Search found 177 matches

by mikedibella
2017-10-18 01:46
Forum: Off-topic discussions
Topic: WIfi is broken
Replies: 2
Views: 1204

Re: WIfi is broken

Both client and access point must be vulnerable for the exploit to work. Current Microsoft OS have been patch with October security cycle: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080 Apple has said patches are in beta. https://twitter.com/reneritchie/status/9199...
by mikedibella
2017-10-17 22:10
Forum: General discussions
Topic: Can't open more than two SMTP sessions from email client
Replies: 4
Views: 808

Re: Can't open more than two SMTP sessions from email client

Could this be the culprit? "The SmtpClient class implementation pools SMTP connections so that it can avoid the overhead of re-establishing a connection for every message to the same server. An application may re-use the same SmtpClient object to send many different emails to the same SMTP server an...
by mikedibella
2017-09-22 17:32
Forum: General discussions
Topic: Error "The property VerifyRemoteSslCertificate could not be found." on 5.6.6
Replies: 6
Views: 1132

Re: Error "The property VerifyRemoteSslCertificate could not be found." on 5.6.6

Starting in build 2132 https://www.hmailserver.com/changelog?page=changelog&version=5.6&build=2132 , there is a UI check box to control certificate validation. Try toggling the setting and saving, then toggle again if necessary to restore the state you want. My hypothesis is that the error is caused...
by mikedibella
2017-07-21 01:53
Forum: General discussions
Topic: Filter IP address out of logs
Replies: 14
Views: 2781

Re: Filter IP address out of logs

Either of these help?

Using remote SMB mount in linux:

tail -f /mount-point/hmailserver_XXX.log | grep -v "192.168.1."

Using Powershell:

Get-Content hmailserver_XXX.log -wait | Select-String -pattern "192.168.1." -notmatch
by mikedibella
2017-07-10 19:18
Forum: General discussions
Topic: hmailserver sends emails on wrong IP
Replies: 4
Views: 926

Re: hmailserver sends emails on wrong IP

On a multihomed machine, the stack is going to pick the interface with the lowest metric having a route to a network containing the destination. In your configuration, you should have a default gateway on only one interface, and optionally static routes on the the other two. If the destination match...
by mikedibella
2017-06-22 06:52
Forum: General discussions
Topic: Double Sending?
Replies: 3
Views: 702

Re: Double Sending?

by mikedibella
2017-06-13 16:49
Forum: Feature requests
Topic: oAuth 2.0
Replies: 3
Views: 1607

Re: oAuth 2.0

Looks like gmail POP3 does support the SASL XOAUTH2 provider (via the AUTH verb):

+OK Gpop ready for requests from ...
CAPA
+OK Capability list follows
USER
RESP-CODES
EXPIRE 0
LOGIN-DELAY 300
TOP
UIDL
X-GOOGLE-RICO
SASL PLAIN XOAUTH2 OAUTHBEARER
.
by mikedibella
2017-06-13 02:06
Forum: General discussions
Topic: Secure relay with gmail
Replies: 11
Views: 2220

Re: Secure relay with gmail

Only OAuth is considered "secure" by Google.

https://security.googleblog.com/2014/04 ... older.html
by mikedibella
2017-03-29 08:22
Forum: General discussions
Topic: Help with Setup of SMTP server for distributing non SSL certified emails
Replies: 45
Views: 5008

Re: Help with Setup of SMTP server for distributing non SSL certified emails

If you just need something to accept unencrypted TCP connections from a local client, and proxy the connection over TLS to a server, look at STunnel: https://www.stunnel.org/index.html.

See the [gmail-smtp] section at https://www.stunnel.org/config_windows.html.
by mikedibella
2017-03-28 01:19
Forum: General discussions
Topic: Newbie asking for help to set up SMTP service ...
Replies: 1
Views: 466

Re: Newbie asking for help to set up SMTP service ...

