Search found 608 matches

by RvdH
2019-01-16 00:11
Forum: Scripting
Topic: Want to Autoban some special spammer
Replies: 32
Views: 359

Re: Want to Autoban some special spammer

Spamassassin is using it... c:\SpamAssassin\share\3.004000\updates_spamassassin_org\25_asn.cf Added header; X-Spam-ASN: AS57043 185.222.209.40/32 Since two or three versions back SpamAssassin started including ASN numbers in Bayesian data to identify Spammers by Internet router. I was just wonderin...
by RvdH
2019-01-15 19:26
Forum: Scripting
Topic: Want to Autoban some special spammer
Replies: 32
Views: 359

Re: Want to Autoban some special spammer

Something seems off with that TXT record, it looks like a single string :shock: , see https://mxtoolbox.com/SuperTool.aspx?action=txt%3a40.209.222.185.asn.routeviews.org&run=networktools dig 40.209.222.185.asn.routeviews.org TXT ; <<>> DiG 9.11.0-P1 <<>> 40.209.222.185.asn.routeviews.org TXT ;; glob...
by RvdH
2019-01-15 12:30
Forum: Scripting
Topic: Want to Autoban some special spammer
Replies: 32
Views: 359

Re: Want to Autoban some special spammer

Well Ruud, It seems as those pesky ISO 3166-1 alpha-3 IS the way to go. I reconfigured my system before I went to bed this morning and this is what I got... The "old" NerdLookup() is calling the "new" NerdLookupTXT() in order to get both solutions. I hate to say this to you, but you are wrong...and...
by RvdH
2019-01-13 12:40
Forum: General discussions
Topic: How to Use Rules to filter X-Google-Original-From for mail downloaded from External Account
Replies: 30
Views: 389

Re: How to Use Rules to filter X-Google-Original-From for mail downloaded from External Account

Mail downloaded from external account?
What about the X-hMailServer-ExternalAccount header? Can't you do something with that?
by RvdH
2019-01-13 11:32
Forum: Scripting
Topic: Can i do an autban script based on this?
Replies: 43
Views: 1174

Re: Can i do an autban script based on this?

How about strict security to stop unauthorised persons looking at random script files on your server in the first place? I'm pretty sure that if anyone had gained access to your system and shouldn't be there, the last thing they will be looking at is some unknown script file in a 3rd party software...
by RvdH
2019-01-11 22:22
Forum: Scripting
Topic: Want to Autoban some special spammer
Replies: 32
Views: 359

Re: Want to Autoban some special spammer

Another example: dig +short 180.227.49.37.zz.countries.nerd.dk TXT "is" "ee" That's a bug... The IP address belongs to Iceland. Get your own copy ... :mrgreen: mkdir -p rsync/dg rsync -a rsync://countries-ns.mdc.dk/zone/ rsync cat rsync/zz.countries.nerd.dk.rbldnsd zz.countries.nerd.dk.rbldnsd.add ...
by RvdH
2019-01-11 18:17
Forum: Scripting
Topic: Want to Autoban some special spammer
Replies: 32
Views: 359

Re: Want to Autoban some special spammer

Another example:

Code: Select all

dig +short 180.227.49.37.zz.countries.nerd.dk TXT
"is"
"ee"
by RvdH
2019-01-11 17:36
Forum: Scripting
Topic: Want to Autoban some special spammer
Replies: 32
Views: 359

Re: Want to Autoban some special spammer

No, not really...probably used that On Error Resume Next when debugging zz.countries.nerd.dk sometimes returns 2 TXT records, for example 'eu' and 'nl' for a single ip, as i prefer to allow the 'nl' and not the 'eu' i added that countryCodeAlt to filter out those duplicates, example: https://www.hma...
by RvdH
2019-01-11 13:48
Forum: Scripting
Topic: Want to Autoban some special spammer
Replies: 32
Views: 359

