Sub OnHELO(oClient) progress?

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
User avatar
SorenR
Senior user
Senior user
Posts: 2559
Joined: 2006-08-21 15:38
Location: Denmark

Re: RE: Re: Sub OnHELO(oClient) progress?

Post by SorenR » 2017-10-30 01:19

SorenR wrote:If you look back in your other thread you'll see in my GreyWhiteList code i am using my eventlocking to avoid violating the database constraint. ;-)
This post ==> viewtopic.php?p=199747#p199747
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2017-10-30 01:35

As to why this happens...
insomniac2k2 wrote:The google ip address that is being added is this. Notice the redundant entries that happen within milliseconds of each other.:
6060 "2017-10-29 10:39:15.920" "Message from: 74.125.82.50 mail-wm0-f50.google.com Added as to Greylist Whitelist do to match in approved list"
6560 "2017-10-29 10:39:16.639" "Message from: 74.125.82.50 mail-wm0-f50.google.com Added as to Greylist Whitelist do to match in approved list"
This is probably caused by you offering StartTLS on port 25.
other mail servers connect once, get offered StartTLS, and then connect securely, before connecting again.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

insomniac2k2
Normal user
Normal user
Posts: 53
Joined: 2016-08-09 19:47

Re: RE: Re: Sub OnHELO(oClient) progress?

Post by insomniac2k2 » 2017-10-30 02:19

Thanks SorenR. I'm aware of why you implemented that workaround. I just wanted to be sure why such a workaround would be necessary. As this is something that should be rectified in the server build. Matt's post answered my question. I did not think about StartTLS. That makes perfect sense. If i get some time, I will see what needs to be patched on the server to rectify this bug.

SorenR wrote:
SorenR wrote:If you look back in your other thread you'll see in my GreyWhiteList code i am using my eventlocking to avoid violating the database constraint. ;-)
This post ==> viewtopic.php?p=199747#p199747

insomniac2k2
Normal user
Normal user
Posts: 53
Joined: 2016-08-09 19:47

Re: Sub OnHELO(oClient) progress?

Post by insomniac2k2 » 2017-10-30 02:20

This is exactly what i was looking for. thanks!
mattg wrote:As to why this happens...
insomniac2k2 wrote:The google ip address that is being added is this. Notice the redundant entries that happen within milliseconds of each other.:
6060 "2017-10-29 10:39:15.920" "Message from: 74.125.82.50 mail-wm0-f50.google.com Added as to Greylist Whitelist do to match in approved list"
6560 "2017-10-29 10:39:16.639" "Message from: 74.125.82.50 mail-wm0-f50.google.com Added as to Greylist Whitelist do to match in approved list"
This is probably caused by you offering StartTLS on port 25.
other mail servers connect once, get offered StartTLS, and then connect securely, before connecting again.

insomniac2k2
Normal user
Normal user
Posts: 53
Joined: 2016-08-09 19:47

Re: RE: Re: Sub OnHELO(oClient) progress?

Post by insomniac2k2 » 2017-10-30 03:11

For now, until I get a chance to take a look at the server code, I just implemented some easy line parsing logic my application which will check the second to last line to see if a redundant entry is already in the Event log. If entry exists, then exit without trying to create the GreyWhitelist. Similar hack. It just offloads it from the eventhandler.

ala:
try
{
List<string> lines = File.ReadAllLines(@"C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log").ToList();
string linecheck = lines[lines.Count - 2];
if (linecheck.Contains(IP)) //this is the oClient Ip address
{
return;
}
}
catch
{
return;
}
insomniac2k2 wrote:Thanks SorenR. I'm aware of why you implemented that workaround. I just wanted to be sure why such a workaround would be necessary. As this is something that should be rectified in the server build. Matt's post answered my question. I did not think about StartTLS. That makes perfect sense. If i get some time, I will see what needs to be patched on the server to rectify this bug.

SorenR wrote:
SorenR wrote:If you look back in your other thread you'll see in my GreyWhiteList code i am using my eventlocking to avoid violating the database constraint. ;-)
This post ==> viewtopic.php?p=199747#p199747

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2017-10-30 03:23

to be honest only counting back a couple of log lines may not catch the first HELO/EHLO on a busy server, or even just a server doing something else right now
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

insomniac2k2
Normal user
Normal user
Posts: 53
Joined: 2016-08-09 19:47

Re: Sub OnHELO(oClient) progress?

Post by insomniac2k2 » 2017-10-30 04:34

I'm only counting the log lines from the event log. It should rarely see traffic. And the traffic that it does see is only the events that I am writing to it. So far, that is only ban and greywhitelist information. That and at the same moment the GreyWhiteList is called, the read will happen. The probability for issue is rare atm. It can easily be made more robust if needed.
mattg wrote:to be honest only counting back a couple of log lines may not catch the first HELO/EHLO on a busy server, or even just a server doing something else right now

insomniac2k2
Normal user
Normal user
Posts: 53
Joined: 2016-08-09 19:47

Re: Sub OnHELO(oClient) progress?

Post by insomniac2k2 » 2017-10-30 16:41

For posterity, here is a better approach to skip duplicate database entries:

Code: Select all

                        try
                        {
                            List<string> lines = File.ReadAllLines(@"C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log").ToList();
                            string myString = IP;
                            int count = lines.Count(s => myString.Contains(s));
                            if (count > 1)
                            {
                                return;
                            }
                        }
                        catch
                        {
                            return;
                        }

User avatar
SorenR
Senior user
Senior user
Posts: 2559
Joined: 2006-08-21 15:38
Location: Denmark

Re: Sub OnHELO(oClient) progress?

