Sub OnHELO(oClient) progress?

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
User avatar
RvdH
Senior user
Senior user
Posts: 2317
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2022-08-18 11:00

Latest is 5.6.9-B2602.49
Simply install the latest production and/or beta artifact from the URL below, then copy and overwrite files in this archive in hmailserver '/bin' directory
https://build.hmailserver.com/viewLog.h ... =artifacts (login as guest)
  1. Added: OnHELO(oClient) event, issue #153
  2. Fix: Incorrect DEBUG logging for event 'OnDeliverMessage', issue #181
  3. Added: Include HTMLBody into IMAP TEXT search, pull #193
  4. Fix: implicit conversion: "int" to "unsigned char" pull #204
  5. Fix: Faulty SMTP 'Disconnect client after too many invalid commands' pull issue #160
  6. Fix: SMTP server error "550 Unsupported ESMTP extension" on MAIL FROM:... AUTH=<> [with fix] issue #164
  7. Fix: Removed warning if backup was more than 1,5GB and 15GB limit. There's no longer a recommended max-size - the time will vary with the installation size. issue #69
  8. Fix: Speed up 'update hm_messages set messageflags' issue #221
  9. A̶d̶d̶e̶d̶:̶ ̶t̶h̶r̶e̶a̶t̶ ̶a̶u̶t̶h̶e̶n̶t̶i̶c̶a̶t̶e̶d̶ ̶u̶s̶e̶r̶s̶ ̶a̶s̶ ̶l̶o̶c̶a̶l̶s̶e̶n̶d̶e̶r̶ ̶i̶f̶ ̶t̶h̶e̶ ̶s̶e̶n̶d̶e̶r̶ ̶i̶s̶ ̶a̶u̶t̶h̶e̶n̶t̶i̶c̶a̶t̶e̶d̶ ̶a̶n̶d̶ ̶A̶u̶t̶h̶U̶s̶e̶r̶I̶s̶L̶o̶c̶a̶l̶=̶1̶ ̶I̶N̶I̶ ̶s̶e̶t̶t̶i̶n̶g̶ ̶O̶f̶f̶i̶c̶e̶ ̶2̶0̶1̶6̶/̶2̶0̶1̶9̶ ̶B̶u̶g̶
  10. Added: Return-Path header as topmost header before sending the message to SA (+ delete Return-Path header after the SA check completes) issue #116
  11. Added: Event OnClientLogon(oClient), New ClientInfo property oClient.Authenticated (Boolean)
  12. Fix: Handling of long UIDL response lists was too slow. issue #93
  13. Fix: When calling SpamAssassin and there was a connection failure, sometimes temporary files were left behind issue #100
  14. Fix: SURBL detection properly fails to detect url's ending with a query string issue #108
  15. Fix: If a route is set up, but the recipient does not match an address in the route address list, the domain catch-all should be used if specified. issue #74
  16. Fix: ExternalFetcher DELE when no RETR, pull pull #254
  17. Fix: SMTP multiply max message size with 1024 issue #267
  18. Added: email address variable to SignatureAdder.cpp pull #265
  19. Fix: DKIM on acccount-rule 'reply' not applied #172 issue #172
  20. Fix: preserve RewriteEnvelopeFromWhenForwarding setting when forwarding from account rule
  21. Fix: The logical flow should be to disregard "Require SMTP authentication" if "Allow deliveries from" is unselected issue #287
  22. Added: ability to DKIM sign NDR messages (forwarded to external) pull #301
  23. Added: Use custom daemonaddressdomain from INI pull #301
  24. Fix: SURBL regex pull #320
  25. A̶d̶d̶e̶d̶:̶ ̶R̶M̶S̶P̶F̶ ̶l̶i̶b̶r̶a̶r̶y̶ ̶S̶p̶a̶m̶T̶e̶s̶t̶S̶P̶F̶ ̶R̶e̶s̶u̶l̶t̶ ̶t̶o̶ ̶D̶E̶B̶U̶G̶ ̶l̶o̶g̶g̶i̶n̶g̶,̶ ̶s̶e̶e̶ ̶t̶h̶i̶s̶ ̶f̶o̶r̶u̶m̶ ̶t̶o̶p̶i̶c̶
  26. Fix: Ignore SpamTestSPF and SpamTestHeloHost when send thru local IP Address, see this forum topic
  27. Added: SPF test to include "HELO/EHLO host" used by DNS macros pull 353
  28. Fix: 'Unencrypted Cleartext Login' vulnerability detection pull 242
  29. Fix: Anti-spam; Maximum message to scan (KB) is now limited to 256MB, see this forum topic
  30. Added: "UseDNSCache" INI setting. 1 = Use cache in DNS Client service (default). 0 = Bypass cache in DNS Client service. pull 396
  31. Fix: AWStats::LogDeliveryFailure was called twice for each message in OnDeliveryFailed pull 368
  32. Fix: oMessage object was empty (in some circumstances) when called from OnDeliveryFailed pull 369
  33. Added: Experimental events OnRecipientUnknown(oClient, oMessage) and OnTooManyInvalidCommands(oClient, oMessage) pull #390
  34. Added: TLS server cipher preference support and support for prioritizing ChaCha20Poly1305 pull 379
  35. Added: DKIM signature for domain aliases pull 383
  36. Added: "DNSServer" INI setting. Single (local) DNS server IPv4 addresses to use within hMailServer instead of default system DNS. pull 396
  37. Added: Auto-Submitted header for auto-generated messages pull 386
  38. Added: New ClientInfo properties oClient.EncryptedConnection (Boolean), oClient.CipherVersion, oClient.CipherName and oClient.CipherBits pull #391
  39. Added: DomainMembers DistributionList mode pull #392
  40. Added: X-hMailServer-Envelope-From header, grouping off all X-hMailServer-* headers, For consistency equalize Return-Path format used within hMailServer, eg: Return-Path: <return-route-addr> (always use angle brackets)
  41. Fix: integer overflow check for SPF macro segment count pull #399
  42. Added: New ClientInfo property oClient.SessionID (long) issue #401
  43. Added: New Status property oApp.Status.ThreadID (long) this forum topic
  44. Added: rDNS/PTR AntiSpam Check pull #413
  45. Added: Prefer IPv6 over IPv4 pull #415
  46. Fix: SpamTestHeloHost IPv6 Fix pull #416
  47. Fix: Changed ClamAV Scan from STREAM to INSTREAM. issue #420
  48. Added: MIME Recipient Headers as configurable comma delimited string pull #428
  49. Fix: AUTH PLAIN followed by base64 encoded username and password (on same line) in log exposed account password. pull #437
  50. Fix: rfc4954 After a successful AUTH command completes, a server MUST reject any further AUTH commands with a 503 reply. pull #438
  51. Fix: HM5157 SpamAssassinClient::OnReadError, The WinSock error code is 2. issue #167
Important! This fork requires you to add additional entries to the hm_settings database table, eg:

MariaDB, MySQL

Code: Select all

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'TlsOptions', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='TlsOptions');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'ascheckptr', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='ascheckptr');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'ascheckptrscore', '', 1 from dual
where not exists 
  (select settingname from hm_settings where settingname='ascheckptrscore');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'IPv6Preferred', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='IPv6Preferred');

alter table hm_fetchaccounts add column if not exists famimerecipientheaders varchar(255) not null default 'To,CC,X-RCPT-TO,X-Envelope-To';

update hm_dbversion set value = 5606;
MSSQL

Code: Select all

IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'TlsOptions')
INSERT INTO hm_settings(settingname, settingstring, settinginteger) VALUES ('TlsOptions','','0')
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'ascheckptr')
insert into hm_settings (settingname, settingstring, settinginteger) values ('ascheckptr', '', 0)
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'ascheckptrscore')
insert into hm_settings (settingname, settingstring, settinginteger) values ('ascheckptrscore', '', 1)
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'IPv6Preferred')
insert into hm_settings (settingname, settingstring, settinginteger) values ('IPv6Preferred', '', 0)
GO
IF NOT EXISTS (
  SELECT
    *
  FROM
    INFORMATION_SCHEMA.COLUMNS
  WHERE
    TABLE_NAME = 'hm_fetchaccounts' AND COLUMN_NAME = 'famimerecipientheaders')
BEGIN
  ALTER TABLE hm_fetchaccounts
    ADD famimerecipientheaders nvarchar(255) NOT NULL DEFAULT 'To,CC,X-RCPT-TO,X-Envelope-To'
END;
GO
UPDATE hm_dbversion SET value = 5606
GO
Download
https://d-fault.nl/files/hMailServer-Bu ... 2602.49.7z

* Included hMailAdmin.exe fixes sorting of DateTime and IPAddress (IP4) values, not reflected in server application version numbering
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
RvdH
Senior user
Senior user
Posts: 2317
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2022-08-20 22:40