Re: Want to Autoban some special spammer

Mmm, OK i see But why allow 3 attempts (using the IDS code) on any port other then port 25? I block those instantly Dim strRegEx : strRegEx = "^(nl|be|eu|zz)$" If (oClient.Port <> 25) Then If Not Lookup(strRegEx, NerdLookup(oClient.IPAddress)) Then ' countries.nerd.dk Call AutoBan(oClient.IPAddress,...
by RvdH
2019-01-11 12:21
Forum: Scripting
Topic: Want to Autoban some special spammer
Replies: 32
Views: 359

Re: Want to Autoban some special spammer

Shouldn't this: Sub OnClientConnect(oClient) ' Only test SMTP traffic If (InStr("|25|587|465|", oClient.Port) > 0) Then ' IDS test for SYN flood etc. Call idsAddIP(oClient.IPAddress, 0) End If End Sub Be: Sub OnClientConnect(oClient) ' Only test SMTP traffic If (InStr("|25|587|465|", oClient.Port) >...
by RvdH
2019-01-11 11:56
Forum: Scripting
Topic: Want to Autoban some special spammer
Replies: 32
Views: 359

Re: Want to Autoban some special spammer

@SorenR
Your IDS code only should be used if greylisting is disabled, right? Might be worth to mention that in the instructions

As with greylisting enabled en frequent retries the IDS entries popup like mushrooms :lol:
by RvdH
2019-01-11 00:56
Forum: Scripting
Topic: Want to Autoban some special spammer
Replies: 32
Views: 359

Re: Want to Autoban some special spammer

How is Calling oDB.ExecuteSQL(strSQL) 2 times, code optimization? Function idsAddIP(sIPAddress, iPort) Dim strSQL, oDB : Set oDB = GetDatabaseObject strSQL = "INSERT INTO " & idsTable & " (timestamp,ipaddress,port,hits) VALUES (NOW(),'" & sIPAddress & "'," & iPort & ",0) ON DUPLICATE KEY UPDATE hits...
by RvdH
2019-01-11 00:46
Forum: Scripting
Topic: Can i do an autban script based on this?
Replies: 43
Views: 1174

Re: Can i do an autban script based on this?

mats wrote:
2019-01-05 13:51

Code: Select all

Const sAdminPassword = "<ADMINISTRATORPASSWORD>"
The included backup script in Hmailserver.
Just add a msgbox sAdminPassword and you are done,. That is the current security level.
That is exactly why i said with password stored in a CONST you could, but then again simply do not do that!
by RvdH
2019-01-11 00:37
Forum: Scripting
Topic: Want to Autoban some special spammer
Replies: 32
Views: 359

Re: Want to Autoban some special spammer

Function idsAddIP(sIPAddress, iPort) Dim strSQL, oDB : Set oDB = GetDatabaseObject strSQL = "INSERT IGNORE INTO " & idsTable & " (timestamp,ipaddress,port,hits) VALUES (NOW(),'" & sIPAddress & "'," & iPort & ",0);" Call oDB.ExecuteSQL(strSQL) strSQL = "UPDATE " & idsTable & " SET hits=(hits+1) WHER...
by RvdH
2019-01-05 03:49
Forum: Scripting
Topic: Can i do an autban script based on this?
Replies: 43
Views: 1174

Re: Can i do an autban script based on this?

it's simple to do a msgbox of the password when it is stored in cleartext in the script, I don't believe we have to discuss that further Please show me how, i could not do it....and i doubt you can do it either, Sure, if you stored the password in a CONST you could, but then again simply do not do ...
by RvdH
2019-01-04 17:21
Forum: General discussions
Topic: SSL/TLS -- STARTTLS
Replies: 14
Views: 588

Re: SSL/TLS -- STARTTLS

@ mattg how do you (if you did) update the cipherlist used by hmailserver for use with tls 1.2 only? https://www.openssl.org/docs/man1.0.2/apps/ciphers.html openssl ciphers -v TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx...
by RvdH
2019-01-04 12:33
Forum: Scripting
Topic: Can i do an autban script based on this?
Replies: 43
Views: 1174

Re: Can i do an autban script based on this?

