Search found 244 matches

by brashquido
2017-11-16 14:33
Forum: General discussions
Topic: What to do about Greylisting unfriendly SMTP farms?
Replies: 2
Views: 694

What to do about Greylisting unfriendly SMTP farms?

Historically I have not enabled the "Bypass greylisting on SPF Pass" option as it allows spam sent via domains with rubbish SPF records to bypass greylisting. After reading this Google support doc I'm not sure what other options there are now given the fluidity of the IP addresses being used for the...
by brashquido
2017-01-18 05:16
Forum: General discussions
Topic: Merging two HMS instances?
Replies: 4
Views: 1031

Re: Merging two HMS instances?

jimimaseye wrote:If you run DDS then all emails, including SENT etc, will be imported in to the INBOX. So it wont be a true replication.
Bummer, did not realise this one. Sounds like doing a database merge rather than DDS will be the best route. Will have to get a list of which tables I'll need to merge...
by brashquido
2017-01-17 13:42
Forum: General discussions
Topic: Merging two HMS instances?
Replies: 4
Views: 1031

Merging two HMS instances?

Hi All, Long time since my last post, hope all are well :) Quick question really. If I wanted to merge 2 or more instances of HMS, would the following procedure sound reasonably solid? 1. Update each instance to same version. 2. On target HMS instance, create domains & accounts present to reflect wh...
by brashquido
2016-05-24 03:51
Forum: General discussions
Topic: DataDirectorySynchronizer post File System AV Scan?
Replies: 2
Views: 1184

Re: DataDirectorySynchronizer post File System AV Scan?

Even better, doubly so as I can now run everything from a command line which means I can schedule VSS snapshot, AV scan & these HMS scripts as a maintenance task. Awesome, thanks...
by brashquido
2016-05-23 14:58
Forum: General discussions
Topic: DataDirectorySynchronizer post File System AV Scan?
Replies: 2
Views: 1184

DataDirectorySynchronizer post File System AV Scan?

Hi All, I have a monthly scan on the HMS data directory (usually excluded) which since using the SaneSecurity defs is getting quite a few hits (mainly for spam). What is the best method to clean out these old infected messages from users mailboxes? As I understand it DataDirectorySynchronizer works ...
by brashquido
2016-05-19 05:53
Forum: General discussions
Topic: SMTH AUTH?
Replies: 13
Views: 2799

Re: SMTH AUTH?

Thanks Matt, Perfect, exactly what I was after! With your last comment, are you saying even with AUTH disabled on port 25 that users can still authenticate if STARTTLS has been initiated? I'll find out soon enough I guess :) . Thanks Jimi, yeah I saw those details too. I guess the distinction I was ...
by brashquido
2016-05-18 11:07
Forum: General discussions
Topic: SMTH AUTH?
Replies: 13
Views: 2799

SMTH AUTH?

Hi All, Has been a while :) . I use a service which does a regular security scan on a server I maintain which is picking up an issue with hMailServer. The description of the issue it is lodging is as follows; The SMTP server advertises the following SASL methods over an unencrypted channel: All supp...
by brashquido
2014-07-24 05:26
Forum: Development & alpha discussions
Topic: LATEST EXPERIMENTAL BUILD - 5.4-B2014060501
Replies: 228
Views: 145497

Re: LATEST EXPERIMENTAL BUILD - 5.4-B2014060501

Thanks for clearing that up Soren, makes sense. As to the lack of a "250 AUTH" response from the EHLO command, anyone else seeing this? Have since tried replacing the experimental build binaries, same thing.
by brashquido
2014-07-23 15:00
Forum: Development & alpha discussions
Topic: LATEST EXPERIMENTAL BUILD - 5.4-B2014060501
Replies: 228
Views: 145497

Re: LATEST EXPERIMENTAL BUILD - 5.4-B2014060501

Sorry, meant to mention that I am not "250 AUTH" from a EHLO response when DisableAUTHList is enabled. Have verified that I am using build 5.4-B2014060501 which I had the impression should have this fix?
by brashquido
2014-07-23 08:50
Forum: Development & alpha discussions
Topic: LATEST EXPERIMENTAL BUILD - 5.4-B2014060501
Replies: 228
Views: 145497

