Search found 503 matches

by mikedibella
2021-06-15 04:40
Forum: General discussions
Topic: hMailServer 5.7 High Usage Memory
Replies: 46
Views: 498

Re: hMailServer 5.7 High Usage Memory

Thinking this through, however, xinetd acts as a proxy, so hMailServer will not see the original client's IP address, rendering all the built-in checking based on IP useless.
by mikedibella
2021-06-15 01:28
Forum: General discussions
Topic: hMailServer 5.7 High Usage Memory
Replies: 46
Views: 498

Re: hMailServer 5.7 High Usage Memory

xinetd can help with these senarios to "tarpit" a service: # /etc/xinetd.d/smtp service smtp { disable = no flags = REUSE socket_type = stream protocol = tcp wait = no user = root groups = yes # interface to listen on interface = 10.1.2.3 # hMailServer redirect = 10.1.2.4 smtp # max concurrent conne...
by mikedibella
2021-06-15 00:42
Forum: General discussions
Topic: Problem forwarding emails - SMTP Auth denied
Replies: 2
Views: 38

Re: Problem forwarding emails - SMTP Auth denied

I found this flag: RewriteEnvelopeFromWhenForwarding=1, thinking it would solve my problem. However, it doesn't seem to be taking effect. I added it to the bottom of my hMailServer.ini, after adding [Settings], and restarted the service, but the from email remains the external sender. RewriteEnvelo...
by mikedibella
2021-06-12 19:06
Forum: Development & alpha discussions
Topic: Unable to find the recipient's email server. The DNS query has failed.
Replies: 7
Views: 162

Re: Unable to find the recipient's email server. The DNS query has failed.

Make sure that the recipient domain's MX record Host attribute names an A record and not a CNAME for glue to the host's IP address. I seem to remember that hMailServer requires strict RFC compliance and does not resolve CNAME Host references in MX records, even though some authorities configure DNS ...
by mikedibella
2021-06-10 21:05
Forum: User contributed hMailServer 5 scripts
Topic: Utility to update IP Range address
Replies: 0
Views: 98

Utility to update IP Range address

I needed a way to periodically update a named IP Range with a single address to customize the IP Range characteristics for a client with a dynamic IP address. hmsUpdateRangeIP.exe was written to update a specific IP Range identified by hostname with the address that hostname resolves to in DNS. To u...
by mikedibella
2021-06-10 18:17
Forum: General discussions
Topic: Outlook requires (external?) credentials (on one inbox) when trying to send a mail
Replies: 11
Views: 115

Re: Outlook requires (external?) credentials (on one inbox) when trying to send a mail

You also want to validate that Outlook is actually the owner of the displayed dialog box. Based on your description, I'm a little suspicious it might be thrown by a system service called by Outlook rather than Outlook itself. This tool can trace the window handle to the process owner: https://www.ca...
by mikedibella
2021-06-10 18:06
Forum: General discussions
Topic: Outlook requires (external?) credentials (on one inbox) when trying to send a mail
Replies: 11
Views: 115

Re: Outlook requires (external?) credentials (on one inbox) when trying to send a mail

Outgoing.png
Outgoing E-mail Settings
Outgoing.png (9.5 KiB) Viewed 103 times
If you drill down under Advanced there is a seperate setting for the outgoing mail server authentication too.
by mikedibella
2021-06-10 17:47
Forum: General discussions
Topic: Outlook requires (external?) credentials (on one inbox) when trying to send a mail
Replies: 11
Views: 115

Re: Outlook requires (external?) credentials (on one inbox) when trying to send a mail

In Account Settings for that account, make sure you have Require logon using Secure Password Authentication (SPA) box unchecked.
by mikedibella
2021-06-10 00:39
Forum: General discussions
Topic: PTR error on SMTP relay.
Replies: 6
Views: 127

Re: PTR error on SMTP relay.

