Search found 1105 matches

by RvdH
2020-05-04 12:03
Forum: General discussions
Topic: hMailserver hacked?
Replies: 17
Views: 2183

Re: hMailserver hacked?

The log you posted here says the (offending) sending ip is 5.167.54.*** or you just pasted some log, but not the log i asked for
by RvdH
2020-05-04 11:27
Forum: General discussions
Topic: hMailserver hacked?
Replies: 17
Views: 2183

Re: hMailserver hacked?

Last attack was form ip 64.227.10.70 (I found this ip in .eml files). May be, anyone mask ip-address? May be anyone use ip rnage 127.0.0.1? I doubt that, probably you have a malware infection somewhere sending out spam using the 5.167.54.*** IP Range In the 5.167.54.*** IP Range, under Require Auth...
by RvdH
2020-05-04 10:54
Forum: General discussions
Topic: SMTP authentication
Replies: 8
Views: 1210

Re: SMTP authentication

PeterChan wrote:
2020-05-04 10:27
535 Authentication failed. Restarting authentication process
I am using correctly the user account with the password.
Apparently you do not :shock:
by RvdH
2020-05-04 10:04
Forum: General discussions
Topic: hMailserver hacked?
Replies: 17
Views: 2183

Re: hMailserver hacked?

5.167.54.*** is you? (mail.soft-corp.ru) I think you should require SMTP authentication for local to external on IP Range 5.167.54.*** immediately (if you have this ip configured as IP range) Anything on mail.soft-corp.ru (5.167.54.***) now can send mail unauthenticated, so if you have system with m...
by RvdH
2020-05-04 09:36
Forum: General discussions
Topic: hMailserver hacked?
Replies: 17
Views: 2183

Re: hMailserver hacked?

jimimaseye wrote:
2020-05-04 09:32
RvdH wrote:
2020-05-04 09:27
[*] run this and post the results: https://www.hmailserver.com/forum/viewt ... 20&t=30914
(I'm not sure the script will work completely with his hideously old version. This should be interesting.)
lol, fingers crossed :mrgreen:
by RvdH
2020-05-04 09:27
Forum: General discussions
Topic: hMailserver hacked?
Replies: 17
Views: 2183

Re: hMailserver hacked?

  1. Can you post a piece of the SMTPD logfile were the attacker sends the mail(s)?
  2. run this and post the results: https://www.hmailserver.com/forum/viewt ... 20&t=30914
by RvdH
2020-05-03 18:18
Forum: General discussions
Topic: Issue to certificate file and private key file
Replies: 2
Views: 602

Re: Issue to certificate file and private key file

What do you expect to get as a answer? The reason is shown in the error message isn't?
by RvdH
2020-05-03 10:53
Forum: General discussions
Topic: DKIM on reply from rule
Replies: 18
Views: 2794

Re: DKIM on reply from rule

Yep. Rule in user@domain.com. reply rule sending as that same user@domain.com. regular auto reply is signed. No issue here, you did overwrite the files in /Bin with the *.7z package after installation of the latest 5.8.x build??? What does the version read in hMailServer Administrator? The fact the...
by RvdH
2020-05-02 21:31
Forum: General discussions
Topic: DKIM on reply from rule
Replies: 18
Views: 2794

Re: DKIM on reply from rule

No nothing special to configure, please note that only messages form local address to external address are DKIM signed
I guess you are testing from local to another local address? And this is a account-rule, right? On a global-rule it won't work (no account-id accessible in that circumstance)
by RvdH
2020-05-02 00:24
Forum: General discussions
Topic: DKIM on reply from rule
Replies: 18
Views: 2794

Re: DKIM on reply from rule

Basically it is as stable as all other 5.6.8 builds... 5.6.8-B2505 is nothing more then the most recent OpenSSL update only with the above list of fixes and tweaks incorporated of with no known issues, quite a few here are using those custom builds without complains
by RvdH
2020-05-02 00:07
Forum: General discussions
Topic: DKIM on reply from rule
Replies: 18
Views: 2794

