Search found 228 matches

by mikedibella
2020-10-27 02:52
Forum: General discussions
Topic: Anyone using Hmailserver with Windows Defender?
Replies: 6
Views: 99

Re: Anyone using Hmailserver with Windows Defender?

I'm using it on my backup mx, which is configured as a standby with manual DNS failover. My active primary has never failed, so I've never stressed it beyond simple configuration proof with a few test emails. Here's the config: Windows Server 2016 Version 1607 Scanner executable: "C:\Program Files\W...
by mikedibella
2020-10-25 20:47
Forum: General discussions
Topic: 550 Rejected by SpamCop - when using Sendgrid
Replies: 24
Views: 234

Re: 550 Rejected by SpamCop - when using Sendgrid

More and more, IaaS IP ranges are blacklisted. Makes hosting direct mailing on the major IaaS providers clouds increasingly impractical. Relay providers solve this issue, so I see their use uptrending, not diminishing.
by mikedibella
2020-10-23 22:20
Forum: General discussions
Topic: 550 Rejected by SpamCop - when using Sendgrid
Replies: 24
Views: 234

Re: 550 Rejected by SpamCop - when using Sendgrid

SendGrid suffered an incursion in August and a large number of customer accounts were compromised.

https://krebsonsecurity.com/2020/08/sen ... -accounts/

Spammer quickly hoovered up the account and the resulting spam assault BL many SendGrid IPs.

They are still recovering.
by mikedibella
2020-10-23 20:34
Forum: General discussions
Topic: 550 Rejected by SpamCop - when using Sendgrid
Replies: 24
Views: 234

Re: 550 Rejected by SpamCop - when using Sendgrid

@DrmCa: PM me if you want to take this discussion off the clothesline.
by mikedibella
2020-10-22 21:19
Forum: General discussions
Topic: 550 Rejected by SpamCop - when using Sendgrid
Replies: 24
Views: 234

Re: 550 Rejected by SpamCop - when using Sendgrid

The remote server only sees SendGrid's IP on connection. Your server is listed in the headers, but the receiving party is going to use the connecting relay's (SendGrid) IP to determine reputation. You are probably using a shared IP plan from SendGrid and the IP your are sharing has been blacklisted ...
by mikedibella
2020-10-22 17:52
Forum: General discussions
Topic: 550 Rejected by SpamCop - when using Sendgrid
Replies: 24
Views: 234

Re: 550 Rejected by SpamCop - when using Sendgrid

When SendGrid receives a protocol error from a remote relay during mail submission, the error is dispatched back to you in the evert hook. So SendGrid is telling you that the recipient's server rejected the mail for the reason stated. Some errors also result in addresses being added to the various s...
by mikedibella
2020-10-20 21:22
Forum: General discussions
Topic: hMailServer and Sendgrid
Replies: 15
Views: 234

Re: hMailServer and Sendgrid

Anyone have any recommendations for alternative service providers? Anyone have experience with Sendinblue?
by mikedibella
2020-10-07 02:22
Forum: General discussions
Topic: relaying mail to Office 365 with certificate to auth ?
Replies: 5
Views: 147

Re: relaying mail to Office 365 with certificate to auth ?

Well, this looks like it might be trickier than I thought. It looks like the client certificate validation takes place during the STARTTLS verb processing after the initial connection to Office 365 is made over an unencrypted TCP connection. The whole facility appears to be designed specifically to ...
by mikedibella
2020-10-06 21:31
Forum: General discussions
Topic: relaying mail to Office 365 with certificate to auth ?
Replies: 5
Views: 147

Re: relaying mail to Office 365 with certificate to auth ?

Got it. You will need to use stunnel or a similar tool to proxy the outbound connection from hMailServer. Stunnel can make the connection to Office 365 from your HMS host and present the client certificate to Office 365 for authentication. HMS will connect to stunnel (on the local or another host on...
by mikedibella
2020-10-06 18:59
Forum: General discussions
Topic: relaying mail to Office 365 with certificate to auth ?
Replies: 5
Views: 147

Re: relaying mail to Office 365 with certificate to auth ?