I see something odd.
"SMTPD" 2144 12 "2021-06-09 12:04:26.694" "192.168.1.221" "RECEIVED: RCPT To:<>"
When I try to duplicate that on 5.6.8-B2534, hMailServer responds:
550 A valid address is required.
What version are you running?
by mikedibella
2021-06-08 17:47
Forum: General discussions
Topic: False Tagging | hMailServer SpamProtection rejected RCPT | The host name specified in HELO does not match IP address
Replies: 20
Views: 304

Re: False Tagging | hMailServer SpamProtection rejected RCPT | The host name specified in HELO does not match IP address

Generally, the reason you would have source address translation is to direct the return traffic from back to NAT that is not acting at a default gateway. If the NAT is also the default gateway on the network, then you can disable SNAT and preserve the original source IP address of the Internet traff...
by mikedibella
2021-06-04 18:47
Forum: Scripting
Topic: Identifying NDRs
Replies: 2
Views: 96

Identifying NDRs

Before I go about reinventing the wheel... Does anyone have a good set of heuristics to identify externally-received NDRs? IMO, NDRs are the only externally-received message types that I want to accept without an envelope sender (MAIL FROM:). Right now I whitelisting these types of messages by the s...
by mikedibella
2021-06-02 20:25
Forum: General discussions
Topic: DKIM without accepting mail for the domain
Replies: 12
Views: 276

Re: DKIM without accepting mail for the domain

The issue is when sending emails from our domain to our domain. I'm not understanding what is the observed vs expected/desired behavior. So the path looks like: user1's client -> hMailServer -> 2nd MTA with MDA -> user2's mailbox And there is something wrong with the way user2's client interprets t...
by mikedibella
2021-06-02 19:27
Forum: General discussions
Topic: DKIM without accepting mail for the domain
Replies: 12
Views: 276

Re: DKIM without accepting mail for the domain

DKIM signing for outbound messages requires the following: 1. A Domain (let's call it domain.tld) configured within hMailServer 2. A private key and defined Selector (let's call it selector1) configured for that domain under the DKIM Signing tab 3. A TXT record within the DNS authoritative zone for ...
by mikedibella
2021-05-30 21:00
Forum: Scripting
Topic: Message-ID in Logs
Replies: 8
Views: 222

Re: Message-ID in Logs

Learn VBScript and do it by scripting. I capture, clone, modify, reply to and handle NDR messages and other error situations entirely with scripting - no taili'ing the logfiles. +1 The solution I described above can accomplish most of what you need. You can create your own "virtual queue" in epheme...
by mikedibella
2021-05-29 20:00
Forum: Scripting
Topic: Message-ID in Logs
Replies: 8
Views: 222

Re: Message-ID in Logs

First, to answer your question: I am using the right field name as it mentions oMessage.Id as a valid field in the online documentation? My understanding is that oMessage.Id ties a message file to the database. Only messages received for local accounts are recorded in the database. Messages are pure...
by mikedibella
2021-05-26 17:08
Forum: General discussions
Topic: DKIM not applying to some emails
Replies: 21
Views: 388

Re: DKIM not applying to some emails

Speculation: I wonder if Symantec was using hMailServer to perform some kind of address validation? Not sure what purpose that would serve.
by mikedibella
2021-05-26 04:45
Forum: General discussions
Topic: DKIM not applying to some emails
Replies: 21
Views: 388

Re: DKIM not applying to some emails

Here is what I see when the notification email that Symantec sends: "DEBUG" 1428 "2021-05-25 13:30:24.935" "Creating session 63" "TCPIP" 1428 "2021-05-25 13:30:24.935" "TCP - 10.2.5.11 connected to 10.2.5.66:25." "DEBUG" 1428 "2021-05-25 13:30:24.935" "TCP connection started for session 62" "SMTPD"...
by mikedibella
2021-05-26 01:27
Forum: General discussions
Topic: DKIM not applying to some emails
Replies: 21
Views: 388

