Search found 732 matches

by palinka
2019-06-24 23:04
Forum: General discussions
Topic: "Virus found" and completely disformatted Mails from Amazon & Paypal
Replies: 12
Views: 77

Re: "Virus found" and completely disformatted Mails from Amazon & Paypal

https://hmailserver.com/forum/viewtopic ... 21&t=26829

This will get you started. Then after, search for spamassassin ClamAV plugin to get that working.
by palinka
2019-06-24 14:54
Forum: General discussions
Topic: Massive Attack from Brazil
Replies: 8
Views: 73

Re: Massive Attack from Brazil

Ok thanks.
by palinka
2019-06-24 13:51
Forum: General discussions
Topic: Massive Attack from Brazil
Replies: 8
Views: 73

Re: Massive Attack from Brazil

estradis wrote:
2019-06-24 13:43

We have enough data collected and are ending this by banning all addresses from Brazil until further notice.
By the way, out of curiosity, by what method do you block addresses by country?
by palinka
2019-06-24 13:48
Forum: General discussions
Topic: Massive Attack from Brazil
Replies: 8
Views: 73

Re: Massive Attack from Brazil

estradis wrote:
2019-06-24 13:43
And by the way, I'm not talking about spammers! :roll:
When the gate is closed it's closed. Chickens on one side, foxes on the other. :mrgreen:
by palinka
2019-06-24 12:31
Forum: General discussions
Topic: Stop intruder
Replies: 26
Views: 208

Re: Stop intruder

On below URL http://hmailserver.com/forum/viewtopic.php?f=9&t=34082 it is done for MYSQL database. Does it mean we can re-write it for MSSQL, right? Yes. But i couldn't say how much work that would be. For the basic stuff - meaning the powershell script and EventHandlers.vbs - it would be pretty ea...
by palinka
2019-06-24 12:17
Forum: General discussions
Topic: Massive Attack from Brazil
Replies: 8
Views: 73

Re: Massive Attack from Brazil

Any of those IPs on this list?

http://hmsfirewallbandemo.ddns.net/sear ... rch=Brazil

Buh-bye spammers... :mrgreen:
by palinka
2019-06-24 04:46
Forum: General discussions
Topic: "Virus found" and completely disformatted Mails from Amazon & Paypal
Replies: 12
Views: 77

Re: "Virus found" and completely disformatted Mails from Amazon & Paypal

MOST Paypal emails (their regular newsletters and such) are always the same for me, shown as containing a virus that was removed A total shot in the dark, but do you think this is the reason? Subject: Virus found: =?UTF-8?Q?Re:_R=C3=BCcksendeantrag_f=C3=BCr_Bes?= =?UTF-8?Q?tellung_302-7689412-94027...
by palinka
2019-06-24 01:34
Forum: Scripting
Topic: Firewall Ban
Replies: 20
Views: 485

Re: Firewall Ban

I signed up for GitHub. From here out, any changes will be here:

https://github.com/palinkas-jo-reggelt/ ... rewall-Ban
by palinka
2019-06-23 23:16
Forum: General discussions
Topic: "Virus found" and completely disformatted Mails from Amazon & Paypal
Replies: 12
Views: 77

Re: "Virus found" and completely disformatted Mails from Amazon & Paypal

Can you send the email to gmail or somewhere other than your hmailserver and post the headers from that message? Would the other MTA also pick it up a virus?

If yes, you need to talk to amazon about it. If no, then there must be something going on with clamav. Do you have a log?
by palinka
2019-06-23 20:25
Forum: General discussions
Topic: "Virus found" and completely disformatted Mails from Amazon & Paypal
Replies: 12
Views: 77

Re: "Virus found" and completely disformatted Mails from Amazon & Paypal

Can you post the complete message including headers?