Re: DKIM on reply from rule

Or use my custom 5.6.x build provided till that time? Latest is 5.6.8-B2505.26 Just install the latest production and/or beta version from the URL below, then copy and overwrite files in this archive in hmailserver '/bin' directory https://build.hmailserver.com/viewLog.html?buildId=810&buildTypeId=H...
by RvdH
2020-05-01 21:49
Forum: General discussions
Topic: DKIM on reply from rule
Replies: 18
Views: 2794

Re: DKIM on reply from rule

No, none of these are in any of the official 5.6.x builds, but most of the changes from my custom build made it to the latest 5.7.0 version, although it is advised to not use in production just yet
by RvdH
2020-05-01 10:06
Forum: General discussions
Topic: suddenly stops downloading external mails
Replies: 12
Views: 1470

Re: suddenly stops downloading external mails

And what happens if you disable SSL? Or does yahoo require SSL for POP3 fetching?

Windows XP :shock: :roll:
You are using an ancient Windows OS and a antique hmailserver Version 5.4 - Build 1931 (2011-08-21) as well....never considered upgrading?
by RvdH
2020-04-29 14:46
Forum: General discussions
Topic: Change oder Update From
Replies: 6
Views: 969

Re: Change oder Update From

What are we talking about? The Envelope From or the Message From?

Hint :!:

Code: Select all

Sub OnAcceptMessage(oClient, oMessage)
	if Len(oMessage.FromAddress)=0 Then
		oMessage.FromAddress = "new@example.com"
		oMessage.From = "<new@example.com>"
		oMessage.save
	end if
End Sub
by RvdH
2020-04-29 14:17
Forum: General discussions
Topic: Change oder Update From
Replies: 6
Views: 969

Re: Change oder Update From

Why you would like to do something like that?
by RvdH
2020-04-28 21:01
Forum: General discussions
Topic: How to characterize redirected message as forwarded
Replies: 6
Views: 1015

Re: How to characterize redirected message as forwarded

Maybe you should try it first? RewriteEnvelopeFromWhenForwarding=1 only changes the From Header, 'the From Address stays the same so sending a reply wouldn't be a issue
by RvdH
2020-04-28 19:34
Forum: General discussions
Topic: How to characterize redirected message as forwarded
Replies: 6
Views: 1015

Re: How to characterize redirected message as forwarded

I think setting RewriteEnvelopeFromWhenForwarding=1 in hMailServer.ini wil help you here (in most circumstances...if the sender has DMARC and reject policy set this won't work is my experience)
Additional SPF, DKIM signing and DMARC on the internal domain could help you to get it through to AOL
by RvdH
2020-04-27 16:21
Forum: General discussions
Topic: Spambot pumping out emails blocking my server's IP
Replies: 11
Views: 1394

Re: Spambot pumping out emails blocking my server's IP

Was the spammer using the authenticated accounts (From) e-mailadres?
If not, you might try one of those scripts to limit the spammers ability to use a account other then the authenticated account/domain
by RvdH
2020-04-27 16:03
Forum: General discussions
Topic: Spambot pumping out emails blocking my server's IP
Replies: 11
Views: 1394

Re: Spambot pumping out emails blocking my server's IP

Simply change the accounts password, and they will contact you😉

If you disable the account you won't be able to receive mail for that account too, so that's not desirable, might result in missing mails
by RvdH
2020-04-27 14:10
Forum: General discussions
Topic: Is HmailServer for the likes of me?
Replies: 127
Views: 20461

Re: Is HmailServer for the likes of me?