Not sure I fully understand your scenario. Are you wanting hMailServer to present a client authentication certificate to the Office 365 SMTP mail submission port 587? And then your internal clients will connect to hMailServer to submit messages for relay on port 25 without authentication or TLS?
by mikedibella
2020-09-18 11:57
Forum: General discussions
Topic: AUTH PLAIN
Replies: 1
Views: 170

Re: AUTH PLAIN

Well, for those interested, here's the relevant code. Lines 323-382 of SMTPClientConnection.cpp defines the processing for machine state after HELO/ELHO is sent: void SMTPClientConnection::ProtocolEHLOSent_(int code, const AnsiString &request) { if (!IsPositiveCompletion(code)) { bool ehlo_required ...
by mikedibella
2020-09-17 20:47
Forum: General discussions
Topic: AUTH PLAIN
Replies: 1
Views: 170

AUTH PLAIN

I'm having trouble relaying to an MTA that is only offering AUTH PLAIN, but HMS is ignoring the capability response and still sends AUTH LOGIN. Any workaround?
by mikedibella
2020-09-14 04:58
Forum: General discussions
Topic: Header Rewrite
Replies: 2
Views: 222

Re: Header Rewrite

Thanks, Matt. That should get me started.
by mikedibella
2020-09-14 03:35
Forum: General discussions
Topic: Header Rewrite
Replies: 2
Views: 222

Header Rewrite

Some messages I receive need to get hairpined to an external address and for these messages I'd like to rewrite headers: 1. Create a new header X-Original-Reply-To = Reply-To 2. Create or overwrite Reply-To with From 3. Overwrite From with the a new email address consisting of the existing Display p...
by mikedibella
2020-08-28 01:07
Forum: General discussions
Topic: Receiving email from any subdomain.
Replies: 10
Views: 844

Re: Receiving email from any subdomain.

On wildcard certificates you're right. *.example.com is only valid for this first subdomain level.
Yup, that's where I got my circuits crossed.
by mikedibella
2020-08-06 02:00
Forum: General discussions
Topic: Receiving email from any subdomain.
Replies: 10
Views: 844

Re: Receiving email from any subdomain.

bloxxite wrote:
2020-08-06 01:48
I can do * for my MX record.
Remember that *.example.com will only catch an.example.com, not is.an.example.com or this.is.an.example.com.
by mikedibella
2020-07-14 19:41
Forum: Scripting
Topic: script would check the first mx record and only if that is down, would open Port 25 on the backup server
Replies: 16
Views: 1343

Re: script would check the first mx record and only if that is down, would open Port 25 on the backup server

I read that you want to host a second instance of HMS on a different server than your primary HMS host, this second HMS would be listed in the DNS with an MX having a higher Priority number than your primary host. You want this backup server to be listening for connections on port 25 only when the s...
by mikedibella
2020-06-10 17:07
Forum: General discussions
Topic: Performance issues sending/receiving email
Replies: 11
Views: 1545

Re: Performance issues sending/receiving email

My hypothesis is that your system is I/O bound. The large number of messages is saturating disk queues and the whole system slows to a crawl as virtual memory operations compete with data reads and write for the I/O channel . Check the relevant Windows performance counters to verify. To fix, conside...
by mikedibella
2020-06-06 00:10
Forum: Feature requests
Topic: Installing an SSL Certificate
Replies: 1
Views: 657

Re: Installing an SSL Certificate

You can create a CSR using Window's Certificate Manager (certmgr.msc > Personal > Certificates > Action > Advanced Operations > Create Custom Request...) but the private key will be stored in Windows format and you will need to import the certificate into the Windows certificate store to access the ...
by mikedibella
2020-06-05 19:19
Forum: General discussions
Topic: How to setup alerting on failure or que backing up
Replies: 3
Views: 781

Re: How to setup alerting on failure or que backing up

Consider that if HMS can't deliver messages, you won't receive your alert notification of the same if it too is sent via email. I wrote this a while back: https://www.hmailserver.com/forum/viewtopic.php?f=20&t=30859&p=192751&hilit=queue#p192749 I have a monitoring service running on the server that ...
by mikedibella
2020-06-04 23:36
Forum: General discussions
Topic: Just stopped working
Replies: 9
Views: 1153