If a virus was found it probably didn't come from Amazon or PayPal.
by palinka
2019-06-23 16:59
Forum: Scripting
Topic: Firewall Ban
Replies: 20
Views: 485

Re: Firewall Ban

Every time I think I'm done, I start adding more features. :mrgreen: What good is having release options without having re-ban options? That's what I've added in this round. The demo is updated to the latest changes: http://hmsfirewallbandemo.ddns.net/ Feel free to poke around and try out anything. ...
by palinka
2019-06-23 12:44
Forum: General discussions
Topic: Stop intruder
Replies: 26
Views: 208

Re: Stop intruder

PeterChan wrote:
2019-06-23 12:04
Good day Mattg,
How to ban one IP from "approaching" our server?
One method - Firewall Ban :mrgreen:

Warning - still in alpha stage. Pretty close to beta.
by palinka
2019-06-23 00:13
Forum: Scripting
Topic: Firewall Ban
Replies: 20
Views: 485

Re: Firewall Ban

Just found a flaw in the demo logic. Does not affect actual usage. When you release an IP the flag gets updated to "2" which signifies "ready to be released". Then when the scheduled task runs, it looks for flag=2, removes the firewall rule and updates the flag to "1", which signifies the firewall ...
by palinka
2019-06-22 19:13
Forum: Scripting
Topic: Firewall Ban
Replies: 20
Views: 485

Re: Firewall Ban

Just found a flaw in the demo logic. Does not affect actual usage. When you release an IP the flag gets updated to "2" which signifies "ready to be released". Then when the scheduled task runs, it looks for flag=2, removes the firewall rule and updates the flag to "1", which signifies the firewall r...
by palinka
2019-06-22 18:56
Forum: Scripting
Topic: Firewall Ban
Replies: 20
Views: 485

Re: Firewall Ban

BIG CHANGES to this version. :mrgreen: I added various methods of manually releasing IPs through the website. The way it works is as follows. 1) click to release on the website 2) UPDATE set flag=2 which signifies a manual release 3) powershell script at scheduled task looks for flag=2, removes the ...
by palinka
2019-06-22 17:53
Forum: General discussions
Topic: Stop intruder
Replies: 26
Views: 208

Re: Stop intruder

SorenR wrote:
2019-06-22 17:38
Noun. motorhead (plural motorheads) (US, Canada, slang) A car enthusiast. (Britain, slang) A heavy user of amphetamines.
Ace of spades :mrgreen:
by palinka
2019-06-22 14:30
Forum: General discussions
Topic: Stop intruder
Replies: 26
Views: 208

Re: Stop intruder

- ban all high spam score IPs That's an interesting one i hadn't considered before. I just realized that could be interpreted as sarcastic when it's not meant to be. What i meant was i never considered banning ips based on SA scores insofar as "ban" means not reject or redirect a message, but rathe...
by palinka
2019-06-22 14:23
Forum: General discussions
Topic: Stop intruder
Replies: 26
Views: 208

Re: Stop intruder

Perhaps you should listen to your wife and get out before you are drafted. :wink: 1) I'm too old to be drafted 2) I already volunteered and served in the United States Marines 3) The next war won't be between countries, it will be within countries and the draft won't matter - you'll be drafted by s...
by palinka
2019-06-22 11:32
Forum: General discussions
Topic: Stop intruder
Replies: 26
Views: 208

Re: Stop intruder

mattg wrote:
2019-06-22 06:50
- ban all high spam score IPs
That's an interesting one i hadn't considered before.
by palinka
2019-06-21 21:34
Forum: User contributed hMailServer 5 scripts
Topic: Script to block or allow country connections
Replies: 46
Views: 8553

Re: Script to block or allow country connections

Cool. Just so you know... https://www.spamhaus.org/query/ip/185.137.111.125

There are a few scripts around here for querying spamhaus.
by palinka
2019-06-21 20:05
Forum: User contributed hMailServer 5 scripts
Topic: Script to block or allow country connections
Replies: 46
Views: 8553

