Search found 249 matches

by brashquido
2020-04-24 16:44
Forum: General discussions
Topic: Chasing the perfect security score
Replies: 10
Views: 1845

Re: Chasing the perfect security score

mattg wrote:
2020-04-22 13:54
You have a green tile for HIPAA, so that is a pass for you

I get the same as you do

A+ with all green, except NIST
It is a pass, but not compliance. I'd need the OCSP Stapling for compliance, such as this;

https://www.immuniweb.com/ssl/?id=2zC2VSPt

Not too fused either way.
by brashquido
2020-04-21 14:51
Forum: General discussions
Topic: Chasing the perfect security score
Replies: 10
Views: 1845

Re: Chasing the perfect security score

I got an A+ all round last time I did that test, but today get the same as you Supported versions is draft - https://tools.ietf.org/id/draft-ietf-tls-tls13-23.html Keyshare is draft - https://tools.ietf.org/html/draft-bzwu-tls-client-keyshare-01 Extended Master Secret extension for TLS is a propose...
by brashquido
2020-04-18 05:20
Forum: General discussions
Topic: Chasing the perfect security score
Replies: 10
Views: 1845

Re: Chasing the perfect security score

Haha, yeah. I had to temporarily disable autoban while running the tests. Does that mean your servers are a level is security above PCI-DSS, HIPAA & NIST compliant if they can't be connected to to prove they aren't compliant 🤪
by brashquido
2020-04-17 15:35
Forum: Feature requests
Topic: BATV (Bounce Address Tag Validation) Check
Replies: 11
Views: 13566

Re: BATV (Bounce Address Tag Validation) Check

I'm no Martiin, but not even sure what you are asking for could be done using rules/functions, would perhaps even require some low level code changes to the way hMail authenticates. BATV would be a nice feature, but given this is a decade old feature request I would say that the devs have perhaps de...
by brashquido
2020-04-17 14:26
Forum: General discussions
Topic: Chasing the perfect security score
Replies: 10
Views: 1845

Chasing the perfect security score

Hi All, Have been trying to tidy up the security side of things on my server of late and have become perhaps a little too obsessed with getting the "perfect score" for PCI-DSS, HIPAA and NIST. I've managed an A+ score with PCI-DSS compliance, however am falling short for HIPAA and NIST; https://www....
by brashquido
2017-11-16 14:33
Forum: General discussions
Topic: What to do about Greylisting unfriendly SMTP farms?
Replies: 2
Views: 929

What to do about Greylisting unfriendly SMTP farms?

Historically I have not enabled the "Bypass greylisting on SPF Pass" option as it allows spam sent via domains with rubbish SPF records to bypass greylisting. After reading this Google support doc I'm not sure what other options there are now given the fluidity of the IP addresses being used for the...
by brashquido
2017-01-18 05:16
Forum: General discussions
Topic: Merging two HMS instances?
Replies: 4
Views: 1354

Re: Merging two HMS instances?

jimimaseye wrote:If you run DDS then all emails, including SENT etc, will be imported in to the INBOX. So it wont be a true replication.
Bummer, did not realise this one. Sounds like doing a database merge rather than DDS will be the best route. Will have to get a list of which tables I'll need to merge...
by brashquido
2017-01-17 13:42
Forum: General discussions
Topic: Merging two HMS instances?
Replies: 4
Views: 1354

Merging two HMS instances?

Hi All, Long time since my last post, hope all are well :) Quick question really. If I wanted to merge 2 or more instances of HMS, would the following procedure sound reasonably solid? 1. Update each instance to same version. 2. On target HMS instance, create domains & accounts present to reflect wh...
by brashquido
2016-05-24 03:51
Forum: General discussions
Topic: DataDirectorySynchronizer post File System AV Scan?
Replies: 2
Views: 1461

Re: DataDirectorySynchronizer post File System AV Scan?

Even better, doubly so as I can now run everything from a command line which means I can schedule VSS snapshot, AV scan & these HMS scripts as a maintenance task. Awesome, thanks...
by brashquido
2016-05-23 14:58
Forum: General discussions
Topic: DataDirectorySynchronizer post File System AV Scan?
Replies: 2
Views: 1461

DataDirectorySynchronizer post File System AV Scan?