Re: DKIM not applying to some emails

robplatt wrote:
2021-05-25 22:52
A notification email is then dispatched from Symantec, to hmailserver. However, it is NOT DKIM signed. The message is delivered to the outside world. DKIM headers are not included.
I think you want to post the complete headers from the message as received by the recipient here for analysis.
by mikedibella
2021-05-26 00:26
Forum: General discussions
Topic: DKIM not applying to some emails
Replies: 21
Views: 388

Re: DKIM not applying to some emails

I seem to recall another thread that was looking at the mechanism for selecting the domain configuration to sign from. I thought I remembered that the From: header is used to determine the signing configuration. It is possible that the Symantec is rewriting the From: header?
by mikedibella
2021-05-25 21:07
Forum: General discussions
Topic: Hmailserver port 25 smtp blocked on my google cloud platform virtual machine
Replies: 1
Views: 108

Re: Hmailserver port 25 smtp blocked on my google cloud platform virtual machine

GCP blocks SMTP ports deliberately to prevent abuse of it's IPs. I don't know of any way to get an exemption. You will have to relay through SendGrid (https://console.cloud.google.com/marketplace/product/sendgrid-app/sendgrid-email) or another SMTP Relay Provider that Google sanctions for outbound m...
by mikedibella
2021-05-21 05:10
Forum: General discussions
Topic: dklm fails from google report
Replies: 14
Views: 276

Re: dklm fails from google report

google.png One of the typical certificate validation checks is to verify that the issuer of a certificate hasn't revoked it. One way to do that is to retrieve the issuer's Certificate Validation List from the URL specified in the certificate's CRL Distribution Point section. If the host validating ...
by mikedibella
2021-05-15 22:49
Forum: General discussions
Topic: 3rd party application connecting to hMailServer over TLS to port 465 fails
Replies: 16
Views: 449

Re: 3rd party application connecting to hMailServer over TLS to port 465 fails

After stopping the hMailServer service, I ran the following command, but after I hit the enter button, it just sits there and there is no output. Is the syntax correct? The command creates a TLS server listening on the -accept port. There will be no output until a connection from a remote client is...
by mikedibella
2021-05-15 20:05
Forum: General discussions
Topic: 3rd party application connecting to hMailServer over TLS to port 465 fails
Replies: 16
Views: 449

Re: 3rd party application connecting to hMailServer over TLS to port 465 fails

Something else I found: https://download.manageengine.com/products/self-service-password/adselfservice-plus-ssl-installation-guide.pdf It looks like ADSelfService Plus is built on Java. Java uses its own trust store, not the trust store of the host OS. You may need to manually trust the root certifi...
by mikedibella
2021-05-15 19:46
Forum: General discussions
Topic: 3rd party application connecting to hMailServer over TLS to port 465 fails
Replies: 16
Views: 449

Re: 3rd party application connecting to hMailServer over TLS to port 465 fails

OK, the protocol trace above shows that openssl can successfully negotiate an SSL/TLS connection with hMailServer. Now lets use openssl to test why ManageEngine connections are failing. Stop the hMailServer service and run the following command on the hMailServer service host: openssl s_server -key ...
by mikedibella
2021-05-15 17:01
Forum: General discussions
Topic: 3rd party application connecting to hMailServer over TLS to port 465 fails
Replies: 16
Views: 449

Re: 3rd party application connecting to hMailServer over TLS to port 465 fails

I am wondering if there is a problem with my SSL certificate on the hMailServer as jim.bus and palinka alluded to in earlier posts. Make sure you are sending the intermediate certificates in the CA's chain. To test, change the openssl command to include the -showcerts switch. You need to see n-1 ce...
by mikedibella
2021-05-15 00:19
Forum: General discussions
Topic: 3rd party application connecting to hMailServer over TLS to port 465 fails
Replies: 16
Views: 449

Re: 3rd party application connecting to hMailServer over TLS to port 465 fails

Make sure that you are using the same connection security setting on both hMailServer and with ManageEngine. Although not an official "standard", it is typical for port 465 to use what hMailserver (https://www.hmailserver.com/documentation/v5.6/?page=reference_connection_security) calls "SSL/TLS" an...
by mikedibella
2021-05-14 21:18
Forum: General discussions
Topic: Spamhouse.org question
Replies: 14
Views: 411

