hMailServer forum

mikedibella

Try this. Put this in EventHandlers.vbs: Sub FixListPost(oMessage) oMessage.From = oMessage.To oMessage.HeaderValue("Sender") = oMessage.FromAddress oMessage.HeaderValue("Reply-to") = oMessage.FromAddress oMessage.Save End Sub Add a Global Rule to trigger it: Untitled.png In my testing, the script f...

mikedibella

That criteria should fire the Rule Actions for messages from my@domain.de. Is the Rule a Mailbox or Global Rule?

Enable SMTP, Application, and Debug logging. Send a message and post the log for that send.

mikedibella

: Untitled.png (4.44 KiB) Viewed 3822 times

mikedibella

Four Actions

Header name Value

From xyz@web.de
Sender my@domain.de
Reply-to my@domain.de
Return-path my@domain.de

mikedibella

Rule
Actions
Set header value

Don't include ":", just name, ie. From for From: header

mikedibella

Try:

Set From: to xyz@web.de
Set Sender: to my@domain.de
Set Reply-to: to my@domain.de
Set Return-path: to my@domain.de

mikedibella

One piece missing is the post recipient. The To: header needs to be rewritten to that address, and I don't see it in any header in the message before it is sent. When it is received, the receiving MTA may set X-Apparently-To: to the recipient address as received in the RCPT TO: envelope value, but I...

mikedibella

The envelope refers to the data exchanged between SMTP peers to complete message exchange. It includes the verbs EHLO, MAIL, RCPT, DATA, QUIT. The message itself is comprised of the headers and body. It is submitted after the DATA verb, and submission is finalized by sending <cr>.<cr>. QUIT then end...

mikedibella

On many mail clients, if Sender: is present, the From line in the client reads:

From: list-address on behalf of originator

mikedibella

I wonder if you can get the envelope MAIL FROM: set to @abdx.org (i.e. use the list address for MAIL FROM:), but keep the From: set to the post originator, and set Sender: to the list address, you might solve this. See https://www.emailarchitect.net/easendmail/sdk/html/object_from.htm You also want ...

mikedibella

Received: from abdx.org (abdx.org. [65.38.140.167]) spf=softfail (google.com: domain of transitioning michaelj@vcn.com does not designate 65.38.140.167 as permitted sender) smtp.mailfrom=michaelj@vcn.com It looks like this list post was originated by michaelj@vcn.com, but sent from the relay author...

mikedibella

Keep RewriteEnvelopeFromWhenForwarding=1 in hMailServer.ini and create a Rule with Actions to Set headers.

Set the originator headers to the mailbox owner. See https://tools.ietf.org/html/rfc5322#section-3.6.2.

mikedibella

That error generally means you are trying to submit email for delivery to an address that is external to that service (i.e. submitting an email to user1@google.com for delivery to user2@yahoo.com) using authentication (i.e. authenticating as the username associated with mailbox user1@google.com) and...

mikedibella

Just throwing some ideas out here... https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html http://www.open-spf.org/srs/ @SorenR: I tried analyzing the source code to determine which header in the message is used to identity the sending domain to select the configuration used for DKIM, but i...

mikedibella

About the only way I can think of for you to solve this is to use separate distribution list software that generates discrete emails for every list recipient, instead of re-mailing the original list submission. Then hMailServer will individually sign each message and you can set the message headers ...

mikedibella

If you can capture the entire email as text, headers and body, try validating the message here:

https://www.appmaildev.com/en/dkimfile

It might shed some light.

mikedibella

Well I set up a little test to look at this and I'm seeing messages from an hMailServer distribution list get rejected to multiple test destinations (@dkimvalidator.com and @mail-tester.com) because hMailServer preserves the distribution list address in the To: header and these tools want the test a...

mikedibella

Yes. I just tried looking at the source code to see if I could confirm which field in the message hMailServer uses to "select" the domain configuration to apply the DKIM keys from. If by chance HMS isn't using envelope MAIL FROM: or header From: to select the key, then you might be able to make some...

mikedibella

DKIM signs by sender domain. You can't sign for gmail.com because you don't control that namespace to set the public keys. I'm not sure you can solve this except to rewrite the sending identity of the post to be the list address. You can rewrite the envelope (MAIL FROM: address in the SMTP protocol ...