Hi All, I have a monthly scan on the HMS data directory (usually excluded) which since using the SaneSecurity defs is getting quite a few hits (mainly for spam). What is the best method to clean out these old infected messages from users mailboxes? As I understand it DataDirectorySynchronizer works ...
by brashquido
2016-05-19 05:53
Forum: General discussions
Topic: SMTH AUTH?
Replies: 13
Views: 4453

Re: SMTH AUTH?

Thanks Matt, Perfect, exactly what I was after! With your last comment, are you saying even with AUTH disabled on port 25 that users can still authenticate if STARTTLS has been initiated? I'll find out soon enough I guess :) . Thanks Jimi, yeah I saw those details too. I guess the distinction I was ...
by brashquido
2016-05-18 11:07
Forum: General discussions
Topic: SMTH AUTH?
Replies: 13
Views: 4453

SMTH AUTH?

Hi All, Has been a while :) . I use a service which does a regular security scan on a server I maintain which is picking up an issue with hMailServer. The description of the issue it is lodging is as follows; The SMTP server advertises the following SASL methods over an unencrypted channel: All supp...
by brashquido
2014-07-24 05:26
Forum: Development & alpha discussions
Topic: LATEST EXPERIMENTAL BUILD - 5.4-B2014060501
Replies: 228
Views: 170515

Re: LATEST EXPERIMENTAL BUILD - 5.4-B2014060501

Thanks for clearing that up Soren, makes sense. As to the lack of a "250 AUTH" response from the EHLO command, anyone else seeing this? Have since tried replacing the experimental build binaries, same thing.
by brashquido
2014-07-23 15:00
Forum: Development & alpha discussions
Topic: LATEST EXPERIMENTAL BUILD - 5.4-B2014060501
Replies: 228
Views: 170515

Re: LATEST EXPERIMENTAL BUILD - 5.4-B2014060501

Sorry, meant to mention that I am not "250 AUTH" from a EHLO response when DisableAUTHList is enabled. Have verified that I am using build 5.4-B2014060501 which I had the impression should have this fix?
by brashquido
2014-07-23 08:50
Forum: Development & alpha discussions
Topic: LATEST EXPERIMENTAL BUILD - 5.4-B2014060501
Replies: 228
Views: 170515

Re: LATEST EXPERIMENTAL BUILD - 5.4-B2014060501

First off, thanks a ton for the custom builds Bill et al. You efforts are appreciated. Have a few queries around SMTP AUTH. 2014-05-04 5.4-B2014050401 * IMPORTANT: This build has a LOT of extra debug logging but NOT shown by default. [Settings]LogLevel=10 for some extra to 100 for extremely verbose ...
by brashquido
2014-03-05 15:29
Forum: General discussions
Topic: Greylisting after RCPT TO checks & spam score resets?
Replies: 11
Views: 3872

Re: Greylisting after RCPT TO checks & spam score resets?

therefore it has no place being considered as a blacklist address hence probably reason why it gets "false" return code. As far as I have seen, all DNS BLs return an address in the 127.0.0.0/8 space to indicate a status. As far as zz.countries.nerd.dk is concerned, the sole purpose of this list is ...
by brashquido
2014-03-05 11:04
Forum: General discussions
Topic: Greylisting after RCPT TO checks & spam score resets?
Replies: 11
Views: 3872

Re: Greylisting after RCPT TO checks & spam score resets?

Thanks again Percepts for your replies. Here is an example from my logs with my personal data removed; "TCPIP" 2816 "2014-03-04 00:47:43.526" "TCP - 213.199.154.13 connected to xxx.xxx.xxx.xxx:25." "DEBUG" 2816 "2014-03-04 00:47:43.526" "Creating session 17477" "SMTPD" 2816 17477 "2014-03-04 00:47:4...
by brashquido
2014-03-03 13:59
Forum: General discussions
Topic: Greylisting after RCPT TO checks & spam score resets?
Replies: 11
Views: 3872

Re: Greylisting after RCPT TO checks & spam score resets?

