SMTP AUTH match sender address

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
mbreitba
Senior user
Senior user
Posts: 340
Joined: 2006-04-14 22:25

SMTP AUTH match sender address

Post by mbreitba » 2008-06-13 00:05

Is there any way to force the SMTP-AUTH username to be used as the "from" address on hmailserver? I'm asking because we've been seeing more and more customers with comprimised accounts sending emails with a from address of yahoo.com, gmail.com, etc. Sometimes it's all one username, sometimes they randomly generate the username. In any event, our mailservers are fast enough that they can puke messages in at an alarming rate, and without any easy way to filter the bogus emails, looking through a list of 40,000 messages to try and delete the SPAM before it gets sent sucks.

If I can force the SMTP AUTH username to be the "from" address, it'd at least be a little easier to clean up the crap afterwards.
hMailServer 4.4.2 B281 with external MSSQL 2005
Win 2003 SP1
IIS 6
PHP 4.4.2
SquirrelMail 1.4.8
SpamAssassin 3.2.4 and ClamAV .92 on Backend Ubuntu systems

^DooM^
Site Admin
Posts: 13862
Joined: 2005-07-29 16:18
Location: UK

Re: SMTP AUTH match sender address

Post by ^DooM^ » 2008-06-13 00:47

There are 2 scripts you can use.

First one denies any mail not sent from the authed domain (I currently use this)

Code: Select all

Sub OnAcceptMessage(oClient, oMessage)
    If oClient.Username <> "" Then
        dim authemail, authemail_value, fromemail, fromemail_value
        authemail = Split ( (oClient.Username) , "@" )
        authemail_value = authemail(1)

        fromemail = Split ( (oMessage.FromAddress) , "@" )
        fromemail_value = fromemail(1)

        If LCase(authemail_value) <> LCase(fromemail_value) Then
            Result.Value = 2
            Result.Message = "You are only allowed to send from your domain"
        End If
    End If
End Sub
Second one denies anything not from authed user@domain

Code: Select all

Sub OnAcceptMessage(oClient, oMessage)
   If oClient.Username <> "" Then
      If LCase(oClient.Username) <> LCase(oMessage.FromAddress) Then
         Result.Value = 2
         Result.Message = "You are only allowed to send from your own account"
      End If
   End If   
End Sub
I guess the second one would be less expensive on your servers and is what you are asking for.

Hope this helps.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

mbreitba
Senior user
Senior user
Posts: 340
Joined: 2006-04-14 22:25

Re: SMTP AUTH match sender address

Post by mbreitba » 2008-06-13 01:09

Sweet - exactly what I was looking for - thanks!
hMailServer 4.4.2 B281 with external MSSQL 2005
Win 2003 SP1
IIS 6
PHP 4.4.2
SquirrelMail 1.4.8
SpamAssassin 3.2.4 and ClamAV .92 on Backend Ubuntu systems

^DooM^
Site Admin
Posts: 13862
Joined: 2005-07-29 16:18
Location: UK

Re: SMTP AUTH match sender address

Post by ^DooM^ » 2008-06-13 01:30

Any time :)
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

mrglobule
New user
New user
Posts: 6
Joined: 2008-06-30 19:03

Re: SMTP AUTH match sender address

Post by mrglobule » 2008-07-02 11:21

Exactly what I was looking for, great job...

But i don't know how use it?

^DooM^
Site Admin
Posts: 13862
Joined: 2005-07-29 16:18
Location: UK

Re: SMTP AUTH match sender address

Post by ^DooM^ » 2008-07-02 11:34

From the hmail admin goto.

Settings -> Advanced -> Scripts.

Make sure Active is ticked and VBScript is selected in the drop down box. Click on Show scripts; this will open up the scripts directory.

In there is a file called EventHandlers.vbs.

Open this up in a text editor (Suggest you use notepad or notepad++)

In there is where you put the code.

Here is an exact copy of mine.

Code: Select all

'   Sub OnClientConnect(oClient)
'   End Sub

'   Sub OnAcceptMessage(oClient, oMessage)
'   End Sub

'   Sub OnDeliverMessage(oMessage)
'   End Sub

'   Sub OnBackupFailed(sReason)
'   End Sub

'   Sub OnBackupCompleted()
'   End Sub

Sub OnAcceptMessage(oClient, oMessage)
    If oClient.Username <> "" Then
        dim authemail, authemail_value, fromemail, fromemail_value
        authemail = Split ( (oClient.Username) , "@" )
        authemail_value = authemail(1)

        fromemail = Split ( (oMessage.FromAddress) , "@" )
        fromemail_value = fromemail(1)

        If LCase(authemail_value) <> LCase(fromemail_value) Then
            Result.Value = 2
            Result.Message = "You are only allowed to send from your domain"
        End If
    End If
End Sub
Depending on what script you want to use either duplicate what is above to only check the sending domain or replace the code if you want to restrict to user@domain with the other code a few posts up.

Save the file and close the file and directory.

Back on the hmail admin, click on check syntax. If that passes, click on reload scripts. Close the administrator.

Test your server :)

I hope this helps.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

mrglobule
New user
New user
Posts: 6
Joined: 2008-06-30 19:03

Re: SMTP AUTH match sender address

Post by mrglobule » 2008-07-02 20:42

thanks a lot :wink:

Macabre_Sunsets
New user
New user
Posts: 5
Joined: 2008-07-09 14:36

Re: SMTP AUTH match sender address

Post by Macabre_Sunsets » 2008-08-12 08:56

Thanks for the scripts :)

I have one problem though. I copied the script found two posts above (the exact copy of ^Doom^'s) and (in some cases*) I get the following error :

Code: Select all

"DEBUG"	684	"2008-08-12 01:00:00.359"	"ScriptServer:FireEvent"
"APPLICATION"	684	"2008-08-12 01:00:00.359"	"Script Error: Source: Microsoft VBScript runtime error - Error: 800A0009 - Description: Subscript out of range: '[number: 1]' - Line: 20 Column: 8 - Code: (null)"
"DEBUG"	684	"2008-08-12 01:00:00.359"	"ScriptServer:~FireEvent"
In some other cases** it seems to work :