Post by SorenR » 2017-10-30 18:16

insomniac2k2 wrote:For posterity, here is a better approach to skip duplicate database entries:

Code: Select all

                        try
                        {
                            List<string> lines = File.ReadAllLines(@"C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log").ToList();
                            string myString = IP;
                            int count = lines.Count(s => myString.Contains(s));
                            if (count > 1)
                            {
                                return;
                            }
                        }
                        catch
                        {
                            return;
                        }
This require logging to be turned on. :|

Almost as valid as switching to SQLite due to ease of updating records... How to bypass unique record constraint in SQLite when updating/adding record:

Code: Select all

"INSERT OR IGNORE INTO ids (timestamp,ipaddress,hits) VALUES (DATETIME('NOW','LOCALTIME'),'" & sIPAddress & "'," & 0 & ");"
"UPDATE ids SET timestamp=DATETIME('NOW','LOCALTIME'), hits=(hits+1) WHERE IPAddress='" & sIPAddress & "';"
:wink:
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

insomniac2k2
Normal user
Normal user
Posts: 53
Joined: 2016-08-09 19:47

Re: Sub OnHELO(oClient) progress?

Post by insomniac2k2 » 2017-10-30 18:40

Yep, I find the logging useful. Many different ways to skin a cat. Personally, i think the real fix is in the server code. Without looking at it, i would hope that a boolean could be set if startTLS is initiated, to skip onHELO. Then allow OnHELO after the startTLS connection was initiated. This would also solve any other issues with script and update redundancies.

We shouldn't be writing workaround code at all for this type of stuff IMO.
SorenR wrote:
insomniac2k2 wrote:For posterity, here is a better approach to skip duplicate database entries:

Code: Select all

                        try
                        {
                            List<string> lines = File.ReadAllLines(@"C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log").ToList();
                            string myString = IP;
                            int count = lines.Count(s => myString.Contains(s));
                            if (count > 1)
                            {
                                return;
                            }
                        }
                        catch
                        {
                            return;
                        }
This require logging to be turned on. :|

Almost as valid as switching to SQLite due to ease of updating records... How to bypass unique record constraint in SQLite when updating/adding record:

Code: Select all

"INSERT OR IGNORE INTO ids (timestamp,ipaddress,hits) VALUES (DATETIME('NOW','LOCALTIME'),'" & sIPAddress & "'," & 0 & ");"
"UPDATE ids SET timestamp=DATETIME('NOW','LOCALTIME'), hits=(hits+1) WHERE IPAddress='" & sIPAddress & "';"
:wink:

User avatar
SorenR
Senior user
Senior user
Posts: 2559
Joined: 2006-08-21 15:38
Location: Denmark

Re: Sub OnHELO(oClient) progress?

Post by SorenR » 2017-10-30 19:08

insomniac2k2 wrote:Yep, I find the logging useful. Many different ways to skin a cat. Personally, i think the real fix is in the server code. Without looking at it, i would hope that a boolean could be set if startTLS is initiated, to skip onHELO. Then allow OnHELO after the startTLS connection was initiated. This would also solve any other issues with script and update redundancies.
What if sender do not support STARTTLS ?
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

insomniac2k2
Normal user
Normal user
Posts: 53
Joined: 2016-08-09 19:47

Re: Sub OnHELO(oClient) progress?

Post by insomniac2k2 » 2017-10-30 19:28

Then the bool wouldn't be set, and OnHELO sub would process.

I suppose the easier way would be to process OnHELO on first connect and omit running OnHELO in startTLS.
SorenR wrote:
insomniac2k2 wrote:Yep, I find the logging useful. Many different ways to skin a cat. Personally, i think the real fix is in the server code. Without looking at it, i would hope that a boolean could be set if startTLS is initiated, to skip onHELO. Then allow OnHELO after the startTLS connection was initiated. This would also solve any other issues with script and update redundancies.
What if sender do not support STARTTLS ?

User avatar
SorenR
Senior user
Senior user
Posts: 2559
Joined: 2006-08-21 15:38
Location: Denmark

Re: Sub OnHELO(oClient) progress?

Post by SorenR » 2017-10-30 19:47

insomniac2k2 wrote:Then the bool wouldn't be set, and OnHELO sub would process.

I suppose the easier way would be to process OnHELO on first connect and omit running OnHELO in startTLS.
SorenR wrote:
insomniac2k2 wrote:Yep, I find the logging useful. Many different ways to skin a cat. Personally, i think the real fix is in the server code. Without looking at it, i would hope that a boolean could be set if startTLS is initiated, to skip onHELO. Then allow OnHELO after the startTLS connection was initiated. This would also solve any other issues with script and update redundancies.
What if sender do not support STARTTLS ?
Port 25 is used for server - server kommunication and I believe it is generally a bad idea to inforce TLS on this port until the rest of the world support it 100%. I don't use TLS at all and I can send/receive mal OK. :wink:

GreyWhitelisting is not for clients so by checking oClient.Port = 25 you bypass the code for your port 587 TLS and 465 SSL connections.
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

insomniac2k2
Normal user
Normal user
Posts: 53
Joined: 2016-08-09 19:47

Re: Sub OnHELO(oClient) progress?

Post by insomniac2k2 » 2017-10-30 19:59

Now that's the best one yet. I did not think about doing a port check at all! Ill throw that check in and omit the workaround to test. This would be the most efficient use of resources.