25 seconds is a very long time for spam checks, what spam tool are you using? Yes it is. I've significantly widened my sample to around 50 incoming SMTP connections and it appears the norm is more around the 4~5 second mark with maybe 10~15% in that 20 second range due to multiple DNS timeouts. I s...
by brashquido
2014-03-02 08:28
Forum: General discussions
Topic: Greylisting after RCPT TO checks & spam score resets?
Replies: 11
Views: 3872

Greylisting after RCPT TO checks & spam score resets?

Hi All, Using HMS 5.4 B1950 and just wanting to check a few things. Have been trawling the logs due to some spam penetration and am experiencing following; 1) According to the logs I am looking at, the Greylisting "451 Please try again later" status is sent to the remote server after all the DNS bla...
by brashquido
2013-12-07 06:34
Forum: General discussions
Topic: 5.4 - Does it support ManageSieve?
Replies: 4
Views: 2107

Re: 5.4 - Does it support ManageSieve?

I put in a feature request for Sieve protocol support some time back. Just don't think it has the widespread usage across the hMS user base.
by brashquido
2013-12-07 06:14
Forum: General discussions
Topic: MySQL Upgrade
Replies: 1
Views: 1338

Re: MySQL Upgrade

I actually look at this as an MySQL issue. For upgrades I do not think it should be using different instance names (especially by default) for exactly the sort issue you've encountered. The MySQL installer has been pretty flaky on things like this for a long while. If you look in the following regis...
by brashquido
2013-09-13 01:21
Forum: General discussions
Topic: Mail server security issue concern
Replies: 44
Views: 13459

Re: Mail server security issue concern

Things I found after a 5 minute look; 1) Your server (mail.mesharpe.com) is not configured to receive email. That is I am unable to establish a TCP connection on port 25. 2) You mail server is also listed on SORBS and SpamCop blacklists. 3) There seems to be one or more of your specified DNS servers...
by brashquido
2013-08-27 05:07
Forum: General discussions
Topic: Problems with IMAP4 crashing randomly
Replies: 9
Views: 4630

Re: Problems with IMAP4 crashing randomly

Should also point out that Thunderbird will definitely work with HMS IMAP. Even if you only use it for the testing required here, it is probably going to be a more complete test if you use a full blown client rather than just testing port connectivity via telnet.
by brashquido
2013-08-27 05:00
Forum: General discussions
Topic: Problems with IMAP4 crashing randomly
Replies: 9
Views: 4630

Re: Problems with IMAP4 crashing randomly

Hi Niccolò, As Doom said, if your server is not accepting connections on the IMAP port there are larger issues at play. Implementing a script to restart HMS may actually exacerbate the issue of HMS not being available, especially when IMAP is concerned. Is it possible that you have IMAP configured t...
by brashquido
2013-08-27 04:47
Forum: General discussions
Topic: Server crashed but no error log entry
Replies: 4
Views: 2492

Re: Server crashed but no error log entry

I don't think it is clear from those log snippets what might be causing the issue. On the protocol side I can only see SMTP related entries in the log you provided. Care to give us a little more info on your environment? This such as; - Physical Memory & usage (perfmon, task manager, etc) - Disk typ...
by brashquido
2013-08-23 02:30
Forum: General discussions
Topic: hMailServer under attack
Replies: 8
Views: 4253

Re: hMailServer under attack

True. It is not going to stop the attempts. Nothing will. Spam is like tax and politicians unfortunately, here to stay. Having been an open relay, you may even see an escalated level of "probing" for some weeks. My advise is to make sure you have greylisting enabled. My tests have shown this alone w...
by brashquido
2013-08-23 02:13
Forum: General discussions
Topic: Problems with IMAP4 crashing randomly
Replies: 9
Views: 4630

Re: Problems with IMAP4 crashing randomly

Hi Niccolò, Are you saying that restarting HMS resolves the problem of being able to log into RoundCube? It would be quite simple to create a script running at regular intervals that monitors TCP port 143 for IMAP and if not present restarts the HMS service, however point is you should not have to. ...
by brashquido
2013-08-23 01:44
Forum: General discussions
Topic: hMailServer under attack
Replies: 8
Views: 4253

Re: hMailServer under attack

You should never ever ever need to allow your application to be an open relay in order to get it to work. If you do, get another application. Just to reiterate, never let your Internet facing SMTP server be an open relay. Ever. You can test if your server is open relay as per this doco . By default ...
by brashquido
2013-08-22 03:44
Forum: General discussions
Topic: hMail service crashing
Replies: 20
Views: 7492