Code: Select all

"DEBUG"	684	"2008-08-12 01:12:24.468"	"ScriptServer:FireEvent"
"DEBUG"	684	"2008-08-12 01:12:24.468"	"ScriptServer:~FireEvent"
Is this normal or something goes wrong when splitting the e-mail address, thus resulting in the error? I don't have any other scripts installed.
_______
*) When sending e-mail from *@mydomain.com to *@mydomain.com and from *@mydomain.com to *@anyothedomain.com
**) When receiving e-mail from *@anyotherdomain.com to *@mydomain.com
hMailServer : 4.4.1 (Build 273) / Internal Database
WebMail : @MailOpen
OS : Win XP + SP3

User avatar
mattg
Moderator
Moderator
Posts: 19460
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP AUTH match sender address

Post by mattg » 2008-08-12 09:02

Macabre_Sunsets wrote:*) When sending e-mail from *@mydomain.com to *@mydomain.com and from *@mydomain.com to *@anyothedomain.com
**) When receiving e-mail from *@anyotherdomain.com to *@mydomain.com
Do you have a default domain set?

Looks like there isn't an '@' in the username used to connect. This would be the case if you have a default domain set, and some users authenticate with 'username' and 'password' rather than 'username@domain.com' and 'password'.

Would you like to test that, by changing one client logon to 'username@domain.com' rather then 'username' and I'll script a little 'if then' to insert in the script.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Macabre_Sunsets
New user
New user
Posts: 5
Joined: 2008-07-09 14:36

Re: SMTP AUTH match sender address

Post by Macabre_Sunsets » 2008-08-12 10:39

Thanks for your fast response :)
mattg wrote:Do you have a default domain set?
Yes I have set a default domain.

You are right about the authentication. I was authenticating to the outgoing server by using username only. After changing that everything seems to be fine.
I would be grateful if you could script that little "if then". I will try to make myself one too and see the results. Thanks again.

_____
This is my modified script. Added the InStr to check if a "@" exists in the authemail and fromemail. If it doesn't then provide some default values. Don't know if it is correct but it seems to be working (so far).

Code: Select all

Sub OnAcceptMessage(oClient, oMessage)
    If oClient.Username <> "" Then
        dim authemail, authemail_value, fromemail, fromemail_value

	If (InStr(1, authemail, "@", 1) > 0) then 
        	authemail = Split ( (oClient.Username) , "@" )
		authemail_value = authemail(1)
	Else
		authemail_value = "mydomain.com"
	End If


	If (InStr(1, fromemail, "@", 1) > 0) then
	        fromemail = Split ( (oMessage.FromAddress) , "@" )
	        fromemail_value = fromemail(1)
	Else
		fromemail_value = "mydomain.com"
	end If

        If LCase(authemail_value) <> LCase(fromemail_value) Then
            Result.Value = 2
            Result.Message = "You are only allowed to send from your domain"
        End If
    End If
End Sub
hMailServer : 4.4.1 (Build 273) / Internal Database
WebMail : @MailOpen
OS : Win XP + SP3

User avatar
mattg
Moderator
Moderator
Posts: 19460
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP AUTH match sender address

Post by mattg » 2008-08-12 13:48

I reckon that'd do it.

Well done.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
weinberk
Normal user
Normal user
Posts: 93
Joined: 2009-01-24 00:17

Re: SMTP AUTH match sender address

Post by weinberk » 2009-02-01 16:53

Thanks for the script. Is there a way to iterate through all of the aliases that may be set up for an account? I'd like a way to allow the user to send from any alias as well.

THANKS!

ozgurerdogan
Senior user
Senior user
Posts: 266
Joined: 2010-11-19 18:50

Re: SMTP AUTH match sender address

Post by ozgurerdogan » 2011-07-02 15:27

I already had some codes in accept message section so I added codes above, can you please tell me if it correct syntax.

Code: Select all

Sub OnAcceptMessage(oClient, oMessage)
	Result.Value = 0
	Set obApp = CreateObject("hMailServer.Application")
	Call obApp.Authenticate(user, pw)
	
	If has_client_authenticated(oClient) Then
		write_log ("  User has authenticated. User " & oCLient.username & ", Client " & oClient.IPAddress)
		if not check_outgoing_limitations(oClient, oMessage) Then
			Result.Message = "Günlük gönderim limitinizi aştınız."
			Result.Value = 2
		End if
	End if
    If oClient.Username <> "" Then
        dim authemail, authemail_value, fromemail, fromemail_value
        authemail = Split ( (oClient.Username) , "@" )
        authemail_value = authemail(1)

        fromemail = Split ( (oMessage.FromAddress) , "@" )
        fromemail_value = fromemail(1)

        If LCase(authemail_value) <> LCase(fromemail_value) Then
            Result.Value = 2
            Result.Message = "Sadece kendi mail hesabınız üzerinden gönderim yapabilirsiniz."
        End If
    End If
  
End Sub

User avatar
mattg
Moderator
Moderator
Posts: 19460
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP AUTH match sender address

Post by mattg » 2011-07-03 08:16

That does not look like VBS using the hmailserver COM API. I'd be very surprised if that did anything, let alone did what you want.

You can't just make stuff up and expect it to work, I mean things like
ozgurerdogan wrote:if not check_outgoing_limitations(oClient, oMessage) Then
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

ozgurerdogan
Senior user
Senior user
Posts: 266
Joined: 2010-11-19 18:50

Re: SMTP AUTH match sender address

Post by ozgurerdogan » 2011-07-03 19:28

It is not the whole script. Only Sub OnAcceptMessage(oClient, oMessage) section. Other script has some codes in this section and also this script has. So I wanted to make sure the syntax is correct only in this Sub OnAcceptMessage(oClient, oMessage) section.

User avatar
mattg
Moderator
Moderator
Posts: 19460
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP AUTH match sender address

Post by mattg » 2011-07-04 02:05

mattg wrote:You can't just make stuff up and expect it to work, I mean things like
ozgurerdogan wrote:if not check_outgoing_limitations(oClient, oMessage) Then
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

ozgurerdogan
Senior user
Senior user
Posts: 266
Joined: 2010-11-19 18:50

Re: SMTP AUTH match sender address

Post by ozgurerdogan » 2011-10-24 12:00

[quote="^DooM^"]There are 2 scripts you can use.