Latest is 5.6.9-B2602.51
Simply install the latest production and/or beta artifact from the URL below, then copy and overwrite files in this archive in hmailserver '/bin' directory
https://build.hmailserver.com/viewLog.h ... =artifacts (login as guest)
  1. Added: OnHELO(oClient) event, issue #153
  2. Fix: Incorrect DEBUG logging for event 'OnDeliverMessage', issue #181
  3. Added: Include HTMLBody into IMAP TEXT search, pull #193
  4. Fix: implicit conversion: "int" to "unsigned char" pull #204
  5. Fix: Faulty SMTP 'Disconnect client after too many invalid commands' pull issue #160
  6. Fix: SMTP server error "550 Unsupported ESMTP extension" on MAIL FROM:... AUTH=<> [with fix] issue #164
  7. Fix: Removed warning if backup was more than 1,5GB and 15GB limit. There's no longer a recommended max-size - the time will vary with the installation size. issue #69
  8. Fix: Speed up 'update hm_messages set messageflags' issue #221
  9. A̶d̶d̶e̶d̶:̶ ̶t̶h̶r̶e̶a̶t̶ ̶a̶u̶t̶h̶e̶n̶t̶i̶c̶a̶t̶e̶d̶ ̶u̶s̶e̶r̶s̶ ̶a̶s̶ ̶l̶o̶c̶a̶l̶s̶e̶n̶d̶e̶r̶ ̶i̶f̶ ̶t̶h̶e̶ ̶s̶e̶n̶d̶e̶r̶ ̶i̶s̶ ̶a̶u̶t̶h̶e̶n̶t̶i̶c̶a̶t̶e̶d̶ ̶a̶n̶d̶ ̶A̶u̶t̶h̶U̶s̶e̶r̶I̶s̶L̶o̶c̶a̶l̶=̶1̶ ̶I̶N̶I̶ ̶s̶e̶t̶t̶i̶n̶g̶ ̶O̶f̶f̶i̶c̶e̶ ̶2̶0̶1̶6̶/̶2̶0̶1̶9̶ ̶B̶u̶g̶
  10. Added: Return-Path header as topmost header before sending the message to SA (+ delete Return-Path header after the SA check completes) issue #116
  11. Added: Event OnClientLogon(oClient), New ClientInfo property oClient.Authenticated (Boolean)
  12. Fix: Handling of long UIDL response lists was too slow. issue #93
  13. Fix: When calling SpamAssassin and there was a connection failure, sometimes temporary files were left behind issue #100
  14. Fix: SURBL detection properly fails to detect url's ending with a query string issue #108
  15. Fix: If a route is set up, but the recipient does not match an address in the route address list, the domain catch-all should be used if specified. issue #74
  16. Fix: ExternalFetcher DELE when no RETR, pull pull #254
  17. Fix: SMTP multiply max message size with 1024 issue #267
  18. Added: email address variable to SignatureAdder.cpp pull #265
  19. Fix: DKIM on acccount-rule 'reply' not applied #172 issue #172
  20. Fix: preserve RewriteEnvelopeFromWhenForwarding setting when forwarding from account rule
  21. Fix: The logical flow should be to disregard "Require SMTP authentication" if "Allow deliveries from" is unselected issue #287
  22. Added: ability to DKIM sign NDR messages (forwarded to external) pull #301
  23. Added: Use custom daemonaddressdomain from INI pull #301
  24. Fix: SURBL regex pull #320
  25. A̶d̶d̶e̶d̶:̶ ̶R̶M̶S̶P̶F̶ ̶l̶i̶b̶r̶a̶r̶y̶ ̶S̶p̶a̶m̶T̶e̶s̶t̶S̶P̶F̶ ̶R̶e̶s̶u̶l̶t̶ ̶t̶o̶ ̶D̶E̶B̶U̶G̶ ̶l̶o̶g̶g̶i̶n̶g̶,̶ ̶s̶e̶e̶ ̶t̶h̶i̶s̶ ̶f̶o̶r̶u̶m̶ ̶t̶o̶p̶i̶c̶
  26. Fix: Ignore SpamTestSPF and SpamTestHeloHost when send thru local IP Address, see this forum topic
  27. Added: SPF test to include "HELO/EHLO host" used by DNS macros pull 353
  28. Fix: 'Unencrypted Cleartext Login' vulnerability detection pull 242
  29. Fix: Anti-spam; Maximum message to scan (KB) is now limited to 256MB, see this forum topic
  30. Added: "UseDNSCache" INI setting. 1 = Use cache in DNS Client service (default). 0 = Bypass cache in DNS Client service. pull 396
  31. Fix: AWStats::LogDeliveryFailure was called twice for each message in OnDeliveryFailed pull 368
  32. Fix: oMessage object was empty (in some circumstances) when called from OnDeliveryFailed pull 369
  33. Added: Experimental events OnRecipientUnknown(oClient, oMessage) and OnTooManyInvalidCommands(oClient, oMessage) pull #390
  34. Added: TLS server cipher preference support and support for prioritizing ChaCha20Poly1305 pull 379
  35. Added: DKIM signature for domain aliases pull 383
  36. Added: "DNSServer" INI setting. Single (local) DNS server IPv4 addresses to use within hMailServer instead of default system DNS. pull 396
  37. Added: Auto-Submitted header for auto-generated messages pull 386
  38. Added: New ClientInfo properties oClient.EncryptedConnection (Boolean), oClient.CipherVersion, oClient.CipherName and oClient.CipherBits pull #391
  39. Added: DomainMembers DistributionList mode pull #392
  40. Added: X-hMailServer-Envelope-From header, grouping off all X-hMailServer-* headers, For consistency equalize Return-Path format used within hMailServer, eg: Return-Path: <return-route-addr> (always use angle brackets)
  41. Fix: integer overflow check for SPF macro segment count pull #399
  42. Added: New ClientInfo property oClient.SessionID (long) issue #401
  43. Added: New Status property oApp.Status.ThreadID (long) this forum topic
  44. Added: rDNS/PTR AntiSpam Check pull #413
  45. Added: Prefer IPv6 over IPv4 pull #415
  46. Fix: SpamTestHeloHost IPv6 Fix pull #416
  47. Fix: Changed ClamAV Scan from STREAM to INSTREAM. issue #420
  48. Added: MIME Recipient Headers as configurable comma delimited string pull #428
  49. Fix: AUTH PLAIN followed by base64 encoded username and password (on same line) in log exposed account password. pull #437
  50. Fix: rfc4954 After a successful AUTH command completes, a server MUST reject any further AUTH commands with a 503 reply. pull #438
  51. Fix: HM5157 SpamAssassinClient::OnReadError, The WinSock error code is 2. issue #167
  52. Fix: TCP/IP Ports 'Default' button in GUI did not add the standard port SMTP 587 (this port is standard added by SQL script during installation) #pull 441
  53. Removed: Collection of statistics, since it's no longer being used. issue #435
Important! This fork requires you to add additional entries to the hm_settings database table, eg:

MariaDB, MySQL

Code: Select all

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'TlsOptions', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='TlsOptions');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'ascheckptr', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='ascheckptr');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'ascheckptrscore', '', 1 from dual
where not exists 
  (select settingname from hm_settings where settingname='ascheckptrscore');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'IPv6Preferred', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='IPv6Preferred');

alter table hm_fetchaccounts add column if not exists famimerecipientheaders varchar(255) not null default 'To,CC,X-RCPT-TO,X-Envelope-To';

update hm_dbversion set value = 5606;
MSSQL

Code: Select all

IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'TlsOptions')
INSERT INTO hm_settings(settingname, settingstring, settinginteger) VALUES ('TlsOptions','','0')
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'ascheckptr')
insert into hm_settings (settingname, settingstring, settinginteger) values ('ascheckptr', '', 0)
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'ascheckptrscore')
insert into hm_settings (settingname, settingstring, settinginteger) values ('ascheckptrscore', '', 1)
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'IPv6Preferred')
insert into hm_settings (settingname, settingstring, settinginteger) values ('IPv6Preferred', '', 0)
GO
IF NOT EXISTS (
  SELECT
    *
  FROM
    INFORMATION_SCHEMA.COLUMNS
  WHERE
    TABLE_NAME = 'hm_fetchaccounts' AND COLUMN_NAME = 'famimerecipientheaders')
BEGIN
  ALTER TABLE hm_fetchaccounts
    ADD famimerecipientheaders nvarchar(255) NOT NULL DEFAULT 'To,CC,X-RCPT-TO,X-Envelope-To'
END;
GO
UPDATE hm_dbversion SET value = 5606
GO
Download
https://d-fault.nl/files/hMailServer-Bu ... 2602.51.7z

* Included hMailAdmin.exe fixes sorting of DateTime and IPAddress (IP4) values, not reflected in server application version numbering
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

gotspatel
Normal user
Normal user
Posts: 213
Joined: 2013-10-08 05:42
Location: INDIA

Re: Sub OnHELO(oClient) progress?

Post by gotspatel » 2022-08-29 07:41

@Rvdh
RvdH wrote:
2022-08-20 22:40
Latest is 5.6.9-B2602.51
Is the Sub OnClientValidatePassword() part of this build? :idea:

User avatar
RvdH
Senior user
Senior user
Posts: 2317
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2022-08-29 08:49

gotspatel wrote:
2022-08-29 07:41
@Rvdh
RvdH wrote:
2022-08-20 22:40
Latest is 5.6.9-B2602.51
Is the Sub OnClientValidatePassword() part of this build? :idea:
It is removed for a long time, read comments here:
https://github.com/hmailserver/hmailserver/pull/338
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

gotspatel
Normal user
Normal user
Posts: 213
Joined: 2013-10-08 05:42
Location: INDIA

Re: Sub OnHELO(oClient) progress?

