Search found 390 matches

by mikedibella
2018-03-01 22:20
Forum: General discussions
Topic: Help with Exchange and hmailserver
Replies: 5
Views: 2114

Re: Help with Exchange and hmailserver

It is possible to configure an Exchange 2010 Send Connector to use TLS (not STARTTLS).

See RequireTLS: https://technet.microsoft.com/en-us/lib ... .141).aspx
by mikedibella
2018-02-27 23:40
Forum: General discussions
Topic: How to execute a script in regular intervals
Replies: 4
Views: 2169

Re: How to execute a script in regular intervals

I would create an external script using VBScript or JScript that does the following task: Creates an instance of the hMailserver COM Object Logs in For each Domain object in the Domains collection For each Account object in the Domain's Accounts collection If QuotaUsed is greater than a threshold va...
by mikedibella
2018-02-12 21:21
Forum: General discussions
Topic: Small Business Server 2011
Replies: 5
Views: 2398

Re: Small Business Server 2011

Port 587 typically uses STARTTLS connections, which start as unencrypted and switch to TLS using the STARTTLS SMTP verb. Port 465 typically requires TLS to be negotiated but any SMTP protocol is conducted. The attached article is for that type of connection. If your ISP isn't using a Public CA certi...
by mikedibella
2018-01-26 20:54
Forum: General discussions
Topic: Basic SMTP relay
Replies: 7
Views: 3057

Re: Basic SMTP relay

I search though some older code I had saved locally an see two references. One call when the generated eml filename already exists (SMTPConnection.cpp line 1194) and one when the filename or file could not be generated (not sure which, line 1657).
by mikedibella
2018-01-17 18:46
Forum: Off-topic discussions
Topic: MS-Exchange 2010/2013/2016 is such a moron
Replies: 4
Views: 3200

Re: MS-Exchange 2010/2013/2016 is such a moron

If you aren't planning to back up Exchange using an Exchange-aware backup tool, you should enable circular logging: https://technet.microsoft.com/en-us/library/dn756374(v=exchg.150).aspx Exchange transaction logs only get purged after successful backup, and will eventually consume all space on the l...
by mikedibella
2018-01-15 22:48
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 9894

Re: Intermitent problem with SSL comunication

If you are certain only the configuration of the server was changed and not the clients, you could try a System Restore to a checkpoint when the server was functional.

Beyond that, I'd probably use a packet trace to see the TLS negotiation traffic.
by mikedibella
2018-01-15 22:39
Forum: General discussions
Topic: SSL certificate help needed
Replies: 12
Views: 4095

Re: SSL certificate help needed

Depending on the client, an attempt may be made to autodiscover the account's server addresses based on the account sender address. So you may be seeing the sender's domain used as the incoming or outgoing server address as a product of the client's specific autodiscover process.
by mikedibella
2018-01-15 20:36
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 9894

Re: Intermitent problem with SSL comunication

You might want to run a report on the TLS configuration of the IMAP interface. Comodo has an online checker at https://sslanalyzer.comodoca.com/ that you can use. Another idea is to run a cipher test yourself. Here is the script I use: #!/usr/bin/env bash # OpenSSL requires the port number. SERVER=$...
by mikedibella
2018-01-15 18:55
Forum: General discussions
Topic: Intermitent problem with SSL comunication
Replies: 31
Views: 9894

Re: Intermitent problem with SSL comunication

Do you know what update caused the problem to occur? Can you rollback or uninstall that update?

I looks to me like the either cipher list or cipher order has been modified on one of the endpoints and a mutual cipher can no longer be negotiated.
by mikedibella
2018-01-15 00:27
Forum: General discussions
Topic: SSL certificate help needed
Replies: 12
Views: 4095

Re: SSL certificate help needed

download and install openssl if you don't already have it and use the following command to generate a protocol trace for your server's IMAP port: openssl.exe s_client -connect your.server.hostname:143 -starttls imap -showcerts Review the protocol trace carefully. You are looking to see that multiple...
by mikedibella
2018-01-13 20:08
Forum: General discussions
Topic: mail delivery problem - verification failed from remote server
Replies: 21
Views: 6867