Re: Script to block or allow country connections

Also noticed Microsoft uses some servers in locations I don't allow. So I've been slowly adding to the script to allow certain ISPs like Microsoft/Google etc and then block others. Fara Negar Pardaz Noor Khuzestan Co.JSP is a real bad one currently. It looks like an Iranian provider using IPs that ...
by palinka
2019-06-21 19:04
Forum: User contributed hMailServer 5 scripts
Topic: Script to block or allow country connections
Replies: 46
Views: 8553

Re: Script to block or allow country connections

I dont know why you changed the Geo-lookup service to your new one (ip-api). I sill use the original (geoplugin): With CreateObject("Msxml2.ServerXMLHTTP.6.0") .Open "GET", "http://www.geoplugin.net/json.gp?ip=" & oClient.IPAddress, False .Send Set oGeoip = Json.Decode(.responseText) If (.Status = ...
by palinka
2019-06-21 12:54
Forum: General discussions
Topic: hMailServer B2425 Anti-spam Whitelisting Failure
Replies: 22
Views: 163

Re: hMailServer B2425 Anti-spam Whitelisting Failure

b. SPF and DKIM tests were performed and the DKIM Test failed generating a SPAM Score of 5 for the failure. Let's be honest. This is the real problem. DKIM can fail for many reasons. Setting such a high score for this results in tons of false positives. I unchecked DKIM as an hmailserver spam check...
by palinka
2019-06-21 11:57
Forum: User contributed hMailServer 5 scripts
Topic: Script to block or allow country connections
Replies: 46
Views: 8553

Re: Script to block or allow country connections

I am getting failed lookups on all IPs using ap-api. Update - Its working now. I guess I was banned from ip-api.com after all. Even though I got an error saying I was not banned, miraculously(!) it started working again after I attempted to unban myself. I'm going to keep an eye on it, but it appea...
by palinka
2019-06-21 11:20
Forum: User contributed hMailServer 5 scripts
Topic: Script to block or allow country connections
Replies: 46
Views: 8553

Re: Script to block or allow country connections

I am getting failed lookups on all IPs using ap-api. I am able to manually browse to the urls & see the data, so I know the links are correct (hidden IPs as it was me testing from my own servers) 2784 "2019-06-20 18:15:21.465" "<OnClientConnect.error> ip-api.com lookup failed, error code: 12029 on ...
by palinka
2019-06-20 19:07
Forum: User contributed hMailServer 5 scripts
Topic: Script to block or allow country connections
Replies: 46
Views: 8553

Re: Script to block or allow country connections

Try this. Sub OnClientConnect(oClient) ' Exclude Backup-MX & local LAN from test If (Left(oClient.IPAddress, 12) = "184.105.182.") Then Exit Sub If (Left(oClient.IPAddress, 10) = "192.168.1.") Then Exit Sub If oClient.IPAddress = "127.0.0.1" Then Exit Sub ' Filter out "impatient" servers. Alternativ...
by palinka
2019-06-20 14:10
Forum: User contributed hMailServer 5 scripts
Topic: Script to block or allow country connections
Replies: 46
Views: 8553

Re: Script to block or allow country connections

Shortlist: the main (probable) difference between my server and yours is that I dont have public facing MX records pointing to it in DNS. Therefore I am not an obvious Mailserver open to t'internet and as such I dont get so many spambots targetting me. I have proven that if I make an MX record to p...
by palinka
2019-06-20 13:08
Forum: User contributed hMailServer 5 scripts
Topic: Script to block or allow country connections
Replies: 46
Views: 8553

Re: Script to block or allow country connections

Dont need to. Banning at delivery request is sufficient for the amount I get. And I dont want to just fill the Firewall block list with non-expiring ip addresses .  5012 "2019-06-14 00:00:04.219" "status:200--sm587 162.243.144.193 US United States" 1568 "2019-06-14 06:56:41.173" "status:200--IMAP...
by palinka
2019-06-20 12:51
Forum: General discussions
Topic: How to upgrade to TLS protocol
Replies: 6
Views: 125