Well i guess it is safe to say, HmailServer is not for the likes of you... :mrgreen:
by RvdH
2020-04-27 09:55
Forum: General discussions
Topic: only encrypted mails for 1 domain
Replies: 2
Views: 753

Re: only encrypted mails for 1 domain

Set your dns records to the name of the certificate for the other domains Domain1.com >> MX record = mail.certificate.com Domain2.com >> MX record = mail.certificate.com certifciate.com >> MX record = mail.certificate.com That is exactly what all gmail and office365 hosted domains do +1 Additionaly...
by RvdH
2020-04-25 20:40
Forum: Development & alpha discussions
Topic: 5.7 X-hMailServer-Reason-Score
Replies: 2
Views: 1071

Re: 5.7 X-hMailServer-Reason-Score

Seems intentional, and it's not a big deal...i just didn't notice until today 5.6.x https://github.com/hmailserver/hmailserver/blob/5.6.8/hmailserver/source/Server/SMTP/SMTPConnection.cpp#L1124 5.7.x https://github.com/hmailserver/hmailserver/blob/master/hmailserver/source/Server/SMTP/SMTPConnection...
by RvdH
2020-04-25 19:30
Forum: Development & alpha discussions
Topic: 5.7 X-hMailServer-Reason-Score
Replies: 2
Views: 1071

5.7 X-hMailServer-Reason-Score

On the latest 5.7 build, but might also be the case earlier on all outgoing mail (authenticated) the X-hMailServer-Reason-Score: 0 header is added, i was under the impression outgoing & authenticated send messages were not checked for spam, right? Or does 5.7 do outgoing spam checking? Anyone can co...
by RvdH
2020-04-25 19:00
Forum: General discussions
Topic: DKIM Signing just not happening.
Replies: 11
Views: 1347

Re: DKIM Signing just not happening.

Does the file c:\program files (x86)\hmailserver\data\ntillc.tk\dkim.ntillc.tk.pem exist? You also seem to be signing it with dkim.ntillc.tk.pem, that doesn't look like to be the private key verify the dkim.ntillc.tk.pem has not -----BEGIN PUBLIC KEY----- ... -----END PUBLIC KEY----- But uses -----B...
by RvdH
2020-04-25 18:49
Forum: General discussions
Topic: DKIM Signing just not happening.
Replies: 11
Views: 1347

Re: DKIM Signing just not happening.

Does it matter since my username to sign in is mail.ntillc.tk? Not exactly know what you mean with that .... mail.ntillc.tk is the MX record (and A-record) to connect to the server, tw***en@ntillc.tk is the address/domain you are mailing from, not tw***en@mail.ntillc.tk and as said, if you really n...
by RvdH
2020-04-25 18:39
Forum: General discussions
Topic: DKIM Signing just not happening.
Replies: 11
Views: 1347

Re: DKIM Signing just not happening.

mmmm.... the hmailserver admin GUI says your domain is mail.ntillc.tk not ntillc.tk You have ntillc.tk listed as domain alias, but a alias is not DKIM signed Simply use ntillc.tk as domain, dump the mail.* alias..... or if you really need it for some weird reason, create a separate domain mail.ntill...
by RvdH
2020-04-25 18:25
Forum: General discussions
Topic: DKIM Signing just not happening.
Replies: 11
Views: 1347

Re: DKIM Signing just not happening.

Signing is triggered right after OnDeliverMessage "DEBUG" 6784 "2020-04-25 18:11:22.937" "Executing event OnDeliverMessage" "DEBUG" 6784 "2020-04-25 18:11:23.015" "Event completed" "DEBUG" 6784 "2020-04-25 18:11:23.015" "Performing local delivery" "DEBUG" 6784 "2020-04-25 18:11:23.015" "Local delive...
by RvdH
2020-04-25 18:07
Forum: General discussions
Topic: DKIM Signing just not happening.
Replies: 11
Views: 1347

Re: DKIM Signing just not happening.