Re: LATEST EXPERIMENTAL BUILD - 5.4-B2014060501

First off, thanks a ton for the custom builds Bill et al. You efforts are appreciated. Have a few queries around SMTP AUTH. 2014-05-04 5.4-B2014050401 * IMPORTANT: This build has a LOT of extra debug logging but NOT shown by default. [Settings]LogLevel=10 for some extra to 100 for extremely verbose ...
by brashquido
2014-03-05 15:29
Forum: General discussions
Topic: Greylisting after RCPT TO checks & spam score resets?
Replies: 11
Views: 3349

Re: Greylisting after RCPT TO checks & spam score resets?

therefore it has no place being considered as a blacklist address hence probably reason why it gets "false" return code. As far as I have seen, all DNS BLs return an address in the 127.0.0.0/8 space to indicate a status. As far as zz.countries.nerd.dk is concerned, the sole purpose of this list is ...
by brashquido
2014-03-05 11:04
Forum: General discussions
Topic: Greylisting after RCPT TO checks & spam score resets?
Replies: 11
Views: 3349

Re: Greylisting after RCPT TO checks & spam score resets?

Thanks again Percepts for your replies. Here is an example from my logs with my personal data removed; "TCPIP" 2816 "2014-03-04 00:47:43.526" "TCP - 213.199.154.13 connected to xxx.xxx.xxx.xxx:25." "DEBUG" 2816 "2014-03-04 00:47:43.526" "Creating session 17477" "SMTPD" 2816 17477 "2014-03-04 00:47:4...
by brashquido
2014-03-03 13:59
Forum: General discussions
Topic: Greylisting after RCPT TO checks & spam score resets?
Replies: 11
Views: 3349

Re: Greylisting after RCPT TO checks & spam score resets?

25 seconds is a very long time for spam checks, what spam tool are you using? Yes it is. I've significantly widened my sample to around 50 incoming SMTP connections and it appears the norm is more around the 4~5 second mark with maybe 10~15% in that 20 second range due to multiple DNS timeouts. I s...
by brashquido
2014-03-02 08:28
Forum: General discussions
Topic: Greylisting after RCPT TO checks & spam score resets?
Replies: 11
Views: 3349

Greylisting after RCPT TO checks & spam score resets?

Hi All, Using HMS 5.4 B1950 and just wanting to check a few things. Have been trawling the logs due to some spam penetration and am experiencing following; 1) According to the logs I am looking at, the Greylisting "451 Please try again later" status is sent to the remote server after all the DNS bla...
by brashquido
2013-12-07 06:34
Forum: General discussions
Topic: 5.4 - Does it support ManageSieve?
Replies: 4
Views: 1771

Re: 5.4 - Does it support ManageSieve?

I put in a feature request for Sieve protocol support some time back. Just don't think it has the widespread usage across the hMS user base.
by brashquido
2013-12-07 06:14
Forum: General discussions
Topic: MySQL Upgrade
Replies: 1
Views: 1109

Re: MySQL Upgrade

I actually look at this as an MySQL issue. For upgrades I do not think it should be using different instance names (especially by default) for exactly the sort issue you've encountered. The MySQL installer has been pretty flaky on things like this for a long while. If you look in the following regis...
by brashquido
2013-09-13 01:21
Forum: General discussions
Topic: Mail server security issue concern
Replies: 44
Views: 12000

Re: Mail server security issue concern

Things I found after a 5 minute look; 1) Your server (mail.mesharpe.com) is not configured to receive email. That is I am unable to establish a TCP connection on port 25. 2) You mail server is also listed on SORBS and SpamCop blacklists. 3) There seems to be one or more of your specified DNS servers...
by brashquido
2013-08-27 05:07
Forum: General discussions
Topic: Problems with IMAP4 crashing randomly
Replies: 9
Views: 3939

Re: Problems with IMAP4 crashing randomly

Should also point out that Thunderbird will definitely work with HMS IMAP. Even if you only use it for the testing required here, it is probably going to be a more complete test if you use a full blown client rather than just testing port connectivity via telnet.
by brashquido
2013-08-27 05:00
Forum: General discussions
Topic: Problems with IMAP4 crashing randomly
Replies: 9
Views: 3939

