hMailServer forum

mikedibella

Send an email from that account to the address generated here and review the results:

https://multirbl.valli.org/

(Change the Test to Test by sending an email and follow the directions)

mikedibella

Now that would be a challenge... Making a hMailServer cluster. hMailServer ==> fail-over clustering (two servers plus "witness") Database ==> built-in clustering (a couple of Linux servers to do the dirty work) File store ==> SAN ... $$$ Main issue would be to make the IP addresses shift during fai...

mikedibella

I use two metrics for planning high availability. One is the Recovery Time Objective, or RTO, which specifies the tolerable amount of time the service can be unavailable. An RTO of 5 minutes, for instance, specifies that it is tolerable for a failure to result in 5 minutes of downtime before recover...

mikedibella

And ONE common file store So, for a high-availability configuration, you have separate MTA process instances running on discrete nodes, with a common DBMS hosting a discrete database for each node, but with both nodes sharing common, networked, file-storage? Couple of questions: 1. If a message is ...

mikedibella

Depending on the mail client, the X-Member-Of-List header may get copied into a reply to that post. If the member is recently removed from the list, this might allow the post to be distributed. The risk is small, but to mitigate it, I've added an additional action to the Tag List Members rule to set...

mikedibella

Is there somewhere in the script where I actually put the subject prefix? You have brackets in quotes and list address. Should I change that? Well, I recognized that the original script sub was putting he actual distro list address there ,not the proxy address, so I changed here in the test to: sub...

mikedibella

Working fine here. Double check your criteria. Make sure your operator is "Contains", not "Equals", with the operand just the email@address.

mikedibella

michaeljwyo wrote: ↑
2021-01-12 21:02
Mike, I tried what you said. No errors, but it just doesn't work.

Like this:

Remember that after adding the new Sub to EventHandlers.vbs, you have to Reload Scripts.

mikedibella

How about this: 1. Add Rule after TagListMembers, criteria To contains list-address Action run sub TagSubject: sub TagSubject(oMessage) sListAddress = oMessage.HeaderValue("X-Member-Of-List") if sListAddress <> "" then oMessage.Subject = "[" & sListAddress & "] " & oMessage.Subject oMessage.Save end...

mikedibella

Here the code with explicit declaration and deallocation: function CleanAddress(sAddress) dim i i = InStrRev(sAddress, "<") if i > 0 then sAddress = Mid(sAddress, i + 1) i = InStr(sAddress, ">") if i > 0 then sAddress = Mid(sAddress, 1, i - 1) end if sAddress = CleanAddress(sAddress) end if CleanAdd...

mikedibella

Could you try something for me? I like the simplicity of this approach. While you are testing it, here's my comments on my more complex approach: "ERROR" 1732 "2021-01-12 02:41:43.586" "Script Error: Source: Microsoft VBScript runtime error - Error: 800A01F4 - Description: Variable is undefined: 'b...

mikedibella

Couple of things to try. Make your password for the account complex but with only upper/lowercase letter and numbers in case the script engine treats one of the special characters as a delimiter. Try again using the last version of the code, with the default error handler disabled (don't add the apo...

mikedibella

OK, I was able to do a bit more testing with a variety of address formats. Along the way I tweeked the code slightly to provide clearer reporting of failures in the hmailserver_events.log file. My test setup has the front-end account set for forwarding to the distro, and three rules: 1. If To contai...

mikedibella

Opps...one logic error caught:

Code: Select all

function DomainFromAddress(sAddress)
	aTemp = Split(sAddress, "@")
	if UBound(aTemp) > 0 then
		DomainFromAddress = aTemp(1)
	else
		DomainFromAddress = sAddress
	end if
end function

mikedibella

Improved parsing, error checking and event logging. Test and review the hmailserver_events.log if behavior is unexpected. function CleanAddress(sAddress) i = InStrRev(sAddress, "<") if i > 0 then sAddress = Mid(sAddress, i + 1) i = InStr(sAddress, ">") if i > 0 then sAddress = Mid(sAddress, 1, i - 1...

mikedibella

Start by commenting out the line that disables the built-in error handler, by putting an apostrophe before the line: sub TagListMembers(oMessage) 'on error resume next Test again and look at the logging. The logged error will have a line number relative to your entire EventHandler.vbs. Post the verb...

mikedibella

You need credentials from an account to use in the script. You can use the credentials from the proxy/front-end account, but make the Authorization level on the account Server. Use the mailbox address for sMailUser and the password for sMailPass. Re-read my previous post for how to use. You need two...

mikedibella

palinka wrote: ↑
2021-01-10 23:16
Get you new IP but don't put your production server on it until you've confirmed its clean.