mikedibella

Close. You are missing a closing End If. Sub WarningMessage(oMessage) Dim txtMsg, aspMsg If oMessage.HeaderValue("X-hMailServer-LoopCount") = "" Then If oMessage.HasBodyType("text/plain") Then txtMsg = " ***********************************************************************" & vbCrLf &_ " * CAUTION...

mikedibella

You are going to need to check for the X-hMailServer-LoopCount header. If it is present, the message has already been processed the number of times indicated by the value. If the header isn't present the message hasn't been processed before. Since you are using the Or operator in your Rule list, you...

mikedibella

Why does the image above show the message send FROM a gmail address?

mikedibella

SorenR wrote: ↑
2020-12-16 01:46
- Search type -> Regular expression -> "(?i:^.*(ESMTPSA|ESMTPA).*$)"

Clever. I prefer this approach to adding a custom header in OnAcceptMessage. I will give it a try. TYVM all.

mikedibella

In Postmaster Tools, drill into the domain and try the Sender Troubleshooter from the 3-dots menu.

mikedibella

Google also manages an internal domain blacklist. Add your domain here for visibility:

https://postmaster.google.com

mikedibella

My hMailServer is a primarily a bridgehead. I have a series of Routes defined for inbound domains, and I use a smart relay for outbound messages. I have some use cases where I'd like to send outbound email though an alternate smart relay, and I've defined a Route to configure the target host paramet...

mikedibella

I really like this tool for testing my mail server setup: https://www.mail-tester.com/ I do see that it has a couple more tests than DKIM Validator, but it is paywalled after three tests a day, so I'd suggest using DKIM Validator for working tests and when you think your perfect do a final test wit...

mikedibella

michaeljwyo wrote: ↑
2020-12-15 06:12
Not sure what is causing that "softfail".

See: https://postmarkapp.com/blog/explaining ... ail%20SPF.

mikedibella

Create a throwaway address from http://dkimvalidator.com and add it to your distribution list. Send a message to the list and retreive the analysis. You might find a problem here.

mikedibella

Thanks to all who responded. I think I'm all set now.

mikedibella

filename is a Message property https://www.hmailserver.com/documentation/latest/?page=com_object_message Depends on when you call it, or how you find your message You could use this property during OnDeliveryStart or OnAcceptMessage if you wanted to catch current messages live You could also iterat...

mikedibella

I have a need to create a drop mailbox. Messages received at this mailbox would be written to a file for further processing. I used to do this with an IIS SMTP "local" domain. Messages sent to the local domain would just get written in RFC 822 format into the mailroot\drop directory. Now I'd like to...

mikedibella

Check under Settings > Anti-virus > Block Attachments

mikedibella

Then why are we able to do this with IIS and not with hMailServer? Certificate based Connectors work with IIS. In trying to prove this use case am getting 550 5.7.606 Access denied, banned sending IP on my server's IP. My server is in Azure. Did you have to go though the whitelisting process at htt...

mikedibella

Both IIS SMTP and Exchange use the Microsoft-native SCHANNEL TLS implementation. So there is similarity is how the two products would respond to the client certificate request in the server hello. HMS uses the openssl libraries for TLS support. Mutual authentication support has not been coded, so yo...

mikedibella

I looked at this a while back and reported my findings in this post:

https://www.hmailserver.com/forum/viewt ... 95#p223104

mikedibella

I misunderstood. You want to be able to receive mail to list-address@local-domain.com from owner1@remote-domain.com and owner2@remote-domain.com and have either address treated as the list owner. You can still do this with a front-end mailbox that acts as the proxy address for the list. Call it new-...

mikedibella

I think you can do what you want with a mailbox loaded with the Aliases for the alternate List owners. Forward this mailbox to the List.

You need at add

Code: Select all

RewriteEnvelopeFromWhenForwarding=1

to hmailserver.ini (see https://www.hmailserver.com/forum/viewt ... 00#p192993).

mikedibella

From what I see in the source code, if the distribution list Mode is set to Announcements , then only messages From the specified address can be sent to the list. Messages sent From other other address will be rejected with 550 Not authorized owner . So check the Mode of the list. If you want to rec...

mikedibella

hMailServer itself generates this error when a message recipient is a distribution list and the message sender is not the owner of the list. Perhaps you have a rule that forwards an incoming message to a distribution list? If, so you'll need to rewrite the sender of the forwarded message to be the o...

mikedibella

I'd bet Comcast's receiving and sending infrastructure is seperate, and very likely on different subnets and possibly even different autonomous systems. I'd suggest sending an email from the Comcast account to an address dynamically generated here: https://dkimvalidator.com Then look at the headers ...

mikedibella

In the Content column on the DNS tab tab in Cloudflare, for the MX record, make sure you have specified a hostname with an A record.

