hMailServer forum

mikedibella

You have an MX record for 931mev.com that resolves to mail.931mev.com, but you do not have an A record for mail.931mev.com that resolves to an IP address.

mikedibella

Breakdown of the response: Server: localhost Address: ::1 This machine is hosting a DNS server, and it's DNS client is configured to use the local DNS server to resolve queries. Non-authoritative answer: A remote DNS server other than the server that is the authority for the zone queried (hotmail.co...

mikedibella

Your nslookup command syntax is wrong.

At the command prompt, type:

Code: Select all

nslookup -type=mx hotmail.com

Post the result.

mikedibella

What was your new empty user account - mdibella? I guess I can just delete that one, and then you can change account name and email address in your settings?

@martin: you can delete the mdibella account now. The email address is now changed on my working account.

mikedibella

Great. I was able to finally activate the original forum account I created with my vanity email. But I'd like to keep the rank and post counts associated with this account. When I try to change the email address for this account to my vanity email the forum complains "The entered email address is al...

mikedibella

Well we could start by looking at a successfully received activation email to see where bounces would likely go. From there maybe martin could chime in on whether there is a mailbox to receive them.

mikedibella

I was never able to register with my vanity domain dibella(dot)net and had to use a webmail provider for the forum reg...maybe the issues are related.

mikedibella

Some anti-virus software may block email over secure connections becuase these emails are harder to scan. So it is conceivable that such an implementation might replace the STARTTLS keywork in the ELHO with something else, like the XXXXXXXA you are seeing. Also could be this bug: https://www.cisco.c...

mikedibella

I think you really need to focus on the discrepancy between what hMailServer is seeing as the EHLO response verses what mxtoolbox.com is reporting. If you issue a telnet command from the hMailServer host to the remote host esa-omf-101.exeloncorp.com on port 25, and issue the EHLO verb, do you see ST...

mikedibella

I wonder if the remote server has been configured to require secure connections, but a certificate has not been properly configured or has expired and the server was restarted, resulting in a mismatch between the ELHO verb response and the MAIL verb response.

mikedibella

220 esa-omf-101.exeloncorp.com ESMTP EHLO xxx 250-esa-omf-101.exeloncorp.com 250-8BITMIME 250-SIZE 20971520 250 STARTTLS This is what I get when I query that SMTP host. I'm not sure why STARTTLS isn't showing in the logging you provided. Unless hMailServer sees STARTTLS in the EHLO response, it won...

mikedibella

"SMTPC" 22332 10 "2019-08-02 15:28:33.862" "216.99.189.20" "RECEIVED: 250-esa-omf-101.exeloncorp.com[nl]250-8BITMIME[nl]250-SIZE 41943040[nl]250 XXXXXXXA" The remote server is not RFC compliant. This is not advertising that it supports STARTTLS in response to the EHLO verb, so hMailServer thinks it...

mikedibella

Send a larger portion of the log. It seems like the remote server is expending authentication.

mikedibella

Hypothesis: STARTTLS is failing the certification validation.

Try disabling Settings > Advanced > SSL/TLS > Verify remote server SSL/TLS certificate.

mikedibella

You don't need a certificate for outbound TLS. Under Settings > Protocols > SMTP > Advanced , check Use STARTTLS if Available. Under Settings > Protocols > SMTP > Delivery of email , if you are using a Relayer, set Connection security to STARTTLS (Optional) if the port is not encrypted (25 or 587). ...

mikedibella

If you don't have administrative access to the Office 365 tenant, but you do have the ability to login to Outlook Web Access, you can create a server-side rule for the mailbox to redirect mail to another mailbox. https://support.office.com/en-ie/article/forward-email-from-office-365-to-another-email...

mikedibella

I'll try to lay out my recommendation to you more clearly. You have a mailbox on your Office 365 domain, let's call it mailbox@public-domain.com. You used to be able to download mail from that remote mailbox into a local mailbox hosted on hMailServer using the POP3 protocol. Now POP3 protocol access...

mikedibella

Both Mail Users and Mail Contacts are created from ECP on the Recipients > Contacts tab.

mikedibella

What I do with a couple of email addresses on my Office 365 tenant is to create them as distribution lists and set delivery management to allow sender inside and outside the organization to submit emails the the group. Next I setup a single contact with the external address I want to forward to. Add...