+1

Check it here: https://multirbl.valli.org/

mikedibella

IMO, the hMailServer Distribution List feature is only appropriate for internal message distribution. That is, when it is necessary to distribute messages to multiple users hosted on the same server. The implementation appears to have been coded with that assumption. As long as all the list members ...

mikedibella

Lightly tested. Add this to EventHandlers.vbs. When triggered from an Account Rule, for an Account used as the forwarder for a distribution list, adds X-Member-Of-List: header with the address of the forwarded list if the sender is a member of the target list. Make sure you change the placeholder cr...

mikedibella

Is there an existing instantiation of the Application object, that is already authenticated, exposed within the event handlers and rule-triggered scripts? What is it's name? Reason: My rule-triggered script need to access the parent Account for the oMessage message parameter, and access the parent D...

mikedibella

I dunno...maybe Soren has some suggestions or something we can do with a script. I know at least if we make a rule and put a wildcard for the criteria, we can tell it to run a function. Let the function check a list and then if someone isn't on that list, then delete it otherwise forward it. I'm th...

mikedibella

Try:

Criteria:
X-hMailServer-Loop-Count greater then 0

Action:
Delete email

mikedibella

Set the list to Announcement, allow from the proxy address.

Add an Account Rule to the proxy account:

Criteria:
Use AND
From Not contains member1
From Not contains member2
etc

Action:
Delete e-mail

You'll have to maintain list membership in both places.

mikedibella

This is simpler: Sub SaveOriginator(oMessage) oMessage.HeaderValue("X-Originator") = oMessage.FromAddress oMessage.Save End Sub Sub FixListPost(oMessage) oMessage.HeaderValue("Sender") = oMessage.HeaderValue("X-Originator") oMessage.HeaderValue("Reply-to") = oMessage.From oMessage.From = oMessage.He...

mikedibella

So when they hit "reply" will it reply to "messages@abdx.org" (since that's where it came from) ? Maybe: Sub SaveOriginator(oMessage) oMessage.HeaderValue("X-Originator") = oMessage.FromAddress oMessage.HeaderValue("X-Forwarded-To") = "list-forwarded-address" oMessage.Save End Sub Sub FixListPost(o...

mikedibella

1. Change the MAIL FROM envelope sender from the post originator to the list address. The front-end account may be able to do that. You should create an account on the list's domain with the name you want to use as the list name. Configure this account Forwarding tab, Enabled , Forward to the distri...

mikedibella

SorenR wrote: ↑
2021-01-08 06:05
Did it work?

OP never followed up.

mikedibella

If RewriteEnvelopeFromWhenForwarding=1 and an account is created called "mylist@domain.tld" and this account is set to forward the message to "list1@domain.tld" then the MAIL FROM would be rewritten to "mylist@domain.tld"... Hmmm...you reminded me I suggested something similar to solve a related di...

mikedibella

michaeljwyo wrote: ↑
2021-01-08 04:57
Is there something I can do to our spf record?

You'd need to have your IP added to the SPF records for the domain's of every list member to solve the problem.

mikedibella

From what I can see, hMailServer is using the post originator as the MAIL FROM envelope sender no matter what RewriteEnvelopeFromWhenForwarding is set to, and Gmail is looking up the SPF record based on the domain of the envelope sender. The SPF record for vcn.com is: "v=spf1 ip4:209.193.72.0/23 ip4...

mikedibella

In the hmailserver.ini file in the hMailServer\bin directory. Look for a line that says: RewriteEnvelopeFromWhenForwarding= and report the number after. If the number is zero, change it to 1. If the line is missing, add: RewriteEnvelopeFromWhenForwarding=1 as a new line in the settings section: [Set...

mikedibella

I looks like the message is failing the SPF check because the envelope MAIL FROM is still set to the originator (michaelj@vcn.com).

Is this with RewriteEnvelopeFromWhenForwarding set to 1 or 0?

mikedibella

Can you post the raw headers here for us to look at? There should be a "view headers" or "view raw message" option in the gmail web UI.

mikedibella

If you want to receive mail from the Internet then you need port 25 !

+1

Your external users will need to communicate with your server on port 25 to submit distribution list posts.

mikedibella

The name of the subroutine: "FixListPost" (without quotes)

mikedibella

I think if you request release from the SES "sandbox" you can send from any address on a verified domain. You still need to verify the domain, but you don't have to opt-in individual addresses.

I've only used SES in the free tier, so I haven't had luck getting getting out of the sandbox.

mikedibella

I think both should get you close to what you need. Mine it triggered via the Rules engine, so it does have the advantage of some user interface for changing the criteria for message that get the modifications applied.

mikedibella

I only need ephemeral storage for those messages that don't get relayed by SendGrid on the first attempt due to transient failure. All other messages will be cleared immediately via either a delivered notification, or a bounce notification. Those that are simply delayed are the messages I want to no...

mikedibella

Sorry, successfully submitted relay's will have code 250. 550 is an error.