Re: How to upgrade to TLS protocol

Simply have something safer during exchanges Mail exchange between MTAs may or may not be encrypted and could start out encrypted and pass through a server in a non encrypted manner. In any case, the message necessarily must be decrypted each time it changes hands. Encryption between MTAs only prot...
by palinka
2019-06-20 12:41
Forum: General discussions
Topic: SPF record
Replies: 1
Views: 41

Re: SPF record

by palinka
2019-06-20 12:29
Forum: User contributed hMailServer 5 scripts
Topic: Script to block or allow country connections
Replies: 46
Views: 8553

Re: Script to block or allow country connections

FYI, mine is set like this: Sub OnClientConnect(oClient) If Lookup("127\.0\.0\.1|192\.168\." , oClient.ipaddress) = False then If (oClient.Port = 25) Then call wait(20) ' Create a 20 second pause on connection to disuade spam connections Call GeoAutoban(oClient) ' <<--- separate function for only w...
by palinka
2019-06-20 12:09
Forum: Scripting
Topic: Firewall Ban
Replies: 20
Views: 485

Re: Firewall Ban

More website changes. Demo here: http://hmsfirewallbandemo.ddns.net/ Tweaks to the stats page and I deleted the ID column because its not particularly necessary and I wanted to make room for the mobile view, which now fits nicely in mobile screens (portrait viewport). At this point, unless someone p...
by palinka
2019-06-20 10:52
Forum: User contributed hMailServer 5 scripts
Topic: Script to block or allow country connections
Replies: 46
Views: 8553

Re: Script to block or allow country connections

Are you using the latest vbsjson.vbs? https://github.com/wqweto/VbsJson/blob/506ef00c544153366017fe509dd033618118e601/VbsJson.vbs Is this a valid path? It's not the default events folder location. "C:\hMailServer\Events\VbsJson.vbs" Try moving this line: Include("C:\hMailServer\Events\VbsJson.vbs") ...
by palinka
2019-06-19 23:17
Forum: General discussions
Topic: hmailserver potential
Replies: 1
Views: 54

Re: hmailserver potential

Install horde webmail and get your exchange functionality back. :mrgreen:
by palinka
2019-06-19 23:08
Forum: Scripting
Topic: Firewall Ban
Replies: 20
Views: 485

Re: Firewall Ban

More website changes.

Demo here: http://hmsfirewallbandemo.ddns.net/
by palinka
2019-06-19 18:23
Forum: General discussions
Topic: GeoLite2 MMDB
Replies: 2
Views: 55

Re: GeoLite2 MMDB

by palinka
2019-06-19 17:52
Forum: Scripting
Topic: Firewall Ban
Replies: 20
Views: 485

Re: Firewall Ban

Website changes: http://hmsfirewallbandemo.ddns.net/

Minor tweaking to powershell script.
by palinka
2019-06-19 01:57
Forum: General discussions
Topic: SPAM - SCAM - PSHING - HMAIL SERVER !!!NEED HELP!
Replies: 24
Views: 600

Re: SPAM - SCAM - PSHING - HMAIL SERVER !!!NEED HELP!

mattg wrote:
2019-06-19 01:28
RyuzDev wrote:
2019-06-18 23:22
if I know my interest in all this is how to avoid it
Have you made the changes we suggested?

If so run the diagnostics again, and post the NEW results
I didn't see your post above. Much more logical. The dude should abide.
by palinka
2019-06-19 01:49
Forum: Scripting
Topic: Firewall Ban
Replies: 20
Views: 485

Re: Firewall Ban

OK! Everything has been running smoothly with adding and deleting firewall rules, so I'm putting this project to bed. As far as I'm concerned it works perfectly. Of course, there may some objections to that to which I welcome constructive criticism. :mrgreen: Demo: http://hmsfirewallbandemo.ddns.net...
by palinka
2019-06-18 21:47
Forum: General discussions
Topic: SPAM - SCAM - PSHING - HMAIL SERVER !!!NEED HELP!
Replies: 24
Views: 600

Re: SPAM - SCAM - PSHING - HMAIL SERVER !!!NEED HELP!

