Search found 145 matches

by estradis
2019-07-25 17:30
Forum: Scripting
Topic: change from write oldfrom to subject
Replies: 3
Views: 314

Re: change from write oldfrom to subject

Please keep in mind that subject changes will break DKIM.
by estradis
2019-07-25 17:26
Forum: General discussions
Topic: Potential Security Threat - Unique Names in IP Ranges
Replies: 6
Views: 483

Re: Potential Security Threat - Unique Names in IP Ranges

Am I just fantasizing? :) Or this could possibly happen? No, this doesn't happen! Let's assume that there is an intrusion attempt to the specific account john.doe@example.com. This is, how HMS handles it: 1st entry: "Auto-ban: john.doe@example.com" 2nd entry: "Auto-ban: john.doe@example.com (1)" 3r...
by estradis
2019-07-03 09:55
Forum: General discussions
Topic: SPAM - SCAM - PSHING - HMAIL SERVER !!!NEED HELP!
Replies: 37
Views: 2454

Re: SPAM - SCAM - PSHING - HMAIL SERVER !!!NEED HELP!

3224 banned addresses and hms still works fine so far.
by estradis
2019-07-03 09:51
Forum: General discussions
Topic: Massive Attack from Brazil
Replies: 24
Views: 1409

Re: Massive Attack from Brazil

This website says that that set of IP addresses is from the Seychelles, not from Brazil https://gwhois.org/185.222.211.0+dns A long, long way from Brazil (Seychelles is a island group in the Indian Ocean, closest continent is Africa) You' re damn right. Probably I had another IP address open and ju...
by estradis
2019-06-28 14:55
Forum: General discussions
Topic: Massive Attack from Brazil
Replies: 24
Views: 1409

Re: Massive Attack from Brazil

After a more detailed examination of all our log files, we discoverd that there was a secondary attack on our company that occurred within the network address 185.222.211.0/24 , which also is located in Brazil. The secondary attack was not limited to hms. All protocols (smtp, imap, https) were teste...
by estradis
2019-06-28 14:35
Forum: General discussions
Topic: SPAM - SCAM - PSHING - HMAIL SERVER !!!NEED HELP!
Replies: 37
Views: 2454

Re: SPAM - SCAM - PSHING - HMAIL SERVER !!!NEED HELP!

Due to https://www.hmailserver.com/forum/viewtopic.php?p=212910 we have currently 3085 addresses directly blocked in hms. We usually ban it for two weeks, but we have decided to extend the ban directly on the firewall cluster to one year for all of Brazil. By the way, hms has no problem at all with ...
by estradis
2019-06-25 15:34
Forum: General discussions
Topic: SPAM - SCAM - PSHING - HMAIL SERVER !!!NEED HELP!
Replies: 37
Views: 2454

Re: SPAM - SCAM - PSHING - HMAIL SERVER !!!NEED HELP!

RyuzDev wrote:
2019-06-25 13:39
mattg wrote:
2019-06-19 01:28
RyuzDev wrote:
2019-06-18 23:22
if I know my interest in all this is how to avoid it
Have you made the changes we suggested?

If so run the diagnostics again, and post the NEW results
Hey


Any way to avoid this?

http://prnt.sc/o6edc2
What's wrong with it?
by estradis
2019-06-24 14:34
Forum: General discussions
Topic: Massive Attack from Brazil
Replies: 24
Views: 1409

Re: Massive Attack from Brazil

palinka wrote:
2019-06-24 13:51
estradis wrote:
2019-06-24 13:43

We have enough data collected and are ending this by banning all addresses from Brazil until further notice.
By the way, out of curiosity, by what method do you block addresses by country?
GeoIP, directly on the firewall cluster. (It's a payed service.)
by estradis
2019-06-24 13:43
Forum: General discussions
Topic: Massive Attack from Brazil
Replies: 24
Views: 1409

Re: Massive Attack from Brazil

From midnight until now there have been almost 700 incidents for certain users and they don't only affect port 25. We now classify this as a "real" attack on our users. We have enough data collected and are ending this by banning all addresses from Brazil until further notice. Any of those IPs on th...
by estradis
2019-06-24 11:51
Forum: General discussions
Topic: Massive Attack from Brazil
Replies: 24
Views: 1409