First one denies any mail not sent from the authed domain (I currently use this)

Code: Select all

Sub OnAcceptMessage(oClient, oMessage)
    If oClient.Username <> "" Then
        dim authemail, authemail_value, fromemail, fromemail_value
        authemail = Split ( (oClient.Username) , "@" )
        authemail_value = authemail(1)

        fromemail = Split ( (oMessage.FromAddress) , "@" )
        fromemail_value = fromemail(1)

        If LCase(authemail_value) <> LCase(fromemail_value) Then
            Result.Value = 2
            Result.Message = "You are only allowed to send from your domain"
        End If
    End If
End Sub



I was also using above script but today many clients called me and say they are recieving many fake sender spam mail that are seems to be sending from their mail account. Like abc@internaldomain.com to abc@internaldomain.com How can spammers pass above script. here is a header of one of those mails:

Code: Select all

Return-Path: 0-xu@carnival.com
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on antispam.abc.com
X-Spam-Level: ****
X-Spam-Status: No, score=4.2 required=5.0 tests=RCVD_IN_PBL,RCVD_IN_SORBS_DUL, RDNS_NONE,URIBL_BLACK autolearn=no version=3.2.5
Received: from anteldata.net.uy ([190.64.96.209]) by mail.abc.com ; Mon, 24 Oct 2011 05:43:55 +0300
Received: from 190.64.96.209(helo=internalhmaildomain.com) by internalhmaildomain.com with esmtpa (Exim 4.69) (envelope-from ) id 1MMN95-3973br-ZP for <info@internalhmaildomain.com>; Sun, 23 Oct 2011 23:44:41 -0300
From: <info@internalhmaildomain.com>
To: <info@internalhmaildomain.com>
Subject: What if
Date: Sun, 23 Oct 2011 23:44:41 -0300
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
X-Mailer: nowuzdfy.41
Message-ID: <4344562237.FP9PRKPR503890@mnsagcjqhgo.iokjcpnloi.ua>
Thanks

User avatar
mattg
Moderator
Moderator
Posts: 19460
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP AUTH match sender address

Post by mattg » 2011-10-24 13:26

In the IP range that applies to this server, do you have require SMTP authentication for local to local enabled?

PS Sorry for the old abrupt reply (above) you must have caught me on a bad day back then
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

^DooM^
Site Admin
Posts: 13862
Joined: 2005-07-29 16:18
Location: UK

Re: SMTP AUTH match sender address

Post by ^DooM^ » 2011-10-24 13:49

That script is for authenticated users, As Matt says, checking Auth for local to local on your internet ip range will stop what you are seeing.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

ozgurerdogan
Senior user
Senior user
Posts: 266
Joined: 2010-11-19 18:50

Re: SMTP AUTH match sender address

Post by ozgurerdogan » 2011-10-24 14:21

Yes they are checked:

Image
Image

So how possible spammers send such spams lik user is sending to himself.

Code: Select all

Return-Path: 0-xu@carnival.com
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on antispam.abc.com
X-Spam-Level: ****
X-Spam-Status: No, score=4.2 required=5.0 tests=RCVD_IN_PBL,RCVD_IN_SORBS_DUL, RDNS_NONE,URIBL_BLACK autolearn=no version=3.2.5
Received: from anteldata.net.uy ([190.64.96.209]) by mail.abc.com ; Mon, 24 Oct 2011 05:43:55 +0300
Received: from 190.64.96.209(helo=internalhmaildomain.com) by internalhmaildomain.com with esmtpa (Exim 4.69) (envelope-from ) id 1MMN95-3973br-ZP for <info@internalhmaildomain.com>; Sun, 23 Oct 2011 23:44:41 -0300
From: <info@internalhmaildomain.com>
To: <info@internalhmaildomain.com>
Subject: What if
Date: Sun, 23 Oct 2011 23:44:41 -0300
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
X-Mailer: nowuzdfy.41
Message-ID: <4344562237.FP9PRKPR503890@mnsagcjqhgo.iokjcpnloi.ua>
Users see above mail like it is from himself. What is the way / script to avoid that? There are some scripts in forum for hat but not ure which one is correct.

To test if local to local auth is required, I change mail address in outlook express other than auth email address but mail is still being delievered.

ozgurerdogan
Senior user
Senior user
Posts: 266
Joined: 2010-11-19 18:50

Re: SMTP AUTH match sender address

Post by ozgurerdogan » 2011-10-24 14:28

What is second script for at http://www.hmailserver.com/forum/viewto ... 117#p68117? Does not it suppose to stop fake senders which is same a reciept? But that does not work. Or I am testing it in wrong way. I change email address to other email address which is not auth email address in outlook express but still is being delievered.

ozgurerdogan
Senior user
Senior user
Posts: 266
Joined: 2010-11-19 18:50

Re: SMTP AUTH match sender address

Post by ozgurerdogan » 2011-10-25 09:23

Ok I found the problem and it is running fine now.

^DooM^
Site Admin
Posts: 13862
Joined: 2005-07-29 16:18
Location: UK

Re: SMTP AUTH match sender address

Post by ^DooM^ » 2011-10-25 14:10

Was the script not enabled?
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

ozgurerdogan
Senior user
Senior user
Posts: 266
Joined: 2010-11-19 18:50

Re: SMTP AUTH match sender address

Post by ozgurerdogan » 2011-10-25 15:01

It was enabled but some typo mistakes.