Re: mail delivery problem - verification failed from remote server

It is not required that the SSL certificate match the recipient domain. It is required that the subject Common Name of the SSL certificate match the DNS name used to connect to the server. This is the hostname returned as the "mail exchanger =" portion of the MX record query response. It is also bes...
by mikedibella
2018-01-12 18:41
Forum: General discussions
Topic: mail delivery problem - verification failed from remote server
Replies: 21
Views: 6867

Re: mail delivery problem - verification failed from remote server

The destination server is doing a callback validation based on the sender address and it is failing. This callback validation is typically done by looking up the sender address domain MX and making and connection to send mail, and passing or failing based on the MX response to RCPT TO verb. To pass,...
by mikedibella
2018-01-08 23:27
Forum: General discussions
Topic: Increase Spam score
Replies: 3
Views: 1500

Re: Increase Spam score

OK, i think I solved my problem this way:

C1: sender contains bad domain
AND
C2: X-hMailServer-Reason-Score > 0
THEN delete
by mikedibella
2018-01-08 21:27
Forum: General discussions
Topic: Increase Spam score
Replies: 3
Views: 1500

Re: Increase Spam score

Or, as an alternative, can I check the Spam Score within the Global Rule processing? In the logs I see DNSBL tests are completed before the rule is invoked. Is the score added to a Header value by the time a Global Rule is processed?
by mikedibella
2018-01-08 20:28
Forum: General discussions
Topic: Increase Spam score
Replies: 3
Views: 1500

Increase Spam score

Anyone have any ideas how I can increase a message spam score via a global rule action? I'm seeing a pattern of messages coming from a single sender domain that are for the moment exclusively spam. They are passing some of the spam tests and not meeting the delete threshold, so I'm just using a glob...
by mikedibella
2017-12-23 22:42
Forum: General discussions
Topic: How can I add "hMailServer service dependency" after I have installed hMailServer
Replies: 5
Views: 2664

Re: How can I add "hMailServer service dependency" after I have installed hMailServer

you need a space after the equal sign:

sc config hMailServer depend= RPCSS/MSSQL$MSSQL_INSTANCE01
by mikedibella
2017-12-06 20:55
Forum: User-submitted tutorials
Topic: HOW TO: get gMail certificates to validate
Replies: 11
Views: 18384

Re: HOW TO: get gMail certificates to validate

Crud...I was doubly wrong. I should have tested first. Manual installation of the intermediate certificates was required, but I did confirm on my own implementation that Matt's procedure work as expect. Second, I was unable to get a .STL file to install as expected on Windows Server 2012. The file t...
by mikedibella
2017-12-06 19:43
Forum: User-submitted tutorials
Topic: HOW TO: get gMail certificates to validate
Replies: 11
Views: 18384

Re: HOW TO: get gMail certificates to validate

Hmmm...I just realized that hMailServer uses openssl libraries for some operations. Not sure if that changes the necessity to install the intermediate certificates manually. I will try to test that.
by mikedibella
2017-12-06 19:34
Forum: User-submitted tutorials
Topic: HOW TO: get gMail certificates to validate
Replies: 11
Views: 18384

Re: HOW TO: get gMail certificates to validate

I checked both gmail SMTP interfaces referenced in the OP and confirmed they are both correctly configured to send a complete chain.

https://www.sslshopper.com/ssl-checker. ... il.com:465
https://www.sslshopper.com/ssl-checker. ... il.com:465
by mikedibella
2017-12-06 19:28
Forum: User-submitted tutorials
Topic: HOW TO: get gMail certificates to validate
Replies: 11
Views: 18384

Re: HOW TO: get gMail certificates to validate

Couple of comments on this issue. First, only the root certificates should need to be installed into the Trusted Root Certification Authorities certificate store on the Window host running hMailServer. Gmail SSL/TLS interfaces should send to the connecting client a certificate chain during the Serve...
by mikedibella
2017-12-02 03:33
Forum: User contributed hMailServer 5 scripts
Topic: SETTINGS DIAGNOSTIC REPORT
Replies: 116
Views: 76690

Re: SETTINGS DIAGNOSTIC REPORT

Know that my efforts here are always good faith attempts to uphold the spirit of "community supported." I really appreciate the value I get from hMailServer and want to pay it forward...
by mikedibella
2017-12-02 03:22
Forum: User contributed hMailServer 5 scripts
Topic: SETTINGS DIAGNOSTIC REPORT
Replies: 116
Views: 76690