Post by gotspatel » 2022-08-29 17:26

Thank you for the info

Regards

User avatar
RvdH
Senior user
Senior user
Posts: 2317
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2022-08-31 11:19

gotspatel wrote:
2022-08-29 17:26
Thank you for the info

Regards
Any specific need for it? (5.7 still has this event, although i think it should be removed)
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

gotspatel
Normal user
Normal user
Posts: 213
Joined: 2013-10-08 05:42
Location: INDIA

Re: Sub OnHELO(oClient) progress?

Post by gotspatel » 2022-08-31 11:23

RvdH wrote:
2022-08-31 11:19
gotspatel wrote:
2022-08-29 17:26
Thank you for the info

Regards
Any specific need for it? (5.7 still has this event, although i think it should be removed)
To catch password used by bruteforce/bots trying to login :mrgreen:

User avatar
bagu
Senior user
Senior user
Posts: 258
Joined: 2005-06-17 03:08
Location: France
Contact:

Re: Sub OnHELO(oClient) progress?

Post by bagu » 2022-08-31 11:26

Hello,

Why not disconnect and ban clients who have too many failed connections?
hMailServer 5.6.8 With SpamAssassin 3.4.4

User avatar
RvdH
Senior user
Senior user
Posts: 2317
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2022-08-31 11:29

gotspatel wrote:
2022-08-31 11:23
RvdH wrote:
2022-08-31 11:19
gotspatel wrote:
2022-08-29 17:26
Thank you for the info

Regards
Any specific need for it? (5.7 still has this event, although i think it should be removed)
To catch password used by bruteforce/bots trying to login :mrgreen:
Does that catch passwords? Doubt it, not? I thought it was to override the account password with a script defined password
Last edited by RvdH on 2022-08-31 11:37, edited 1 time in total.
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
RvdH
Senior user
Senior user
Posts: 2317
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2022-08-31 11:35

bagu wrote:
2022-08-31 11:26
Hello,

Why not disconnect and ban clients who have too many failed connections?
I do something similar in the OnClientLogon event all domains on my server have abuse@ and postmaster@ aliases, but i do not allow logins from those and some other generic unused account names
eg: honeypot accounts, i also submit those to abuseipdb.com & blocklist.de reputation services

Code: Select all

Sub OnClientLogon(oClient)
    
    Dim strRegEx : strRegEx = Empty
    strRegEx = "^(root|test|unix|sales|library|ldap|admin|administrator|postmaster|printer|abuse|logs)\@.+$"
    If Lookup(strRegEx, oClient.Username) Then
        Call AutoBan(oClient.IPAddress, oClient.Username & " (" & oClient.Port & ")", 1, "d")
        If (ReportToAbuseIPDB(oClient.IPAddress, "18,14", "Unauthorized connection attempt from IP address " & oClient.IPAddress & " on port " & oClient.Port)) Then
            EventLog.Write("INFO: ReportToAbuseIPDB: Unauthorized connection attempt from IP address " & oClient.IPAddress & " on port " & oClient.Port)
        End If
        Call fail2ban(oClient.IPAddress, service, Escape(Now() & vbTab & "Failed login for a non-existent email address/account (honeypot)" & vbCrLf & Now() & vbTab & "Connection from IP address: " & oClient.IPAddress & " on port: " & oClient.Port))
        Exit Sub
    End If
    
End Sub

Function Lookup(strRegEx, strMatch)
    If strRegEx = "" Then Exit Function
    With CreateObject("VBScript.RegExp")
        .Global = False
        .Pattern = strRegEx
        .IgnoreCase = True
        Lookup = .Test(strMatch)
    End With
End Function
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

gotspatel
Normal user
Normal user
Posts: 213
Joined: 2013-10-08 05:42
Location: INDIA

Re: Sub OnHELO(oClient) progress?

Post by gotspatel » 2022-08-31 12:17

RvdH wrote:
2022-08-31 11:29
gotspatel wrote:
2022-08-31 11:23
RvdH wrote:
2022-08-31 11:19


Any specific need for it? (5.7 still has this event, although i think it should be removed)
To catch password used by bruteforce/bots trying to login :mrgreen:
Does that catch passwords? Doubt it, not? I thought it was to override the account password with a script defined password
I was just going through this and wanted to know, if it is possible to get all the failed passwords.