Simply to prevent someone from doing msgbox "here is the secret password" and that's the part where I'm going to bluntly steal some code ;) And how exactly does your solution prevent the msgbox "here is the secret password" example you referred to yourself earlier? (Not saying MsgBox "here is the s...
by RvdH
2018-12-28 00:56
Forum: General discussions
Topic: Which antivirus to use?
Replies: 11
Views: 409

Re: Which antivirus to use?

https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829 How should that help him? He likes to ditch Clam as you can read @nschoot, the amount of RAM used by ClamAV is outrageous, i agree...but there are very few (working) alternatives Some people tried Windows Defender/MSE, but in my experienc...
by RvdH
2018-11-27 12:35
Forum: General discussions
Topic: What is hm_messagereceipients good for?
Replies: 5
Views: 393

Re: What is hm_messagereceipients good for?

The message is temporary stored there until the message is delivered to all included recipients, after delivery it should be cleared https://github.com/hmailserver/hmailserver-net/blob/master/hMailServer.Repository.MySQL/MessageRepository.cs public async Task<Message> GetMessageToDeliverAsync() { us...
by RvdH
2018-11-17 12:24
Forum: General discussions
Topic: New install/configuration seems to be working but no mails to/from the outside world
Replies: 36
Views: 1235

Re: New install/configuration seems to be working but no mails to/from the outside world

This is no good,

dktucson.dyndns-mail.com 60 IN A 69.136.126.139
dktucson.dyndns-mail.com 60 IN MX 10 resolver1.opendns.com
by RvdH
2018-11-14 17:38
Forum: General discussions
Topic: Problems with spams sent through my server
Replies: 16
Views: 868

Re: Problems with spams sent through my server

And let dominik scan his PC/device for malware/virus infections
by RvdH
2018-11-14 17:32
Forum: General discussions
Topic: Problems with spams sent through my server
Replies: 16
Views: 868

Re: Problems with spams sent through my server

Glad we could help (make sure you change the password for that dominik account before enabling it again)
by RvdH
2018-11-14 17:23
Forum: General discussions
Topic: Problems with spams sent through my server
Replies: 16
Views: 868

Re: Problems with spams sent through my server

External to External with AUTH is the default setting What it allows say is for me to AUTH with matt@example.com and send FROM potus@whitehouse.com @matt I get that, but i don't see why one would allow this? common usage would be forwarding the messages from the document scanner to the world etc. I...
by RvdH
2018-11-14 17:16
Forum: General discussions
Topic: Problems with spams sent through my server
Replies: 16
Views: 868

Re: Problems with spams sent through my server

@Armin79

Like matt said, i'll bet your mail queue is still flooded with messages (that might have caused the slow down)
by RvdH
2018-11-14 16:49
Forum: General discussions
Topic: Problems with spams sent through my server
Replies: 16
Views: 868

Re: Problems with spams sent through my server

mattg wrote:
2018-11-14 16:37
External to External with AUTH is the default setting
What it allows say is for me to AUTH with matt@example.com and send FROM potus@whitehouse.com
@matt
I get that, but i don't see why one would allow this?
by RvdH
2018-11-14 16:16
Forum: General discussions
Topic: Problems with spams sent through my server
Replies: 16
Views: 868

Re: Problems with spams sent through my server

Allowing External To External deliveries for any of your ip ranges seems somewhat odd, even when you require Authentication for it....i have not enabled External To External on any ip range Then there is your TCPIP PORTS...what the hell did you do there? And for what? With SMTPD logs i mean the line...
by RvdH
2018-11-14 15:50
Forum: General discussions
Topic: Problems with spams sent through my server
Replies: 16
Views: 868

Re: Problems with spams sent through my server

You need to look at your SMTPD logs, that is where the user sending those mails logs in/connects

If you need more help we wil need a detailed diagnostic report...
Run this, and post its results here
by RvdH
2018-11-10 13:33
Forum: General discussions
Topic: Are password changes logged?
Replies: 6
Views: 2258

Re: Are password changes logged?