Re: SETTINGS DIAGNOSTIC REPORT

Oh and do you magic with hiding domain names on the certificate names and disk storage locations please... That's how I got the certificate file from the other case. If you don't intend for that to be possible, you should to obfuscate the both the file name and the subject of the certificate since ...
by mikedibella
2017-12-02 02:51
Forum: General discussions
Topic: ssmtp problem with joomla
Replies: 36
Views: 11211

Re: ssmtp problem with joomla

Only the key is sensitive. The certificate and chain is public data, exported from the published interface.
by mikedibella
2017-12-02 02:17
Forum: General discussions
Topic: ssmtp problem with joomla
Replies: 36
Views: 11211

Re: ssmtp problem with joomla

Here is the corrected certificate file.
by mikedibella
2017-12-02 01:53
Forum: General discussions
Topic: ssmtp problem with joomla
Replies: 36
Views: 11211

Re: ssmtp problem with joomla

Please check your configuration after making changes...

https://www.sslshopper.com/ssl-checker. ... iwm.gr:465 still shows an error in your config.

You will need to restart the hMailServer service after editing the file.
by mikedibella
2017-12-02 01:50
Forum: General discussions
Topic: ssmtp problem with joomla
Replies: 36
Views: 11211

Re: ssmtp problem with joomla

TLS or StartTLS (these are the same thing, just a naming variation) Respectfully disagree. I am talking about the Joomla-side configuration, and I believe setting SMTP security to TLS will cause the PHP mailer to initiate and SMTP connections over SSL/TLS and fail if secure channel cannot be negoti...
by mikedibella
2017-12-02 01:21
Forum: General discussions
Topic: ssmtp problem with joomla
Replies: 36
Views: 11211

Re: ssmtp problem with joomla

Your hMailServer host is semlab.teiwm.gr? Does your Joomla server validate certificate chains? When I query semlab.teiwm.gr using openssl (openssl.exe s_client -connect semlab.teiwm.gr:465 -showcerts), your hMailServer is sending only the leaf certificate (CN = semlab.teiwm.gr). You need the hMailSe...
by mikedibella
2017-12-01 23:13
Forum: General discussions
Topic: ssmtp problem with joomla
Replies: 36
Views: 11211

Re: ssmtp problem with joomla

In your original post you said you were using port 587. If there is an option under SMTP security for "StartTLS" you need to change to that to use port 587, otherwise use port 465. The way to have configured now, port 465 using TLS, should be correct.
by mikedibella
2017-12-01 23:01
Forum: General discussions
Topic: ssmtp problem with joomla
Replies: 36
Views: 11211

Re: ssmtp problem with joomla

You have port 587 configured for StartTLS, not SSL/TLS. How do you have SMTP security configured in Joomla, StartTLS or SSL/TLS?
by mikedibella
2017-10-27 00:59
Forum: Development & alpha discussions
Topic: Sub OnHELO(oClient) progress?
Replies: 234
Views: 221645

Re: Sub OnHELO(oClient) progress?

I think you will need to find some usable terminal condition to cause an exit from the loop, because if you get into the loop in a state where the .Save fails, you you will loop endlessly and that is probably what is cause the behavior you are seeing.
by mikedibella
2017-10-26 23:53
Forum: Development & alpha discussions
Topic: Sub OnHELO(oClient) progress?
Replies: 234
Views: 221645

Re: Sub OnHELO(oClient) progress?

If you assume you are entering the race condition because the .Save fails due to the presence of a duplicate Autoban entry created on a different thread, wouldn't you see that entry in the database when you restart the service? If the .Save is failing because a duplicate exists, you need to catch th...
by mikedibella
2017-10-18 01:46
Forum: Off-topic discussions
Topic: WIfi is broken
Replies: 2
Views: 2281

Re: WIfi is broken

Both client and access point must be vulnerable for the exploit to work. Current Microsoft OS have been patch with October security cycle: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080 Apple has said patches are in beta. https://twitter.com/reneritchie/status/9199...
by mikedibella
2017-10-17 22:10
Forum: General discussions
Topic: Can't open more than two SMTP sessions from email client
Replies: 4
Views: 1924

Re: Can't open more than two SMTP sessions from email client

Could this be the culprit? "The SmtpClient class implementation pools SMTP connections so that it can avoid the overhead of re-establishing a connection for every message to the same server. An application may re-use the same SmtpClient object to send many different emails to the same SMTP server an...
by mikedibella
2017-09-22 17:32
Forum: General discussions
Topic: Error "The property VerifyRemoteSslCertificate could not be found." on 5.6.6
Replies: 6
Views: 2515