There a a number of things you have to do to set up an outgoing SMTP server so that mail originating from it is accepted by receiving servers (and not rejected during submission or discarded as spam), but the first requirement is being able to send from an IP address permitted to do so. Many ISPs ha...
by mikedibella
2017-03-25 21:10
Forum: General discussions
Topic: NDR "from" name
Replies: 24
Views: 3144

Re: NDR "from" name

Do you have a mailbox named admin in oldtestdomain.com? Are you sure you aren't sending mail from admin@oldtestdomain.com?
by mikedibella
2017-03-25 04:17
Forum: General discussions
Topic: NDR "from" name
Replies: 24
Views: 3144

Re: NDR "from" name

Check two places:

Settings | Protocols | SMTP | Delivery of email | Local host name

Settings | Advanced | Default domain
by mikedibella
2017-03-22 18:02
Forum: General discussions
Topic: DKIM for mailer-daemon@mail.mydomain.com
Replies: 2
Views: 839

Re: DKIM for mailer-daemon@mail.mydomain.com

Just create a new domain for mail.turbolan.de . You can add the mailer-daemon mailbox if you wish to receive bounces to that address, or leave the domain empty. Set Enabled on the DKIM Signing tab. You can use the same selector and key as the parent domain if you remove the t=s tag from the DNS reco...
by mikedibella
2017-03-22 17:53
Forum: General discussions
Topic: One domain multiple server
Replies: 5
Views: 1062

Re: One domain multiple server

Another way to reject mail not addressed to a local mailbox is to set the Route | Addresses option to Deliver to addresses below and populate the table with the addresses for mailboxes on the other server. Keep in mind that when a new mailbox is added or removed the Route | Addresses table must be u...
by mikedibella
2017-03-22 05:47
Forum: General discussions
Topic: One domain multiple server
Replies: 5
Views: 1062

Re: One domain multiple server

Try this. I haven't tested it, but believe it should work. On each server, create a Route ( https://www.hmailserver.com/documentation/v5.2/?page=reference_route ) for the local domain that points to the the other server. If mail is addressed to a local address that server, it will delivered to the l...
by mikedibella
2017-03-20 17:39
Forum: General discussions
Topic: How to migrate from Argosoft Mail Server .NET 1.0.8.8?
Replies: 4
Views: 1235

Re: How to migrate from Argosoft Mail Server .NET 1.0.8.8?

Aren't you going to have to generate passwords for first-time access to the new mail environment anyway? I seems moot to me that you would have to reset passwords to migrate mail. If you time it right, and do the password changes and mailbox moves in the same maintenance window, your users will neve...
by mikedibella
2017-03-16 19:20
Forum: General discussions
Topic: hMailServer stops receiving mail
Replies: 84
Views: 10712

Re: hMailServer stops receiving mail

As has been pointed out in other posts, you don't need the /CLEAN parameter as long as the AV is returning a result code to HMS...HMS will do the clean-up.

See https://www.hmailserver.com/documentati ... al_example

You might try without /CLEAN.
by mikedibella
2017-03-14 23:29
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 5588

Re: No DKIM signature

I think you missed the necessity of having the local domain match the sender's address. So if you want to send signed mail from *@domain.com , you need a local domain domain.com with a single mailbox such as postmaster@domain.com for authentication by an upstream relay, and the complete DKIM configu...
by mikedibella
2017-03-14 22:55
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 5588

Re: No DKIM signature

Settings | Protocols | SMTP | Routes | Add...

Target SMTP Host = MX for that domain
by mikedibella
2017-03-14 21:33
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 5588

Re: No DKIM signature

Just create a route for the DKIM-signed domain. All outgoing mail with that domain as the right-hand side of the sender address will be signed, and any incoming with a recipient in that domain that does not match the single account used for authorization will be delivered using the route rule.
by mikedibella
2017-03-14 19:11
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 5588

Re: No DKIM signature

I just looked at the source code and confirmed that there is some DEBUG logging for DKIM: if (!pDomain || !pDomain->GetDKIMEnabled()) return; LOG_DEBUG("Signing message using DKIM..."); https://github.com/hmailserver/hmailserver/blob/master/hmailserver/source/Server/Common/AntiSpam/DKIM/DKIMSigner.c...
by mikedibella
2017-03-14 18:55
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 5588