Re: Massive Attack from Brazil

We are still analyzing the ongoing attack. As soon as we have valueable results, I'll let you know. At the moment it looks like only port 25 is affected.
by estradis
2019-06-24 10:30
Forum: General discussions
Topic: Massive Attack from Brazil
Replies: 24
Views: 1409

Massive Attack from Brazil

Since a few days we observe an increase of unsuccessful login attempts to certain user mailboxes as well as DDOS attacks and increased flooding with spam. So far, all connections have originated in Brazil. Meanwhile the rate is about 20 logon attempts and about 300 spam delivery attempts per minute....
by estradis
2019-06-18 16:30
Forum: General discussions
Topic: SPAM - SCAM - PSHING - HMAIL SERVER !!!NEED HELP!
Replies: 37
Views: 2454

Re: SPAM - SCAM - PSHING - HMAIL SERVER !!!NEED HELP!

During a recent password audit, it was found that a blonde was using the following password: "MickeyMinniePlutoHueyLouieDeweyDonaldGoofySacramento". When asked why she had such a long password, she said she was told that it had to be at least 8 characters long and include at least one capital. Oh t...
by estradis
2019-06-18 15:36
Forum: User-submitted tutorials
Topic: DNSBL Configuration - How not to get trapped in query timeouts
Replies: 0
Views: 327

DNSBL Configuration - How not to get trapped in query timeouts

We have been using our own DNS-Servers very successfully for a long time to learn IP reputation. In the meantime, the list of entries has grown very large and DNS has become more and more conspicuous by its sometimes extremely high resource load. Our DNSBL is configured as a wildcard zone. Unregiste...
by estradis
2019-06-12 10:04
Forum: Scripting
Topic: Saving oMessage in OnAcceptMessage to Get MessageID
Replies: 10
Views: 763

Re: Saving oMessage in OnAcceptMessage to Get MessageID

Thank you for sharing the link. :D
(Just a mind: Maybe you want to add the link to your personal signature as well?)
by estradis
2019-06-11 10:30
Forum: Scripting
Topic: Saving oMessage in OnAcceptMessage to Get MessageID
Replies: 10
Views: 763

Re: Saving oMessage in OnAcceptMessage to Get MessageID

I do not remember seing the file changing it's name in the process however. I searched several times for the filenames from the trace log, but I could never find the files. The file name will be changed definitively! :roll: I used: EventLog.Write(oMessage.FileName) as the first line in every trigge...
by estradis
2019-06-07 15:38
Forum: Scripting
Topic: Saving oMessage in OnAcceptMessage to Get MessageID
Replies: 10
Views: 763

Re: Saving oMessage in OnAcceptMessage to Get MessageID

Yes I know ... From a later topic... It think it is a matter of semantic, when the "file is written" I believe it is filed under the specific account on disk, but I have not verified this yet.. https://www.hmailserver.com/forum/viewtopic.php?p=212078#p212078 I do not remember seing the file changin...
by estradis
2019-06-07 14:30
Forum: Scripting
Topic: Saving oMessage in OnAcceptMessage to Get MessageID
Replies: 10
Views: 763

Re: Saving oMessage in OnAcceptMessage to Get MessageID

... Message is still in memory about to be written to a file on disk. ... Sorry SorenR, but I don't agree! When the event OnAcceptMessage is fired, the file already exists in Data Directory. This fact is an essential part of our Eventhandler.vbs as we pass the event handling to another (high perfor...
by estradis
2019-06-07 14:00
Forum: Scripting
Topic: How To Tag External Email??
Replies: 5
Views: 484

Re: How To Tag External Email??

Please keep in mind, that subject tagging will break DKIM. :!:
by estradis
2019-06-06 09:55
Forum: Development & alpha discussions
Topic: Sub OnHELO(oClient) progress?
Replies: 197
Views: 39930

Re: Sub OnHELO(oClient) progress?

Install the latest production and/or beta version from the URL below, then copy and overwrite files in this archive in hmailserver '/bin' directory https://build.hmailserver.com/repository/download/HMailServer_BuildHMailServer56/740:id/hMailServer-5.6.8-B2437.exe Please check your certificate. It's...
by estradis
2019-05-13 20:03
Forum: Development & alpha discussions
Topic: Sub OnHELO(oClient) progress?
Replies: 197
Views: 39930

Re: Sub OnHELO(oClient) progress?

estradis wrote:
2019-04-26 09:34
... the executive board will probably decide to replace hms.
... and they did!

https://www.hmailserver.com/forum/viewt ... =7&t=33995
by estradis
2019-05-13 20:02
Forum: General discussions
Topic: Time to say good bye ...
Replies: 24
Views: 2156

Time to say good bye ...

