hMailServer forum

prisma

Let me annotate that the support for server 2008 (that last 32-bit server) ends also at 14/01/2020 (and that's for professional environments more important than desktop OSs). So, it's absolutely OK to end x86 support in 5.7. BUT some things: There is no .net 3.5/2.0 core package to install in Server...

prisma

No, it's not strange. Powershell is perfectly structured, flexible and extensible. Love powershell!

prisma

Good work! THX a lot.

Hmmm, which knowledge (actions?) can we derive from it? I'm personally not sure, that's why I'm asking.

prisma

@dravion: the question is not whether your work is necessary or not. Of course it is, I think your analysis helps Martin to decide. If he runs better with libreSSL, here we go (or he should :D ). The basic question is more like: Is it realistic to wait for any kind of improvements in general? Especi...

prisma

Please let me annotate following: What does Martin say to those trends? OK, core development is slow. But to be honest, for us, hmailserver works pretty perfect and the bug list is rather short in relation to other projects. openSSL 1.0.2.x is supported until 31.12.2019 from what I read. Let's give ...

prisma

THX for info Matt. So, the questions goes to the rest of the highly revered audience:

Did anybody ever find a solution for reliably closing remotely opened network file handles?
E.g. for renaming a remotely crashed EXE during a update process on the server.

prisma

Hey Matt, Are you that guy? https://stackoverflow.com/users/833960/mattg Seems that you had a similar problem like we have at the moment. Did you really ended up in utilizing psexec? Openfiles did never help? https://stackoverflow.com/questions/10780276/windows-can-not-force-close-network-file-handl...

prisma

Hello, one design problem of the old and the new webfrontend is, that users aren't able to edit their own rules. I assume, this is based on source code restrictions and not changeable because PHP only utilizes COM. Anyway, then let's change the sourcecode. If normal "Users" should be always able to ...

prisma

Hi, I agree. The way jacko wants to achieve security does not make many sense. From what I understood from the script, the mailserver has knowledge about the private gnupg key of the user. Or am I wrong? This would break security. If a mail user want to have end-to-end security, he should handle his...

prisma

We use PostgreSQL with roundabout 600 installations at customers side. We are impressed how robust the WAL tactic of postgres is. Our customers have from time to time very unstable systems, corrupt file systems and so on. We never had any bigger data losses and postgres was evry time repairable or w...

prisma

Brrrr, ruhig Brauner! So schnell mahlen die Mühlen hier (leider) nicht

Also an Deiner stelle würde ich nicht auf die stabile 64bit Version warten. Schau dir einfach mal die Releasezyklen an. Das kann noch 2 Jahre dauern bis die kommt. Pessimisten würden sagen 20

*kidding*

Grüße!

prisma

If you use a newer hmailserver version, you should completely remove absolute file paths instead of updating to new absolute paths. The path to messages is taken from the INI.
Search this forum, there should be examples for SQL queries.

prisma

The pinky, the pinky and the brain, brain, brain, brain...

prisma

... someone would need a packet sniffer to see email contents, and then only in transit ... I agree, this risk exists. But let's leave it aside. You're right. hmailserver service could run with a special account, and only this account has access to the share. Easier than using EFS for that account....

prisma

No problem. I want to hear every opinion. We want to protect the messages folder. The problem is there's at the moment no additional security "around" the messages storage. Storing something plain text and searchable in the FS makes it hard to add security. I did a lot of MCSE/MCSA certifications, s...

prisma

@Matt: no bad idea, but as long the SAN is mounted, it's not more than a local drive. Searching is even possible with indexing disabled on that volume. But slow. Mounting a drive only for a special user is not possible with windows. NTFS ACLs could be re-adjusted from every local serveradministrator...

prisma

Hello, regarding exchange I have the possibility to adjust users ACLs. So the user could be able to backup a exchange Server or to do other administrative things with exchange without being able to read all mails. With hmailserver I only have to click on the right mail address within messages folder...

prisma

Got an error directly on http://localhost/?page=account&action=edit&domainid=3&accountid=10 Operation failed Description: strtotime(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case yo...

prisma

THX, Martin.

prisma

If you want to serve also the phpAdmin you'll have to got through the DCOM hell: On e.g. a Server 2008 Core: use "dcomperm -al {5EDEC473-39E0-43F6-A234-1947071721C8} set IIS_IUSRS permit level:ll,la". Dcomperm is included as sample in "Windows SDK for Windows Server 2008". You'll have to build the e...