You need to enable DEBUG logging, then send a message to a external account to verify DKIM signing worked

https://www.sparkpost.com/email-tools/a ... n-checker/
by RvdH
2020-04-22 19:08
Forum: General discussions
Topic: OpenSSL Bug
Replies: 10
Views: 2116

Re: OpenSSL Bug

SorenR wrote:
2020-04-22 18:48
@RvdH & @Dravion
LOL :mrgreen:
Maybe you are right, this lockdown is taking far to long and it might start to act on my nerves (a little bit...i hope :) )
by RvdH
2020-04-22 17:57
Forum: General discussions
Topic: OpenSSL Bug
Replies: 10
Views: 2116

Re: OpenSSL Bug

@Kelden

Martin has published build using the new openssl 1.1.1g, to be sure openssl libraries are build the proper way, get it here: https://build.hmailserver.com, login as guest and look under artifacts
by RvdH
2020-04-22 17:37
Forum: General discussions
Topic: OpenSSL Bug
Replies: 10
Views: 2116

Re: OpenSSL Bug

https://www.openssl.org/news/changelog.html#openssl-111 Exactly what i meant, you might at least read before you post something.... Something you should do yourself. Ints in the CHANGES file if you download it, as mentioned on the OpenSSL Website. Changes between 1.1.1f and 1.1.1g [21 Apr 2020] *) ...
by RvdH
2020-04-22 15:01
Forum: General discussions
Topic: OpenSSL Bug
Replies: 10
Views: 2116

Re: OpenSSL Bug

Exactly what i meant, you might at least read before you post something.... where the changes from 1.1.1e > 1.1.1f and 1.1.1f to 1.1.1g?
by RvdH
2020-04-22 13:35
Forum: General discussions
Topic: OpenSSL Bug
Replies: 10
Views: 2116

Re: OpenSSL Bug

Apparently the openSSL developers do not update the changelogs anymore, makes you wonder what they are doing.... 17 Mar 2020 1.1.1e , 18 Mar 2020 1.1.1f and now 1.1.1g :shock:
by RvdH
2020-04-18 13:20
Forum: General discussions
Topic: Possible to block Sender Name Using Global Rules?
Replies: 5
Views: 1675

Re: Possible to block Sender Name Using Global Rules?

This will give you help: https://www.hmailserver.com/forum/viewtopic.php?f=21&t=29179 (Section 1 applies) [Entered by mobile. Excuse my spelling.] Hmm, interesting, will study this. Thanks Jimi. :D As you are running SpamAssassin add some additional score using a simple custom rule describe EXAMPE_...
by RvdH
2020-04-16 17:22
Forum: General discussions
Topic: Issue to port
Replies: 7
Views: 2195

Re: Issue to port

PeterChan wrote:
2020-04-16 12:16
Hi,
Thanks. How to configure port 465?
Come on! Really?
https://www.hmailserver.com/documentati ... _tcpipport
by RvdH
2020-04-15 09:39
Forum: General discussions
Topic: Fix my email server setup to stop spammers
Replies: 8
Views: 2198

Re: Fix my email server setup to stop spammers

Amazing to see people still/always mess with the default ip ranges when they start using a mail server :shock: :?: :!:
by RvdH
2020-04-13 09:38
Forum: General discussions
Topic: hMailServer on Windows 2019 and Microsoft Enpoint Protenction (Windows Defender)
Replies: 3
Views: 1310

Re: hMailServer on Windows 2019 and Microsoft Enpoint Protenction (Windows Defender)

Never, ever use realtime scanning on hMailServer's \Data en \Temp directories, exclude them :!: With each mail coming in the message & independent attachments are temporarily places in \Temp to be processed by whatever AV you have configured ClamWin is bad, you could try ClamAV instead (i am not a b...
by RvdH
2020-04-12 12:14
Forum: General discussions
Topic: hMailServer on Windows 2019 and Microsoft Enpoint Protenction (Windows Defender)
Replies: 3
Views: 1310

Re: hMailServer on Windows 2019 and Microsoft Enpoint Protenction (Windows Defender)

Fully active? Elaborate on that please, you mean real time scanning or did you exclude the hMailServer Data en Temp folder? Using standard Defender in Windows Server 2016, i guess? You keep mix up names, the is no Endpoint Protection for Windows Server 2016 which makes it hard to follow what you are...
by RvdH
2020-04-12 11:06
Forum: Off-topic discussions
Topic: Corona Virus
Replies: 188
Views: 45111