HERE

User avatar
RvdH
Senior user
Senior user
Posts: 2317
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2022-08-31 12:22

gotspatel wrote:
2022-08-31 12:17
RvdH wrote:
2022-08-31 11:29
gotspatel wrote:
2022-08-31 11:23


To catch password used by bruteforce/bots trying to login :mrgreen:
Does that catch passwords? Doubt it, not? I thought it was to override the account password with a script defined password
I was just going through this and wanted to know, if it is possible to get all the failed passwords.

HERE
Not with my 5.6.x builds, OnClientValidatePassword is a security concern as described in the github topic posted above and i do not like logging passwords for that same reason, SorenRR has a build capable of returning/logging of passwords
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

gotspatel
Normal user
Normal user
Posts: 213
Joined: 2013-10-08 05:42
Location: INDIA

Re: Sub OnHELO(oClient) progress?

Post by gotspatel » 2022-08-31 12:32

RvdH wrote:
2022-08-31 12:22
gotspatel wrote:
2022-08-31 12:17
RvdH wrote:
2022-08-31 11:29


Does that catch passwords? Doubt it, not? I thought it was to override the account password with a script defined password
I was just going through this and wanted to know, if it is possible to get all the failed passwords.

HERE
Not with my 5.6.x builds, OnClientValidatePassword is a security concern as described in the github topic posted above and i do not like logging passwords for that same reason, SorenRR has a build capable of returning/logging of passwords
Yep I better stick with your build :D



BTW can you point me where i can get fail2ban for Windows

User avatar
RvdH
Senior user
Senior user
Posts: 2317
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2022-08-31 12:41

gotspatel wrote:
2022-08-31 12:32
RvdH wrote:
2022-08-31 12:22
gotspatel wrote:
2022-08-31 12:17


I was just going through this and wanted to know, if it is possible to get all the failed passwords.

HERE
Not with my 5.6.x builds, OnClientValidatePassword is a security concern as described in the github topic posted above and i do not like logging passwords for that same reason, SorenRR has a build capable of returning/logging of passwords
Yep I better stick with your build :D



BTW can you point me where i can get fail2ban for Windows
That isn't really fail2ban for windows, but something (C# console app) i named similar for use with blocklist.de, https://d-fault.nl/files

Code: Select all

fail2ban Options:
  -a, --apikey=VALUE         Your blocklist.de account API key
  -e, --email=VALUE          Your blocklist.de account registered email or Id
  -i, --ipaddress=VALUE      Attacker IP address
  -s, --service=VALUE        Attacked service, eg: pop3, smtp, imap
  -l, --logs=VALUE           Attack logs
  -v, --verbose              increase debug message verbosity
  -h, --help                 show this message and exit

Code: Select all

Function fail2ban(sIPAddress, sService, sLogs)
	dim filePath : filePath = "C:\Program Files (x86)\hMailServer\Events\fail2ban.exe"
	With CreateObject("WScript.Shell")
		.Run Chr(34) & filePath & Chr(34) &_
		" /a " & FAIL2BANKEY &_
		" /e " & FAIL2BANID &_
		" /i " & sIPAddress &_
		" /s " & sService &_
		" /l " & sLogs &_
		"",0,True
	End With
End Function
Last edited by RvdH on 2022-08-31 12:59, edited 5 times in total.
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

gotspatel
Normal user
Normal user
Posts: 213
Joined: 2013-10-08 05:42
Location: INDIA

Re: Sub OnHELO(oClient) progress?

Post by gotspatel » 2022-08-31 12:46

RvdH wrote:
2022-08-31 12:41
gotspatel wrote:
2022-08-31 12:32
RvdH wrote:
2022-08-31 12:22


Not with my 5.6.x builds, OnClientValidatePassword is a security concern as described in the github topic posted above and i do not like logging passwords for that same reason, SorenRR has a build capable of returning/logging of passwords
Yep I better stick with your build :D



BTW can you point me where i can get fail2ban for Windows
That isn't really fail2ban for windows, but something (C# console app) i named similar for use with blocklist.de, https://d-fault.nl/files
Thank you very much

Regards,

GP

User avatar
RvdH
Senior user
Senior user
Posts: 2317
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2022-08-31 13:06

gotspatel wrote:
2022-08-31 12:46

Thank you very much

Regards,

GP
i believe -l, --logs=VALUE needs at least 1 linebreak, eg:VbCrLF otherwise it won't work
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 5533
Joined: 2006-08-21 15:38
Location: Denmark

Re: Sub OnHELO(oClient) progress?