If you use a webmail client like roundcube and allow user to change their password you can enable login there

\plugins\password\config.inc.php

Code: Select all

// Enables logging of password changes into logs/password
$config['password_log'] = true;
by RvdH
2018-11-09 19:22
Forum: Off-topic discussions
Topic: VT Virtualization Feature after Win10 Update not longer avaiable
Replies: 2
Views: 395

Re: VT Virtualization Feature after Win10 Update not longer avaiable

Wasn't is just because your boot file contained a entry 'hypervisorlaunchtype on'? https://marcofranssen.nl/switch-between-hyper-v-and-virtualbox-on-windows/ Or perhaps they disbabled Virtualization by default in newer bios as for the L1 Terminal Fault (L1TF) exploit? I doubt they are releated to Sp...
by RvdH
2018-10-12 02:04
Forum: Development & alpha discussions
Topic: LibreSSL built of hMailServer 5.6.8 avaiable (request for testing)
Replies: 13
Views: 1114

Re: LibreSSL built of hMailServer 5.6.8 avaiable (request for testing)

I disagree, I think it is a very big plus the guys at OpenSSL finally try to get some things right, sticking with LibreSSL means we are stucked with the spaghetti code OpenSSL is finally trying to get rid off

For the long term, stick with OpenSSL...it only can get better!
by RvdH
2018-10-10 14:36
Forum: General discussions
Topic: Delete all mail for a specific account older than ##
Replies: 3
Views: 305

Re: Delete all mail for a specific account older than ##

Why not hook it up to a client like outlook and thunderbird and archive the old messages (then you still have a backup for management if they ask)

https://support.office.com/en-us/articl ... a5c33274f6
by RvdH
2018-10-03 16:19
Forum: General discussions
Topic: Prevent any authenticated logins except from whitelisted IPs
Replies: 4
Views: 301

Re: Prevent any authenticated logins except from whitelisted IPs

Yes, i think you can accomplish something like that fairly easily, but it really depends on the amount of IP-adresses that should be whitelisted what is the best approach to accomplish this. It is probably best to do this in the Experimental eventhandler OnClientLogon() in my custom builds and/or in...
by RvdH
2018-09-29 18:22
Forum: Off-topic discussions
Topic: Need a new antivirus
Replies: 44
Views: 14386

Re: Need a new antivirus

I today made the switch from Avast (Free) Business to ClamAV with Sanesecurity signatures... What Sanesecurity signatures do you guys use? Simply the default ones or any specific with good (and low false positive rates) detection rates? sanesecurity.ftm sigwhitelist.ign2 phish.ndb badmacro.ndb rogue...
by RvdH
2018-09-29 17:47
Forum: Feature requests
Topic: Malware - Delete mail or attachment
Replies: 19
Views: 5025

Re: Malware - Delete mail or attachment

Nevermind...found the issue :oops:
by RvdH
2018-09-29 17:05
Forum: Feature requests
Topic: Malware - Delete mail or attachment
Replies: 19
Views: 5025

Re: Malware - Delete mail or attachment

I have some difficulties getting the "X-Spam-Virus" header displayed...

I got some 2 or 3 mails that have been tagged by spamassassin using the ClamAVPlugin plugin, i see the scores being added but not the headers

Anyone has an idea?
by RvdH
2018-09-27 20:51
Forum: SpamAssassin implementation discussions
Topic: Spamassassin 3.4.2 released
Replies: 48
Views: 2696

Re: Spamassassin 3.4.2 released

Btw, i have enabled Mail::SpamAssassin::Plugin::Rule2XSBody in v320.pre... but i did this years ago when i installed 3.4.1 at first, running without error since....thus still wondering why this error just recently start popping up?! If i create a empty "body_neg100.pm" file in C:\Program Files\JAM S...
by RvdH
2018-09-27 15:28
Forum: Development & alpha discussions
Topic: Sub OnHELO(oClient) progress?
Replies: 122
Views: 26212

Re: Sub OnHELO(oClient) progress?

mattg wrote:
2018-09-27 10:48
Did you create that disconnect.exe?
Yeah, i posted the code for it earlier in the other topic as a replacement for cports...can't find the specific topic though :shock:
by RvdH
2018-09-27 10:16
Forum: Development & alpha discussions
Topic: Sub OnHELO(oClient) progress?
Replies: 122
Views: 26212

Re: Sub OnHELO(oClient) progress?