Re: Corona Virus

SorenR wrote:
2020-04-11 18:10
92298807_2749181168540665_4978782722961965056_n.jpg
So true :mrgreen:
by RvdH
2020-04-11 11:46
Forum: General discussions
Topic: Invalid CSRF token error when logging in to PHPWebAdmin
Replies: 12
Views: 4056

Re: Invalid CSRF token error when logging in to PHPWebAdmin

Maybe look at the post above yours? Definitively seems a file permission error
by RvdH
2020-04-10 17:27
Forum: General discussions
Topic: Add TLS statement to email
Replies: 11
Views: 3416

Re: Add TLS statement to email

version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256

but nog biggie, SSL3 should be disabled by default nowadays
by RvdH
2020-04-10 16:26
Forum: General discussions
Topic: Add TLS statement to email
Replies: 11
Views: 3416

Re: Add TLS statement to email

SorenR wrote:
2020-04-10 11:45
when you use "headervalue" it is always the last one - the one added by your mailserver...
Unless you loop the headers :!: :?:
I assume he only needs the last received (topmost) header though, so your method works....but i think it will also match SSL3, not only TLS
by RvdH
2020-04-10 00:53
Forum: General discussions
Topic: Add TLS statement to email
Replies: 11
Views: 3416

Re: Add TLS statement to email

What header you gonna check? A message can have multiple Received headers, it can be send true a insecure server to a secure server and then finally thru a insecure server again Here you find a way to loop thru the received headers Few regex you could use, this first only matched TLS1 and TLS1.1 (in...
by RvdH
2020-04-09 09:43
Forum: Off-topic discussions
Topic: Raspberry Pi
Replies: 4
Views: 1931

Re: Raspberry Pi

I run allmost the same PI as Standard Gateway Router and Bind9 DNS-Server with Raspian. Works ok, but i disabled the GUI because its not needed. Admin task on Device can be done via SSH. What benefit will give disabling the GUI, little bit less memory consumption? ClamAV with default signatures wil...
by RvdH
2020-04-08 23:48
Forum: Off-topic discussions
Topic: Raspberry Pi
Replies: 4
Views: 1931

Re: Raspberry Pi

Update, ClamAV runs and can be used from within hMailServer, but troublesome...it's a to big resource monster (signatures loading in memory) for the Pi, it consumes more then 90% of the available memory which has resulted in quite a few freezes when trying... So i would say ClamAV is a no go, at lea...
by RvdH
2020-04-08 23:42
Forum: Off-topic discussions
Topic: Raspberry Pi
Replies: 4
Views: 1931

Raspberry Pi

Got myself a raspberry Pi (older model, Pi 3 Model B+ rev 1.3) Basically i purchased it only because i needed a ARM box to flash a USB external device and no other then a ARM flasher was available Since we are still in lockdown i started playing with it a bit, installed pi-hole (Network-wide Ad Bloc...
by RvdH
2020-04-08 12:22
Forum: Off-topic discussions
Topic: Corona Virus
Replies: 188
Views: 45111

Re: Corona Virus

jimimaseye wrote:
2020-04-08 12:17
Not me.

Let us know how you get on. :wink:
Will do 8) :wink:
by RvdH
2020-04-08 11:40
Forum: Off-topic discussions
Topic: Corona Virus
Replies: 188
Views: 45111

Re: Corona Virus

Got myself a raspberry Pi (older model, Pi 3 Model B+ rev 1.3), basically only because i needed a ARM box to flash a external device and no other flasher was available Since we are still in lockdown i started playing with it a bit, installed pi-hole (Network-wide Ad Blocking) which basically acts as...
by RvdH
2020-04-07 15:20
Forum: General discussions
Topic: Can't get it to work
Replies: 43
Views: 7191