Re: Error "The property VerifyRemoteSslCertificate could not be found." on 5.6.6

Starting in build 2132 https://www.hmailserver.com/changelog?page=changelog&version=5.6&build=2132 , there is a UI check box to control certificate validation. Try toggling the setting and saving, then toggle again if necessary to restore the state you want. My hypothesis is that the error is caused...
by mikedibella
2017-07-21 01:53
Forum: General discussions
Topic: Filter IP address out of logs
Replies: 14
Views: 5801

Re: Filter IP address out of logs

Either of these help?

Using remote SMB mount in linux:

tail -f /mount-point/hmailserver_XXX.log | grep -v "192.168.1."

Using Powershell:

Get-Content hmailserver_XXX.log -wait | Select-String -pattern "192.168.1." -notmatch
by mikedibella
2017-07-10 19:18
Forum: General discussions
Topic: hmailserver sends emails on wrong IP
Replies: 4
Views: 1972

Re: hmailserver sends emails on wrong IP

On a multihomed machine, the stack is going to pick the interface with the lowest metric having a route to a network containing the destination. In your configuration, you should have a default gateway on only one interface, and optionally static routes on the the other two. If the destination match...
by mikedibella
2017-06-22 06:52
Forum: General discussions
Topic: Double Sending?
Replies: 3
Views: 1463

Re: Double Sending?

by mikedibella
2017-06-13 16:49
Forum: Feature requests
Topic: oAuth 2.0
Replies: 3
Views: 3330

Re: oAuth 2.0

Looks like gmail POP3 does support the SASL XOAUTH2 provider (via the AUTH verb):

+OK Gpop ready for requests from ...
CAPA
+OK Capability list follows
USER
RESP-CODES
EXPIRE 0
LOGIN-DELAY 300
TOP
UIDL
X-GOOGLE-RICO
SASL PLAIN XOAUTH2 OAUTHBEARER
.
by mikedibella
2017-06-13 02:06
Forum: General discussions
Topic: Secure relay with gmail
Replies: 11
Views: 4836

Re: Secure relay with gmail

Only OAuth is considered "secure" by Google.

https://security.googleblog.com/2014/04 ... older.html
by mikedibella
2017-03-29 08:22
Forum: General discussions
Topic: Help with Setup of SMTP server for distributing non SSL certified emails
Replies: 45
Views: 10790

Re: Help with Setup of SMTP server for distributing non SSL certified emails

If you just need something to accept unencrypted TCP connections from a local client, and proxy the connection over TLS to a server, look at STunnel: https://www.stunnel.org/index.html.

See the [gmail-smtp] section at https://www.stunnel.org/config_windows.html.
by mikedibella
2017-03-28 01:19
Forum: General discussions
Topic: Newbie asking for help to set up SMTP service ...
Replies: 1
Views: 1045

Re: Newbie asking for help to set up SMTP service ...

There a a number of things you have to do to set up an outgoing SMTP server so that mail originating from it is accepted by receiving servers (and not rejected during submission or discarded as spam), but the first requirement is being able to send from an IP address permitted to do so. Many ISPs ha...
by mikedibella
2017-03-25 21:10
Forum: General discussions
Topic: NDR "from" name
Replies: 24
Views: 6391

Re: NDR "from" name

Do you have a mailbox named admin in oldtestdomain.com? Are you sure you aren't sending mail from admin@oldtestdomain.com?
by mikedibella
2017-03-25 04:17
Forum: General discussions
Topic: NDR "from" name
Replies: 24
Views: 6391

Re: NDR "from" name

Check two places:

Settings | Protocols | SMTP | Delivery of email | Local host name

Settings | Advanced | Default domain
by mikedibella
2017-03-22 18:02
Forum: General discussions
Topic: DKIM for mailer-daemon@mail.mydomain.com
Replies: 2
Views: 1551

Re: DKIM for mailer-daemon@mail.mydomain.com

Just create a new domain for mail.turbolan.de . You can add the mailer-daemon mailbox if you wish to receive bounces to that address, or leave the domain empty. Set Enabled on the DKIM Signing tab. You can use the same selector and key as the parent domain if you remove the t=s tag from the DNS reco...
by mikedibella
2017-03-22 17:53
Forum: General discussions
Topic: One domain multiple server
Replies: 5
Views: 2095