If the hostname is on the Cloudflare-managed domain, make sure the Proxy Status for that record is DNS Only.

mikedibella

I'm using it on my backup mx, which is configured as a standby with manual DNS failover. My active primary has never failed, so I've never stressed it beyond simple configuration proof with a few test emails. Here's the config: Windows Server 2016 Version 1607 Scanner executable: "C:\Program Files\W...

mikedibella

More and more, IaaS IP ranges are blacklisted. Makes hosting direct mailing on the major IaaS providers clouds increasingly impractical. Relay providers solve this issue, so I see their use uptrending, not diminishing.

mikedibella

SendGrid suffered an incursion in August and a large number of customer accounts were compromised.

https://krebsonsecurity.com/2020/08/sen ... -accounts/

Spammer quickly hoovered up the account and the resulting spam assault BL many SendGrid IPs.

They are still recovering.

mikedibella

@DrmCa: PM me if you want to take this discussion off the clothesline.

mikedibella

The remote server only sees SendGrid's IP on connection. Your server is listed in the headers, but the receiving party is going to use the connecting relay's (SendGrid) IP to determine reputation. You are probably using a shared IP plan from SendGrid and the IP your are sharing has been blacklisted ...

mikedibella

When SendGrid receives a protocol error from a remote relay during mail submission, the error is dispatched back to you in the evert hook. So SendGrid is telling you that the recipient's server rejected the mail for the reason stated. Some errors also result in addresses being added to the various s...

mikedibella

Anyone have any recommendations for alternative service providers? Anyone have experience with Sendinblue?

mikedibella

Well, this looks like it might be trickier than I thought. It looks like the client certificate validation takes place during the STARTTLS verb processing after the initial connection to Office 365 is made over an unencrypted TCP connection. The whole facility appears to be designed specifically to ...

mikedibella

Got it. You will need to use stunnel or a similar tool to proxy the outbound connection from hMailServer. Stunnel can make the connection to Office 365 from your HMS host and present the client certificate to Office 365 for authentication. HMS will connect to stunnel (on the local or another host on...

mikedibella

Not sure I fully understand your scenario. Are you wanting hMailServer to present a client authentication certificate to the Office 365 SMTP mail submission port 587? And then your internal clients will connect to hMailServer to submit messages for relay on port 25 without authentication or TLS?

mikedibella

Well, for those interested, here's the relevant code. Lines 323-382 of SMTPClientConnection.cpp defines the processing for machine state after HELO/ELHO is sent: void SMTPClientConnection::ProtocolEHLOSent_(int code, const AnsiString &request) { if (!IsPositiveCompletion(code)) { bool ehlo_required ...

mikedibella

I'm having trouble relaying to an MTA that is only offering AUTH PLAIN, but HMS is ignoring the capability response and still sends AUTH LOGIN. Any workaround?

mikedibella

Thanks, Matt. That should get me started.

mikedibella

Some messages I receive need to get hairpined to an external address and for these messages I'd like to rewrite headers: 1. Create a new header X-Original-Reply-To = Reply-To 2. Create or overwrite Reply-To with From 3. Overwrite From with the a new email address consisting of the existing Display p...

mikedibella

On wildcard certificates you're right. *.example.com is only valid for this first subdomain level.

Yup, that's where I got my circuits crossed.

mikedibella

bloxxite wrote: ↑
2020-08-06 01:48
I can do * for my MX record.

Remember that *.example.com will only catch an.example.com, not is.an.example.com or this.is.an.example.com.

mikedibella

I read that you want to host a second instance of HMS on a different server than your primary HMS host, this second HMS would be listed in the DNS with an MX having a higher Priority number than your primary host. You want this backup server to be listening for connections on port 25 only when the s...

mikedibella

My hypothesis is that your system is I/O bound. The large number of messages is saturating disk queues and the whole system slows to a crawl as virtual memory operations compete with data reads and write for the I/O channel . Check the relevant Windows performance counters to verify. To fix, conside...

Search found 390 matches