Re: Can't get it to work

0.0.0.0 / 25 / SMTP - SSL/TLS !! External Email Blocked !! Cert: ThomasBrants.nl 0.0.0.0 / 110 / POP3 - SSL/TLS Cert: ThomasBrants.nl 0.0.0.0 / 143 / IMAP - SSL/TLS Cert: ThomasBrants.nl 0.0.0.0 / 587 / SMTP - SSL/TLS Cert: ThomasBrants.nl 0.0.0.0 / 993 / IMAP - SSL/TLS Cert: ThomasBrants.nl SMTP:2...
by RvdH
2020-04-07 14:57
Forum: General discussions
Topic: Can't get it to work
Replies: 43
Views: 7191

Re: Can't get it to work

What do you mean by not enabled? And the docs keep saying there is a Settings -> Advanced -> Security tab, but I don't see it. Don't know what docs you are reading, but the latest clearly states: Settings -> Advanced -> SSL certificates https://www.hmailserver.com/documentation/latest/?page=referen...
by RvdH
2020-04-03 18:52
Forum: User contributed hMailServer 5 scripts
Topic: Check incoming connections with AbuseIPDB
Replies: 94
Views: 37643

Re: Check incoming connections with AbuseIPDB

:?: Not sure what you are trying to accomplish, is it relevant at all and additionally is there any reason to monitor the address it sends To/From if it's coming thru a server tagged abuseipdb? You always could shift the ListedInAbuseIPDB(strIP) check down the events handled, for example to OnSMTPDa...
by RvdH
2020-04-02 10:00
Forum: User contributed hMailServer 5 scripts
Topic: Check incoming connections with AbuseIPDB
Replies: 94
Views: 37643

Re: Check incoming connections with AbuseIPDB

By the way, I got it working with powershell. $IP = "77.40.2.198" $URICheck = "https://api.abuseipdb.com/api/v2/check" $URIReport = "https://api.abuseipdb.com/api/v2/report" $Header = @{ 'Key' = 'supersecretkey; 'Accept' = 'application/json'; } $BodyCheck = @{ 'ipAddress' = $IP; 'maxAgeInDays' = '9...
by RvdH
2020-04-02 09:57
Forum: User contributed hMailServer 5 scripts
Topic: Check incoming connections with AbuseIPDB
Replies: 94
Views: 37643

Re: Check incoming connections with AbuseIPDB

.SetMaxConfidenceScore(40) Quick question: First, I assume this means no IP with confidence score < 40 returns TRUE. Correct? Correct public bool BlockEndpoint(string ipAddress) { return GetConfidenceScore(ipAddress) >= _maxScore; } Also, I have no experience with this yet. Is > 40 a good number to...
by RvdH
2020-04-01 12:54
Forum: User contributed hMailServer 5 scripts
Topic: Check incoming connections with AbuseIPDB
Replies: 94
Views: 37643

Re: Check incoming connections with AbuseIPDB

The server I am testing this script on, is low usage so I'm not getting anywhere near the AbuseIPDB limits. Therefore I kept port 25 included after all. This server is also functioning as backup mx. What I don't understand is that when a perfectly legit message is submitted to be relayed to the pri...
by RvdH
2020-04-01 08:01
Forum: User contributed hMailServer 5 scripts
Topic: Check incoming connections with AbuseIPDB
Replies: 94
Views: 37643

Re: Check incoming connections with AbuseIPDB

My data submitted to AbuseIPDB is gathered from 3 different systems, my home setup (only hmailserver, RDP is locked by firewall) our companies/work hmailserver instance (only hmailserver, RDP is locked by firewall) and a work development server (no hmailserver, only RDP to connect from home, or when...
by RvdH
2020-03-31 21:42
Forum: User contributed hMailServer 5 scripts
Topic: Check incoming connections with AbuseIPDB
Replies: 94
Views: 37643

Re: Check incoming connections with AbuseIPDB

My limits are increased after registering a domain and reporting IP's, the daily report/lookup limit is now 5000 https://www.abuseipdb.com/user/40316 I'd be WAAAAYYY below that since I already banned a good portion of the spamming world. They don't get second chances with me. :mrgreen: You misunder...