Indeed, its the chicken & egg, OnClientConnect doesn't yet know the username and OnClientLogon doesn't have the return Result feature. I would like to block further activity for a specific user from a specific IP but I don't want to block all users from that IP address. thanks I will try and see wh...
by RvdH
2018-09-27 08:52
Forum: SpamAssassin implementation discussions
Topic: Spamassassin 3.4.2 released
Replies: 48
Views: 2696

Re: Spamassassin 3.4.2 released

The only difference I see is the fact you use 3.4.0 and I 3.4.1 Thu Sep 27 08:44:15 2018 [8952] error: Can't locate Mail/SpamAssassin/CompiledRegexps/body_neg100.pm in @INC (you may need to install the Mail::SpamAssassin::CompiledRegexps::body_neg100 module) (@INC contains: C:\Program Files (x86)\JA...
by RvdH
2018-09-26 18:37
Forum: SpamAssassin implementation discussions
Topic: Spamassassin 3.4.2 released
Replies: 48
Views: 2696

Re: Spamassassin 3.4.2 released

Nothing fancy...default Jam SpamAssassin installation
by RvdH
2018-09-26 13:04
Forum: General discussions
Topic: password encryption in database
Replies: 4
Views: 316

Re: password encryption in database

And...there is a salt isn't?
by RvdH
2018-09-26 08:55
Forum: SpamAssassin implementation discussions
Topic: Spamassassin 3.4.2 released
Replies: 48
Views: 2696

Re: Spamassassin 3.4.2 released

As of yesterday i get this message after restarting spamassassin, Wed Sep 26 08:32:35 2018 [292] error: Can't locate Mail/SpamAssassin/CompiledRegexps/body_neg100.pm in @INC (you may need to install the Mail::SpamAssassin::CompiledRegexps::body_neg100 module) (@INC contains: C:\Program Files\JAM Sof...
by RvdH
2018-09-24 09:53
Forum: General discussions
Topic: Alert when queue has 100+ messages from same user
Replies: 23
Views: 1807

Re: Alert when queue has 100+ messages from same user

@coax You could check out this program: https://www.hmailserver.com/forum/viewtopic.php?t=30859 I have written my own variation for a program like the above one, a enhanced version you might say... it seems like i have lost the sources for it though :( You simply run it from Task Scheduler in window...
by RvdH
2018-09-23 00:18
Forum: Feature requests
Topic: Greylisting by subnetwork
Replies: 95
Views: 5267

Re: Greylisting by subnetwork

I managed to build the app without using the ARSoft.Tools.Net Library after all, bringing it down from 929kb to just 20kb
by RvdH
2018-09-20 11:48
Forum: SpamAssassin implementation discussions
Topic: Spamassassin 3.4.2 released
Replies: 48
Views: 2696

Re: Spamassassin 3.4.2 released

after his official announcement about the new release, Kevin McGrail mentioned following DoS vulnerability. short version: certain unclosed tags can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The exploit has been seen in the wild but ...
by RvdH
2018-09-18 16:16
Forum: Feature requests
Topic: Greylisting by subnetwork
Replies: 95
Views: 5267

Re: Greylisting by subnetwork

The program is bigger than intentionally planned, i had to use a external lib (ARSoft.Tools.Net) because the classes i tried to use didn't always behave as expected, resulting in failures In Sub OnHELO(oClient) in the experimental build or Sub OnSMTPData(oClient, oMessage) do something like: Dim oRe...
by RvdH
2018-09-18 12:52
Forum: Off-topic discussions
Topic: Need a new antivirus
Replies: 44
Views: 14386

Re: Need a new antivirus

Damn... need to find us a new antivirus then i guess

Suggestions? It needs to be able to run on Windows Server
by RvdH
2018-09-17 16:59
Forum: Feature requests
Topic: Greylisting by subnetwork
Replies: 95
Views: 5267