mikedibella

Put another way, you should press client on why TLS encapsulation of HTTP is secure enough but TLS encapsulation of SMTP and IMAP is not. hMailServer can support either TLS encapsulation either of the whole connection sequence or via STARTTLS for SMTP, POP3, and IMAP, but cannot support using Active...

mikedibella

https://docs.microsoft.com/en-us/azure/ ... nnectivity

mikedibella

Couple of issues I see. Your MX record is pointing to insyscr.com, I recommend changing it to point to mail.insyscr.com instead and use mail.insyscr.com as your hMailserver hostname. Create an A record in DNS for mail.insyscr.com to point to the public IP address for hMailserver. DNS does record an ...

mikedibella

Login into the Cloudflare portal and select the domain corresponding to the right-hand side of your email address (i.e. email = my-name@my-domain, then select my-domain). Choose the DNS tile from the top. Using the Add Record button, add the following records: Type, Name, Value, TTL A, mail, public ...

mikedibella

You cannot send mail to domains that use sender verification using a sender address (From: address) that does not exist at the sending domain. If you send a message From: from-name@from-domain, then a mailbox must exist in the from-domain mail servers for from-name.

mikedibella

https://docs.microsoft.com/en-us/azure/ ... nnectivity

mikedibella

The remote server you are trying to send mail to implements sender verification (https://en.wikipedia.org/wiki/Callback_verification) and the sending address MX does not host that user. To fix, only send using senders from domains that you control, and make sure that you host a mailbox for those use...

mikedibella

I missed the FileCopy and RefreshContent methods being used as a work-around for the missing load-from-file method on the Message object. I'd also suggest you run the code using the cscript.exe interpreter and not the default wscript.exe interpreter. As you've seen, wscript will throw a modal dialog...

mikedibella

I don't think this code will work. I see the code is getting the stored message filename by parsing the UndeliveredMessages property, and that a Message object is created to parse the message. This line: Set oMail = CreateObject("hMailServer.Message") Creates a new message object instance. But this ...

mikedibella

My understanding of your situation is that your legacy architecture included an on-premise Exchange server hosting mailboxes for your internal users, and additional mail-enabled endpoints that used the Exchange infrastructure as an SMTP relay to deliver messages to internal and external addresses. Y...

mikedibella

This has been covered in previous posts. Office 365 does not support external-to-external SMTP relay. This is by design. It is not a product to use for that type of mailings. If you want to route mail though Office 365 SMTP servers, either the sender or the recipient must be a local user.

mikedibella

There are other articles on this site that describe how to configure your systems so that mail sent directly (using MX record lookup) from HMS has the requisite reputation to be accepted as ham. Maybe Jim can provide a link to his favorite post on this subject. If you want HMS to deliver directly to...

mikedibella

You can achieve authenticated send with Office 365 using username/password authentication, which requires that the Sender address match the primary STMP proxy address (reply address) for the account. So if your sending appliances can support username/password AUTH, just make sure that the mail clien...

mikedibella

That error is raised when the Sender email address doesn't match the proxy address of the authenticated user. It is more difficult to configure Office 365 as a relay for any-sender to any-recipient use cases. You might want to take a look at SendGrid free tier.

mikedibella

Are you trying to submit authenticated mail to Office 365 on port 25? Office 365 accepts only local delivery on port 25. Relay mail must be submitted using port 587. https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-u...

mikedibella

Wrap the .exe in a .cmd script and use if errorlevel and exit exitCode to merge 12 and 13 into a single return value. The line

if errorlevel 12 exit 13

with exit the script and set the exitCode to 13 if the previous command exits with 12 or greater.

mikedibella

I don't think hMailServer can do that, but you could host Microsoft SMTP Service on the same machine on a custom listening port and configure it to use your Smart Host, but check the box "Attempt direct delivery before sending to smart host". Then configure hMailServer to use this local MTA as it's ...

mikedibella

Change Connection Security to STARTTLS Required. This will cause the connection to be initiated over TCP, but require STARTTLS to be completed before any other verbs can be used.

mikedibella

You could use SMTP route, but that would require another machine to do the sending

Or possibly run a different relay (i.e. MS-SMTP) on the same machine on a custom port and use a route to forward to that MTA, and then use MX lookup for next-hop.

mikedibella

For the use case I describe below, the portal needs to be published, but it doesn't store the encrypted PDF. The portal is used to generate the one-time password (OTP) to decrypt the PDF. The basic flow of an starts when an email sent to the gateway is decomposed and the body and attachments are pub...