EDIT: I believe i spoke too soon. I believe that StartTLS just escalates SSL communication on port 25. Thus resetting the connection and causing an additional OnHELO. Brain fart moment!
SorenR wrote:
insomniac2k2 wrote:Then the bool wouldn't be set, and OnHELO sub would process.

I suppose the easier way would be to process OnHELO on first connect and omit running OnHELO in startTLS.
SorenR wrote: What if sender do not support STARTTLS ?
Port 25 is used for server - server kommunication and I believe it is generally a bad idea to inforce TLS on this port until the rest of the world support it 100%. I don't use TLS at all and I can send/receive mal OK. :wink:

GreyWhitelisting is not for clients so by checking oClient.Port = 25 you bypass the code for your port 587 TLS and 465 SSL connections.

insomniac2k2
Normal user
Normal user
Posts: 53
Joined: 2016-08-09 19:47

Re: Sub OnHELO(oClient) progress?

Post by insomniac2k2 » 2017-11-01 18:18

I figure if I am going to post code on the internet, it should work. If anyone is referencing my log parsing code that i posted above, below would be a better way of doing it:

Code: Select all

                            List<string> found = new List<string>();
                            string line;
                            var lineCount = 0;
                            using (StreamReader file = new StreamReader(@"C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log"))
                            {
                                while ((line = file.ReadLine()) != null)
                                {
                                    if (line.Contains(IP))
                                    {
                                        lineCount++;
                                    }
                                }
                            }
                            if (lineCount > 0)
                            {
                                return;
                            }
For my purposes, I also added logging to come from ProxyAuth instead of Hmail Event logging. Mainly because I do not have control on whether or not a redundant record gets logged (If something matches the criteria, it logs regardless of whether or not an IP address is being added to the GreyWhitelist.)

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2017-11-02 02:19

What I'd like to see (RVHD and SorenR) is there be some sort of information detailing the SSL statuses of a connection being made available via the API

Something like
(and possibly more widely available than just in this OnHELO sub)
Properties
oClient.encrypted (True|False)
oClient.SSLTLSVersion (SSLv3.0|TLSv1.0|TLSv1.1|TLSv1.2)
oClient.cipherused (cipher)
oClient.certificateName (name)
oClient.certValidated (True|False) - was the cert validated by hMailserver

Method
oClient.ForceCertValidation

Currently this is only available via the logs, which makes it impossible to use in real time. If I had API access I could script some more things
I'd like to do things like spam score based on these properties
Force certificate validation if spam score between 10 and 20, or even just above say 10
Only allow a single known IP/User to use SSLv3.0
not allow downgrading of TLS version during a connection
Only allow Outlook.com connections via TLSv1.2
etc
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

insomniac2k2
Normal user
Normal user
Posts: 53
Joined: 2016-08-09 19:47

Re: Sub OnHELO(oClient) progress?

Post by insomniac2k2 » 2017-11-11 17:50

I like those options, but they are likely a lot of work for a little payoff (guessing about implied code changes).

I'm curious about why after you spam score something so high, why would you need to verify their cert? Why not just reject them?
mattg wrote:What I'd like to see (RVHD and SorenR) is there be some sort of information detailing the SSL statuses of a connection being made available via the API

Something like
(and possibly more widely available than just in this OnHELO sub)
Properties
oClient.encrypted (True|False)
oClient.SSLTLSVersion (SSLv3.0|TLSv1.0|TLSv1.1|TLSv1.2)
oClient.cipherused (cipher)
oClient.certificateName (name)
oClient.certValidated (True|False) - was the cert validated by hMailserver

Method
oClient.ForceCertValidation

Currently this is only available via the logs, which makes it impossible to use in real time. If I had API access I could script some more things
I'd like to do things like spam score based on these properties
Force certificate validation if spam score between 10 and 20, or even just above say 10
Only allow a single known IP/User to use SSLv3.0
not allow downgrading of TLS version during a connection
Only allow Outlook.com connections via TLSv1.2
etc

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2017-11-12 00:37

My spam scoring system is extremely customised, one of my SpamAssassin rules adds 2.2 for no reason other than to make the scores closer to what matches my hmailserver scores.
Another SpamAssassin rule adds 30 for ClamAV + SaneSecurity fails (This is typically malware attachments)

I normally reject mail above 15 (via onAcceptMessage script on my system), and I am currently ALSO adding an Autoban for scores above 25
After a a couple of weeks with these high SPAM scores getting an autoban for a week - I have some ~370 addresses autobanned due to high SPAM Score.

Next time they connect, they just get simply blocked.

Most SPAM to my system arrives from StartTLS connections with valid DKIM and SPF records. I'd like to **selectively** validate the cert used for StartTLS too, and then spam score against the result.
They may all use valid SSL certs, but at the moment, I've really got no way to tell. I also have one machine (a security camera) that will ONLY use SSLv3.0. This camera is on a static IP address and I'd like to allow that, but ban all other IPs from using SSLv3.0 as it is compromised.