Re: Greylisting by subnetwork

So you are whitelisting then as they come ?? What prevents a spammer with valid SPF settings from being whitelisted? Huh :? We are talking about dynamic greylistwhitelisting based on ip and host, aren't we? If a spammer uses a valid gmail account they won't be greylisted either, do they? :mrgreen:
by RvdH
2018-09-17 15:46
Forum: Feature requests
Topic: Greylisting by subnetwork
Replies: 95
Views: 5267

Re: Greylisting by subnetwork

Did you look at this ? https://github.com/akpoff/spfwalk No, but basically it does the same... ip4 only though, hmailserver does not support ip6 in greywhitelisting to my knowledge Im currently testing...but it looks to work as expected, Example from Eventlog 3416 "2018-09-17 15:45:47.555" "spfver...
by RvdH
2018-09-17 13:22
Forum: Feature requests
Topic: Greylisting by subnetwork
Replies: 95
Views: 5267

Re: Greylisting by subnetwork

@SorenR Isn't this doing exactly that, walking the SPF? Downside of this method is the fact the greylistwhitelist could get very long and causing performance issues in hmailserver, and it could hold entries one might never get a connection from Anyway, besides that i liked the idea off walking the S...
by RvdH
2018-09-16 12:16
Forum: Feature requests
Topic: Greylisting by subnetwork
Replies: 95
Views: 5267

Re: Greylisting by subnetwork

Btw, i just checked the hm_greylisting_triplets db table, but in both my running instances all 'glipaddress2' are NULL values..
What is the 'glipaddress2' for? Is it a leftover from earlier version?


EDIT: Ah, nevermind.... i think it is for IP6
by RvdH
2018-09-16 08:43
Forum: Feature requests
Topic: Greylisting by subnetwork
Replies: 95
Views: 5267

Re: Greylisting by subnetwork

"Minutes to defer delivery attempts = 4" <== Changed hours to minutes "Hours before removing unused records = 12" "Days before removing unused records = 32" FYI, I think you changed: "Minutes to defer delivery attempts = 4" "Hours before removing unused records = 12" <== Changed days to hours "Days...
by RvdH
2018-09-16 08:19
Forum: Feature requests
Topic: Greylisting by subnetwork
Replies: 95
Views: 5267

Re: Greylisting by subnetwork

If greylisting is dead and the delays are the way to go, then it would be better to have the delays as one of the anti-spam mechanisms in HMS itself, to enjoy the same treatment (skip on SPF pass, A or MX, whitelisting) as other anti-spam mechanisms. The minimum modification would be to select the ...
by RvdH
2018-09-16 02:25
Forum: Feature requests
Topic: Greylisting by subnetwork
Replies: 95
Views: 5267

Re: Greylisting by subnetwork

GreyWhitelisting by FQDN (EHLO/HELO) alone is unreliable, these can easily be faked, so basically you need to do both, first check if the HELO/EHLO banner matches known values and then verify if sender ip is within allowed ip range To do that inside hmailserver? mmm...Probably, but that takes away t...
by RvdH
2018-09-16 01:42
Forum: Feature requests
Topic: Greylisting by subnetwork
Replies: 95
Views: 5267

Re: Greylisting by subnetwork

Amazon and their "mail for hire - amazonses.com" service is all over the map and so is Linkdin. So, these services do not use a reasonably limited number of subnets? If so, then greylisting is dead. Nothing to discuss. I will experiment with delays. Yes they do, https://aws.amazon.com/blogs/messagi...
by RvdH
2018-09-14 13:49
Forum: SpamAssassin implementation discussions
Topic: Spamassassin 3.4.2 released
Replies: 48
Views: 2696

Re: Spamassassin 3.4.2 released

That worked, even without %PATH% i downloaded binaries from: https://skanthak.homepage.t-online.de/curl.html Extracted curl-7.61.1.cab and placed the i386 version in "C:\Program Files (x86)\JAM Software\SpamAssassin for Windows" C:\Program Files (x86)\JAM Software\SpamAssassin for Windows>sa-update....