Re: Problems with IMAP4 crashing randomly

Hi Niccolò, As Doom said, if your server is not accepting connections on the IMAP port there are larger issues at play. Implementing a script to restart HMS may actually exacerbate the issue of HMS not being available, especially when IMAP is concerned. Is it possible that you have IMAP configured t...
by brashquido
2013-08-27 04:47
Forum: General discussions
Topic: Server crashed but no error log entry
Replies: 4
Views: 2033

Re: Server crashed but no error log entry

I don't think it is clear from those log snippets what might be causing the issue. On the protocol side I can only see SMTP related entries in the log you provided. Care to give us a little more info on your environment? This such as; - Physical Memory & usage (perfmon, task manager, etc) - Disk typ...
by brashquido
2013-08-23 02:30
Forum: General discussions
Topic: hMailServer under attack
Replies: 8
Views: 3571

Re: hMailServer under attack

True. It is not going to stop the attempts. Nothing will. Spam is like tax and politicians unfortunately, here to stay. Having been an open relay, you may even see an escalated level of "probing" for some weeks. My advise is to make sure you have greylisting enabled. My tests have shown this alone w...
by brashquido
2013-08-23 02:13
Forum: General discussions
Topic: Problems with IMAP4 crashing randomly
Replies: 9
Views: 3939

Re: Problems with IMAP4 crashing randomly

Hi Niccolò, Are you saying that restarting HMS resolves the problem of being able to log into RoundCube? It would be quite simple to create a script running at regular intervals that monitors TCP port 143 for IMAP and if not present restarts the HMS service, however point is you should not have to. ...
by brashquido
2013-08-23 01:44
Forum: General discussions
Topic: hMailServer under attack
Replies: 8
Views: 3571

Re: hMailServer under attack

You should never ever ever need to allow your application to be an open relay in order to get it to work. If you do, get another application. Just to reiterate, never let your Internet facing SMTP server be an open relay. Ever. You can test if your server is open relay as per this doco . By default ...
by brashquido
2013-08-22 03:44
Forum: General discussions
Topic: hMail service crashing
Replies: 20
Views: 6467

Re: hMail service crashing

Good news Meaghan, I think additional memory (I'm assuming you'd be going to at least 16GB?) will go a long way to stabilising your server. There are several front end spam filters, all of which should work with HMS (or any standards compliant SMTP server). It has be around 3 years since I last admi...
by brashquido
2013-08-20 08:15
Forum: Scripting
Topic: Adding EML filename as header and preserving during forward?
Replies: 2
Views: 1767

Re: Adding EML filename as header and preserving during forw

Yep, split looks like a good match. Cheers for the link!
by brashquido
2013-08-20 08:08
Forum: General discussions
Topic: MySQL on hMailServer
Replies: 9
Views: 2699

Re: MySQL on hMailServer

And if not, here is an example to add additional data to the database as deliveries occur http://www.hmailserver.com/forum/viewtopic.php?f=20&t=13890 Awesome. Not sure why I had never found that thread. This is going to make it significantly easier to work something up to help trace the path of pen...
by brashquido
2013-08-20 08:03
Forum: General discussions
Topic: hMail service crashing
Replies: 20
Views: 6467

Re: hMail service crashing

Spoken like a true tech, Dominic. :mrgreen: The manager in me says, disk space is cheap, keeping old emails is important and not keeping them may have adverse business effects sometime into the future. I reckon that I personally have more than 30 Gb of old mail. Indeed Matt, though I'd say having a...
by brashquido
2013-08-20 06:34
Forum: General discussions
Topic: Clients losing server due to Idle time out
Replies: 4
Views: 2140

Re: Clients losing server due to Idle time out

The fact the restarting Outlook resolves the issue would have me agreeing with you that it is an Outlook oddity. Do you have any AV software installed on this workstation? Perhaps try disabling it for a period to see if that does anything.
by brashquido
2013-08-20 04:17
Forum: General discussions
Topic: hMail service crashing
Replies: 20
Views: 6467