Require SMTP AUTH for local to local on the internet IP range Activating this function will prevent this from happening to me? >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> the hacker's login log or spam "TCPIP" 6656 "2019-06-15 19:28:02.983" "TCP - 81.0.33.45 connected to 192.168.1.254...
by palinka
2019-06-18 17:36
Forum: Scripting
Topic: Firewall Ban
Replies: 20
Views: 485

Re: Firewall Ban

I realized that the simple way I was deleting rules would not work well because there was no mechanism to try to delete ONLY not-already-deleted firewall rules. So I added a new column "flag" to the db which will be NULL or have an integer value. I assigned "1" to signify that the IP has already bee...
by palinka
2019-06-17 21:58
Forum: Scripting
Topic: Firewall Ban
Replies: 20
Views: 485

Re: Firewall Ban

Added stats page to the website with top 5 spammer countries and top 5 spammer IPs. :mrgreen: Created a demo here: http://hmsfirewallbandemo.ddns.net/ The data is only from today. This morning I wiped the db while fixing the issue I had with creating firewall rule entries. Its been going strong sinc...
by palinka
2019-06-17 19:43
Forum: General discussions
Topic: How to stop scammer faking from email address?
Replies: 14
Views: 237

Re: How to stop scammer faking from email address?

I do know how to use SpamAssassin. Then obviously you would know that about a dozen items would be scored in this message. I bolded only the ones that caught my eye. Obviously, you haven't provided the full message either. ----- From - Mon Jun 17 08:26:47 2019 X-Account-Key: account1 X-UIDL: 79841 ...
by palinka
2019-06-17 18:24
Forum: General discussions
Topic: How to stop scammer faking from email address?
Replies: 14
Views: 237

Re: How to stop scammer faking from email address?

And SpamAssassin ... You simply cannot install it fast enough! I do not see what speed of SpamAssassin installation has to do with all this. I expected from You to elaborate your suggestion that I should use it to resolve this issue. You are just repeating claim that I have to use SpamAssassin but ...
by palinka
2019-06-17 17:13
Forum: Scripting
Topic: Firewall Ban
Replies: 20
Views: 485

Re: Firewall Ban

Had a bug in the powershell script which due to improperly formatted IP addresses, did not add all addresses. I fixed that by adding: $IPAddress -replace $regex, '$1' which replaces the text file LINE with the match result from the regex. There must have been spaces at the end of the line or someth...
by palinka
2019-06-17 16:10
Forum: Scripting
Topic: Firewall Ban
Replies: 20
Views: 485

Re: Firewall Ban

A word of advice... Move the Include statement to the FWban function like this: Function FWBan(sIPAddress, sReason) Include("C:\Program Files (x86)\hMailServer\Events\VbsJson.vbs") Dim ReturnCode, Json, oGeoip, oXML We have seen errors (*) previously when executing the "Include" in the root of the ...
by palinka
2019-06-17 15:19
Forum: Scripting
Topic: Firewall Ban
Replies: 20
Views: 485

Re: Firewall Ban

A word of advice... Move the Include statement to the FWban function like this: Function FWBan(sIPAddress, sReason) Include("C:\Program Files (x86)\hMailServer\Events\VbsJson.vbs") Dim ReturnCode, Json, oGeoip, oXML We have seen errors (*) previously when executing the "Include" in the root of the ...
by palinka
2019-06-17 12:33
Forum: Scripting
Topic: Firewall Ban
Replies: 20
Views: 485

