Search found 39 matches

by Jorgo
2024-01-06 17:53
Forum: General discussions
Topic: SMTP Smuggling vulnerability
Replies: 32
Views: 3530

Re: SMTP Smuggling vulnerability

On the positive side, AI has no fragile ego and is never passive-aggressive while trying to help and educate.
by Jorgo
2024-01-06 13:48
Forum: General discussions
Topic: SMTP Smuggling vulnerability
Replies: 32
Views: 3530

Re: SMTP Smuggling vulnerability

That kind of comment never seems to get old... :roll: Here's what ChatGPT has to say: The `BDAT` command is an extension to the SMTP protocol³. It's not a part of the core SMTP commands, and it may not be supported by all SMTP servers. In Python's `smtplib`, there isn't a specific method for `BDAT`....
by Jorgo
2024-01-06 13:28
Forum: General discussions
Topic: SMTP Smuggling vulnerability
Replies: 32
Views: 3530

Re: SMTP Smuggling vulnerability

I've skimmed through the article at https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ and this caught my eye: Still, it wasn't possible to smuggle to the same receivers (e.g., Fastmail) as with GMX. Reason for this is Outlook.com's usage of the optional BDAT SMTP command...
by Jorgo
2024-01-02 03:43
Forum: General discussions
Topic: SMTP Smuggling vulnerability
Replies: 32
Views: 3530

Re: SMTP Smuggling vulnerability

I wouldn't know, you tell me... it seems to be protocoll related, not software related.
by Jorgo
2023-09-12 02:12
Forum: Scripting
Topic: Blocking Country Script
Replies: 4
Views: 3270

Re: Blocking Country Script

Nevermind, I got it to work after registering via ComponentServices, cf. https://web.archive.org/web/20130430123 ... _64bit.pdf
by Jorgo
2023-09-12 01:33
Forum: Scripting
Topic: Blocking Country Script
Replies: 4
Views: 3270

Re: Blocking Country Script

Inspired by this thread I've also implemented this script. After following the setup instructions and having copied the geoip.dat file and registered the required GeoIpComEx.dll in WINDOWS/SYSWOW64 I still get this error: "ERROR" 5204 "2023-09-12 01:27:00.699" "Script Error: Source: Microsoft VBScri...
by Jorgo
2023-08-16 00:26
Forum: General discussions
Topic: 2 into 1
Replies: 2
Views: 2155

Re: 2 into 1

I took backups from both installations, then merged the two .xml files manually and restored both data backups with the resulting file. It was a bit trial and error since notepad++ was not good at finding duplicate lines from my extensive blocked IP ranges. It would be nice if the integrated backup ...
by Jorgo
2023-04-23 22:20
Forum: General discussions
Topic: 2 into 1
Replies: 2
Views: 2155

2 into 1

Hi folks, I'm running instances of HMS 5.8 (same version) in two different locations/computers for different domains. I would like to consolidate those two instances on a single computer/location. Is that possible, maybe with a kind of import/export process? If not, how would I go about it manually?...
by Jorgo
2022-12-18 17:35
Forum: User-submitted tutorials
Topic: Hardening hMailServer - The ongoing saga!
Replies: 158
Views: 189874

Re: Hardening hMailServer - The ongoing saga!

Alright, does anyone spot syntax errors or call nonsense? Function GeoLookup(strIP) : GeoLookup = "zz" Dim a, element, group, strLookup a = Split(strIP, ".") With CreateObject("DNSLibrary.DNSResolver") strLookup = .TXT(a(3) & "." & a(2) & "." & a(1) & "." & a(0) & ".country.junkemailfilter.com") End...
by Jorgo
2022-12-18 16:28
Forum: User-submitted tutorials
Topic: Hardening hMailServer - The ongoing saga!
Replies: 158
Views: 189874

Re: Hardening hMailServer - The ongoing saga!

OK, I've got logging working, same as @udgesbou above. Now I would like to immediately disconnect any country not in my whitelist. In his script I see '****************************************************************************************************************************** '********** hMailServ...
by Jorgo
2022-12-18 00:56
Forum: User-submitted tutorials
Topic: Hardening hMailServer - The ongoing saga!
Replies: 158
Views: 189874

Re: Hardening hMailServer - The ongoing saga!

Thanks, you seem to be on top of it. Although I'm running MySQL in MariaDB flavour, the thread you referenced unfortunately is very long, still seems to be ongoing and I can't make out which post contains the complete final script. Probably should be in .sql format so it could be imported into the d...
by Jorgo
2022-12-17 23:26
Forum: User-submitted tutorials
Topic: Hardening hMailServer - The ongoing saga!
Replies: 158
Views: 189874

Re: Hardening hMailServer - The ongoing saga!