Re: Just stopped working

I haven't seen this approach used much recently, but back in the day some routers used forwarding based on the switch-port instead of destination address. So if you changed the port on the gateway that the host is connects through, your forwarding rules may no longer be valid.
by mikedibella
2020-05-04 23:31
Forum: Off-topic discussions
Topic: Find rogue WiFi client
Replies: 5
Views: 1270

Re: Find rogue WiFi client

Triangulation is one approach, but it requires more than just two reception points. You need a directional antenna or array to isolate the vector of reception in addition to the signal strength to derive a position. It is accurate but too complex for my needs. Heat mapping, on the other hard, uses a...
by mikedibella
2020-05-04 21:44
Forum: Off-topic discussions
Topic: Find rogue WiFi client
Replies: 5
Views: 1270

Find rogue WiFi client

I've got a rogue WiFi client attempting to access my local network. I see the attempts in my RADIUS logs and have captured the MAC address from calling-station-id. Now I need software (hopefully freeware/freemium/low-cost) to "find" where this client is. I see there is a bunch of free software on th...
by mikedibella
2020-04-28 21:24
Forum: General discussions
Topic: How to characterize redirected message as forwarded
Replies: 6
Views: 1028

Re: How to characterize redirected message as forwarded

I think you mean it changes the MAIL verb, FROM: noun in the envelope to reflect the address the email was forwarded from. The originating sender's email address remains preserved in the From: header. Right?
by mikedibella
2020-04-28 20:06
Forum: General discussions
Topic: How to characterize redirected message as forwarded
Replies: 6
Views: 1028

Re: How to characterize redirected message as forwarded

Right, so I think the goal is to characterize the message such that the sender validation score is higher, but the benefits of redirection, such as preserving the originating sender identity for easy reply, are preserved.
by mikedibella
2020-04-28 19:24
Forum: General discussions
Topic: How to characterize redirected message as forwarded
Replies: 6
Views: 1028

How to characterize redirected message as forwarded

One of my users hosts his email address on my system but his mailbox on AOL. He likes the AOL webmail interface; has used for for years; and is resistant to change. I redirect his mail from his vanity address to @aol.com and this works fine for almost all use cases. My sender reputation is sufficien...
by mikedibella
2020-04-20 18:07
Forum: General discussions
Topic: DMARC Report Aggregation Services
Replies: 5
Views: 2321

Re: DMARC Report Aggregation Services

@mattg: I want to thank you for the referral to Postmarkapp.com. I got my first report last night and it helped me to identify that my relay provider was sending from an IP not returned in the include:domain DNS lookup. Hopefully my manual add of an ipv4: tag will now clear that up.
by mikedibella
2020-04-11 18:30
Forum: General discussions
Topic: DMARC Report Aggregation Services
Replies: 5
Views: 2321

Re: DMARC Report Aggregation Services

Postmarkapp.com looks like a relay service to me. I was thinking more along the lines of a service that receives the DMARC reports from multiple domains under a single tenancy, processes the report XML and provides either a consolidated or single-domain view of the processed data. Something like thi...
by mikedibella
2020-04-11 02:44
Forum: General discussions
Topic: DMARC Report Aggregation Services
Replies: 5
Views: 2321

DMARC Report Aggregation Services

Anyone using a DMARC Report Aggregation Service? Any testimonials to share? Any decent free/freemium providers?
by mikedibella
2020-03-30 21:58
Forum: General discussions
Topic: Test Outbound Port Error - SMTP Protocol Configuration & Diagnostics - Relays, Issues Sending & Receiving Mail
Replies: 11
Views: 2787

Re: Test Outbound Port Error - SMTP Protocol Configuration & Diagnostics - Relays, Issues Sending & Receiving Mail

Ask someone you trust to telnet to your public IP on port 25. If they don't see "220" and your Welcome message in the telnet client, your ISP is firewalling port 25. If your ISP is blocking port 25, you'll need to use a mail relay service to accept mail for you on port 25 and relay it to you on an a...
by mikedibella
2020-03-30 04:49
Forum: General discussions
Topic: Test Outbound Port Error - SMTP Protocol Configuration & Diagnostics - Relays, Issues Sending & Receiving Mail
Replies: 11
Views: 2787