Re: hMail service crashing

For logging I generally enable everything apart from POP3 & IMAP. That way when the day comes you have issues with spam penetration (it will happen one day if you are Internet connected) you have all the logging available to do trace work. That CPU will be sufficient for a good while for a dedicated...
by brashquido
2013-08-19 08:39
Forum: General discussions
Topic: Paid Support team
Replies: 11
Views: 5799

Re: Paid Support team

If at first you don't succeed, bomb disposal probably isn't for you! ヅ
I'd never noticed your sig before Doom. Not bad :) ...
by brashquido
2013-08-19 07:34
Forum: General discussions
Topic: hMail service crashing
Replies: 20
Views: 6467

Re: hMail service crashing

As Doom said, IMAP has great potential to be memory intensive. I wouldn't necessarily be stopping at just increasing the virtual memory as heavy paging to disk will result in extremely poor server performance. A few questions to ask yourself. 1) Currently 150 user accounts, how much growth (if any) ...
by brashquido
2013-08-19 04:51
Forum: SpamAssassin implementation discussions
Topic: SpamAssassin not triggered (???)
Replies: 1
Views: 963

Re: SpamAssassin not triggered (???)

I take it that spamd.exe is running as a process under what ever user you configured the service to run as? Separate from HMS, SA will have it's own spam threshold level. Is it possible that this is not low enough? Also, be aware that HMS only reads in integer scores. As in if SA gives a score of 4....
by brashquido
2013-08-16 07:29
Forum: General discussions
Topic: Email go to spam despite SPF DKIM & DMARC
Replies: 2
Views: 3988

Re: Email go to spam despite SPF DKIM & DMARC

Good luck with this :( . I had a very similar battle with Hotmail junking my mail a few years back. Tried everything including creation of SPF & SenderID records. I eventually gave up and found that after a time my messages to hotmail accounts started automagicallly appearing in the Inbox rather tha...
by brashquido
2013-08-16 05:45
Forum: General discussions
Topic: hMail service crashing
Replies: 20
Views: 6467

Re: hMail service crashing

"ERROR" 3212 "2013-08-15 11:20:07.655" "Severity: 2 (High), Code: HM5313, Source: CriticalSection::Enter, Description: EnterCriticalSection gave an exception. Out of memory? " How much memory does this server have and what is the peak memory utilisation (may need to set a perfmon counter)? What is ...
by brashquido
2013-08-12 16:03
Forum: Scripting
Topic: Adding EML filename as header and preserving during forward?
Replies: 2
Views: 1767

Adding EML filename as header and preserving during forward?

To aid my spam detection abilities I want to add a the final EML file name as a header to every message that comes in. I've had a look at this example and the second function is exactly what I am looking for. Just wondering what the best way would be to remove the file path from this so that only th...
by brashquido
2013-08-12 03:24
Forum: General discussions
Topic: Increasing timeout for fetching mails from external servers
Replies: 2
Views: 1793

Re: Increasing timeout for fetching mails from external serv

If the connection is being terminated by the remote host, extending the local timeout values are not going to help at all. What is the server bandwidth and how many concurrent sessions are you dealing with. I'd be looking at your spam proxy to see if any fine tuning can be done there if you haven't ...
by brashquido
2013-08-12 03:14
Forum: Feature requests
Topic: Enhanced logging for spam detection
Replies: 5
Views: 4561

Re: Enhanced logging for spam detection

Thanks Bill, Guess it is also one of those things you don't even realise is a bit messy until you go looking for it. I've been using HMS for something like 7 years and have never had real need to dig deep into the log files like this until this year. Perhaps for the purpose of spam penetration analy...
by brashquido
2013-08-09 04:26
Forum: General discussions
Topic: Integrating Hmail Server with IIS 7
Replies: 4
Views: 2423

Re: Integrating Hmail Server with IIS 7

I found Squirelmail to be a little dated looking, however it is well supported and quite powerful. I ended up going with RoundCube which has a really nice interface and the guys at MyRoundCube (commercial) have some really neat hmail plugins for RoundCube. Specifically the hmail spam plugin which al...
by brashquido
2013-08-09 03:32
Forum: Feature requests
Topic: Enhanced logging for spam detection
Replies: 5
Views: 4561