Re: hMail service crashing

Good news Meaghan, I think additional memory (I'm assuming you'd be going to at least 16GB?) will go a long way to stabilising your server. There are several front end spam filters, all of which should work with HMS (or any standards compliant SMTP server). It has be around 3 years since I last admi...
by brashquido
2013-08-20 08:15
Forum: Scripting
Topic: Adding EML filename as header and preserving during forward?
Replies: 2
Views: 2028

Re: Adding EML filename as header and preserving during forw

Yep, split looks like a good match. Cheers for the link!
by brashquido
2013-08-20 08:08
Forum: General discussions
Topic: MySQL on hMailServer
Replies: 9
Views: 3102

Re: MySQL on hMailServer

And if not, here is an example to add additional data to the database as deliveries occur http://www.hmailserver.com/forum/viewtopic.php?f=20&t=13890 Awesome. Not sure why I had never found that thread. This is going to make it significantly easier to work something up to help trace the path of pen...
by brashquido
2013-08-20 08:03
Forum: General discussions
Topic: hMail service crashing
Replies: 20
Views: 7492

Re: hMail service crashing

Spoken like a true tech, Dominic. :mrgreen: The manager in me says, disk space is cheap, keeping old emails is important and not keeping them may have adverse business effects sometime into the future. I reckon that I personally have more than 30 Gb of old mail. Indeed Matt, though I'd say having a...
by brashquido
2013-08-20 06:34
Forum: General discussions
Topic: Clients losing server due to Idle time out
Replies: 4
Views: 2590

Re: Clients losing server due to Idle time out

The fact the restarting Outlook resolves the issue would have me agreeing with you that it is an Outlook oddity. Do you have any AV software installed on this workstation? Perhaps try disabling it for a period to see if that does anything.
by brashquido
2013-08-20 04:17
Forum: General discussions
Topic: hMail service crashing
Replies: 20
Views: 7492

Re: hMail service crashing

For logging I generally enable everything apart from POP3 & IMAP. That way when the day comes you have issues with spam penetration (it will happen one day if you are Internet connected) you have all the logging available to do trace work. That CPU will be sufficient for a good while for a dedicated...
by brashquido
2013-08-19 08:39
Forum: General discussions
Topic: Paid Support team
Replies: 11
Views: 6696

Re: Paid Support team

If at first you don't succeed, bomb disposal probably isn't for you! ヅ
I'd never noticed your sig before Doom. Not bad :) ...
by brashquido
2013-08-19 07:34
Forum: General discussions
Topic: hMail service crashing
Replies: 20
Views: 7492

Re: hMail service crashing

As Doom said, IMAP has great potential to be memory intensive. I wouldn't necessarily be stopping at just increasing the virtual memory as heavy paging to disk will result in extremely poor server performance. A few questions to ask yourself. 1) Currently 150 user accounts, how much growth (if any) ...
by brashquido
2013-08-19 04:51
Forum: SpamAssassin implementation discussions
Topic: SpamAssassin not triggered (???)
Replies: 1
Views: 1214

Re: SpamAssassin not triggered (???)

I take it that spamd.exe is running as a process under what ever user you configured the service to run as? Separate from HMS, SA will have it's own spam threshold level. Is it possible that this is not low enough? Also, be aware that HMS only reads in integer scores. As in if SA gives a score of 4....
by brashquido
2013-08-16 07:29
Forum: General discussions
Topic: Email go to spam despite SPF DKIM & DMARC
Replies: 2
Views: 4228

Re: Email go to spam despite SPF DKIM & DMARC

Good luck with this :( . I had a very similar battle with Hotmail junking my mail a few years back. Tried everything including creation of SPF & SenderID records. I eventually gave up and found that after a time my messages to hotmail accounts started automagicallly appearing in the Inbox rather tha...
by brashquido
2013-08-16 05:45
Forum: General discussions
Topic: hMail service crashing
Replies: 20
Views: 7492

Re: hMail service crashing

"ERROR" 3212 "2013-08-15 11:20:07.655" "Severity: 2 (High), Code: HM5313, Source: CriticalSection::Enter, Description: EnterCriticalSection gave an exception. Out of memory? " How much memory does this server have and what is the peak memory utilisation (may need to set a perfmon counter)? What is ...
by brashquido
2013-08-12 16:03
Forum: Scripting
Topic: Adding EML filename as header and preserving during forward?
Replies: 2
Views: 2028

Adding EML filename as header and preserving during forward?