Re: Spamhouse.org question

Thinking out-of-box. Can a negative score be used for a hit on an RBL? Perhaps the solution to this problem could to to implement a local responder loaded with whitelist zones, and configure HMS to lower scores when these zones produce non-NXD responses?
by mikedibella
2021-05-14 20:28
Forum: General discussions
Topic: 3rd party application connecting to hMailServer over TLS to port 465 fails
Replies: 16
Views: 449

Re: 3rd party application connecting to hMailServer over TLS to port 465 fails

SSL and TLS are misnomers in this use case. SSL means that the client will negotiate TLS before SMTP, while TLS means that the client will negoiate SMTP first and upgrade the connection to secure using the STARTTLS verb. The actual secure protocols used (SSL 3.0, TLS 1.0, 1.1, 1.2, 1.3) will depend ...
by mikedibella
2021-05-12 17:45
Forum: General discussions
Topic: Rules create copy and send, sending slow
Replies: 63
Views: 1816

Re: Rules create copy and send, sending slow

IMO, we need to select an approach. @plinka has been working on stripping the tags from the HTML body and just pass the plaintext without markup. I'm suggesting you parse the HTML body and extract relevant fields, then compose a new plaintext message using value subsitiution. Let's try to align to o...
by mikedibella
2021-05-12 05:39
Forum: General discussions
Topic: Rules create copy and send, sending slow
Replies: 63
Views: 1816

Re: Rules create copy and send, sending slow

Google says that translates to
DISTRICT
MUNICIPALITY
STREET
by mikedibella
2021-05-12 05:33
Forum: General discussions
Topic: Rules create copy and send, sending slow
Replies: 63
Views: 1816

Re: Rules create copy and send, sending slow

Here's my donation to the cause. I use this function in my HTML-scraping routines: function Between(sString, sFrom, sTo) if InStr(sString, sFrom) > 0 then sTemp = Mid(sString, InStr(sString, sFrom) + Len(sFrom)) if InStr(sTemp, sTo) > 0 then Between = Mid(sTemp, 1, InStr(sTemp, sTo) - 1) end if end ...
by mikedibella
2021-05-12 03:17
Forum: General discussions
Topic: Rules create copy and send, sending slow
Replies: 63
Views: 1816

Re: Rules create copy and send, sending slow

Well, I'm using an analogy from my youth growing up in then-rural New Jersey to speculate on the circumstances surrounding the OP's use case. The OP's example email has .cz as the TLD, which is geographically far from North America, but that doesn't necessarily invalidate the speculation.
by mikedibella
2021-05-12 00:05
Forum: General discussions
Topic: Rules create copy and send, sending slow
Replies: 63
Views: 1816

Re: Rules create copy and send, sending slow

In rural America, there are all-volunteer fire departments staffed with trained, but unpaid, responders who are on-call (at-large). There may or may not be staff at the firehouse, but when dispatch is necessary, these at-large responders many not muster at the firehouse. Sometimes only the driver wi...
by mikedibella
2021-05-11 23:00
Forum: General discussions
Topic: Rules create copy and send, sending slow
Replies: 63
Views: 1816

Re: Rules create copy and send, sending slow

IMO, he should at least explore a direct-to-SMS API instead of using a carrier SMTP-to-SMS gateway. These are rarely managed to an SLO or SLA and are generally offer "as available, when available". I would not want to be the owner of a burning house relying on mustering at-large firefighters via SMT...
by mikedibella
2021-05-11 20:45
Forum: General discussions
Topic: Rules create copy and send, sending slow
Replies: 63
Views: 1816

Re: Rules create copy and send, sending slow

OP mentions something about getting forwarded to firefighters. The message is some kind of notification about location and type of emergency. I guess firemen don't have smartphones. Well, then this is a frightening solution in it's fragility. Let me reiterate: If you need SLO/SLA based delivery, an...
by mikedibella
2021-05-11 18:21
Forum: General discussions
Topic: Rules create copy and send, sending slow
Replies: 63
Views: 1816