The inbuilt DNS blacklist thing is really great, though, as it let's you use finegrained reactions via scoring. Too bad country.junkemailfilter.com can't be used with that directly! Edit: Hang on, hang on... I feel a tingle in my toes... Is this supposed to work? https://imgur.com/a/siuEk9s https://...
by Jorgo
2022-12-17 23:11
Forum: User-submitted tutorials
Topic: Hardening hMailServer - The ongoing saga!
Replies: 158
Views: 189874

Re: Hardening hMailServer - The ongoing saga!

Too sad about countries.nerd.dk, but there seems to be an alternative for country blocking with country.junkemailfilter.com Unfortunately, I am not as sophisticated as many here so I have to take little baby steps in how I change my setup. I'm gathering that I cannot simply swap out my country-based...
by Jorgo
2022-12-17 22:05
Forum: General discussions
Topic: Nerd.dk or is it me?
Replies: 1
Views: 514

Nerd.dk or is it me?

Hi guys, lately I'm getting tons of errors when querying the countries.nerd.dk database like so "TCPIP" 4164 "2022-12-17 20:16:31.113" "DNS - Query failure. Query: 21.48.92.40.hr.countries.nerd.dk, Type: 1, DnsQuery return value: 9002." "TCPIP" 4204 "2022-12-17 20:16:31.675" "DNS - Query failure. Qu...
by Jorgo
2020-05-31 19:01
Forum: Development & alpha discussions
Topic: hMailServer 5.7
Replies: 171
Views: 408244

Re: hMailServer 5.7

Never mind, found the new artifacts hidden under actions but they weren't downloadable because I wasn't logged in.... :lol:
by Jorgo
2020-05-31 18:42
Forum: Development & alpha discussions
Topic: hMailServer 5.7
Replies: 171
Views: 408244

Re: hMailServer 5.7

Is there a way to get compiled versions, like the "artifacts" before?
by Jorgo
2020-05-06 18:33
Forum: General discussions
Topic: S/MIME - message has been tampered with
Replies: 1
Views: 1782

S/MIME - message has been tampered with

Hi all, I have a problem that is slowly driving me mad. I've sucessfully installed a S/MIME certificate for my email address. But testing by sending a signed mail always fails as the recipient software shows "Invalid signature - message has been tampered with" (content has been altered after sending...
by Jorgo
2020-04-08 10:30
Forum: General discussions
Topic: Rule-based rejection
Replies: 11
Views: 6732

Re: Rule-based rejection

Yes and yes. However, it sounds like you'd be better off using spamassassin. Rules for catching spam are difficult to create and maintain because spam is constantly evolving. Spamassassin is effectively a giant set of rules that is constantly updated by a community. They take 99% of the work away f...
by Jorgo
2020-04-07 20:27
Forum: General discussions
Topic: Rule-based rejection
Replies: 11
Views: 6732

Re: Rule-based rejection

Kendo wrote: ↑
2020-04-07 19:23
I even hired an ASP coder to look into it but he has wandered astray.
ROFL!!!
by Jorgo
2020-04-07 11:43
Forum: General discussions
Topic: Rule-based rejection
Replies: 11
Views: 6732

Rule-based rejection

Attn, possible noob questions... sorry in advance! I would like to use hmailserver rules to reject spam messages. The rule action that is of interest to me in this context is "run function". Now, we've already established events based rejection and I have some nice subs defined in EventHandlers.vbs....
by Jorgo
2020-02-07 00:06
Forum: Scripting
Topic: Block attack based on Greeting not having effect
Replies: 28
Views: 18766

Re: Block attack based on Greeting not having effect

Got another idea... would I be correct in assuming that any valid greeting needs to have a period somewhere?
If so, is there a REGEX that matches a string with a period explicitly missing?

Hm... probably this one
^[^.]*$
including empty string
by Jorgo
2020-01-18 22:08
Forum: Scripting
Topic: Block attack based on Greeting not having effect
Replies: 28
Views: 18766

Re: Block attack based on Greeting not having effect

Thanks guys! Of course, having no clue I assumed that the brackets were added by the server software to show the greeting enclosed within.
by Jorgo
2020-01-18 19:12
Forum: Scripting
Topic: Block attack based on Greeting not having effect
Replies: 28
Views: 18766

Re: Block attack based on Greeting not having effect

Today I've seen this:

Code: Select all

"SMTPD"	4420	119	"2020-01-18 15:39:30.541"	"223.71.167.164"	"RECEIVED: EHLO []"
How would I add an empty EHLO to the regEx String?
by Jorgo
2020-01-06 11:51
Forum: Scripting
Topic: Block attack based on Greeting not having effect
Replies: 28
Views: 18766

Re: Block attack based on Greeting not having effect

I just found out that blocking 127.0.0.1 in HELO is not a good idea, since my own smartphone software (K9-Mail) uses this greeting...
by Jorgo
2019-12-30 02:58
Forum: Scripting
Topic: Block attack based on Greeting not having effect
Replies: 28
Views: 18766