Re: Enhanced logging for spam detection

Thanks Bill, Ah yes, you'd be talking about this post of yours I take it? I certainly would think it was trivial to keep a single session ID between all of the different components. Considering the implementation complications and the existing to-do list, do you think this is an enhancement that is ...
by brashquido
2013-08-09 01:20
Forum: Feature requests
Topic: Negative Spam Score [90%]
Replies: 18
Views: 13652

Re: Negative Spam Score

No problem, just thought I'd ask :) .
by brashquido
2013-08-08 09:35
Forum: Feature requests
Topic: Enhanced logging for spam detection
Replies: 5
Views: 4561

Enhanced logging for spam detection

Currently to track the entire transaction of an incoming email from the initial SMTP connection through to the delivery to the targeted mailbox requires Application, SMTP, Debug & TCP/IP logging to be enable. On a busy server with many concurrent sessions this results in an enormously fragmented log...
by brashquido
2013-08-08 09:05
Forum: Feature requests
Topic: Negative Spam Score [90%]
Replies: 18
Views: 13652

Re: Negative Spam Score

Any progress on this one at all?
by brashquido
2013-08-08 07:38
Forum: General discussions
Topic: Spam: penetration dissection and pattern detection defense?
Replies: 3
Views: 1644

Re: Spam: penetration dissection and pattern detection defen

Cheers Matt, I should've pointed out I've tried Doom's online log analyser which does break it down into session which is very handy, however as the session ID is not logged against DEBUG or TCPIP entries this method is not enough to trace an email all the way through. I've manually trawled through ...
by brashquido
2013-08-08 03:46
Forum: General discussions
Topic: Server crashed but no error log entry
Replies: 4
Views: 2033

Re: Server crashed but no error log entry

There are multiple references in there to failed I/O. Have your checked your physical disk health?
by brashquido
2013-08-08 02:24
Forum: SpamAssassin implementation discussions
Topic: Spam not deleted
Replies: 2
Views: 1557

Re: Spam not deleted

Hi Mel, There are two user definable spam score values in hMail. Mark and delete. If the mark threshold is exceeded but is less than the delete threshold, then the mail will be marked as spam either via header(s) or subject line. Mail above the delete threshold will be deleted before it gets to any ...
by brashquido
2013-08-07 17:51
Forum: General discussions
Topic: Spam: penetration dissection and pattern detection defense?
Replies: 3
Views: 1644

Spam: penetration dissection and pattern detection defense?

Hi All, Have been getting a bit of spam penetration recently and had a few questions; 1) So I am able to see everything from the initial SMTP connection through to the message delivery to the intended mailbox (if it makes it that far) I have SMTP, Application, TCP/IP and Debug logging enabled. This ...
by brashquido
2012-05-21 15:01
Forum: General discussions
Topic: RFC: Getting stats from hMailServer Greylisting
Replies: 4
Views: 3301

Re: RFC: Getting stats from hMailServer Greylisting

Thanks Matt :) . I take it you didn't have any issues with the SQL in your own environment?
by brashquido
2012-05-18 08:20
Forum: General discussions
Topic: RFC: Getting stats from hMailServer Greylisting
Replies: 4
Views: 3301

RFC: Getting stats from hMailServer Greylisting

Hi All, Have just finished writing up a bit of a how-to on getting some stats out of the hMailServer Greylisting Triplets table using some SQL queries in phpMyAdmin. Nothing flash, but hopefully should be useful to some as the Greylisting stats are not readily/easily exposed in hMailServer using the...
by brashquido
2011-10-22 11:01
Forum: General discussions
Topic: Greylisting, auto-ban & other questions...
Replies: 12
Views: 2643

Re: Greylisting, auto-ban & other questions...

Thanks Doom. Let me know if you need the full headers or anything from the message.

Cheers
by brashquido
2011-10-21 14:46
Forum: General discussions
Topic: Greylisting, auto-ban & other questions...
Replies: 12
Views: 2643

Re: Greylisting, auto-ban & other questions...