Re: Test Outbound Port Error - SMTP Protocol Configuration & Diagnostics - Relays, Issues Sending & Receiving Mail

Change Connection Security to STARTTLS (Optional). Enable Application, SMTP, TCP/IP and DEBUG logging. Disable all other logging. Re-run your test. Post another log excerpt.
by mikedibella
2020-03-27 22:10
Forum: Development & alpha discussions
Topic: Saving attachments to a network location ?
Replies: 14
Views: 5583

Re: Saving attachments to a network location ?

But a Network Active Directory User can be Member of a Local Computer User Group like Administrators and SAM rights can be granted via SECPOL to ACT AS SERVICE. This is true but it is not going to solve the OP problem. You process would work if the account was a Domain (AD) Account and not a Local ...
by mikedibella
2020-03-27 21:12
Forum: Development & alpha discussions
Topic: Saving attachments to a network location ?
Replies: 14
Views: 5583

Re: Saving attachments to a network location ?

Dravion wrote:
2020-03-27 15:40
1) Create a Local Computer User account on your hMailserver Computer which is Member of the local Computers Administrators group
Sorry, but a Local Computer Account will have no network access at all, regardless of the group membership.
by mikedibella
2020-03-27 20:21
Forum: Development & alpha discussions
Topic: Saving attachments to a network location ?
Replies: 14
Views: 5583

Re: Saving attachments to a network location ?

Completely wrong You are misreading the article. The section you cite has to do with the specific use case of running services on a Domain Controller . I think most would agree that running services such as hMailServer on a Domain Controller should only be done as a last resort. The relevant part o...
by mikedibella
2020-03-27 17:44
Forum: Development & alpha discussions
Topic: Saving attachments to a network location ?
Replies: 14
Views: 5583

Re: Saving attachments to a network location ?

When a machine is domain joined, the LocalSystem account (NT AUTHORITY\SYSTEM) has the same permission on the network as the computer account (paragraph 3: https://docs.microsoft.com/en-us/windows/win32/ad/the-localsystem-account) So, to write a file from the LocalSystem context on a domain member, ...
by mikedibella
2020-03-27 04:45
Forum: User contributed hMailServer 5 scripts
Topic: DNS Helper for Scripts
Replies: 0
Views: 4416

DNS Helper for Scripts

Here's a quick little DLL I wrote to help with basic name DNS tasks in scripts. Written in Delphi. Source included. No dependencies. Uses older Winsock functions but working fine on my Server 2012 HMS implementation. Untested on 2016. Set objDNSLookup = CreateObject("DNSScriptUtil.DNSLookup") sHostn...
by mikedibella
2020-03-27 03:02
Forum: Development & alpha discussions
Topic: Saving attachments to a network location ?
Replies: 14
Views: 5583

Re: Saving attachments to a network location ?

How about using a local temporary file path and name for the parameter to the SaveAs COM method, then copy/move it using .net or win library functions?
by mikedibella
2020-03-07 01:32
Forum: Scripting
Topic: Wildcard MX Support
Replies: 21
Views: 11437

Re: Wildcard MX Support

As it is right now, the first email to an unknown acme.inc SUBDOMAIN (like wile.e.coyote@ new.acme.inc ) will be lost into oblivian or where ever hMailServer do away with it :roll: but the subdomain is added to the Names tab for the domain. I might have a dig into the source to try to figure this o...
by mikedibella
2020-03-07 01:29
Forum: Scripting
Topic: Wildcard MX Support
Replies: 21
Views: 11437

Re: Wildcard MX Support

You can only setup 1 (one) MX DNS Entry per DNS-Domain but you can Subclass a Subdomain within the DNS-Database which needs to be propagated. I tested this using my own authoritative domain. I created a RR at mx.otamdm.net with name "*", type MX, and data [10] mx.sfatech.com. Now, an MX query to an...
by mikedibella
2020-03-06 21:21
Forum: Scripting
Topic: Wildcard MX Support
Replies: 21
Views: 11437