... the executive board will probably decide to replace hms. (https://www.hmailserver.com/forum/viewtopic.php?t=30193&view=unread#p211279) We had some long discussions, but finally a decision was made. We're going to migrate from hms to another system! It was good as long as it lasted, but now it's...
by estradis
2019-05-02 10:22
Forum: Development & alpha discussions
Topic: Sub OnHELO(oClient) progress?
Replies: 197
Views: 39930

Re: Sub OnHELO(oClient) progress?

Are you using the 20 second delay? That would certainly account for most of the "The write operation failed"... I am a bit worried about this though... "The write operation failed. Bytes transferred: 0 Remote IP: 127.0.0.1, Session: 569, Code: 10054, Message: An existing connection was forcibly clo...
by estradis
2019-04-26 09:34
Forum: Development & alpha discussions
Topic: Sub OnHELO(oClient) progress?
Replies: 197
Views: 39930

Re: Sub OnHELO(oClient) progress?

... Anyone heard from martin? ... Martin's input has been limited since about 2012. For a couple of years we didn't hear anything ... Then Martin came back for a few months ... seem to disappear again. Martin has really only done security related updates since 5.5 was released, with some fairly sig...
by estradis
2019-04-26 01:07
Forum: Scripting
Topic: VBScript formatting date/time
Replies: 4
Views: 544

Re: VBScript formatting date/time

--snip-- Like this ? --snip-- :mrgreen: :| OOPS, missunderstood! What I ment was, that the array is created only once and then reused in multiple functions with different formattings. As the string will be built from the parts only by concatenating, the performance increased. But yes, you're right....
by estradis
2019-04-25 10:22
Forum: Scripting
Topic: VBScript formatting date/time
Replies: 4
Views: 544

Re: VBScript formatting date/time

Our idea was to create a converted array from a datetime value and prepare the results in a way we need it in the scripts. Once the array was created, it is easy to build the necessary strings. Function GetTimeArray(ts, iDecimals) Dim a(6), n, iSeconds, iMilliseconds If iDecimals < 0 Then iDecimals ...
by estradis
2019-04-25 09:58
Forum: General discussions
Topic: Server is being attacked
Replies: 10
Views: 1365

Re: Server is being attacked

I'm curious what that looks like? The reason why I ask, is because I have just completed a complete and working implementation of a central MYSQL based banning and auto-whitelisting system that I call from Hmail. Without a doubt, your idea is great and maybe we can adapt it in our company as well. ...
by estradis
2019-04-24 23:46
Forum: General discussions
Topic: Server is being attacked
Replies: 10
Views: 1365

Re: Server is being attacked

I get 2300 banned IP's a day on my servers ;) Just as we had in the beginning either, but we had to realize relatively quickly that the negative effects were too great. That's why we've implemented an external audit process that takes corrective action. If certain criteria are met, banned addresses...
by estradis
2019-04-24 15:10
Forum: General discussions
Topic: Blackmail Scam
Replies: 21
Views: 3910

Re: Blackmail Scam

Since this year has started, we have received almost 600 such mails. :roll:

I'm really afraid of him because he managed to hack all my alias addresses. He just has to be the best hacker in the world, if not in the universe.
:lol: :lol: :lol:
by estradis
2019-04-24 14:39
Forum: Feature requests
Topic: SMTP server should copy sent e-mails to IMAP sent folders
Replies: 12
Views: 13312

Re: SMTP server should copy sent e-mails to IMAP sent folders

Hey guys, This would be a very bad idea due to a lot of reaons: SMTP is a delivery protocoll. It has nothing to do with postboxes. Sorting mails in postboxes is always the muas job. Sorting mails is always an users choice. It might be conflicting with user defined configuration in the mua. (In best ...
by estradis
2019-04-24 14:10
Forum: Scripting
Topic: Script for backing up a single account?
Replies: 0
Views: 446

Script for backing up a single account?