The only way presently that I can see if a connection was StartTLS or not is to check my logs after the connection. Bit late then to do anything with the information.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2017-11-12 00:52

Just checked my logs again

I have actually blocked SSLv3.0 as the camera mentioned above no longer sends via my server
Only 3 IPs have connected via TLSv1.1 so far this month. One of these I have received 8 messages from - so a regular sender (and yes I checked which sender)
I have quite a few that connect via TLSv1.0, including Facebook, and my youngest daughter who has my old (now forth hand) iPhone 4s. Newer iPhones seem to use TLSv1.2

As an aside, I force TLSv1.2 on all of my Apache hosted websites, and found a stock Internet Explorer ver11 on a Windows Embedded HP thin client the other day that was capable of using TLSv1.2, but had TLSv1.1 and TLSv1.2 disabled, but allowed SSLv2.0 and SSLv3.0, and so connection failed. I'm trying to find a way to show different pages based on SSL/TLS level used, or even a default connection failed page - but this is proving to be hard.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

insomniac2k2
Normal user
Normal user
Posts: 53
Joined: 2016-08-09 19:47

Re: Sub OnHELO(oClient) progress?

Post by insomniac2k2 » 2017-11-14 06:27

Gotcha. I see that I pretty much have the same configuration as you do. From what you posted, you are using this? https://wiki.apache.org/spamassassin/Cl ... ipleScores

If so, you have my exact same configuration. I score virus as 50 and malware of 10. Anything over 10 i am presently discarding. In the future I will be blocking the sender, etc. I'm quite happy with the way im configured. I cannot recall the last spam message I have received :)

I like the thought of discarding more connections. I certainly would reduce the load on our servers.
mattg wrote:My spam scoring system is extremely customised, one of my SpamAssassin rules adds 2.2 for no reason other than to make the scores closer to what matches my hmailserver scores.
Another SpamAssassin rule adds 30 for ClamAV + SaneSecurity fails (This is typically malware attachments)

I normally reject mail above 15 (via onAcceptMessage script on my system), and I am currently ALSO adding an Autoban for scores above 25
After a a couple of weeks with these high SPAM scores getting an autoban for a week - I have some ~370 addresses autobanned due to high SPAM Score.

Next time they connect, they just get simply blocked.

Most SPAM to my system arrives from StartTLS connections with valid DKIM and SPF records. I'd like to **selectively** validate the cert used for StartTLS too, and then spam score against the result.
They may all use valid SSL certs, but at the moment, I've really got no way to tell. I also have one machine (a security camera) that will ONLY use SSLv3.0. This camera is on a static IP address and I'd like to allow that, but ban all other IPs from using SSLv3.0 as it is compromised.

The only way presently that I can see if a connection was StartTLS or not is to check my logs after the connection. Bit late then to do anything with the information.

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2017-11-14 08:05

insomniac2k2 wrote:Gotcha. I see that I pretty much have the same configuration as you do. From what you posted, you are using this? https://wiki.apache.org/spamassassin/Cl ... ipleScores
Yep
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2017-11-16 03:16

mattg wrote:After a couple of weeks with these high SPAM scores getting an autoban for a week - I have some ~370 addresses autobanned due to high SPAM Score.
Now Autobanning at 22 or up (as opposed to 25 when posted above), with no upper limit (I was rejecting outright at 100 and above, have now had 2 mail messages score more than 100 points), and and I have some ~210 addresses autobanned due to high score

From 370 down to 210
I'm getting significantly less spam senders

so why?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 7420
Joined: 2011-09-08 17:48

Re: Sub OnHELO(oClient) progress?

Post by jimimaseye » 2017-11-16 09:36

Most spam is sent from infected spambots and those are mostly on peoples work PC's. This is obvious by the fact that the levels drop significantly (to almost non-existent) during public holidays (such as Christmas etc) only to resume in anger on Monday mornings or the first working day back. Also I have noticed that they go in fits-and-starts which I believe to being the ISP/hosting networks uncovering and shutting down the suych bots as well as the AV solutions followingand eventually catching up with their definitions.

This I conclude after watching over recent years. And you can be sure that your lower numbers will, one day, have a surge again when some dick out there releases some new virus/spambot going undetected for a while before getting shutdown some months after.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2017-11-17 00:06

And 24 hours later, down to about 155, with 11 new ones added in that time

These are 7 day bans, so my total count is last 7 days

And yes I expect that you a correct

(I'm going to find some way to graph / plot these I reckon)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
RvdH
Senior user
Senior user
Posts: 575
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2017-12-22 23:31

5.6.7-B2425.15
This is the latest beta Version 5.6.7 - Build 2425 (2017-12-14)

Plus:
  • Supports Sub OnHELO(oClient) event, issue #153
  • Fixed Incorrect DEBUG logging for event 'OnDeliverMessage', issue #181
  • Include HTMLBody into IMAP TEXT search, pull #193
  • Fixed implicit conversion: "int" to "unsigned char" pull #204
  • Faulty: SMTP 'Disconnect client after too many invalid commands' pull issue #160
  • SMTP server error "550 Unsupported ESMTP extension" on MAIL FROM:... AUTH=<> [with fix] issue #164
  • Removed warning if backup was more than 1,5GB and 15GB limit. There's no longer a recommended max-size - the time will vary with the installation size. issue #69
  • Speed up 'update hm_messages set messageflags' issue #221
  • Treat authenticated users as localsender if the sender is authenticated and AuthUserIsLocal=1 INI setting Office 2016 Bug
  • Add Return-Path header as topmost header before sending the message to SA (+ delete Return-Path header after the SA check completes) issue #116
  • Experimental eventhandler OnClientLogon(oClient), New ClientInfo property oClient.Authenticated (Boolean)
  • Handling of long UIDL response lists was too slow. issue #93
  • When calling SpamAssassin and there was a connection failure, sometimes temporary files were left behind issue #100
  • SURBL detection properly fails to detect url's ending with a query string issue #108
  • If a route is set up, but the recipient does not match an address in the route address list, the domain catch-all should be used if specified. issue #74
5.6.7-B2425.15.7z
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
RvdH
Senior user
Senior user
Posts: 575
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2017-12-24 13:04

5.6.7-B2425.15.1.7z

Little bug fix, forgot to include ErrorManager messages for SURBL and FileUtilities
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2017-12-30 03:14

Since installed this latest built the other day, My server has commenced 'shutdown' at 5:40 am, and stopped accepting new connections. About a half minute after doing a POP3 external download.
I'll go back one version.