Re: Rules create copy and send, sending slow

Can you forward the message to a MMS gateway instead of an SMS gateway? Perhaps consider attaching the the HTML body of the message as an attachment with an HTML MIME type and .html extension, and create an alert to be delivered to the mobile device over MMS. MMS uses the control channel (SMS) to de...
by mikedibella
2021-05-10 19:08
Forum: General discussions
Topic: Rules create copy and send, sending slow
Replies: 63
Views: 1816

Re: Rules create copy and send, sending slow

You are setting the clone message's plaintext body (.Body) to the plaintext body of the source message. A better approach is to write your code to detect if there is a plaintext part, an HTML part(.HTMLBody), or both, and set one or both of the close properties with the contents of the source messag...
by mikedibella
2021-05-06 23:34
Forum: General discussions
Topic: forwarding doesn't work
Replies: 9
Views: 262

Re: forwarding doesn't work

Try adding

Code: Select all

RewriteEnvelopeFromWhenForwarding=1
to hMailServer.ini. Restart the service. Retry the operation.
by mikedibella
2021-05-06 18:29
Forum: General discussions
Topic: forwarding doesn't work
Replies: 9
Views: 262

Re: forwarding doesn't work

There is a one minute delay, by design, when forwarding using the method you describe. Check the queue (Status > Delivery queue) and you should see an item with a future Next try time. Wait a minute and the server will deliver that message.
by mikedibella
2021-05-06 02:31
Forum: General discussions
Topic: Problems with configuration
Replies: 28
Views: 730

Re: Problems with configuration

My guess is this an a use case for intranet alert messaging where the MUA (printer, router, etc) has been over-built and only a destination address can be specified and not a relay. The MAU wants to resolve the relay from the address, like an MTA would, but the authority doesn't want to have to assi...
by mikedibella
2021-05-06 01:39
Forum: General discussions
Topic: Problems with configuration
Replies: 28
Views: 730

Re: Problems with configuration

I had to remove the square braces in my hMailserver domain names tab to receive that mail. So, what would the best practice be for setting up an "address-based" domain in hMailServer? Does the domain have to be "[1.2.3.4]" with a Name alias "1.2.3.4", or should the Domain be created as "1.2.3.4" wi...
by mikedibella
2021-05-05 21:23
Forum: General discussions
Topic: MXtoolbox says 250-STARTTLS is missing
Replies: 2
Views: 154

Re: MXtoolbox says 250-STARTTLS is missing

Settings > TCP/IP Ports > Connection security

set to STARTTLS (optional).
by mikedibella
2021-05-05 17:04
Forum: General discussions
Topic: Antivirus not delete attachment for CC account
Replies: 23
Views: 549

Re: Antivirus not delete attachment for CC account

If the sending MTA splits the email into multiple deliveries for each recipient, even when they are at the same domain, then hMailServer will see multiple copies of the same dataset and run AV on each. You need to review logs to determine if that is what happened in the case you are describing.
by mikedibella
2021-05-05 00:29
Forum: General discussions
Topic: Antivirus not delete attachment for CC account
Replies: 23
Views: 549

Re: Antivirus not delete attachment for CC account

Interesting that one of the Defender HRESULT codes is: 0x80501004 ERROR_MP_NO_INTERNET_CONN Check your Internet connection, then run the scan again. (see https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus?view=o365-worldwide) This lead...
by mikedibella
2021-05-04 19:48
Forum: General discussions
Topic: Antivirus not delete attachment for CC account
Replies: 23
Views: 549

Re: Antivirus not delete attachment for CC account

No. The .eml filename is a guid that is linked to a database record.
by mikedibella
2021-05-04 18:26
Forum: General discussions
Topic: Antivirus not delete attachment for CC account
Replies: 23
Views: 549