Post by SorenR » 2022-08-31 13:28

gotspatel wrote:
2022-08-31 12:32
RvdH wrote:
2022-08-31 12:22
gotspatel wrote:
2022-08-31 12:17


I was just going through this and wanted to know, if it is possible to get all the failed passwords.

HERE
Not with my 5.6.x builds, OnClientValidatePassword is a security concern as described in the github topic posted above and i do not like logging passwords for that same reason, SorenRR has a build capable of returning/logging of passwords
Yep I better stick with your build :D
I believe there are minimal differences on Ruud's an mine fork... I think I have a few extra tweaks like only disclosing passwords in OnClientLogon() if authentication failed, a newer SPF library (1.12 vs 1.10) and the reply to EHLO is not ending in "250 HELP" but rather based on the options selected. That makes it difficult to identify the server as hMailServer ;-)

Could be fun to compare :mrgreen:
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

gotspatel
Normal user
Normal user
Posts: 213
Joined: 2013-10-08 05:42
Location: INDIA

Re: Sub OnHELO(oClient) progress?

Post by gotspatel » 2022-08-31 13:35

SorenR wrote:
2022-08-31 13:28
gotspatel wrote:
2022-08-31 12:32
RvdH wrote:
2022-08-31 12:22


Not with my 5.6.x builds, OnClientValidatePassword is a security concern as described in the github topic posted above and i do not like logging passwords for that same reason, SorenRR has a build capable of returning/logging of passwords
Yep I better stick with your build :D
I believe there are minimal differences on Ruud's an mine fork... I think I have a few extra tweaks like only disclosing passwords in OnClientLogon() if authentication failed, a newer SPF library (1.12 vs 1.10) and the reply to EHLO is not ending in "250 HELP" but rather based on the options selected. That makes it difficult to identify the server as hMailServer ;-)

Could be fun to compare :mrgreen:
Would love to check but first will have to learn compiling from source then from your github code :D

tstrike2000
Normal user
Normal user
Posts: 41
Joined: 2005-09-19 23:52
Location: Chicago

Re: Sub OnHELO(oClient) progress?

Post by tstrike2000 » 2022-09-27 20:04

I get an error on MySQL running: alter table hm_fetchaccounts add column if not exists famimerecipientheaders varchar(255) not null default 'To,CC,X-RCPT-TO,X-Envelope-To';

I'm using the MySQL script. I don't know enough when using phpmyadmin to insert this correctly manually.

ralfik
New user
New user
Posts: 10
Joined: 2007-12-16 02:41

Re: Sub OnHELO(oClient) progress?

Post by ralfik » 2022-09-28 15:31

Suggestion for improvement.. hMailServer 5.6.x does not work with TLS 1.1 and TLS 1.2 enabled only.

ADO: [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.

User avatar
RvdH
Senior user
Senior user
Posts: 2317
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2022-09-29 12:26

tstrike2000 wrote:
2022-09-27 20:04
I get an error on MySQL running: alter table hm_fetchaccounts add column if not exists famimerecipientheaders varchar(255) not null default 'To,CC,X-RCPT-TO,X-Envelope-To';

I'm using the MySQL script. I don't know enough when using phpmyadmin to insert this correctly manually.
What error? What MySQL version?

You could try to leave out the 'if not exists' part, eg:

Code: Select all

alter table `hm_fetchaccounts` add column `famimerecipientheaders` varchar(255) not null default 'To,CC,X-RCPT-TO,X-Envelope-To';
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
RvdH
Senior user
Senior user
Posts: 2317
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2022-09-29 12:37

ralfik wrote:
2022-09-28 15:31
Suggestion for improvement.. hMailServer 5.6.x does not work with TLS 1.1 and TLS 1.2 enabled only.

ADO: [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.
Would this fix that?
https://github.com/Kilowhisky/hmailserv ... d75de67085

Can you try, https://d-fault.nl/files/hMailServer-Bu ... 2602.52.7z :?:
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

tstrike2000
Normal user
Normal user
Posts: 41
Joined: 2005-09-19 23:52
Location: Chicago

Re: Sub OnHELO(oClient) progress?

Post by tstrike2000 » 2022-09-30 23:08

RvdH wrote:
2022-09-29 12:26
tstrike2000 wrote:
2022-09-27 20:04
I get an error on MySQL running: alter table hm_fetchaccounts add column if not exists famimerecipientheaders varchar(255) not null default 'To,CC,X-RCPT-TO,X-Envelope-To';

I'm using the MySQL script. I don't know enough when using phpmyadmin to insert this correctly manually.
What error? What MySQL version?