To aid my spam detection abilities I want to add a the final EML file name as a header to every message that comes in. I've had a look at this example and the second function is exactly what I am looking for. Just wondering what the best way would be to remove the file path from this so that only th...
by brashquido
2013-08-12 03:24
Forum: General discussions
Topic: Increasing timeout for fetching mails from external servers
Replies: 2
Views: 2055

Re: Increasing timeout for fetching mails from external serv

If the connection is being terminated by the remote host, extending the local timeout values are not going to help at all. What is the server bandwidth and how many concurrent sessions are you dealing with. I'd be looking at your spam proxy to see if any fine tuning can be done there if you haven't ...
by brashquido
2013-08-12 03:14
Forum: Feature requests
Topic: Enhanced logging for spam detection
Replies: 5
Views: 4950

Re: Enhanced logging for spam detection

Thanks Bill, Guess it is also one of those things you don't even realise is a bit messy until you go looking for it. I've been using HMS for something like 7 years and have never had real need to dig deep into the log files like this until this year. Perhaps for the purpose of spam penetration analy...
by brashquido
2013-08-09 04:26
Forum: General discussions
Topic: Integrating Hmail Server with IIS 7
Replies: 4
Views: 2717

Re: Integrating Hmail Server with IIS 7

I found Squirelmail to be a little dated looking, however it is well supported and quite powerful. I ended up going with RoundCube which has a really nice interface and the guys at MyRoundCube (commercial) have some really neat hmail plugins for RoundCube. Specifically the hmail spam plugin which al...
by brashquido
2013-08-09 03:32
Forum: Feature requests
Topic: Enhanced logging for spam detection
Replies: 5
Views: 4950

Re: Enhanced logging for spam detection

Thanks Bill, Ah yes, you'd be talking about this post of yours I take it? I certainly would think it was trivial to keep a single session ID between all of the different components. Considering the implementation complications and the existing to-do list, do you think this is an enhancement that is ...
by brashquido
2013-08-09 01:20
Forum: Feature requests
Topic: Negative Spam Score [90%]
Replies: 18
Views: 14749

Re: Negative Spam Score

No problem, just thought I'd ask :) .
by brashquido
2013-08-08 09:35
Forum: Feature requests
Topic: Enhanced logging for spam detection
Replies: 5
Views: 4950

Enhanced logging for spam detection

Currently to track the entire transaction of an incoming email from the initial SMTP connection through to the delivery to the targeted mailbox requires Application, SMTP, Debug & TCP/IP logging to be enable. On a busy server with many concurrent sessions this results in an enormously fragmented log...
by brashquido
2013-08-08 09:05
Forum: Feature requests
Topic: Negative Spam Score [90%]
Replies: 18
Views: 14749

Re: Negative Spam Score

Any progress on this one at all?
by brashquido
2013-08-08 07:38
Forum: General discussions
Topic: Spam: penetration dissection and pattern detection defense?
Replies: 3
Views: 1911

Re: Spam: penetration dissection and pattern detection defen

Cheers Matt, I should've pointed out I've tried Doom's online log analyser which does break it down into session which is very handy, however as the session ID is not logged against DEBUG or TCPIP entries this method is not enough to trace an email all the way through. I've manually trawled through ...
by brashquido
2013-08-08 03:46
Forum: General discussions
Topic: Server crashed but no error log entry
Replies: 4
Views: 2492

Re: Server crashed but no error log entry

There are multiple references in there to failed I/O. Have your checked your physical disk health?
by brashquido
2013-08-08 02:24
Forum: SpamAssassin implementation discussions
Topic: Spam not deleted
Replies: 2
Views: 1817

Re: Spam not deleted

Hi Mel, There are two user definable spam score values in hMail. Mark and delete. If the mark threshold is exceeded but is less than the delete threshold, then the mail will be marked as spam either via header(s) or subject line. Mail above the delete threshold will be deleted before it gets to any ...
by brashquido
2013-08-07 17:51
Forum: General discussions
Topic: Spam: penetration dissection and pattern detection defense?
Replies: 3
Views: 1911

Spam: penetration dissection and pattern detection defense?