Another problem is, if a client requests (Microsoft Outlook 2003 user) delivery reciept
Image,


he gets error as he is not authed user because of:

Code: Select all

Sub OnAcceptMessage(oClient, oMessage)
   If oClient.Username <> "" Then
      If LCase(oClient.Username) <> LCase(oMessage.FromAddress) Then
         Result.Value = 2
         Result.Message = "You are only allowed to send from your own account"
      End If
   End If   
End Sub


I disabled rule and recieved delivery reciept. But in headers of mail Isee:

Code: Select all

Return-Path: 
Received: from userpc ([85.105.206.57])
          by mailing.mycompany.com
          ; Tue, 25 Oct 2011 15:15:41 +0300
Message-ID: <281988BF-D1C0-4DD5-AA9F-2E77CA6299DF@kurumsalmail2.mycompany.com>
Reply-To: <export@hmaildomain.com>
From: =?windows-1254?Q?Orhan_=DCST=DCNLER_/_sss_A=DE.?= <export@hmaildomain.com>
To: '=?iso-8859-9?Q?Orhan_=DCST=DCNLER_/_ANY_Tekstil_A=DE.?=' <export@hmaildomain.com>
Subject: Read: test
Date: Tue, 25 Oct 2011 15:16:28 +0300
Organization: export@hmaildomain.com
MIME-Version: 1.0
Content-Type: multipart/report;
          report-type=disposition-notification;
          boundary="----=_NextPart_000_0000_01CC9329.11B8FCE0"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: AcyS7f7B8TWRNLtsRzC2GlXaEHEGUQAAR5Yv
In-Reply-To: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAhnwxIHSWn02HunK4NTu/wcKAAAAQAAAAW38LyqBWx0eUMGLWETHqqwEAAAAA@hmaildomain.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
-
Is this problem because from and username does not match.

Code: Select all

From: =?windows-1254?Q?Orhan_=DCST=DCNLER_/_sss_A=DE.?= <export@hmaildomain.com>

But when I look at logs :

Code: Select all

"POP3D"	2476	23901	"2011-10-25 15:13:47.351"	"85.105.206.57"	"SENT: +OK POP3"
"SMTPD"	2984	23900	"2011-10-25 15:13:47.353"	"85.105.206.57"	"RECEIVED: EHLO userpc"
"SMTPD"	2984	23900	"2011-10-25 15:13:47.354"	"85.105.206.57"	"SENT: 250-mail.mycomp.com[nl]250-SIZE 51200000[nl]250 AUTH LOGIN"
"POP3D"	2868	23901	"2011-10-25 15:13:47.358"	"85.105.206.57"	"RECEIVED: USER export@hmaildomain.com"
"POP3D"	2868	23901	"2011-10-25 15:13:47.358"	"85.105.206.57"	"SENT: +OK Send your password"
"SMTPD"	1116	23900	"2011-10-25 15:13:47.362"	"85.105.206.57"	"RECEIVED: AUTH LOGIN"
"SMTPD"	1116	23900	"2011-10-25 15:13:47.362"	"85.105.206.57"	"SENT: 334 VXNlcm5hbWU6"
"POP3D"	2000	23901	"2011-10-25 15:13:47.366"	"85.105.206.57"	"RECEIVED: PASS ***"
"SMTPD"	2984	23900	"2011-10-25 15:13:47.369"	"85.105.206.57"	"RECEIVED: ZXhwb3J0QGFueS5jb20udHI="
"SMTPD"	2984	23900	"2011-10-25 15:13:47.370"	"85.105.206.57"	"SENT: 334 UGFzc3dvcmQ6"
"SMTPD"	1116	23900	"2011-10-25 15:13:47.377"	"85.105.206.57"	"RECEIVED: ***"
"POP3D"	2000	23901	"2011-10-25 15:13:47.378"	"85.105.206.57"	"SENT: +OK Mailbox locked and ready"
"POP3D"	2868	23901	"2011-10-25 15:13:47.383"	"85.105.206.57"	"RECEIVED: STAT"
"POP3D"	2868	23901	"2011-10-25 15:13:47.392"	"85.105.206.57"	"SENT: +OK 0 0"
"SMTPD"	1116	23900	"2011-10-25 15:13:47.393"	"85.105.206.57"	"SENT: 235 authenticated."
"SMTPD"	2476	23900	"2011-10-25 15:13:47.400"	"85.105.206.57"	"RECEIVED: MAIL FROM: <>"
"SMTPD"	2476	23900	"2011-10-25 15:13:47.400"	"85.105.206.57"	"SENT: 250 OK"
"SMTPD"	2868	23900	"2011-10-25 15:13:47.405"	"85.105.206.57"	"RECEIVED: RCPT TO: <export@hmaildomain.com>"
"SMTPD"	2868	23900	"2011-10-25 15:13:47.406"	"85.105.206.57"	"SENT: 250 OK"
"SMTPD"	2476	23900	"2011-10-25 15:13:47.413"	"85.105.206.57"	"RECEIVED: DATA"
"SMTPD"	2476	23900	"2011-10-25 15:13:47.414"	"85.105.206.57"	"SENT: 354 OK, send."
"POP3D"	1360	23901	"2011-10-25 15:13:47.449"	"85.105.206.57"	"RECEIVED: QUIT"
"POP3D"	1360	23901	"2011-10-25 15:13:47.450"	"85.105.206.57"	"SENT: +OK POP3 server saying goodbye..."
"DEBUG"	2000	"2011-10-25 15:13:47.451"	"Closing TCP/IP socket"
"DEBUG"	2000	"2011-10-25 15:13:47.452"	"Ending session 23901"
"DEBUG"	216	"2011-10-25 15:13:47.503"	"ScriptServer:FireEvent"
"DEBUG"	216	"2011-10-25 15:13:47.663"	"ScriptServer:~FireEvent"
"SMTPD"	216	23900	"2011-10-25 15:13:47.664"	"85.105.206.57"	"SENT: 554 No spammers allowed."
I see mail from section seems emtpy is this normal?
"SMTPD" 2476 23900 "2011-10-25 15:13:47.400" "85.105.206.57" "RECEIVED: MAIL FROM: <>"

^DooM^
Site Admin
Posts: 13862
Joined: 2005-07-29 16:18
Location: UK

Re: SMTP AUTH match sender address

Post by ^DooM^ » 2011-10-25 19:01

The SMTP FROM you see in the logs is not the same as the FROM header in the email. The FROM header set by the client can be anything you like Bill gates <bill@microshaft.com>, the SMTP Envelope FROM sent by the client to the server when communicating must be either <> or an authorized email address.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

ozgurerdogan
Senior user
Senior user
Posts: 266
Joined: 2010-11-19 18:50

Re: SMTP AUTH match sender address

Post by ozgurerdogan » 2011-10-25 19:08

so there is something else with client pc I think. What I am sure of is that, if client request delivery reciept, then he faces to that script stoping him to recieve delivery reciept. Do not know relation with delivery reciept. But I had to cancel it. What could be causing outlook that makes hmailserver think that from name and username is not same when he tries o recieve delivery reciept?