prisma

+1

And I'd love to have the already notified addresses persistent in database and not only in memory. Once the Server restarts, everybody is notified again...

prisma

Do you use external accounts fetched by POP3 ?
https://github.com/hmailserver/hmailserver/issues/107

prisma

I have downloaded the code for this: http://www.j-interop.org/ but never got around to unpack it and test it - Java skills still a bit rusty... It may just just be the best FREE solution available. What's the plan? Writing a java servlet using DCOM to configure hmailserver remotely? And writing a r...

prisma

I vote for other because I need a webmail integration to change passwords and some other minor things but Roundcube in Windows/IIS have a very bad performance and I can't integrate Linux/Apache Roundcube with Windows hMailserver (https://myroundcube.com/myroundcube-plugins/hmail_password-plugin). J...

prisma

https://github.com/hmailserver/hmailserver/issues/104

prisma

Merged or deleted?

Seems that everybody who voted yes for the other poll has also voted yes here. Because the 15 yes have not changed here... miraculous but not implausible

prisma

Guys, I'm not able to understand why we have to write batches and patches, do tricks, read hints about bugs, write post after post. This software has a build in backup and should be able to do a hot backup compressed, not compressed or completely without messages. But it is not able to. This should ...

prisma

Has an duplicate: viewtopic.php?t=22365

Anybody able to merge these two?

prisma

If this was the only problem of the backup I was happy. But I'll vote yes. If this would be improved the other problems would have possibly been also touched. Many conjunctives, maybe wrong, but you'll know what I mean

prisma

Hey guys, hey martin, only wanted to say: I had time now for updating from 5.4-billspecialbuild to 5.6.3 (yiepieh). Worked like charm, no problems with cert validation. Seems that most ISPs in Germany have valid certs for their relayers and pop servers. Possibly imagination, but the server feels mor...

prisma

(Dont ask why, it's too long to explain and frankly ridiculously contentious. Just accept what I am saying). LOL, ROFL :lol: However, that backup shouldnt really be relied on and it is infinitely better if you create your own backup procedure. Sad. ... Hmmm, we're talking about the lack of a reliab...

prisma

Martin had created a poll for future improvements:
viewtopic.php?t=27191
I already wrote there the backup system was a little bit a step child of hmailserver. Unfortunately it not a own item to choose. I think Martin sees no reason for improvements regarding backup.

prisma

c, Upgrading has been problematic to some people (ie BACKUP and then RESTORE of data) The only thing I'm able to remember regarding backup was a problem with restoring uncompressed backups: https://www.hmailserver.com/forum/viewtopic.php?t=25571 But this is definitely not related to 5.6 and has alw...

prisma

As far as I understood Martin certificates a checked for smarthost, routes AND pop3c after update to 5.6. This means for every explicit / manually configured host. Certificate are never checked for MX resolved hosts.

prisma

I'm surprised still nobody is asking 'Why does hmailserver consume so much memory?'. I reported a memory leak months ago while moving many emails through IMAP folders with thunderbird. This is a big problem `cause a mailserver admin can't never prevent people from moving their emails around. Are you...

prisma

No. Usage of DH or not has nothing to do with HIGH. After deleting HIGH only TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16 was used instead of TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32. Arg! It should be possible to use multiple DH keyfiles, shouldn't it? I'm not sure, but I think 1024 is standard. Openssl generates ...

prisma

While testing 5.6 I noticed that (EC)DH isn't used always. A fall-back to version=TLSv1 cipher=AES256-SHA bits=256 sometimes done. Hmailserver is configured with the ciphers above. My ISP gave me info that only TLSv1 with following ciphers is supported: Accepted TLSv1 256 bits DHE-RSA-AES256-SHA Acc...

prisma

So, having a mailserver dealing with the PKI centralized would be highly interesting for you. This gave mail administrators the opportunity to offer similar man-in-the-middle services. Just by the way, in Germany similar "man-in-the-middle" services have been introduced. It's called "De-Mail" or "E-...

prisma

I agree that this would be unique, and could only envisage it working with a hMailserver at both ends, unless the keys were somehow shared with a mail client at the other end. Lets add PKI to the mix (That's what we use in Australian Healthcare) Possibly just a misunderstanding. Of course based on ...