(No other changes - Thanks RvHD for the builds)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
RvdH
Senior user
Senior user
Posts: 575
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2017-12-30 16:28

You have had the same thing happened to you earlier, isn't?

I (still) can hardly believe this has something to do with these changes as i never experienced something like this, and yes i use external download as well
You appended the file locking thingy to your scripts?
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2018-01-01 01:34

Happened again with an earlier build.

And yes same as I had before-
I'll go back to your current build and try again with my eventhandlers.vbs, checking the lock file conditions
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2018-01-01 02:21

Definitely at my end.

I have a scheduled task that runs daily and backups up my hMailserver, zipping messages by domain, and dumping MySQL tables etc.
I've been doing that for years without much change - it works.

I've recently switched to Lets Encrypt certificates, that are created automatically by my web server.
In hMailserver I link to a folder on the web server where these are stored. Works great.

To be sure that the latest cert is always loaded, at the end of my scheduled task for backup, I added an extra action of running this script. The scheduled task doesn't complete. The scheduled task is run as my usual desktop user, and the script ALWAYS runs fine when manually run. Any ideas about why it sometimes fails when run as a scheduled task 'action'.

This is intended to pause and re-start the hmailserver, as opposed to restarting the service which I don't want to do as I leave the Admin GUI open.

Code: Select all

Option Explicit

Private const g_sAdminPassword = "TopSecretPassword"

Dim oApp
Set oApp = CreateObject("hMailServer.Application")
' Give this script permission to access all
' hMailServer settings.
Call oApp.Authenticate("Administrator", g_sAdminPassword)

Call oApp.Stop
Wait(5)
Call oApp.Start


Function Wait(sec)
	Dim t
	t = Timer
	Do While ((Timer - t) < sec) Xor (Timer < t)
	Loop
End Function
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
RvdH
Senior user
Senior user
Posts: 575
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2018-01-04 23:14

I think it is your Wait() function causing issues, i have been using that pure vbscript approach myself in the past and it gave me nothing but trouble (examples: running longer as defined, or even running infinitely)

Better use something like sorenr posted, eg;

Code: Select all

Function Wait(sec)
  With CreateObject("WScript.Shell")
	 .Run "timeout /T " & Int(sec), 0, True
	  ' REM .Run "sleep -m " & Int(sec * 1000), 0, True
	  ' REM .Run "powershell Start-Sleep -Milliseconds " & Int(sec * 1000), 0, True
  End With
End Function
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
RvdH
Senior user
Senior user
Posts: 575
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2018-01-21 11:30

@mattg

Dis you try using a Wait() function alternative? Did that solve it?
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2018-01-21 13:06

G'day RvdH

Yes I did change to that version of Wait, and hadn't had an issue until about 48 hours ago when I've had a single failure.
I'm working on finding out when it happens by checking the last 15 lines of the log and if they all say 'No message to index" then I'll reboot the hmailserver service . Not quite got it working yet but close.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

adrianmihai83
New user
New user
Posts: 14
Joined: 2018-01-26 17:19

Re: Sub OnHELO(oClient) progress?

Post by adrianmihai83 » 2018-01-28 11:13

Arrived here after searching for ylmf-pc attack and OnHELLO implementation. I am interested in using a version of SorenR script detailed here: viewtopic.php?t=30271#p189317 and here: viewtopic.php?f=2&t=30965&p=193666&hili ... an#p193666

Just updated to the latest beta official update (hMailServer 5.6.7 - Build 2425 (BETA)) and was going to modify it with latest RavdH implementation of code when I saw mattg message here and was wondering if there is a problem with the latest unofficial update. Should I go with one version before this?

User avatar
jimimaseye
Moderator
Moderator
Posts: 7420
Joined: 2011-09-08 17:48

Re: Sub OnHELO(oClient) progress?

Post by jimimaseye » 2018-01-28 12:07

I would say there is no problem with these builds as he is very careful to implement changes that have been passed and proven by the author in upcoming beta and 5.7 release. Matt's problem is isolated and is unclear on what the cause is but is likely to be specific to his setup/scripts (he is monitoring and investigating). Others are also using both Sorens suggested script and this ed executable offered by rvhd without a problem. You could save time and simply install this 5.6.7-B2425.15 version instead of modifying your own (from beta) to benefit from all the fixes and mods.

Whatever your choice is the Onhelo is proven ok.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

adrianmihai83
New user
New user
Posts: 14
Joined: 2018-01-26 17:19

Re: Sub OnHELO(oClient) progress?

Post by adrianmihai83 » 2018-01-28 12:15

Thank you, downloading RavdH latest version right away :). Autoban from SorenR is simply brilliant, will search for examples of OnHELLO sub to call autoban, saw a couple of topics here with different implementations, I can only say thanks for all of you that put hard work into making and maintaining this.

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2018-01-28 16:00

jimimaseye wrote:Matt's problem is isolated and is unclear on what the cause is but is likely to be specific to his setup/scripts (he is monitoring and investigating)..
Definitely my end

I have a very customised system with lots of waits in my scripts. I currently think it is my waits that are causing my very occasional issue. I also use a hidden setting to hold banned IP addresses.