Re: No DKIM signature

Did you validate the Effective Access rights for the key file using the service account? Right-click on the key, Security | Advanced | Effective Access, set User. Effective Access is called Effective Permissions on pre-2012 OS.
by mikedibella
2017-03-14 18:42
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 5588

Re: No DKIM signature

I just retested my MX-direct domain using http://dkimvalidator.com and the messages are being signed and validated.
by mikedibella
2017-03-14 18:17
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 5588

Re: No DKIM signature

I haven't looked at the source code for the DKIM functionality, but I do think it is instructive that @mattg mentioned that he doesn't think DKIM code logs...might be an indication that the whole DKIM module is a library function and it might have to be debugged using blackbox approaches. I can only...
by mikedibella
2017-03-14 17:35
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 5588

Re: No DKIM signature

You have whitespace in your public key: Non-authoritative answer: dkim._domainkey.isotemp.com text = "v=DKIM1; t=s; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS4bOILkCs 2wLFev1vZahlb8+M 7Rn+lJ2wR/oLyn8Fs8OJavTsfUzHZL7QR2nklDJpGSKjPMtxol4Kh0k/0eruYje D +vgTTyNn2Zmwh+4HkxMC3Okk46xWytUD11iL4BpzUV+...
by mikedibella
2017-03-13 23:15
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 5588

Re: No DKIM signature

Under Settings | Advanced | TCP/IP ports do you see a binding for port 2525? If so, check the Connection security and SSL Certificate settings...you might be referencing an old certificate there. Once you reset it there, you can then delete the old certificate entry under Settings | Advanced | SSL C...
by mikedibella
2017-03-13 22:16
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 5588

Re: No DKIM signature

Try enabling the SMTP, TCP and DEBUG logging options; send an email; post the log entries starting before the message is submitted until after it clears the delivery queue. Redact anything sensitive.
by mikedibella
2017-03-13 21:52
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 5588

Re: No DKIM signature

Are you using an SMTP Relayer or doing direct MX delivery?
by mikedibella
2017-03-13 21:09
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 5588

Re: No DKIM signature

Make sure your DKIM public key is created under dkim1._domainkey.your-smtp-domain.tld in the following format:

v=DKIM1; key=rsa; p=your-public-key-base64

Also, check the Effective Permissions for the file using the hMailServer service account.
by mikedibella
2017-03-13 19:45
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 5588

Re: No DKIM signature

Post a screen shot of the DKIM tab.
by mikedibella
2017-03-13 19:19
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 5588

Re: No DKIM signature

DKIM signs the message header, not the footer of the message body.

Try this tool: http://dkimvalidator.com/
by mikedibella
2017-03-07 01:28
Forum: General discussions
Topic: TLS Certificate Chain - unknown issuer
Replies: 20
Views: 3304

Re: TLS Certificate Chain - unknown issuer

Under Settings > Advanced > SSL Certificates, did you set Certificate file to point to the combined file?
by mikedibella
2017-03-06 19:45
Forum: General discussions
Topic: TLS Certificate Chain - unknown issuer
Replies: 20
Views: 3304

Re: TLS Certificate Chain - unknown issuer

I think you want the leaf and intermediates in a single text file: -----BEGIN CERTIFICATE----- ...leaf certificate base64... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ...1st intermediate certificate base64... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ...additional intermediat...
by mikedibella
2017-03-02 21:23
Forum: General discussions
Topic: hmailserver in DMZ and AD authentication
Replies: 4
Views: 1141

Re: hmailserver in DMZ and AD authentication

Perhaps one of the development contributors can check my work, but it looks to me like Active Directory authentication is implemented (see SSPIValidation.cpp) using the Win32 API LogonUser() function ( https://msdn.microsoft.com/en-us/library/windows/desktop/aa378184(v=vs.85).aspx ). From the API do...
by mikedibella
2017-01-29 01:03
Forum: General discussions
Topic: Auto-Ban issue
Replies: 21
Views: 2909