prisma

I'd say yes, IMAP. But also sending of large attachments can be a pain, although connected via LAN and clamav is deactivated...

prisma

PS, regarding clustering support: Would be a great thing, but there are specialists out there for HA clustering. On OS base, on database level, based on whatever. I'm not sure if hMailserver should try to play with these guys

prisma

My personal opinion is a mailserver has to be reliable, fast and secure. So, my first vote is Security/Privacy. In times where we have to fight more and more against intelligence services and hackers, we have to continuously improve security/privacy features. If you don't go forward, you go backward...

prisma

I very appreciate your work. Regarding backward compatibility you should have no concerns. I'm no crypto guru. But I think "...AES128:AES256:RC4-SHA..." is a build in fall-back for weak clients, isn't it?

prisma

Great!

prisma

Good idea. But your problem sounds like Martin should do some research. I think you'd better send him the cert or url to your server and let him check the problem. It's important to get 5.5 stable.

prisma

As Martin said. Copy the certificate part of the output of openssl s_client to a .cer file and double click it. Or just double click the certificate on the primary server. Within the certificate details you should be able to find the info...

prisma

Now the hostname seems to fit, but CRL check was not possible. Please inspect the CRL distribution points and OCSP responder listed within the cert. Are they accessible? Doesn't look like that... (I know I'm getting on everybody's nerves. But I'll say it anyway: Pinning of certs along with allowed e...

prisma

.... And.... As Long as you don't access your primary Server by a hostname listet within the cert, possibly you want to access your server locally not via internet, you'll never get it working without further tricks.

In this case we use to manipulate DNS resolution by DNS Server or hosts file.

prisma

If you inspect the certificate of the primary server on the secondary server, does Windows handle this certificate as valid? Background of my question is: certificate validation is switched on for routes and relayer. In this case you set a server manually and it's expectable to get a valid certifica...

prisma

I checked the certificate of this server. Certificate is valid and hostname fits. Can't see a reason for an error. Seems to be a bug. The server is resolved by a CNAME. You are far better off using an unsecured connection, than using a secured connection to an invalid certificate. Sorry, but no. Thi...

prisma

I must confess our production server is still on Bills 5.4-B2014042101. In the past I switched from release 5.4 to experimental 5.4 because of Bills STARTTLS implementation. The official 5.5 betas are running on our testserver with a low priority domain. After you started work on STARTTLS there was ...

prisma

- POP3 fetching stops. I've configured my own server to fetch more frequently and will see if I can reproduce it. Before you search this bug in conjunction with 5.5 changes, let me tell you this: We have this problem since years. We fetch mails minutely. I posted this problem and the only response ...

prisma

The only open question I can remember was, you haven't been sure if behaviour is OK regarding alternative host names within certificates.
But if behaviour is OK: Go!

Generally: You have very good automated tests. Feel free to speed up the release cycle.

prisma

THX for cross check, martin.

prisma

Sent you the logs. Looks like the ISPs mailserver is writing wrong info into the header, isn't it?

prisma

You've selected "Connection security: STARTTLS (Required)" under Settings -> SMTP -> Delivery of email, right? Yes. Because we have some external accounts hosted by the ISP directly we need also a route to this external business accounts. Within this route STARTTLS is also required. Proofed it twic...

prisma

I figured out a possible problem: I send a test mail from my business account to my private account using B2074. hmailserver seems to do not use encryption to deliver the message to our ISP relayer although STARTTLS is required: Received: from mi008.mc1.hosteurope.de ([80.237.138.247]) by yyy.webpac...

prisma

Did I understand right? You want to setup Hyper-V within a EC2 instance? Hmmm, if this works, this only could work on HVM instances, couldn't it? I think it's not possible to put a hypervisor on top of a PV machine. Even not sure if it's possible to put a hypervisor on top of a HVM instance... Do yo...

prisma

Since 2012 R2 the fileserver role is supported as scale-out fileserver on a CSV. I manged to mix the fileserver role with generic clusterservice. The result was hmailserver and postgres runnig as clusterservice on a shared storage. super cool. But I wasn't completly sure this scenario is supported b...

prisma

Setup hmailserver within a Hyper-V-VM and replicate the VM to another server. It's all build-in in Server2012. No extra license for the VM is needed, one virtualization per host is covered by the standard server license. No active directory needed, no special hardware needed. We use replication sinc...

Search found 310 matches