Just a thought, I'll bet not many people use this .ini setting

Code: Select all

BlockedIPHoldSeconds=20
; Number of seconds to wait before dropping the connection of an IP range banned IP
; Default is 0 or disabled if not defined
in the code I see that this triggers a sleep function that may well have the same issues as my old wait function...

What do you think RvHD??

https://github.com/hmailserver/hmailser ... Server.cpp line 204-209

Code: Select all

            if (iBlockedIPHoldSeconds > 0)
            {
               Sleep(iBlockedIPHoldSeconds * 1000);
               message.Format(_T("Held connection from %s for %i seconds before dropping."), String(remoteAddress.ToString()).c_str(), iBlockedIPHoldSeconds);
               LOG_DEBUG(message);
            }
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

adrianmihai83
New user
New user
Posts: 14
Joined: 2018-01-26 17:19

Re: Sub OnHELO(oClient) progress?

Post by adrianmihai83 » 2018-01-28 16:09

Well, seams like I cannot edit my previous post. Like a breeze, just replacing 4 files and I am up and running and things look ok.

Script is basically SorenR's version:

Code: Select all

Sub OnClientConnect(oClient)
	If(Left(oClient.IPAddress, 8) = "127.0.0.") Then Exit Sub ' Webmail should not wait
	If(Left(oClient.IPAddress, 8) = "10.2.14.") Then Exit Sub ' Local LAN should not wait
	'If(Left(oClient.IPAddress, 10) = "80.160.77.") Then Exit Sub ' Backup-MX should not wait
	If(oClient.Port = 25) Then Wait(20) ' Make everyone else wait - BOTs usually give up waiting
End Sub


Sub OnHELO(oClient)
	If(Left(oClient.IPAddress, 8) = "127.0.0.") Then Exit Sub
	If(Left(oClient.IPAddress, 8) = "10.2.14.") Then Exit Sub
	'If(Left(oClient.IPAddress, 10) = "80.160.77.") Then Exit Sub
	Dim oRegEx
	Set oRegEx = CreateObject("VBScript.RegExp")
	oRegEx.IgnoreCase = True
	oRegEx.Global = False

	oRegEx.Pattern = "^(User)$|^(ylmf-pc)$|^(Welcome-PC)$|^(THP-PC)$|^(Administrator)$|^(localhost\.localdomain)$|^(127\.0\.0\.1)$"
	If oRegEx.Test(oClient.HELO) Then Call AutoBan(oClient.IPAddress, oClient.HELO, 2, "d")

	Set oRegEx = Nothing
End Sub


Sub AutoBan(sIPAddress, sReason, iDuration, sType)
'
'     sType can be one of the following;
'
'     "yyyy" Year, "m" Month, "d" Day, "h" Hour, "n" Minute, "s" Second
'
'     Cports can be obtained here -> http://www.nirsoft.net/utils/cports.html
'
  Dim oApp : Set oApp = CreateObject("hMailServer.Application")
  Call oApp.Authenticate("*****", "*******")
  With LockFile("c:\hmailserver\temp\autoban.lck")
	 On Error Resume Next
	 oApp.Settings.SecurityRanges.Refresh
	 If (oApp.Settings.SecurityRanges.ItemByName("(" & sReason & ") " & sIPAddress) Is Nothing) Then
		With oApp.Settings.SecurityRanges.Add
		   .Name = "(" & sReason & ") " & IPAddress
		   .LowerIP = sIPAddress
		   .UpperIP = sIPAddress
		   .Priority = 20
		   .Expires = True
		   .ExpiresTime = DateAdd(sType, iDuration, Now())
		   .Save
		End With
	 End If
	 oApp.Settings.SecurityRanges.Refresh
	 On Error Goto 0
	 .Close
  End With
  With CreateObject("WScript.Shell")
	 .Run "CPorts /close * * " & sIPAddress & " *", 0, True
  End With
End Sub

Function LockFile(strPath)
  Const Append = 8
  Const Unicode = -1
  With CreateObject("Scripting.FileSystemObject")
	 Dim oFile, i
	 For i = 0 To 30
		On Error Resume Next
		Set oFile = .OpenTextFile(strPath, Append, True, Unicode)
		If (Not Err.Number = 70) Then
		   Set LockFile = oFile
		   On Error Goto 0
		   Exit For
		End If
		On Error Goto 0
		Wait(1)
	 Next
  End With
  Set oFile = Nothing
  If (Err.Number = 70) Then
	 EventLog.Write("ERROR: EventHandlers.vbs")
	 EventLog.Write("File " & strPath & " is locked and timeout was exceeded.")
	 Err.Clear
  ElseIf (Err.Number <> 0) Then
	 EventLog.Write("ERROR: EventHandlers.vbs : Function LockFile")
	 EventLog.Write("Error       : " & Err.Number)
	 EventLog.Write("Error (hex) : 0x" & Hex(Err.Number))
	 EventLog.Write("Source      : " & Err.Source)
	 EventLog.Write("Description : " & Err.Description)
	 Err.Clear
  End If
End Function

Function Wait(sec)
  With CreateObject("WScript.Shell")
	 .Run "timeout /T " & Int(sec), 0, True
'        .Run "sleep -m " & Int(sec * 1000), 0, True
'        .Run "powershell Start-Sleep -Milliseconds " & Int(sec * 1000), 0, True
  End With
End Function
Wait(20) is working perfectly, I see a lot of one line activity in log :) from bots that do not wait