Re: Firewall Ban

Had a bug in the powershell script which due to improperly formatted IP addresses, did not add all addresses. I fixed that by adding: $IPAddress -replace $regex, '$1' which replaces the text file LINE with the match result from the regex. There must have been spaces at the end of the line or somethi...
by palinka
2019-06-16 20:38
Forum: Scripting
Topic: Firewall Ban
Replies: 20
Views: 485

Re: Firewall Ban

Web version 0.003 with geoip lookup links on IP addresses. :mrgreen:
by palinka
2019-06-16 17:02
Forum: Scripting
Topic: Firewall Ban
Replies: 20
Views: 485

Re: Firewall Ban

Fixed up the website part, which is attached. Can sort and search.
by palinka
2019-06-16 02:41
Forum: General discussions
Topic: SPAM - SCAM - PSHING - HMAIL SERVER !!!NEED HELP!
Replies: 24
Views: 600

Re: SPAM - SCAM - PSHING - HMAIL SERVER !!!NEED HELP!

mattg wrote:
2019-06-16 01:22
(Lets be honest, if you have an account called test, the password is also going to be test)
NO!!!!! It's "password". :mrgreen:
by palinka
2019-06-15 21:41
Forum: Scripting
Topic: Firewall Ban
Replies: 20
Views: 485

Re: Firewall Ban

Its working nicely so far. I made a couple of improvements. Also, I knew I was missing something from Eventhandlers.vbs in the post above. Like I said, I pieced together some of Soren's stuff which I had in my Eventhandlers.vbs but due to my inexperience, overlooked a couple of important things that...
by palinka
2019-06-14 18:22
Forum: Scripting
Topic: Firewall Ban
Replies: 20
Views: 485

Firewall Ban

I'm giving a run at a simple firewall ban script. 1) create table on hmailserver: hm_fwban 2) trigger records IP and reason to db 3) powershell script run by task scheduler 1) checks new IPs on db and adds each IP as a rule to windows firewall, and 2) checks db for IP entries older than __ days and ...
by palinka
2019-06-13 13:21
Forum: General discussions
Topic: my ip is getting auto ban several times in a day
Replies: 15
Views: 366

Re: my ip is getting auto ban several times in a day

Did you check your logs for outside IPs?
by palinka
2019-06-13 13:08
Forum: General discussions
Topic: my ip is getting auto ban several times in a day
Replies: 15
Views: 366

Re: my ip is getting auto ban several times in a day

Looks good. But seeing the wan ip there is very strange. Can you look in your logs to see if ANY outside IP has ever contacted you? Or is it strictly your WAN IP and localhost? Are you in a DMZ?
by palinka
2019-06-13 12:14
Forum: General discussions
Topic: my ip is getting auto ban several times in a day
Replies: 15
Views: 366

Re: my ip is getting auto ban several times in a day

My WAN IP get banned Users get banned. Create an IP range for your wan ip and set it to 25 (higher than autoban 20). The next time someone starts trying to guess user/pass, that user - nonexistent or otherwise - will get banned without affecting any other operations. Also, as Matt said, change your...
by palinka
2019-06-13 02:57
Forum: General discussions
Topic: my ip is getting auto ban several times in a day
Replies: 15
Views: 366

Re: my ip is getting auto ban several times in a day

You said earlier 'and for the past days my ip address is getting auto -ban each day' That doesn't appear to be the case when your screen shot was taken. There are no autobans then. When you get an autoban, what IP address is it for? is it YOUR ip address What is the IP address getting banned? WAN I...
by palinka
2019-06-13 01:05
Forum: Scripting
Topic: How to debug scripts?
Replies: 21
Views: 449

Re: How to debug scripts?

Glad it worked for you :-) I've been off-line all day due to a ligntening storm this morning. My DSL box got fried and aparently also the port it was connected to in my Cisco switch. Went to the ISP to get a new but they were fresh out so had to accept a later model second-hand box. Turns out probl...