Re: Wildcard MX Support

OK, so maybe all I need to have is a configuration that allows the submission to be accepted regardless of subdomain so that the on-demand provisioning can be handled in the OnSMTPData firing BEFORE delivery takes place. I do think a single-hMS implementation of this solution would be preferable to ...
by mikedibella
2020-03-06 04:31
Forum: Scripting
Topic: Wildcard MX Support
Replies: 21
Views: 11437

Re: Wildcard MX Support

My understanding of Default Domain is that it acted as the RFC 5322 domain part for an address that contains only a local part . So that if a message is submitted RCPT TO:local-user It will be processed as RCPT TO:local-part@default-domain Am I misunderstanding how it works? But in the use case desc...
by mikedibella
2020-03-06 03:36
Forum: Scripting
Topic: Wildcard MX Support
Replies: 21
Views: 11437

Re: Wildcard MX Support

I think the domain has to be created before you receive a message on it, or else hms will kick it for non existent address. Yup, I think you are right. I thought I remembered that there was an OnSMTPData event, that I presumed was kicked once for each verb in the protocol sequence, but I don't see ...
by mikedibella
2020-03-05 20:58
Forum: Scripting
Topic: Wildcard MX Support
Replies: 21
Views: 11437

Wildcard MX Support

Academic question for the community. If I had a use case where I wanted to receive mail for a dynamically-generated subdomain, say thread-id.domain.com, using a wildcard MX record at domain.com, what would the pseudo-code look like for the scripting to dynamically generate the Domain object and set-...
by mikedibella
2020-03-04 10:40
Forum: General discussions
Topic: View certificate on client
Replies: 1
Views: 1745

Re: View certificate on client

I use... For SSL ports: openssl s_client -connect hostname:port -showcerts For TLS (i.e. STARTTLS) ports: openssl s_client -connect hostname:port -starttls smtp -showcerts openssl s_client -connect hostname:port -starttls imap -showcerts openssl s_client -connect hostname:port -starttls pop3 -showce...
by mikedibella
2020-02-19 06:23
Forum: General discussions
Topic: Manually deleting a mailbox
Replies: 1
Views: 2707

Re: Manually deleting a mailbox

This is expected behavior. The Admin UI will be unresponsive while the database and file system is purged of objects related to the mailbox. For a 250GB mailbox, that's going to be a lot of table rows and .eml files to delete. Just be patient. Alternatively, there is an example of how to delete an a...
by mikedibella
2020-02-12 00:19
Forum: Scripting
Topic: Clear Information on Run program in Rules
Replies: 6
Views: 3001

Re: Clear Information on Run program in Rules

I use this script function reformat SMS messages coming from certain cellular carriers. These carriers attach the body of the SMS as an attachment to an email. Sub AppendAttachment(oMessage) if oMessage.Subject = "" then oMessage.Subject = "SMS Message" end if if oMessage.Attachments.Count > 0 then ...
by mikedibella
2019-11-20 20:24
Forum: General discussions
Topic: SMTPD timeouts, one particular server farm
Replies: 11
Views: 2398

Re: SMTPD timeouts, one particular server farm

Are SURBL queries blocking? Could they introduce a delay of 30 seconds, enough to trigger a TCP receive timeout?
by mikedibella
2019-11-15 06:03
Forum: General discussions
Topic: Providing a client certification to a remote server when acting as a relay
Replies: 1
Views: 843

Re: Providing a client certification to a remote server when acting as a relay

You can do that with stunnel . The config would look something like this: [SMTPwithClientAuth] client = yes accept = 127.0.0.1:2525 connect = smtp.remote-server.com:465 delay = yes CAFile = remote-server-root-certificate.pem Cert = my-client-certificate.pem key = my-client-certificate.key verify = 2...
by mikedibella
2019-11-01 04:11
Forum: Scripting
Topic: oApplication.Stop hanging
Replies: 27
Views: 8739

Re: oApplication.Stop hanging

I'm going to hypothesize that the .Stop method attempts to free all of the worker threads handing comms. This would include graceful closing of open TCP connections. Since the standard way to close a TCP connection is to send a FIN to the remote and wait for the the remote to reply with the FIN, if ...
by mikedibella
2019-10-28 21:52
Forum: Scripting
Topic: oApplication.Stop hanging
Replies: 27
Views: 8739