^DooM^
Site Admin
Posts: 13862
Joined: 2005-07-29 16:18
Location: UK

Re: SMTP AUTH match sender address

Post by ^DooM^ » 2011-10-25 19:52

Honestly i don't know. I never use read receipts, i think they are a pointless idea that just adds additional email for no real gain. I can only suggest trying with Thunderbird client and see if they display the same issue.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

ozgurerdogan
Senior user
Senior user
Posts: 266
Joined: 2010-11-19 18:50

Re: SMTP AUTH match sender address

Post by ozgurerdogan » 2011-10-25 20:02

I will do that thanks for your great support.

dsgnethu
Normal user
Normal user
Posts: 52
Joined: 2015-01-20 09:07

Re: SMTP AUTH match sender address

Post by dsgnethu » 2015-01-22 13:30

^DooM^ are Your 2 scripts working with multiple domains on the same server?

User avatar
mattg
Moderator
Moderator
Posts: 19460
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP AUTH match sender address

Post by mattg » 2015-01-22 14:02

This is what I do (with multiple domains on same server)

Code: Select all

Sub OnAcceptMessage(oClient, oMessage)
	dim oApp, i, j, Local

	Set oApp = CreateObject("hMailServer.Application")

	' Give this script permission to access all
	' hMailServer settings.
	Call oApp.Authenticate("Administrator", g_sAdminPassword)

	If oClient.Username <> "" Then
		If LCase(oClient.Username) <> LCase(oMessage.FromAddress) Then
	 		Result.Value = 2
			Result.Message = "You are only allowed to send from your own account"
		End If
	End If

	Local = 0
	For i = 1 to oApp.domains.count
		if (InStr(1, oMessage.FromAddress, "@" & oApp.Domains.item(i-1).name, 1) > 0) Then ' Local user.
			local = local + 1
		End If
		For j = 1 to oApp.Domains.item(i-1).DomainAliases.count
			if (InStr(1, oMessage.FromAddress, "@" & oApp.Domains.item(i-1).DomainAliases.item(j-1).AliasName, 1) > 0) Then ' Local user.
				local = local + 1
			End If
		Next 'j
	Next 'i
	if local >0 then
		If (oClient.Username = "") Then
			Result.Value = 2
			Result.Message = "You must be authenticated to send from local domain."
		End If
	End If
End Sub
So yes, the scripts above should each work (individually) with multiple domains on the server
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

dsgnethu
Normal user
Normal user
Posts: 52
Joined: 2015-01-20 09:07

Re: SMTP AUTH match sender address

Post by dsgnethu » 2015-01-22 15:42

mattg wrote:This is what I do (with multiple domains on same server)

Code: Select all

Sub OnAcceptMessage(oClient, oMessage)
	dim oApp, i, j, Local

	Set oApp = CreateObject("hMailServer.Application")

	' Give this script permission to access all
	' hMailServer settings.
	Call oApp.Authenticate("Administrator", g_sAdminPassword)

	If oClient.Username <> "" Then
		If LCase(oClient.Username) <> LCase(oMessage.FromAddress) Then
	 		Result.Value = 2
			Result.Message = "You are only allowed to send from your own account"
		End If
	End If

	Local = 0
	For i = 1 to oApp.domains.count
		if (InStr(1, oMessage.FromAddress, "@" & oApp.Domains.item(i-1).name, 1) > 0) Then ' Local user.
			local = local + 1
		End If
		For j = 1 to oApp.Domains.item(i-1).DomainAliases.count
			if (InStr(1, oMessage.FromAddress, "@" & oApp.Domains.item(i-1).DomainAliases.item(j-1).AliasName, 1) > 0) Then ' Local user.
				local = local + 1
			End If
		Next 'j
	Next 'i
	if local >0 then
		If (oClient.Username = "") Then
			Result.Value = 2
			Result.Message = "You must be authenticated to send from local domain."
		End If
	End If
End Sub
So yes, the scripts above should each work (individually) with multiple domains on the server
So to make it work, I have to just enable scripts, vbscript, and copy this under the relevant section, am I right?

Thanks

User avatar
mattg
Moderator
Moderator
Posts: 19460
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP AUTH match sender address

Post by mattg » 2015-01-22 22:59

Edit eventhandlers.vbs


Put this at the top

Code: Select all

Option Explicit
Private const g_sAdminPassword = "SECRET_PASSWORD"
Put YOUR password in the quotes above

Add my script above to the bottom of eventhandlers.vbs (if you don't already have a OnAcceptMessage sub that is active - the single quote at the start of the line makes the line a remark, not a command. If you already have something in OnAcceptMessage then you will need to play)

Save and close

In Hmailserver admin GUI

Enable scripts
VBscript
reload script
check syntax

Check your error log to make sure nothing went wrong

And that should be done...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Kendo
Normal user
Normal user
Posts: 50
Joined: 2015-07-08 23:33
Location: Rural Australia

Re: SMTP AUTH match sender address

Post by Kendo » 2016-10-03 22:55

I was recommended this post towards the end of another discussion, but failed to see how these scripts helped or which one actually works.

Also, I do not understand why these scripts would be necessary when hMailserver should be preventing delivery by default...

The problem I am now faced is that spammers can send to non-existent email addresses and it still gets delivered.

Example A:

spammer@myDomain.com sends mail when spammer@myDomain.com is not an account listed for that domain!!!

Example B:

spammer@anywhere.com sends mail to myDomain@mail.myDomain.com!!!

I would have expected hMailserver to perform checks for these anomalies by default. Otherwise when would such mail ever be tolerated?