Code: Select all

"SMTPD"	8612	353	"2018-01-28 15:18:17.170"	"115.78.100.5"	"SENT: 220 mail.fsgaz.ro ESMTP"
"SMTPD"	8132	357	"2018-01-28 15:19:05.171"	"122.164.52.36"	"SENT: 220 mail.fsgaz.ro ESMTP"
"SMTPD"	6288	356	"2018-01-28 15:19:05.171"	"79.178.109.7"	"SENT: 220 mail.fsgaz.ro ESMTP"
"SMTPD"	8612	355	"2018-01-28 15:19:05.171"	"118.71.89.199"	"SENT: 220 mail.fsgaz.ro ESMTP"
"SMTPD"	8132	358	"2018-01-28 15:20:00.209"	"93.174.93.46"	"SENT: 220 mail.fsgaz.ro ESMTP"
"SMTPD"	8132	360	"2018-01-28 15:20:36.167"	"181.174.44.23"	"SENT: 220 mail.fsgaz.ro ESMTP"
Any advice and comments about adding something (or taking out) are well received :)

User avatar
SorenR
Senior user
Senior user
Posts: 2559
Joined: 2006-08-21 15:38
Location: Denmark

Re: Sub OnHELO(oClient) progress?

Post by SorenR » 2018-01-28 19:17

Once you have the basics running you'll figure it out by monitoring your logfiles. Every environment is different i.e. it is unlikely we share the same bots/spammers so... dig into your logs and go from there.
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2018-01-30 12:19

Hey RvdH,

I've just added a domain and host two accounts for that domain, and the rest are at the ISP of the client.
Normally I'd just set up a route for the domain and select when sender matches route treat as 'Remote' and this would allow someone else from that domain send me mail at my domain also hosted on my hMailserver.

Today this isn't working...
They use Outlook2010 as mail client

I tried the ini setting 'AuthUserIsLocal=' as both 1 and 0 without change

The only way that I could get it to work was to allow local to local without AUTH on the appropriate IP range.
Could this have something to do with the route changes that you have made?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
RvdH
Senior user
Senior user
Posts: 575
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2018-02-01 00:34

'AuthUserIsLocal' is basically only for Outlook 2016 Read receipts send out by clients, Outlook 2016 apparently sends these without 'FromAddress' header

issue #74 maybe? Don't (yet) use this myself...
Do you have a catch-all account locally for that domain?
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2018-02-01 01:39

RvdH wrote:issue #74 maybe? Don't (yet) use this myself...
Do you have a catch-all account locally for that domain?
No catchall for that domain.

I can roll back to the official build to see if the issue exists there. I normally don't use this functionality, but found a need this week.
I did find a recent user post stating the same issue with the official builds - so perhaps it is a real bug.
viewtopic.php?f=7&t=32256&p=201556#p201556

Does anyone routinely use routes for partially hosted domains?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
RvdH
Senior user
Senior user
Posts: 575
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2018-03-31 10:21

Current version(s): 5.6.7-B2425.16 / 5.6.8-B2431.16

Latest (production) version 5.6.7 - Build 2425 (2017-12-14)
Latest (beta) version 5.6.8 - Build 2431 (2018-03-27)

Plus:
  1. Supports Sub OnHELO(oClient) event, issue #153
  2. Fixed Incorrect DEBUG logging for event 'OnDeliverMessage', issue #181
  3. Include HTMLBody into IMAP TEXT search, pull #193
  4. Fixed implicit conversion: "int" to "unsigned char" pull #204
  5. Faulty: SMTP 'Disconnect client after too many invalid commands' pull issue #160
  6. SMTP server error "550 Unsupported ESMTP extension" on MAIL FROM:... AUTH=<> [with fix] issue #164
  7. Removed warning if backup was more than 1,5GB and 15GB limit. There's no longer a recommended max-size - the time will vary with the installation size. issue #69
  8. Speed up 'update hm_messages set messageflags' issue #221
  9. Treat authenticated users as localsender if the sender is authenticated and AuthUserIsLocal=1 INI setting Office 2016 Bug
  10. Add Return-Path header as topmost header before sending the message to SA (+ delete Return-Path header after the SA check completes) issue #116
  11. Experimental eventhandler OnClientLogon(oClient), New ClientInfo property oClient.Authenticated (Boolean)
  12. Handling of long UIDL response lists was too slow. issue #93
  13. When calling SpamAssassin and there was a connection failure, sometimes temporary files were left behind issue #100
  14. SURBL detection properly fails to detect url's ending with a query string issue #108
  15. If a route is set up, but the recipient does not match an address in the route address list, the domain catch-all should be used if specified. issue #74
  16. Fix ExternalFetcher DELE when no RETR, pull pull #254
Just install the latest production and/or beta version from here, then download corresponding package below and overwrite files in 'bin' directory

5.6.7-B2425.16.7z

5.6.8-B2431.16.7z
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

palinka
Senior user
Senior user
Posts: 359
Joined: 2017-09-12 17:57

Re: Sub OnHELO(oClient) progress?

Post by palinka » 2018-04-19 00:19

RvdH wrote:
2018-03-31 10:21
[*]Include HTMLBody into IMAP TEXT search, pull #193
Hi. Would you please elaborate on this? It's unclear to me exactly what this means. Is hms now indexing the body content of emails into the database? Thanks.