Re: Auto-Ban issue

Good point @jimimaseye, I hadn't noticed this in the HMS docs: "The IP ranges added by auto-ban is given the priority 20, so if your own IP range has priority 25 it will take precedence." So, perhaps it would best to leave auto-ban enabled to protect IMAP and POP3 traffic that goes direct to the HMS...
by mikedibella
2017-01-29 00:36
Forum: General discussions
Topic: Auto-Ban issue
Replies: 21
Views: 2909

Re: Auto-Ban issue

ASSP acts as an SMTP proxy in between the the sending and receiving SMTP relays. For incoming SMTP traffic, the sending SMTP server connects to ASSP and ASSP then connects to the receiving SMTP server (HMS). That means that the HMS will only see the IP address of ASSP, not the sending SMTP server. A...
by mikedibella
2017-01-26 01:16
Forum: User contributed hMailServer 5 scripts
Topic: Queue Count Checker
Replies: 1
Views: 1468

Re: Queue Count Checker

FIX: Error messaging to the console.
by mikedibella
2017-01-25 23:38
Forum: User contributed hMailServer 5 scripts
Topic: Queue Count Checker
Replies: 1
Views: 1468

Queue Count Checker

Simple console executable to check the queue count.

hmQueueCount.exe username password --> returns ERRORLEVEL with number of items in queue (255 for counts > 254).

I use it with a simple monitoring program on the server to alert when the queue count is too high.

Includes Delphi source.
by mikedibella
2017-01-16 22:06
Forum: Off-topic discussions
Topic: MS-Exchange 2013/2016 is a stupid MONSTER!
Replies: 6
Views: 2368

Re: MS-Exchange 2013/2016 is a stupid MONSTER!

Exchange only runs on top of a domain. If you install Outlook on a domain workstation, it "plays nice" and uses information in the directory for the current user to automatically set up Outlook for that's user's Exchange mailbox. If you install Outlook on a workgroup computer, you have to add the ac...
by mikedibella
2017-01-11 20:28
Forum: Off-topic discussions
Topic: MS-Exchange 2013/2016 is a stupid MONSTER!
Replies: 6
Views: 2368

Re: MS-Exchange 2013/2016 is a stupid MONSTER!

Close Outlook. Control Panel | Mail | Email Accounts... | E-mail tab | New... Email Account > Manual setup > Microsoft Exchange More Settings | Security | Always Prompt & Logon = Password Auth (NTLM) Use the server IP address in the Server field Use mail alias in the User Name field Check Name If it...
by mikedibella
2017-01-11 02:26
Forum: Off-topic discussions
Topic: MS-Exchange 2013/2016 is a stupid MONSTER!
Replies: 6
Views: 2368

Re: MS-Exchange 2013/2016 is a stupid MONSTER!

Under Outlook | File | Account Settings | Email Accounts, click the Exchange account. In the Change Account dialog, click More Settings... Under Security, tick the box for Always Prompt for Credientials; change Logon Network Security to Password Authentication (NTLM). Shutdown and reset Outlook. Log...
by mikedibella
2017-01-04 18:36
Forum: General discussions
Topic: Cannot connect to SMTP
Replies: 19
Views: 3224

Re: Cannot connect to SMTP

Maybe your host's IP is auto-banned.
by mikedibella
2017-01-01 23:03
Forum: General discussions
Topic: Failed to create COM object `hMailServer.Application'
Replies: 18
Views: 3928

Re: Failed to create COM object `hMailServer.Application'

I seem to remember that if both computers are workgroup and not domain members, cross-host trust can be established if identical usernames and passwords are used for local accounts on both machines.
by mikedibella
2017-01-01 22:18
Forum: General discussions
Topic: Failed to create COM object `hMailServer.Application'
Replies: 18
Views: 3928

Re: Failed to create COM object `hMailServer.Application'