Re: Antivirus not delete attachment for CC account

IIRC %FILE% passes the filename of the .eml file, not the attachment. So your script could use the hMailServer API to save each attachment to a temporary file, delete it from the message, rename the file if a problem filename is detected, scan the file, and only re-attach the file if it is clean. Re...
by mikedibella
2021-05-04 17:55
Forum: General discussions
Topic: Antivirus not delete attachment for CC account
Replies: 23
Views: 549

Re: Antivirus not delete attachment for CC account

The only way you'll avoid the "split decision" you describe is to catch failed scans and retry them, hoping that only one retry is needed to reach a pass/fail. You can't retry infinitely without creating blocking condition in mail processing.
by mikedibella
2021-05-04 17:10
Forum: General discussions
Topic: Antivirus not delete attachment for CC account
Replies: 23
Views: 549

Re: Antivirus not delete attachment for CC account

You could wrap the execution of MpCmdRun.exe in a script and read and parse the console output, looking for output strings that differentiate between clean scan, failed scan, and infected scan results. You need to simulate each result to see what output is produced and devise the filtering criteria ...
by mikedibella
2021-05-04 05:24
Forum: General discussions
Topic: Load Balance Issue
Replies: 19
Views: 584

Re: Load Balance Issue

Finally got around to testing this in the lab. This monitor works for me...
smtp_withhost.JPG
BIG-IP Monitor for hMailServer
by mikedibella
2021-05-01 21:17
Forum: General discussions
Topic: Load Balance Issue
Replies: 19
Views: 584

Re: Load Balance Issue

https://support.f5.com/csp/article/K4314

Code: Select all

monitor SMTP_WithHost { 
	defaults from smtp
	interval 5 
	timeout 16 
	send "HELO anyhost\r\n" 
	recv "250 Hello." 
} 
by mikedibella
2021-05-01 03:55
Forum: General discussions
Topic: Load Balance Issue
Replies: 19
Views: 584

Re: Load Balance Issue

Test for yourself. Open a telnet session to your mail server:

Code: Select all

telnet mail.mydomain.com 25
Send:

Code: Select all

HELO
server will respond

Code: Select all

501 HELO Invalid domain address.
Send:

Code: Select all

HELO X
server will respond

Code: Select all

250 Hello.
by mikedibella
2021-04-30 22:07
Forum: General discussions
Topic: Load Balance Issue
Replies: 19
Views: 584

Re: Load Balance Issue

The LB is send the HELO verb without the required hostname parameter. If you can't configure the LB to send an arbitrary string, write a custom monitor if your LB supports it, or just use a TCP Open monitor.
by mikedibella
2021-04-30 21:28
Forum: General discussions
Topic: Load Balance Issue
Replies: 19
Views: 584

Re: Load Balance Issue

Enable SMTP logging on hMailServer and send a snippet of that log when the LB polls.
by mikedibella
2021-04-30 18:59
Forum: General discussions
Topic: Load Balance Issue
Replies: 19
Views: 584

Re: Load Balance Issue

Fix or disable HELO checking:

Settings > Anti-spam > Spam tests > uncheck Check host in the HELO command

https://www.hmailserver.com/documentati ... e_antispam
by mikedibella
2021-04-28 20:06
Forum: General discussions
Topic: Retries
Replies: 8
Views: 318

Re: Retries

by mikedibella
2021-04-28 20:04
Forum: General discussions
Topic: Retries
Replies: 8
Views: 318

Re: Retries

Generate a delivery delay notification to the sender using the OnDeliveryFailed event.
by mikedibella
2021-04-27 02:16
Forum: General discussions
Topic: Hmail to replace on premise Exchange server?
Replies: 3
Views: 239

Re: Hmail to replace on premise Exchange server?

Set up a SMTP relayer with Office365 credentials on port 587 to send mail received via your Office365 account Authenticating to MSOL on port 587 supports sending as that authenticated user's identity only. Instead of using 587, you'll want to create an IP address validated Connector and submit mail...