Re: One domain multiple server

Another way to reject mail not addressed to a local mailbox is to set the Route | Addresses option to Deliver to addresses below and populate the table with the addresses for mailboxes on the other server. Keep in mind that when a new mailbox is added or removed the Route | Addresses table must be u...
by mikedibella
2017-03-22 05:47
Forum: General discussions
Topic: One domain multiple server
Replies: 5
Views: 2095

Re: One domain multiple server

Try this. I haven't tested it, but believe it should work. On each server, create a Route ( https://www.hmailserver.com/documentation/v5.2/?page=reference_route ) for the local domain that points to the the other server. If mail is addressed to a local address that server, it will delivered to the l...
by mikedibella
2017-03-20 17:39
Forum: General discussions
Topic: How to migrate from Argosoft Mail Server .NET 1.0.8.8?
Replies: 4
Views: 2509

Re: How to migrate from Argosoft Mail Server .NET 1.0.8.8?

Aren't you going to have to generate passwords for first-time access to the new mail environment anyway? I seems moot to me that you would have to reset passwords to migrate mail. If you time it right, and do the password changes and mailbox moves in the same maintenance window, your users will neve...
by mikedibella
2017-03-16 19:20
Forum: General discussions
Topic: hMailServer stops receiving mail
Replies: 84
Views: 21935

Re: hMailServer stops receiving mail

As has been pointed out in other posts, you don't need the /CLEAN parameter as long as the AV is returning a result code to HMS...HMS will do the clean-up.

See https://www.hmailserver.com/documentati ... al_example

You might try without /CLEAN.
by mikedibella
2017-03-14 23:29
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 11607

Re: No DKIM signature

I think you missed the necessity of having the local domain match the sender's address. So if you want to send signed mail from *@domain.com , you need a local domain domain.com with a single mailbox such as postmaster@domain.com for authentication by an upstream relay, and the complete DKIM configu...
by mikedibella
2017-03-14 22:55
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 11607

Re: No DKIM signature

Settings | Protocols | SMTP | Routes | Add...

Target SMTP Host = MX for that domain
by mikedibella
2017-03-14 21:33
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 11607

Re: No DKIM signature

Just create a route for the DKIM-signed domain. All outgoing mail with that domain as the right-hand side of the sender address will be signed, and any incoming with a recipient in that domain that does not match the single account used for authorization will be delivered using the route rule.
by mikedibella
2017-03-14 19:11
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 11607

Re: No DKIM signature

I just looked at the source code and confirmed that there is some DEBUG logging for DKIM: if (!pDomain || !pDomain->GetDKIMEnabled()) return; LOG_DEBUG("Signing message using DKIM..."); https://github.com/hmailserver/hmailserver/blob/master/hmailserver/source/Server/Common/AntiSpam/DKIM/DKIMSigner.c...
by mikedibella
2017-03-14 18:55
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 11607

Re: No DKIM signature

Did you validate the Effective Access rights for the key file using the service account? Right-click on the key, Security | Advanced | Effective Access, set User. Effective Access is called Effective Permissions on pre-2012 OS.
by mikedibella
2017-03-14 18:42
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 11607

Re: No DKIM signature

I just retested my MX-direct domain using http://dkimvalidator.com and the messages are being signed and validated.
by mikedibella
2017-03-14 18:17
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 11607

Re: No DKIM signature

I haven't looked at the source code for the DKIM functionality, but I do think it is instructive that @mattg mentioned that he doesn't think DKIM code logs...might be an indication that the whole DKIM module is a library function and it might have to be debugged using blackbox approaches. I can only...
by mikedibella
2017-03-14 17:35
Forum: General discussions
Topic: No DKIM signature
Replies: 36
Views: 11607

Re: No DKIM signature

You have whitespace in your public key: Non-authoritative answer: dkim._domainkey.isotemp.com text = "v=DKIM1; t=s; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS4bOILkCs 2wLFev1vZahlb8+M 7Rn+lJ2wR/oLyn8Fs8OJavTsfUzHZL7QR2nklDJpGSKjPMtxol4Kh0k/0eruYje D +vgTTyNn2Zmwh+4HkxMC3Okk46xWytUD11iL4BpzUV+...