Search for "RECEIVED: 550" in the hMailServer event logs and you'll see the reason these emails are failing.

mikedibella

Try enabling awstats logging and compare the number of successful emails logged in hmailserver_awstats.log with the number in SES. You don't need the AWStats log parser to do that. Just open the file in Excel or similar and count the number of records with 220 result code. Failures will have a diffe...

mikedibella

I get a callback POST from SendGrid for delivery events. The data provided by SendGrid is incomplete notify the message originator, so I need a way to look up the message in hMailServer metadata. I do get the Message-ID of the message in the POST. I don't see a method in the API to lookup a message ...

mikedibella

Perhaps I need to test that setup. Check out https://www.mailhardener.com/tools/ . MailHardener also has free DMARC and MTA-STS report aggregation for single domains (multiple domains for fee). I find the MailHardener DMARC reporting to be a little more detailed than PostMarkApp.com, but for now I'...

mikedibella

Post the log from the backup.

mikedibella

I'm using Postmark for DMARC report aggregation (props to @mattg). Anyone have a recommendation for similar TLS-RPT aggregator to collect and process the reports?

mikedibella

Google the Powershell Commands New-DKIMSigningConfig and Get-DKIMSigningConfig for info on setting up DKIM for your MSOL domains. MS will host the public keys on the onmicrosoft.com domain. You will create CNAMEs on your domain to point to them.

mikedibella

I'm going to make a lot of assumptions here. You'll need to tell me if any of these assumptions are incorrect for the way you've setup your hybrid environment: 1. Your email "vanity" domain MX record points to your hMailServer instance. 2. Your Exchange Online tenant is setup with the authoritative ...

mikedibella

I think you’ve been getting sound advice all along. As I see it you have two choices:

1. Take it up with your isp
2. Find another provider

mikedibella

Settings | Protocols | SMTP | Advanced, Check Use STARTTLS if Available.

mikedibella

Opps...I was half right...I knew secure was in there somewhere. I think the OP wants to bump the Score on unauthenticated unsecure connections. Maybe:

Code: Select all

(?i:^.*\s(ESMTP|!ESMTPA|!ESMTPS|!ESMTPSA)\s.*$)

mikedibella

Props to @SorenR...I'm using this criteria to trigger a Rule Action when the connection is secure:

: Untitled.png (5.92 KiB) Viewed 5794 times

Now all that needs to be done is negate it, and write a little piece of script code as the Rule Action to increase the SPAM Score as desired.

mikedibella

If my hypothesis is correct, it doesn't matter how many client or user principals you are trying to support. It only matter which sending identities you are trying to relay messages for, through the ISP server. If my analysis is correct, the ISP will only relay messages from the @zoomtown.com identi...

mikedibella

Can you confirm that you have ALL of the Outlook clients configured to use hMailServer as the SMTP target in the account settings? None of the Outlook client are using the ISP mail server as the SMTP target? Outlook clients configured to use hMailServer as the mail client will submit messages for de...

mikedibella

Can you describe how you are conducting identical tests (same MTA, same destination host and port, same message To, From, etc) on both the wired and wireless hosts? I can't find any references on the web to "Permission denied you cannot change your from address", but there are multiple explanations ...

mikedibella

Are you using a residential grade broadband connection? The SMTP "service" offered though this class of Internet connection often has a limitation very similar to the one described in point #1 above. ISPs do this very deliberately to prevent you from eroding the "value" of their business-class servi...

mikedibella

Here is what I have observed relative to restrictions on SMTP in Exchange Online: 1. Outgoing email can be submitted on port 587 using mail-enabled user credentials to authenticate. Only authenticated submissions are accepted, regardless of whether the destination is a local address. The recipient c...

mikedibella

Here is the post that described the issue with missing MAIL FROM:

https://www.hmailserver.com/forum/viewt ... OM#p223743

Try removing the Rule Action that rewrites Return-path.

Then retest and post the updated log.

mikedibella

Then the problem is that the MAIL FROM: verb is missing in the outbound sequence. You need to send MAIL FROM: all@mail.de before RCPT TO:. I have seen that issue before but I don't recall how it was solved.

mikedibella

You are authenticating using the username all@mail.de. So you have to set the From: header to one of the proxy addresses for that mailbox, presumably the proxy addresses expected is "all@mail.de".

mikedibella

Can't tell if the rule is firing because you don't have application and debug logging enabled.

I see a missing MAIL FROM: verb on the outbound connection. I've seen that in described in other posts but I don'r remember the cause. Maybe someone else on the board can chime in on that.

Search found 390 matches