Re: Block attack based on Greeting not having effect

@SorenR Could the code you posted be changed to ban the whole subnet of a presumed spammer/attacker? Right now it only bans the specific IP adress but I've seen some instances where the same thing repeats from another adress in the same /24 subnet. Expanding the ban to the whole /24 subnet as a pree...
by Jorgo
2019-12-28 02:02
Forum: Scripting
Topic: Block attack based on Greeting not having effect
Replies: 28
Views: 18766

Re: Block attack based on Greeting not having effect

I never really expected it would be that hard to understand when I made these functions... You are the first! I come from a completely different discipline than mathematics, I'm much better at interpreting the law than programming code. Here I learn best from examples and I am very grateful for you...
by Jorgo
2019-12-27 19:04
Forum: Scripting
Topic: Block attack based on Greeting not having effect
Replies: 28
Views: 18766

Re: Block attack based on Greeting not having effect

I changed that one line to EventLog.Write(oClient.HELO & vbTab & oClient.IPAddress & vbTab & oClient.Port) Still no ban, and no errors are written to the log. The Attacker tries every 6 minutes so I have lots of tries to test :-) So, do I have to insert actual values here .ExpiresTime = DateAdd(sTyp...
by Jorgo
2019-12-27 18:29
Forum: Scripting
Topic: Block attack based on Greeting not having effect
Replies: 28
Views: 18766

Block attack based on Greeting not having effect

First of all, please bear with me as I am practically a noob when it comes to programming. That said, I have tried a script which is supposed to auto ban attackers when they use weird identification in their HELO/EHLO but it seems to have no effect (no ban is resulting). This is the script (substitu...
by Jorgo
2018-07-03 18:50
Forum: Scripting
Topic: freegeoip.net Service terminated, please help with script
Replies: 4
Views: 5096

Re: freegeoip.net Service terminated, please help with script

Thanks for all the suggestions, I'll look into all of them!
by Jorgo
2018-07-02 14:04
Forum: Scripting
Topic: freegeoip.net Service terminated, please help with script
Replies: 4
Views: 5096

freegeoip.net Service terminated, please help with script

SORRY, POSTED IN THE WRONG SECTION; PLEASE MOVE ONE LEVEL UP You can read about it HERE . The new provider now requires you to register a (free) API key. That also means, existing GeoIP scripts will need to be adapted. I hope you can help me out with this. Currently, my script looks like this (with ...
by Jorgo
2018-05-22 19:30
Forum: General discussions
Topic: Getting rid of error
Replies: 3
Views: 2817

Re: Getting rid of error

Got it, fixed. Thanks!
by Jorgo
2018-05-22 18:54
Forum: General discussions
Topic: Getting rid of error
Replies: 3
Views: 2817

Re: Getting rid of error

I looked in the db and there is no such message that would match the given keys
11, 31, 7010, '2018-04-20 21:58:28'

So if hmailserver is still trying to enter this message into the db, where would it be so I can delete it? TEMP is empty.
by Jorgo
2018-05-22 18:09
Forum: General discussions
Topic: Getting rid of error
Replies: 3
Views: 2817

Getting rid of error

HMailServer 5.6.8-B2431 MariaDB 10.2.15 Please help me get rid of this error which is logged once every day: "ERROR" 764 "2018-05-21 00:16:00.408" "Severity: 2 (High), Code: HM5032, Source: DALConnection::Execute, Description: MySQL: Incorrect string value: '\xF0\x9F\x8D\x94 <...' for column 'metada...
by Jorgo
2018-03-02 00:25
Forum: General discussions
Topic: Help with reply rule
Replies: 5
Views: 3242

Re: Help with reply rule

Yeah, that link content is not quite what I need, but thanks . In my domains I use few true accounts and lots of aliases. Some events like incoming faxes trigger notification messages that are sent out via an easy-to-understandable alias (fax@...). However, that triggers an autoresponse from the rea...
by Jorgo
2018-03-02 00:18
Forum: General discussions
Topic: Help with reply rule
Replies: 5
Views: 3242

Re: Help with reply rule

Thanks for looking into this. I always thought
OR = works alternatively
AND = works cummulatively

Is that wrong? An E-Mail will always only come from one of those domains. Will have a look at your link now.
by Jorgo
2018-03-01 17:54
Forum: General discussions
Topic: Help with reply rule
Replies: 5
Views: 3242

Help with reply rule

Instead of Auto-reply per account I would like to use a rule with reply action. This way I hope to avoid replies to my own domain e-mail users (and especially aliases). However, after I've set up the rule those domains are still being replied to. Maybe you can point out my error: Name: Auto-Reply En...
by Jorgo
2018-02-23 14:05
Forum: User contributed hMailServer 5 scripts
Topic: Country blacklisting in hMailserver 5
Replies: 9
Views: 13862

Re: Country blacklisting in hMailserver 5

Sorry for necroing this thread. I just wanted to say that Geobytes returns massively wrong results. I have only noticed this because some clients complained that their mails don't go through. All the rejected IPs belong to Germany, but Geobytes locates them in IR, HR, AE, RU ... all over the world r...