User avatar
SorenR
Senior user
Senior user
Posts: 2835
Joined: 2006-08-21 15:38
Location: Denmark

Re: SMTP AUTH match sender address

Post by SorenR » 2016-10-03 23:06

You probably FU'd the default IP Range... Default is to allow SMTP for authenticated users only.
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

Kendo
Normal user
Normal user
Posts: 50
Joined: 2015-07-08 23:33
Location: Rural Australia

Re: SMTP AUTH match sender address

Post by Kendo » 2016-10-04 00:09

Currently IP addresses are set to 0.0.0.0 - 255.255.255.255.

Can you please explain the significance of "IP Ranges", ie: is this to be the IP addresses of my domains and allowed sites? If so then what has that got to do with receiving email from outside services?

Re... "Default is to allow SMTP for authenticated users only".

The help docs were no help. Are "authenticated users" the listed accounts only? Or does it mean that senders need a login? Otherwise what does this mean?

User avatar
mattg
Moderator
Moderator
Posts: 19460
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP AUTH match sender address

Post by mattg » 2016-10-04 14:40

Kendo wrote:Currently IP addresses are set to 0.0.0.0 - 255.255.255.255.

Can you please explain the significance of "IP Ranges", ie: is this to be the IP addresses of my domains and allowed sites?
Absolutely nothing like what you wrote
https://www.hmailserver.com/documentati ... ce_iprange

On every page in the admin gui, the help button will take you to the relevant page of the documentation.

On the IP ranges page there is a 'default' button. Unless you have a good reason to NOT use the default settings then push this button. Default settings are safe and usable for MOST installations.


AND PLEASE do not reactivate OLD threads.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Kendo
Normal user
Normal user
Posts: 50
Joined: 2015-07-08 23:33
Location: Rural Australia

Re: SMTP AUTH match sender address

Post by Kendo » 2016-10-04 16:06

The help pages are generally no help at all. Mostly one-liners... like the explanation given for SPF.

The explanation for SMTP Authorisation is also lacking anything that resembles an explanation.

Kendo
Normal user
Normal user
Posts: 50
Joined: 2015-07-08 23:33
Location: Rural Australia

Re: SMTP AUTH match sender address

Post by Kendo » 2016-10-04 16:22

I still haven't found out if the IP range to be set is for the IP addresses that the server uses or for the IP addresses that are allowed to send mail. If it's for allowed senders then 0.0.0.0 to 255.255.255.255 should be correct, otherwise I won't receive mail at all, right?

Kendo
Normal user
Normal user
Posts: 50
Joined: 2015-07-08 23:33
Location: Rural Australia

Re: SMTP AUTH match sender address

Post by Kendo » 2016-10-04 16:36

How and why would I want to use SMTP Authentication on external to local email? How would anyone replying to our emails know what the username/password should be?

So back to the original question.

User avatar
jimimaseye
Moderator
Moderator
Posts: 7766
Joined: 2011-09-08 17:48

Re: SMTP AUTH match sender address

Post by jimimaseye » 2016-10-04 20:52

Kendo wrote:How and why would I want to use SMTP Authentication on external to local email? How would anyone replying to our emails know what the username/password should be?
No one says or has told to to do this for the very reasons you identify. The DEFAULT settings are adequate.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 19460
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP AUTH match sender address

Post by mattg » 2016-10-04 23:32

Kendo wrote:I still haven't found out if the IP range to be set is for the IP addresses that the server uses or for the IP addresses that are allowed to send mail. If it's for allowed senders then 0.0.0.0 to 255.255.255.255 should be correct, otherwise I won't receive mail at all, right?
The IP ranges are for allowed connections

0.0.0.0 >> 255.255.255.255 is for incoming mail from the internet
Other ranges can be set for sending IP ranges that require special treatment. The default is to have a my computer range that requires less security, intended for web forms etc hosted on the same machine that hMailsevrer is installed.

Local and External are NOT about IP ranges, but are about locally hosted domains (ie the domain is active on hMailserver) or not (external = the domain is NOT active on hMailsevrer)
Kendo wrote:The problem I am now faced is that spammers can send to non-existent email addresses and it still gets delivered.

Example A:

spammer@myDomain.com sends mail when spammer@myDomain.com is not an account listed for that domain!!!

Example B:

spammer@anywhere.com sends mail to myDomain@mail.myDomain.com!!!
For example A, Is that delivery to your local accounts, or delivery to external mailservers? There is a huge difference... do you have catchall enabled?

ALSO for your example B, isn't that just ALL Spam mail? what have I missed?
Do you have a default domain set?
Kendo wrote:The help pages are generally no help at all. Mostly one-liners... like the explanation given for SPF.

The explanation for SMTP Authorisation is also lacking anything that resembles an explanation.
Which SPF explanation are you talking about?
Which SMTP Authorisation help page is lacking? What did you expect to see?

Just saying that the help pages are generally no help at all, is like saying that the Earth is too round. Please be more detailed in criticism so that we can 'fix' the help files (if necessary). Personally I think that the Help files are great, but I will arrange changes if I can see merit in the changes.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Kendo
Normal user
Normal user
Posts: 50
Joined: 2015-07-08 23:33
Location: Rural Australia

Re: SMTP AUTH match sender address

Post by Kendo » 2016-10-05 00:01

I have been using HMailServer off/on for a few years and managed mail servers hosted outside/inside our network for about 18 years, so while most terminology is familiar, your help pages leave a lot to assume and I have always suspected that it was a work in progress still to be completed. For example the reference to SPF looks like a placeholder.

My settings are pretty much default. When I changed anything mail was stopped. The IP range needs to include all IP addresses because this server services several domains as the main SMTP server. All domains are nominated and specific accounts/email addresses assigned.

I have AUTH required on [external to external] accounts and it passes open relay tests. All other mail options have SPF and spamtests enabled.

Yet unknownaccount@mydomain.com can send mail to other accounts@mydomain.com from outside!

Also, unknownaccount@mydomain.com sends to unknownaccount@mail.mymailserver.com from outside and I receive this mail even though mymailserver.com is not a domain account on mymailserver.com!