User avatar
RvdH
Senior user
Senior user
Posts: 575
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2018-04-19 11:19

That instead of the client searching only in the plain text message body it also searches in the html message body (if it exists)

Totally unrelated to message indexing
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

palinka
Senior user
Senior user
Posts: 359
Joined: 2017-09-12 17:57

Re: Sub OnHELO(oClient) progress?

Post by palinka » 2018-04-19 12:36

That's what I thought. Thank you for the update.

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2018-05-21 23:57

Hey RvdH, can I make a request for a patch please
https://github.com/hmailserver/hmailserver/issues/229

This is an issue for our friends in the USA who will be chasing PCI compliance by 30 June 2018. Also a good thing for the rest of us.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 7420
Joined: 2011-09-08 17:48

Re: Sub OnHELO(oClient) progress?

Post by jimimaseye » 2018-05-22 00:24

RvdH wrote:
2018-03-31 10:21

[*]If a route is set up, but the recipient does not match an address in the route address list, the domain catch-all should be used if specified. issue #74

It should be noted that there is an issue with this particular fix - it isn't a perfect. See issue #200
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 7420
Joined: 2011-09-08 17:48

Re: Sub OnHELO(oClient) progress?

Post by jimimaseye » 2018-08-21 08:56

@RvdH: Martin made another version on 27 July with a couple of extra fixes/mods but hasnt published them on the official BETA download page.

2437 Success View knafve (1) 27 Jul 18 13:54 5m:20s hmailbuild

https://build.hmailserver.com/project.h ... branches__
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2018-08-23 02:11

B2437?? RvdH is all over it, I've been running RvdH's build of that version since the 8th Aug when I saw on RvdH's download page
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 7420
Joined: 2011-09-08 17:48

Re: Sub OnHELO(oClient) progress?

Post by jimimaseye » 2018-08-23 08:43

RvdH's download page? Where is that then?

(The above thread page's postings only refers to B2431:
RvdH wrote:
2018-03-31 10:21
Current version(s): 5.6.7-B2425.16 / 5.6.8-B2431.16

5.6.7-B2425.16.7z

5.6.8-B2431.16.7z
all on 31st MArch (long before the update Martin did I pointed to).

EDIT: Maybe you are pointing to https://d-fault.nl /files/ ? (edited to prevent direct link). I see it now. (He never updated this thread accordingly to inform people).
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2018-08-23 11:35

Yep...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
RvdH
Senior user
Senior user
Posts: 575
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2018-08-23 13:23

That was intentionally, as Martin never posted these as Beta on the download page, eg: https://www.hmailserver.com/changelog/?version=5.6.8

I imagined if one can find the unofficial betas from martin they also could find the unofficial builds with fixes by me ;)
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2018-08-24 00:18

That's about my thought too

Can I say again RvdH, LOVE using your builds. Thanks
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

porcupine
Normal user
Normal user
Posts: 40
Joined: 2007-03-12 09:02

Re: Sub OnHELO(oClient) progress?

Post by porcupine » 2018-09-27 05:34

Thanks for the work on this, I really like the OnClientLogon event for logging login attempts. Any chance to allow a return result like onClientConnect? I have some cases where I do not want a specific account to be accessed by a specific IP, but allow that IP to access other accounts:
https://www.hmailserver.com/documentati ... entconnect

Having the option to specify Result.Value = 1 would solve that for my scenario.

thanks

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2018-09-27 07:24

Isn't after they have logged on too late to stop them from logging on?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

porcupine
Normal user
Normal user
Posts: 40
Joined: 2007-03-12 09:02

Re: Sub OnHELO(oClient) progress?

Post by porcupine » 2018-09-27 08:51

Indeed, its the chicken & egg, OnClientConnect doesn't yet know the username and OnClientLogon doesn't have the return Result feature. I would like to block further activity for a specific user from a specific IP but I don't want to block all users from that IP address.

thanks

User avatar
RvdH
Senior user
Senior user
Posts: 575
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2018-09-27 10:16

porcupine wrote:
2018-09-27 08:51
Indeed, its the chicken & egg, OnClientConnect doesn't yet know the username and OnClientLogon doesn't have the return Result feature. I would like to block further activity for a specific user from a specific IP but I don't want to block all users from that IP address.

thanks
I will try and see what i can do with return values whenever i have some spare time...i think i left it out on purpose as this needs to be handled in SMTP, IMAP and POP protocols

In the meantime can't you simply disconnect them?

Code: Select all

Function Disconnect(sIPAddress)
	With CreateObject("WScript.Shell")
	        REM .Run """C:\Program Files (x86)\hMailServer\Events\CPorts.exe"" /close * * " & sIPAddress & " *", 0, True
		.Run """C:\Program Files (x86)\hMailServer\Events\Disconnect.exe"" " & sIPAddress & "", 0, True
		REM EventLog.Write("Disconnect.exe " & sIPAddress & "")
	End With
End Function
In you eventhandlers you can call the function like: Disconnect(oClient.IPAddress)

Disconnect.zip
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
mattg
Moderator
Moderator
Posts: 18884
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Sub OnHELO(oClient) progress?

Post by mattg » 2018-09-27 10:48

Did you create that disconnect.exe?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

porcupine
Normal user
Normal user
Posts: 40
Joined: 2007-03-12 09:02

Re: Sub OnHELO(oClient) progress?

Post by porcupine » 2018-09-27 11:43

Thanks, I understand the complexities of bringing in the protocol to close the connection cleanly. Disconnect.exe could conflict with another user if its the same IP address, but that might be OK in this context, I'll give it a try.

Post Reply