects in powershell lately and I could get around auth, I suppose.

Also webmail is on localhost.

I use SMS for most automated notifications.

Still, security-wise, is there a difference between the two scenarios? TLS mandatory vs optional with require TLS for auth?

palinka
Senior user
Senior user
Posts: 2178
Joined: 2017-09-12 17:57

Re: Block IPs

Post by palinka » 2020-03-06 13:23

eliassal wrote:
2020-03-06 12:47
Nothing scientific. I wanted the red/yellow line to be 100%. I could have assigned the query to be 100% and then multiplied that by 1.2
I think I have discovered a bug. This morning, after all scripts run, all gauges displayed nothing as follows (which caught my attention).
Image

I chekced the script in chrome, I see

Code: Select all

['Bans', 0]]);var options = { width: 100, height: 100, min: 0, max: 10.0, redFrom: 8.3333333333333, redTo: 10.0, yellowFrom: 6.25, yellowTo: 8.3333333333333, 		minorTicks: 10
I banned explicitly an IP, refreshed index page, hop Gauge displayed as before with 1 IP banned. So it seems that if 0 banned IP gauge does not display anything, in chrome I had
Image

Code: Select all

['Bans', 1]]);var options = { width: 100, height: 100, min: 0, max: 10.0, redFrom: 8.3333333333333, redTo: 10.0, yellowFrom: 6.25, yellowTo: 8.3333333333333, 		minorTicks: 10
The only difference is ['Bans', 0]]) and ['Bans', 1]])

Please note theat the other 2 gauges are behaving in the same way, I will check later
I never had 0 values (while I was awake to look). It turns over at midnight and there's always been a positive value when i look at it in the morning. I'll test it later with 0 hard-coded in and see what happens.

But I think if it's a bug, it's on Google's end - the code is producing the correct data.

palinka
Senior user
Senior user
Posts: 2178
Joined: 2017-09-12 17:57

Re: Block IPs

Post by palinka » 2020-03-06 14:21

Annotation 2020-03-06 071923.png
Hard coding 0 results in successful rendering.

Edit - also editing the query to search for nonexistent data produces a "0" because the query is to COUNT, which always results in an integer. So this also renders the dial appropriately with a 0.

eliassal
Normal user
Normal user
Posts: 221
Joined: 2010-08-15 18:05
Contact:

Re: Block IPs

Post by eliassal » 2020-03-06 14:56

What scripts do you do that you need to AUTH via SMTP (or IMAP or POP3)??
For the time being, it is Database Mail service in sql server, he only sends so no POP no IMAP. It is on a 2nd Vlan not the vlan where SQL server is

I have also powershell scripts, other services email like jenkins server....once I succed I need to modify all

eliassal
Normal user
Normal user
Posts: 221
Joined: 2010-08-15 18:05
Contact:

Re: Block IPs

Post by eliassal » 2020-03-06 14:59

Hard coding 0 results in successful rendering.

Well I don't know, mu indicator is that once there was 1 IP banned, gauge showed somehting
I can't say why neither

palinka
Senior user
Senior user
Posts: 2178
Joined: 2017-09-12 17:57

Re: Block IPs

Post by palinka » 2020-03-06 15:54

eliassal wrote:
2020-03-06 12:47

Code: Select all

['Bans', 0]]);var options = { width: 100, height: 100, min: 0, max: 10.0, redFrom: 8.3333333333333, redTo: 10.0, yellowFrom: 6.25, yellowTo: 8.3333333333333, 		minorTicks: 10
Looks good. Here's what I get in view-source. Looks the same.

Code: Select all

['Bans', 0]]);var options = { width: 100, height: 100, min: 0, max: 330, redFrom: 275, redTo: 330, yellowFrom: 206.25, yellowTo: 275, minorTicks: 10 };

eliassal
Normal user
Normal user
Posts: 221
Joined: 2010-08-15 18:05
Contact:

Re: Block IPs

Post by eliassal » 2020-03-06 18:02

OK, tell me how did you hard code so I will test again and see if this will happen again? in php pages?

palinka
Senior user
Senior user
Posts: 2178
Joined: 2017-09-12 17:57

Re: Block IPs

Post by palinka » 2020-03-06 18:49

eliassal wrote:
2020-03-06 18:02
OK, tell me how did you hard code so I will test again and see if this will happen again? in php pages?
Yes. In dialtodayshits.php:

Code: Select all

	echo "['Bans', ".$hits."]";
to:

Code: Select all

	echo "['Bans', 0]";
Or you could change the query for today to produce a nonexistent result:

Code: Select all

	//Get current (today's) bans
	$sql = $pdo->prepare("
		SELECT	
			COUNT(DISTINCT(ipaddress)) AS hits
		FROM hm_fwban
		WHERE ".DBCastDateTimeFieldAsDate('timestamp')." LIKE ".DBCastDateTimeFieldAsDate(DBGetCurrentDateTime())." AND country = 'foofoo'
	");

Post Reply