I have no catchall, just specifically nominated email addresses which I remove when I get sick of spam. However I do have postmaster@ for each domain.

User avatar
mattg
Moderator
Moderator
Posts: 19460
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP AUTH match sender address

Post by mattg » 2016-10-05 01:10

Kendo wrote:For example the reference to SPF looks like a placeholder.
WHICH REFERENCE??? please show a link. I cannot read your mind or imagine where your browser has been.
If you give me an example I can fix it.
If you continue to NOT give me an example all you will succeed in doing is frustrate me further.
Kendo wrote:I have AUTH required on [external to external] accounts and it passes open relay tests. All other mail options have SPF and spamtests enabled.
AUTH required is in IP ranges. There is no mention of SPF in IP ranges, or any other spam tests.
You might know what you are saying, but seriously, I have no clue. To me you talk in circles saying that you have heaps of experience, and yet you make statements that are not consistent with that.
Kendo wrote:Yet unknownaccount@mydomain.com can send mail to other accounts@mydomain.com from outside!
So you have local to local allowed without AUTH from the internet IP range - this is NOT the default setting.
Kendo wrote:Also, unknownaccount@mydomain.com sends to unknownaccount@mail.mymailserver.com from outside and I receive this mail even though mymailserver.com is not a domain account on mymailserver.com!
TO WHICH ACCOUNT is the mail received?
If you don't have a catchall setup, then the receiving account MUST be listed in the SMTP envelope as a recipient (TO, CC or BCC). The message header doesn't always match the SMTP Envelope sender, especially in the case of BCC. If there is any doubt about which account received the mail (due to rules or scripts etc) then you can set hMailserver to add a 'Delivered to' Header. This is not necessary if you know that you have no rules or scripts.

Mail just doesn't magically appear in your inbox when it is addressed to someone else
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Kendo
Normal user
Normal user
Posts: 50
Joined: 2015-07-08 23:33
Location: Rural Australia

Re: SMTP AUTH match sender address

Post by Kendo » 2016-10-05 02:59

See the SPF explanation at https://www.hmailserver.com/documentati ... e_antispam
Says a lot don't it?

No my settings are not ALL default as I had to remove AUTH REQUIRED on external to local to actually let mail in :?

I have already given you explicit and concise examples of junk mail getting through. However I have since tried a few changes and waiting to see if there is any difference.

User avatar
mattg
Moderator
Moderator
Posts: 19460
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP AUTH match sender address

Post by mattg » 2016-10-05 04:57

Kendo wrote:No my settings are not ALL default as I had to remove AUTH REQUIRED on external to local to actually let mail in :? .
Default settings NEVER have require AUTH for external to local
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
mattg
Moderator
Moderator
Posts: 19460
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP AUTH match sender address

Post by mattg » 2016-10-05 05:08

Kendo wrote:See the SPF explanation at https://www.hmailserver.com/documentati ... e_antispam
Says a lot don't it?
Better now?

If you have suggested improvements, I'll happily take them on board.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Kendo
Normal user
Normal user
Posts: 50
Joined: 2015-07-08 23:33
Location: Rural Australia

Re: SMTP AUTH match sender address

Post by Kendo » 2016-10-05 05:17

Typo... "SPF coring". My main concern was that I didn't want assume what anything meant because I can't assume that hMailServer is like every other mail server, ie: running anything on Windows is a different ball game.

If I see any more mail sent via spammer@mydomain.com to me@mydomain.com when "spammer" is not an account listed for mydomain.com I may need some help creating a script. How it got past SPF checks beats me when I have SPF properly set for mydomain.com.

User avatar
mattg
Moderator
Moderator
Posts: 19460
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP AUTH match sender address

Post by mattg » 2016-10-05 05:51

How do you know that it did get past spf scoring? Can you show logs of that occurring?
What do you score for a spf failure? What is your mark and delete thresholds?

What is your domain? Can I check the SPF record for it?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Kendo
Normal user
Normal user
Posts: 50
Joined: 2015-07-08 23:33
Location: Rural Australia

Re: SMTP AUTH match sender address

Post by Kendo » 2016-10-06 04:12

mattg wrote:How do you know that it did get past spf scoring?
Because I received it.
What do you score for a spf failure? What is your mark and delete thresholds?
5 and 5
What is your domain? Can I check the SPF record for it?
artistscope.net

User avatar
mattg
Moderator
Moderator
Posts: 19460
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP AUTH match sender address

Post by mattg » 2016-10-06 06:25

That SPF is busy, but it should still work. Logs is the only way to be sure about what happened (or didn't happen).

Mine is simply 'v=spf1 mx -all'

Can you show a screen shot of your IP ranges settings, and of your AntiSpam Settings?

(I see too that you have greylisting enabled = good. I find that greylisting alone stops most SPAM)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Kendo
Normal user
Normal user
Posts: 50
Joined: 2015-07-08 23:33
Location: Rural Australia

Re: SMTP AUTH match sender address

Post by Kendo » 2016-10-06 08:44

Here tis...
hMail_spam.jpg
hMail_IPsettings.jpg

User avatar
mattg
Moderator
Moderator
Posts: 19460
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP AUTH match sender address

Post by mattg » 2016-10-06 09:23

What are your mark and delete spam scores?

(Also, you should have require Authentication for local to local and local to external for your internet range, and you can probably not allow external to external in the internet IP range)
What other IP ranges do you have set up?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Kendo
Normal user
Normal user
Posts: 50
Joined: 2015-07-08 23:33
Location: Rural Australia

Re: SMTP AUTH match sender address

Post by Kendo » 2016-10-06 10:23

mattg wrote:What are your mark and delete spam scores?
hMail_threshold.jpg
hMail_threshold.jpg (20.48 KiB) Viewed 9470 times
mattg wrote:Also, you should have require Authentication for local to local and local to external for your internet range, and you can probably not allow external to external in the internet IP range)
Local users are webforms in web sites that we control so AUTH is not required. We are the only senders although we do provide services that send membership details and newsletters. However the recipients are subscribers registered from book sales. We do not have an internal spam problem.