Re: oApplication.Stop hanging

Download Process Monitor (https://docs.microsoft.com/en-us/sysinternals/downloads/procmon) and set it up to capture, filtering events to those where Process contains the name of the hMailServer service process (hMailServer.exe). Reproduce the anomaly, stop the capture, and review the events leading ...
by mikedibella
2019-10-04 23:23
Forum: User contributed hMailServer 5 scripts
Topic: Utility to set route to domain MX
Replies: 4
Views: 2302

Re: Utility to set route to domain MX

For example, an old MTA, which was the lowest Preference host, is retired, and the old backup MX gets promoted by having the new lowest Preference in DNS. Eventually, another MX is introduced, which might have a different hostname, or a higher Preference. Or, multiple MX share the same Preference an...
by mikedibella
2019-10-04 00:48
Forum: User contributed hMailServer 5 scripts
Topic: Utility to set route to domain MX
Replies: 4
Views: 2302

Utility to set route to domain MX

I needed a way to bypass the smart relay for some domains and send mail for these domains directly to the mail exchanger in DNS. A route in HMS will do this, but the Target SMTP Host must be statically defined. These hostnames change from time-to-time, and I wanted a way to keep the route up-to-date...
by mikedibella
2019-10-01 17:48
Forum: Scripting
Topic: Convert message with text attachment
Replies: 5
Views: 3491

Re: Convert message with text attachment

Well, your request prompted me to dig deeper. It looks like the content received by hMailServer is actually MIME encoded. Received: from stcceg-mtmta04.wnsnet.attws.com (stcotaapp-apps-ts2a.mobile.att.net [166.216.152.40]) by mail.*.com with ESMTPS (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128...
by mikedibella
2019-10-01 04:45
Forum: Scripting
Topic: Convert message with text attachment
Replies: 5
Views: 3491

Re: Convert message with text attachment

This is what I came up with. Sub AppendAttachment(oMessage) ' save attachment to temporary file set oFileSys = CreateObject("Scripting.FileSystemObject") sTempFile = oFileSys.GetSpecialFolder(2) & oFileSys.GetTempName oMessage.Attachments.Item(0).SaveAs sTempFile ' read attachment to string set fAtt...
by mikedibella
2019-10-01 02:14
Forum: Scripting
Topic: Convert message with text attachment
Replies: 5
Views: 3491

Convert message with text attachment

I need to convert email received from several SMS gateways into more convenient format. I know I can select these messages for processing using a rule, and handle the processing using a script, but I am soliciting advice for the most efficient way to process the conversion. Reviewing the headers of ...
by mikedibella
2019-09-18 03:27
Forum: Off-topic discussions
Topic: Logins To hMailServer Form Not Secure
Replies: 5
Views: 2884

Re: Logins To hMailServer Form Not Secure

If you are using Chrome you can force the site to use HTTPS by adding hmailserver.com to Chome's HSTS set at this URL: chrome://net-internals/#hsts

Be sure to tick the box for subdomains.
by mikedibella
2019-09-14 01:05
Forum: General discussions
Topic: Send mail port 587
Replies: 13
Views: 3313

Re: Send mail port 587

Additionally, many servers have restrictions on the mail submission port (i.e. port 587). For instance, it is common that mail is only accepted via the submission port FROM the email address(es) associated with the account that authenticated, which precludes the submission port from being used as a ...
by mikedibella
2019-09-06 18:19
Forum: General discussions
Topic: Sending mail doesn't work
Replies: 20
Views: 4150

Re: Sending mail doesn't work

You have the SPF record associated with the right DNS domain now (almight.se), but the record has errors:

https://www.dmarcanalyzer.com/spf/check ... lmighty.se
by mikedibella
2019-09-06 16:37
Forum: General discussions
Topic: Sending mail doesn't work
Replies: 20
Views: 4150

Re: Sending mail doesn't work

The SPF record is for the mail domain (almighty.se), not the mail exchanger (mail.almighty.se).