mikedibella

I did get Ciphermail working again for PDF encryption. Let me know if you want to compare notes.

mikedibella

It has been a while since I evaluated it. I just looked at my VCB archive and the last image I took of the appliance was in 2015. So it is very possible the project as evolved/morphed into the Ciphermail appliance. I definitely remember it was offered as a virtual appliance. The UI looks a lot clean...

mikedibella

I looked at Djigzo a while back...http://freshmeat.sourceforge.net/projects/djigzo

I found the recipient UI too crude, might have matured since then.

mikedibella

This is the tool I use: https://www.nartac.com/Products/IISCrypto

mikedibella

Change connection security on port 25 from STARTTLS Required to STARTTLS Optional.

mikedibella

I also use Let's Encrypt and have had success with the instructions on this website: https://www.sslforfree.com/ The site will generate the keys for you securely on your own machine using browser extensions, so it is safe to use. Read the section about validation carefully because you can't generate...

mikedibella

The key pair generated must be used to generate the CSR that is submitted to request the certificate. The error message indicates that the private key does not match the public key in the certificate. You will need to regenerate the certificate, carefully following the steps provided in articles on ...

mikedibella

The certificate file you point to in the hMailServer configuration must have intermediates first and the leaf (server) certificate last. Assuming both of the files received from your CA are Base64 format (they have BEGIN CERTIFICATE sections), append the contents of mail_tgserver_com.crt to the end ...

mikedibella

Are you trying to enable connection security for MTA-to-MTA communications or for client-to-server communications? If you want to enable for MTA interconnections, change connection security on port 25 to STARTTLS. If you want to enable for client connections, either change connection security on por...

mikedibella

download openssl.exe and run the following command: openssl.exe pkcs12 -in file.pfx -nodes -out pem.txt Edit pem.txt and separate the sections into a certificate files and key files. Put all the certificate sections into one file with the intermediates first and leaf (server) certificate last. Put t...

mikedibella

One thing to keep in mind, when you enable the "Active Directory account" option, you are mapping the mailbox identity to the "Domain" and "User name" values provided. When the client negotiates authentication, it will provide the mailbox identity and password, and HMS will use the mapped Domain and...

mikedibella

Let me make sure I get this. You are saying that Outlook won't authenticate against HMS is unless the account configuration Email Address under User Information is the same as User Name under Login Information?

mikedibella

Let me make sure I understand the requirement. You have existing Outlook users that were using explicit credentials (not Kerberos or Integrated authentication) to log into Exchange. The explicit credentials included a user ID that matched the Active Directory UPN for the user and the user's AD passw...

mikedibella

Are you familiar with Alternative UPN Suffixes? See http://www.tutorialspoint.com/articles/ ... ory-domain.

mikedibella

If you don't own, and exercise authoritative control over, a domain, no public CA will generate a certificate for you for that domain.

mikedibella

if you want a wildcard that matches hostname.ex.geektek.com then you would enter *.ex.geektek.com in the "enter your website to secure" field and create a new TXT record with the _acme-challenge Name in the ex.geektek.com domain. Set the TTL of the record to 1 second. Wait for your secondaries to be...

mikedibella

CA: https://letsencrypt.org

I use this website for manual certificate issuance: https://www.sslforfree.com/

But I suggest you generate your own CSR locally if you aren't sure if your browser can support local key generation.

mikedibella

Is ex.geektek.com the mail domain (i.e. for the MX record Name attribute) or the server's hostname (for the MX record Data attribute)? The wildcard must match the hostname. If ex.geektek.com is the mail domain and mail.ex.geektek.com is the hostname, then you need a wildcard *.ex.geektek.com to matc...

mikedibella

Maybe:

Updates force reboot
4.1 starts first and binds port
5.6 starts can't bind
HMS starts and comms with 4.1
Disaster

Make sure you at least Disable 4.1 in SCM

mikedibella

I notice that the time between postings in the successful run is 3/100s of a second, but in the abnormal run the time differential is 1 minute and 29/100s of a second. Maybe there was some kind of failure that produced abend output?

mikedibella

Check each directory in your %PATH% for an executable named NET.EXE. If there is another executable named NET.EXE in a directory before %SYSTEMROOT%\System32, that program will be executed in your script. To fix, fully qualify the file (i.e. net -> %SYSTEMROOT%\System32\NET.EXE).

Search found 210 matches