As for External to Local, same deal.

I assume that the IP range depicted in my previous email is to cover all possible senders from outside as this sever is our main SMTP server for all domain mail that redirects when/where necessary.
mattg wrote:What other IP ranges do you have set up?
Only 127.0.0.1 for localhost.

User avatar
mattg
Moderator
Moderator
Posts: 19460
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP AUTH match sender address

Post by mattg » 2016-10-06 13:39

Ok 2 things.

1. Your spam messages are unchanged when 'marked'.

The first two checkboxes will add headers like this

X-hMailServer-Spam = YES
X-hMailServer-Reason-2: Tagged as Spam by SpamAssassin - (Score: 2)
X-hMailServer-Reason-3: Rejected by Barracuda Central - (Score: 4)
X-hMailServer-Reason-Score: 6


The third checkbox will change the subject by prepending whatever text to the existing subject

You probably wouldn't even notice these headers unless you specifically look for them

So for a score of 5 through 19, nothing will happen. At a score of 20 the message will get rejected



2. IP ranges
You should set an IP range for your Webserver IP address that allows local to external (and possibly external to external in the right conditions), and close off the internet range so that it can't


Allowing local to external from the internet means that I can send mail via your server to any other server in the world, just by pretending that my from address is your domain.
You will be blacklisted very quickly with this.

How did you pass open relay tests?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Kendo
Normal user
Normal user
Posts: 50
Joined: 2015-07-08 23:33
Location: Rural Australia

Re: SMTP AUTH match sender address

Post by Kendo » 2016-10-06 22:30

mattg wrote:Your spam messages are unchanged when 'marked'.
No need for this. When blocked it shouldn't be delivered.
So for a score of 5 through 19, nothing will happen. At a score of 20 the message will get rejected
So I should change that setting to 5?
You should set an IP range for your Webserver IP address that allows local to external (and possibly external to external in the right conditions), and close off the internet range so that it can't
So "local" computer should be set to one real IP address? And "Internet" set to the IP range that all sites on the server use?

I assumed that this was for the computers allowed to send to us, especially when I did set a limited range that stopped the server from receiving mail. Or was I mistaken?
Allowing local to external from the internet means that I can send mail via your server to any other server in the world, just by pretending that my from address is your domain.
You will be blacklisted very quickly with this.

How did you pass open relay tests?
In theory perhaps, but I don't see it in our logs, yet.

Kendo
Normal user
Normal user
Posts: 50
Joined: 2015-07-08 23:33
Location: Rural Australia

Re: SMTP AUTH match sender address

Post by Kendo » 2016-10-06 22:38

If I set local to external to require AUTH, what does that mean exactly?

Do our web forms need to be modified to include user/pass details in our ObjSendMail/CDOSYS scripts?

User avatar
SorenR
Senior user
Senior user
Posts: 2835
Joined: 2006-08-21 15:38
Location: Denmark

Re: SMTP AUTH match sender address

Post by SorenR » 2016-10-06 23:03

Kendo wrote:So "local" computer should be set to one real IP address? And "Internet" set to the IP range that all sites on the server use?

I assumed that this was for the computers allowed to send to us, especially when I did set a limited range that stopped the server from receiving mail. Or was I mistaken?
Look at like a firewall rule...

"require auth" means user must login just like POP3/IMAP... In other words, your webforms must log in to send...

The "Internet" rule 0.0.0.0 - 255.255.255.255 is a Catch-All rule that will trigger unless a higher priority rule overlays.

I have "LAN", "Webmail" and "Internet" IP Range. The "Internet" range is THE ONLY one of them with External-to-Local (NO SMTP AUTH)
All have Local-to-Local and Local-to-External (SMTP AUTH)

All my IP Ranges have IMAP and SMTP only - and Anti-Virus/Anti-SPAM enabled.

---

I also have my Backup-MX'es on each their own IP Range with only SMTP and External-to-Local (NO SMTP AUTH), that way I can remove SMTP from "Internet" and let my Backup-MX'es take the load... 8) (Yeah, that's the tinfoil hat thingy again :mrgreen: )
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
mattg
Moderator
Moderator
Posts: 19460
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP AUTH match sender address

Post by mattg » 2016-10-06 23:19

Kendo wrote:Do our web forms need to be modified to include user/pass details in our ObjSendMail/CDOSYS scripts?
If you AUTHENTICATE with these scripts then that detail needs to be included. It really depends on your scripts, and environment.

Allowing them to access your email server WITHOUT authentication by itself is not a big issue. (Although having them authenticate is much safer for you)
The way to achieve sending WITHOUT authentication is to open your server to the specific IP of your webserver by creating a hMailserver IP range specifically for your webserver. (Your Webserver should have a static IP)
ON this IP Range, set start and end IP to be the IP of the webserver.
Allow as your image above shows, and set priority to 30 so that it takes precedence over the internet range


Then you need to lock your internet IP range down.
Kendo wrote:If I set local to external to require AUTH, what does that mean exactly?
Any connection from the internet (where no other IP range takes priority) will need to authenticate to send mail FROM your domain to a domain not hosted on your server.

Without doing that, I could contact your mailserver and PRETEND that my email address is the same domain as your domain, and send a message to bill@microsoft.com. SPF would match, if you have DKIM set up, that would match, many other spam tests would match because the message is actually coming from your mail server as defined in your MX record.

You would be listed as a spammer VERY quickly and would get your IP on many Blacklists. I'd be surprised if that hasn't happened already.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Kendo
Normal user
Normal user
Posts: 50
Joined: 2015-07-08 23:33
Location: Rural Australia

Re: SMTP AUTH match sender address

Post by Kendo » 2016-10-06 23:22

Where in hMailserver do I set the username and password to be used for SMTP authorisation?

User avatar
SorenR
Senior user
Senior user
Posts: 2835
Joined: 2006-08-21 15:38
Location: Denmark

Re: SMTP AUTH match sender address

Post by SorenR » 2016-10-07 00:15

Kendo wrote:Where in hMailserver do I set the username and password to be used for SMTP authorisation?
You create a domain and inside this domain you create a user with a password.
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

Post Reply