No scripts, but I do have two fairly simple global rules running. Rule 1: If Recipient list contains hotmail then Reply with mail delivery warning (I used to have intermittent issues with mail delivery to Hotmail) Rule 2: If X-hMailServer-Spam = yes and Subject contains [SPAM] then Forward email to ...
by brashquido
2011-10-21 07:21
Forum: General discussions
Topic: Greylisting, auto-ban & other questions...
Replies: 12
Views: 2643

Re: Greylisting, auto-ban & other questions...

Sorry, my bad. Remove other from that sentence. 2 recipients, 3 in CC. 1 x reciepient and 2 x CC destined for my email server.
by brashquido
2011-10-20 12:34
Forum: General discussions
Topic: Greylisting, auto-ban & other questions...
Replies: 12
Views: 2643

Re: Greylisting, auto-ban & other questions...

Hi Doom,

I'm using version 5.3.3-B1879. Yes there are 2 other recipients and 3 in the CC line in the email. 1 of the recipients and all those in the CC field are destined for a domain hosted on my server.
by brashquido
2011-10-20 02:06
Forum: General discussions
Topic: Greylisting, auto-ban & other questions...
Replies: 12
Views: 2643

Re: Greylisting, auto-ban & other questions...

Hey Matt, Thanks for clearing up those questions for me. Good suggestion about the whitelist, however there is something about willingly giving the green light to bypass SPAM protection that makes me come out in cold sweats :) . I can't really see any other way though. Just to verify, whitelisting o...
by brashquido
2011-10-19 15:35
Forum: General discussions
Topic: Greylisting, auto-ban & other questions...
Replies: 12
Views: 2643

Greylisting, auto-ban & other questions...

Hi All, I've a few queries I'm hoping someone can help me with. 1. I have several users who need to receive email from a domain that uses an outsourced SMTP service which uses multiple hosts across at least 3 class C networks (that I know of). It also appears that on being issued a 451 status code b...
by brashquido
2010-09-16 09:10
Forum: Feature requests
Topic: Options to combat Greylisting false positives
Replies: 10
Views: 6615

Options to combat Greylisting false positives

The greylisting functionality in hMail matches a specific IP to a specific email address which is a problem because email from larger environments often can originate from any number of different IP addresses. This results in email that has already been through the greylisting process to be greylist...
by brashquido
2010-05-05 12:21
Forum: General discussions
Topic: Hmail in NLB Cluster Environment?
Replies: 3
Views: 1198

Re: Hmail in NLB Cluster Environment?

Cool 8) ! Any idea on the specifics of what is stored in local caches? I usually run with the performance cache turned off anyway, but I guess your talking about something else.
by brashquido
2010-05-04 06:13
Forum: General discussions
Topic: Mail Enable Migration?
Replies: 1
Views: 949

Mail Enable Migration?

Just wondering if anyone knew of any reliable way of migrating a Mail Enable environment to HMS?
by brashquido
2010-05-04 06:12
Forum: General discussions
Topic: Hmail in NLB Cluster Environment?
Replies: 3
Views: 1198

Hmail in NLB Cluster Environment?

Hi All, Just wondering if it would be possible to use HMS in a Windows NLB cluster environment? It wouldn't be too hard to ensure all data is located in a central location (UNC or DFS for file storage and central MySQL server). Just wondering if one HMS instance would have any issues with writing to...
by brashquido
2010-04-22 13:04
Forum: General discussions
Topic: Putting a number on Greylisting?
Replies: 12
Views: 3372

Re: Putting a number on Greylisting?

Nice! Hadn't even considered greylistings effectiveness for protecting against mass spam attacks. Can't get any more efficient than replying with a single 451 command to try again later, which obviously in you case Doom was enough. Imagine the server load if those emails had to hit the all the spam ...
by brashquido
2010-04-22 03:45
Forum: Feature requests
Topic: Negative Spam Score [90%]
Replies: 18
Views: 13652

Re: Negative Spam Score

I agree with ras07. Negative scoring would be awesome for fighting spam on a geographical basis. If you were to do an analysis of you log, I'm sure you (as I did) would find that the vast majority of your spam is coming from perhaps only a dozen or so countries.