Try just getting the hMailServer Administrator application working via remoting on the web server first:

https://www.hmailserver.com/documentati ... ter_remote

Once hMailServer Administrator is working on the web server, then try using the PHPAdmin pages.
by mikedibella
2016-12-24 01:15
Forum: General discussions
Topic: Can't create a new TCP/IP port binding
Replies: 9
Views: 1280

Re: Can't create a new TCP/IP port binding

You can use

netstat -ao | find ":111"

to determine if the port 111 is already bound. If it is, the right-most column in the item(s) listed will contain the owner process ID.
by mikedibella
2016-12-23 00:41
Forum: General discussions
Topic: Problems with SSL Certificate for hMailServer
Replies: 9
Views: 3956

Re: Problems with SSL Certificate for hMailServer

Openssl shows a valid chain...i think you are good... #openssl s_client -connect mail.grhhosting.com:25 -starttls smtp -showcerts Loading 'screen' into random state - done CONNECTED(00000188) depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify error:num=19:self signed certificate in ce...
by mikedibella
2016-12-20 19:28
Forum: Feature requests
Topic: .ItemByName behavior
Replies: 7
Views: 2043

Re: .ItemByName behavior

I think you are correct. Nothing for objects; Empty for Variants; Null for typed variables.
by mikedibella
2016-12-20 04:55
Forum: Feature requests
Topic: .ItemByName behavior
Replies: 7
Views: 2043

Re: .ItemByName behavior

or Empty
by mikedibella
2016-12-20 02:42
Forum: Feature requests
Topic: AuthenticateByToken()
Replies: 0
Views: 1588

AuthenticateByToken()

AuthenticateByToken() accepts a one-time token to authenticate the hMailServer.Application object for use in non-interactive daemons that leverage the COM API. One way to generate and pass a token would be via the %TOKEN% macro from a command-line invoked within hMailServer (such as the External Vir...
by mikedibella
2016-12-20 02:33
Forum: Feature requests
Topic: .ItemByName behavior
Replies: 7
Views: 2043

Re: .ItemByName behavior

How about iterating the collection into a Dictionary and call Dictionary.Exists before calling .ItemByName?
by mikedibella
2016-12-14 23:36
Forum: User contributed hMailServer 5 scripts
Topic: Block attachments in .zip files
Replies: 10
Views: 4845

Block attachments in .zip files

I wanted a way to extend blocking of attachments to include attachments with restricted extensions in .zip files. ZipScanner.exe is a simple command line scanner that does that. It uses the hMailServer COM API to read the list of restricted extensions, and blocks a message if a .zip file is attached...
by mikedibella
2016-12-11 22:55
Forum: User contributed hMailServer 5 scripts
Topic: Replicate AD Proxy Addresses into hMailServer Route Address Tables
Replies: 2
Views: 1788

Re: Replicate AD Proxy Addresses into hMailServer Route Address Tables

GetRecipients.vbs: Changed Cache-Control from "no-cache" to "no-cache, no-store, must-revalidate".
by mikedibella
2016-12-11 21:32
Forum: User contributed hMailServer 5 scripts
Topic: Replicate AD Proxy Addresses into hMailServer Route Address Tables
Replies: 2
Views: 1788

Re: Replicate AD Proxy Addresses into hMailServer Route Address Tables

In further testing, I observed the Microsoft.XmlHttp COM control to cache responses. The update adds cache control headers to the response generated by GetRecipients.asp.
by mikedibella
2016-12-10 21:40
Forum: User contributed hMailServer 5 scripts
Topic: Replicate AD Proxy Addresses into hMailServer Route Address Tables
Replies: 2
Views: 1788

Replicate AD Proxy Addresses into hMailServer Route Address Tables

I'm using hMailServer as a perimeter bridgehead for Exchange in a small implementation. I wanted a way to reject mail for invalid recipients so I came up with an approach to replicate the recipient proxy addresses from Active directory into the hMailServer route address table. The solution consists ...