Is there a script that can be used to back up a single mailbox? (Mails, Settings, Rules, DB?, etc.)

Use case is that an employee has left our company and his account should now be archived (only his account!)
by estradis
2019-04-24 14:05
Forum: Scripting
Topic: VBScript Timed MsgBox (PopUp info)
Replies: 1
Views: 475

Re: VBScript Timed MsgBox (PopUp info)

SorenR wrote:
2019-04-08 16:01
Came across this today ...
Nice! Didn't know that feature. Thank you for sharing! :D
by estradis
2019-04-24 13:59
Forum: Development & alpha discussions
Topic: Sub OnHELO(oClient) progress?
Replies: 197
Views: 39930

Re: Sub OnHELO(oClient) progress?

What are the arguments against including the function into the standard releases? Sub OnHELO has been around for some time now and even this thread has been active since 2006. Wouldn't it be time to start a pull request and make the changes official? Same question for Sub OnClientLogon, which I've s...
by estradis
2019-04-24 13:49
Forum: General discussions
Topic: Server is being attacked
Replies: 10
Views: 1365

Re: Server is being attacked

I would normally but this server isn't running an SSL. And let me add that SSL will NOT stop these hacking attempts I can definitely confirm that! As part of our defense strategy, we reduced the number of allowed errors to 1, so each failed login starts our extended autoban procedure. At first I wa...
by estradis
2018-12-11 14:09
Forum: General discussions
Topic: Force SA on local delivery
Replies: 3
Views: 520

Re: Force SA on local delivery

It works! Thank you! Now we can start to spam each other ... :twisted: (in our testlab of course) Explanation: We receive a lot of spam, which overlaps thematically with our business. Therefore, we can use some SA rules only for detection purposes, but we had to lower their scores so much that they ...
by estradis
2018-12-11 13:42
Forum: General discussions
Topic: Force SA on local delivery
Replies: 3
Views: 520

Re: Force SA on local delivery

don't authenticate If you authenticate it won't send to SpamAssassin Uh, didn't expect this. Good to know! of course that opens you up to spammers abusing your system too, so be careful But why do you want to do this? Your spamassassin scores are different to mine, so a pass for your mail, may not ...
by estradis
2018-12-11 13:15
Forum: General discussions
Topic: Force SA on local delivery
Replies: 3
Views: 520

Force SA on local delivery

For testing purposes, I want hms to forward any mail to SA, even if only in local delivery.
(Example: john.doe@example.com => jane.doe@example.com, etc.)

Although I have set antispam checking for each IP range, hms does not initiate SA checking for local delivery. Is there a way to force this?
by estradis
2018-08-30 09:12
Forum: General discussions
Topic: All working fine, execpt *one* public folder
Replies: 4
Views: 718

Re: All working fine, execpt *one* public folder

Yes, I suspected it would be an email. Probably one of extra large dimensions. I totally agree! It turned out that the smallest email is at least 1MB in size, the largest just under 4MB. I will therefore transfer my investigaion to the sending central management system. And thanks again! Your littl...
by estradis
2018-08-28 10:25
Forum: General discussions
Topic: All working fine, execpt *one* public folder
Replies: 4
Views: 718

Re: All working fine, execpt *one* public folder

I created a temporary folder within a mailbox and copied the emails into it. Then I created another folder and copied only emails of the same category into it until I found the cause. It turned out that certain report emails are responsible for the delay, but I still have to find the exact error. HM...
by estradis
2018-08-27 10:30
Forum: General discussions
Topic: All working fine, execpt *one* public folder
Replies: 4
Views: 718

All working fine, execpt *one* public folder

HMS runs very well, but there is exactly * one * public folder with a load time between 10-20 seconds, although less than 100 mails are contained in this folder. In the log files I only see that HMS works correctly, but no references to loading times. The configuration of the folder is as follows: -...
by estradis
2018-07-27 14:54
Forum: Development & alpha discussions
Topic: hMailServer web-interface redesign
Replies: 162
Views: 45150

Re: hMailServer web-interface redesign

Hi,

I think you forgot the APIPA range. Maybe you want to add to these two lines behind line 98 in hm_securityrange.php:

Code: Select all

	$regex = '/^(169\.254\.)/';
	if (preg_match($regex, $ip)) return $obLanguage->String('APIPA');
Greetings
by estradis
2018-03-21 22:13
Forum: General discussions
Topic: Is there a way to force hms headers?
Replies: 11
Views: 1509

Re: Is there a way to force hms headers?