Hi All, Have been getting a bit of spam penetration recently and had a few questions; 1) So I am able to see everything from the initial SMTP connection through to the message delivery to the intended mailbox (if it makes it that far) I have SMTP, Application, TCP/IP and Debug logging enabled. This ...
by brashquido
2012-05-21 15:01
Forum: General discussions
Topic: RFC: Getting stats from hMailServer Greylisting
Replies: 4
Views: 3599

Re: RFC: Getting stats from hMailServer Greylisting

Thanks Matt :) . I take it you didn't have any issues with the SQL in your own environment?
by brashquido
2012-05-18 08:20
Forum: General discussions
Topic: RFC: Getting stats from hMailServer Greylisting
Replies: 4
Views: 3599

RFC: Getting stats from hMailServer Greylisting

Hi All, Have just finished writing up a bit of a how-to on getting some stats out of the hMailServer Greylisting Triplets table using some SQL queries in phpMyAdmin. Nothing flash, but hopefully should be useful to some as the Greylisting stats are not readily/easily exposed in hMailServer using the...
by brashquido
2011-10-22 11:01
Forum: General discussions
Topic: Greylisting, auto-ban & other questions...
Replies: 12
Views: 3292

Re: Greylisting, auto-ban & other questions...

Thanks Doom. Let me know if you need the full headers or anything from the message.

Cheers
by brashquido
2011-10-21 14:46
Forum: General discussions
Topic: Greylisting, auto-ban & other questions...
Replies: 12
Views: 3292

Re: Greylisting, auto-ban & other questions...

No scripts, but I do have two fairly simple global rules running. Rule 1: If Recipient list contains hotmail then Reply with mail delivery warning (I used to have intermittent issues with mail delivery to Hotmail) Rule 2: If X-hMailServer-Spam = yes and Subject contains [SPAM] then Forward email to ...
by brashquido
2011-10-21 07:21
Forum: General discussions
Topic: Greylisting, auto-ban & other questions...
Replies: 12
Views: 3292

Re: Greylisting, auto-ban & other questions...

Sorry, my bad. Remove other from that sentence. 2 recipients, 3 in CC. 1 x reciepient and 2 x CC destined for my email server.
by brashquido
2011-10-20 12:34
Forum: General discussions
Topic: Greylisting, auto-ban & other questions...
Replies: 12
Views: 3292

Re: Greylisting, auto-ban & other questions...

Hi Doom,

I'm using version 5.3.3-B1879. Yes there are 2 other recipients and 3 in the CC line in the email. 1 of the recipients and all those in the CC field are destined for a domain hosted on my server.
by brashquido
2011-10-20 02:06
Forum: General discussions
Topic: Greylisting, auto-ban & other questions...
Replies: 12
Views: 3292

Re: Greylisting, auto-ban & other questions...

Hey Matt, Thanks for clearing up those questions for me. Good suggestion about the whitelist, however there is something about willingly giving the green light to bypass SPAM protection that makes me come out in cold sweats :) . I can't really see any other way though. Just to verify, whitelisting o...
by brashquido
2011-10-19 15:35
Forum: General discussions
Topic: Greylisting, auto-ban & other questions...
Replies: 12
Views: 3292

Greylisting, auto-ban & other questions...

Hi All, I've a few queries I'm hoping someone can help me with. 1. I have several users who need to receive email from a domain that uses an outsourced SMTP service which uses multiple hosts across at least 3 class C networks (that I know of). It also appears that on being issued a 451 status code b...
by brashquido
2010-09-16 09:10
Forum: Feature requests
Topic: Options to combat Greylisting false positives
Replies: 10
Views: 8058

Options to combat Greylisting false positives

The greylisting functionality in hMail matches a specific IP to a specific email address which is a problem because email from larger environments often can originate from any number of different IP addresses. This results in email that has already been through the greylisting process to be greylist...