Well explained!

It was exactly the order what was confusing me. Your answer helps me to understand.
Thank you.
by estradis
2018-03-21 21:07
Forum: General discussions
Topic: Is there a way to force hms headers?
Replies: 11
Views: 1509

Re: Is there a way to force hms headers?

Meanwhile I've been testing a lot, but the results are a little bit confusing. :? Somtimes I got these headers: X-hMailServer-Reason-1: The host name specified in HELO does not match IP address. - (Score: 3) X-hMailServer-Reason-2: Tagged as Spam by SpamAssassin - (Score: 25) Sometimes I got these h...
by estradis
2018-03-16 10:03
Forum: General discussions
Topic: Is there a way to force hms headers?
Replies: 11
Views: 1509

Re: Is there a way to force hms headers?

Thank you all for your replies. After reading all your comments the "short" answer seems to "No". The longer answer seems to be "By compiling an own branch", one of the things I'd like to avoid. I'm going to try to setup spamassassin to analyze result headers. I know, SA can handle SPF, but I have ...
by estradis
2018-03-12 11:20
Forum: General discussions
Topic: Is there a way to force hms headers?
Replies: 11
Views: 1509

Re: Is there a way to force hms headers?

Thank you all for your replies. After reading all your comments the "short" answer seems to "No". The longer answer seems to be "By compiling an own branch", one of the things I'd like to avoid. I'm going to try to setup spamassassin to analyze result headers. I know, SA can handle SPF, but I have n...
by estradis
2018-03-11 09:49
Forum: General discussions
Topic: Is there a way to force hms headers?
Replies: 11
Views: 1509

Is there a way to force hms headers?

hms is able to do own tests, including mx, dns and spf lookup. If there is a mismatch, hms will add headers like "hMailserver-Reason-...". Is there a way to force these headers, even if there is no fail? My intention is to get headers, whether mx, dns and especially spf are ok or not. I want to use ...
by estradis
2017-12-13 13:03
Forum: Scripting
Topic: winmail.dat convert generate error
Replies: 7
Views: 1785

Re: winmail.dat convert generate error

I think this script orginal is for Hmailser 4.. Perhaps i need to use other functions? I Still get: "ERROR" 2652 "2017-12-13 11:21:36.457" "Script Error: Source: hMailServer COM library - Error: 800403E9 - Description: Failed to attach file. - Line: 119 Column: 8 - Code: (null)" Line 119 is: oMessa...
by estradis
2017-12-13 12:03
Forum: Scripting
Topic: winmail.dat convert generate error
Replies: 7
Views: 1785

Re: winmail.dat convert generate error

Hi! I try to use a script I found in the forum to convert winmail.dat files. The files are saved to disk but when trying to load the files back into the mail, I get an error message. Can anyone see why? "ERROR" 3032 "2017-12-12 00:04:04.425" "Script Error: Source: hMailServer COM library - Error: 8...
by estradis
2017-12-13 11:46
Forum: Feature requests
Topic: Changing Account name - Progress Indicator ?
Replies: 12
Views: 3094

Re: Changing Account name - Progress Indicator ?

emmageneris wrote:I may have to change my domain in near future. Thanks estradis for the solution. I think this will work.
I've never tried to change the whole domain. Please let us know the results.
by estradis
2017-12-13 11:43
Forum: Feature requests
Topic: Global overview of feature requests
Replies: 2
Views: 1167

Re: Global overview of feature requests

Feature requests is a start only We have a couple of people here at the moment that make their own builds with the things that they want to see included. The project being on Github is also great. >> https://github.com/hmailserver/hmailserver I really wish, I would have the time and knowledge to do...
by estradis
2017-12-10 12:45
Forum: Feature requests
Topic: Global overview of feature requests
Replies: 2
Views: 1167

Global overview of feature requests

Meanwhile there are a lot of opened feature requests, but most of them seems to be zombies.
What I'm missing is a global overview or an roadmap. Is there any?

It's not only to stay informed, it might be helpful to prevent duplicates, too.
by estradis
2017-12-01 13:03
Forum: Feature requests
Topic: Changing Account name - Progress Indicator ?
Replies: 12
Views: 3094

Re: Changing Account name - Progress Indicator ?

mattg wrote:Other than the time taken, I don't remember an issue going back to early ver 4 of hMailserver...anyway all good. It certainly works now - you just need to wait (and wait)
Ah, thank you for the information.
Anyways, is there a reason, the content will be copied instead of renaming the folder?
by estradis
2017-12-01 12:59
Forum: Scripting
Topic: Limit Authentication to IP Whitelist?
Replies: 9
Views: 2129

Re: Limit Authentication to IP Whitelist?

My apologies! I've forgotten to mention that the dns zone for reputation is configured as a wildcard zone and will respond to all "unknown" queries with 0.0.0.0 for performance reasons (Always return a result, never run into timeouts!) This was the initial configuration of the zone file before the s...
by estradis
2017-11-30 12:23
Forum: Scripting
Topic: Limit Authentication to IP Whitelist?
Replies: 9
Views: 2129

Re: Limit Authentication to IP Whitelist?

Can you please give more details about how you created your own DNS BL For identifying and categorizing we use public DNS/BL (like spamhaus.org, etc.) as well as the results from spamassassin tests. To reduce the traffic and query time, we feed our own locally installed dns server with our own resu...
by estradis
2017-11-30 11:54
Forum: Feature requests
Topic: Changing Account name - Progress Indicator ?
Replies: 12
Views: 3094

Re: Changing Account name - Progress Indicator ?

I already did it multiple times and found only one pitfall. You need to stop hms and rename the database entry as well as the user directory manually before starting hms again. Here is how it works: 1. stop hMailserver service 2. rename folder in data directory 3. rename the account in database 4. ...
by estradis
2017-11-29 15:36
Forum: Scripting
Topic: Limit Authentication to IP Whitelist?
Replies: 9
Views: 2129

Re: Limit Authentication to IP Whitelist?

Maybe you can use your own DNS/BL eighter. For example reply 127.0.0.1 for internal networks and 127.0.0.6 for botnets. Then you define the results in Settings>Antispam>DNS blacklists and eh voilà your goal is achived. They will never reach to OnSMTPData when thrown out by DNS/BL. But to be honest, ...
by estradis
2017-11-29 15:20
Forum: Feature requests
Topic: Changing Account name - Progress Indicator ?
Replies: 12
Views: 3094

Re: Changing Account name - Progress Indicator ?

I already did it multiple times and found only one pitfall. You need to stop hms and rename the database entry as well as the user directory manually before starting hms again. Here is how it works: 1. stop hMailserver service 2. rename folder in data directory 3. rename the account in database 4. s...
by estradis
2017-08-18 15:12
Forum: General discussions
Topic: MySQL: Duplicate entry ... 'idx_hm_imapfolders_unique'
Replies: 4
Views: 652

Re: MySQL: Duplicate entry ... 'idx_hm_imapfolders_unique'

Use some database tool (Workbench will do) and remove the duplicate entry, then restart the hMailserver SERVICE Maybe I'm blind, but which one is the duplicate? My guess would be 2869 66 -1 Trash 1 2017-08-17 16:12:58 0 Your fail is trying to insert the TRASH folder bu the trash folder already exis...
by estradis
2017-08-18 10:34
Forum: General discussions
Topic: MySQL: Duplicate entry ... 'idx_hm_imapfolders_unique'
Replies: 4
Views: 652

Re: MySQL: Duplicate entry ... 'idx_hm_imapfolders_unique'

mattg wrote:Use some database tool (Workbench will do) and remove the duplicate entry, then restart the hMailserver SERVICE
Maybe I'm blind, but which one is the duplicate?
by estradis
2017-08-18 09:57
Forum: General discussions
Topic: MySQL: Duplicate entry ... 'idx_hm_imapfolders_unique'
Replies: 4
Views: 652

MySQL: Duplicate entry ... 'idx_hm_imapfolders_unique'

Hi there, since yesterday I receive following errors, each one twice: "Severity: 2 (High), Code: MH5032, Source DALConnection::Execute, Description: MySQL: Duplicate entry '66--1-Trash' for key 'idx_hm_imapfolders_unique' (Additional info: INSERT INTO hm_imapfolders (foldercurrentuid, foldercreation...