You could try to leave out the 'if not exists' part, eg:

Code: Select all

alter table `hm_fetchaccounts` add column `famimerecipientheaders` varchar(255) not null default 'To,CC,X-RCPT-TO,X-Envelope-To';
Removing 'if not exists' worked. Thanks!

ralfik
New user
New user
Posts: 10
Joined: 2007-12-16 02:41

Re: Sub OnHELO(oClient) progress?

Post by ralfik » 2022-10-02 17:46

RvdH wrote:
2022-09-29 12:37
ralfik wrote:
2022-09-28 15:31
Suggestion for improvement.. hMailServer 5.6.x does not work with TLS 1.1 and TLS 1.2 enabled only.

ADO: [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.
Would this fix that?
https://github.com/Kilowhisky/hmailserv ... d75de67085

Can you try, https://d-fault.nl/files/hMailServer-Bu ... 2602.52.7z :?:
You're the best. Thank you, it works.

User avatar
RvdH
Senior user
Senior user
Posts: 2317
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Sub OnHELO(oClient) progress?

Post by RvdH » 2022-10-03 08:23

ralfik wrote:
2022-10-02 17:46
You're the best. Thank you, it works.
Thx for feedback!

Latest is 5.6.9-B2602.52
Simply install the latest production and/or beta artifact from the URL below, then copy and overwrite files in this archive in hmailserver '/bin' directory
https://build.hmailserver.com/viewLog.h ... =artifacts (login as guest)
  1. Added: OnHELO(oClient) event, issue #153
  2. Fix: Incorrect DEBUG logging for event 'OnDeliverMessage', issue #181
  3. Added: Include HTMLBody into IMAP TEXT search, pull #193
  4. Fix: implicit conversion: "int" to "unsigned char" pull #204
  5. Fix: Faulty SMTP 'Disconnect client after too many invalid commands' pull issue #160
  6. Fix: SMTP server error "550 Unsupported ESMTP extension" on MAIL FROM:... AUTH=<> [with fix] issue #164
  7. Fix: Removed warning if backup was more than 1,5GB and 15GB limit. There's no longer a recommended max-size - the time will vary with the installation size. issue #69
  8. Fix: Speed up 'update hm_messages set messageflags' issue #221
  9. A̶d̶d̶e̶d̶:̶ ̶t̶h̶r̶e̶a̶t̶ ̶a̶u̶t̶h̶e̶n̶t̶i̶c̶a̶t̶e̶d̶ ̶u̶s̶e̶r̶s̶ ̶a̶s̶ ̶l̶o̶c̶a̶l̶s̶e̶n̶d̶e̶r̶ ̶i̶f̶ ̶t̶h̶e̶ ̶s̶e̶n̶d̶e̶r̶ ̶i̶s̶ ̶a̶u̶t̶h̶e̶n̶t̶i̶c̶a̶t̶e̶d̶ ̶a̶n̶d̶ ̶A̶u̶t̶h̶U̶s̶e̶r̶I̶s̶L̶o̶c̶a̶l̶=̶1̶ ̶I̶N̶I̶ ̶s̶e̶t̶t̶i̶n̶g̶ ̶O̶f̶f̶i̶c̶e̶ ̶2̶0̶1̶6̶/̶2̶0̶1̶9̶ ̶B̶u̶g̶
  10. Added: Return-Path header as topmost header before sending the message to SA (+ delete Return-Path header after the SA check completes) issue #116
  11. Added: Event OnClientLogon(oClient), New ClientInfo property oClient.Authenticated (Boolean)
  12. Fix: Handling of long UIDL response lists was too slow. issue #93
  13. Fix: When calling SpamAssassin and there was a connection failure, sometimes temporary files were left behind issue #100
  14. Fix: SURBL detection properly fails to detect url's ending with a query string issue #108
  15. Fix: If a route is set up, but the recipient does not match an address in the route address list, the domain catch-all should be used if specified. issue #74
  16. Fix: ExternalFetcher DELE when no RETR, pull pull #254
  17. Fix: SMTP multiply max message size with 1024 issue #267
  18. Added: email address variable to SignatureAdder.cpp pull #265
  19. Fix: DKIM on acccount-rule 'reply' not applied #172 issue #172
  20. Fix: preserve RewriteEnvelopeFromWhenForwarding setting when forwarding from account rule
  21. Fix: The logical flow should be to disregard "Require SMTP authentication" if "Allow deliveries from" is unselected issue #287
  22. Added: ability to DKIM sign NDR messages (forwarded to external) pull #301
  23. Added: Use custom daemonaddressdomain from INI pull #301
  24. Fix: SURBL regex pull #320
  25. A̶d̶d̶e̶d̶:̶ ̶R̶M̶S̶P̶F̶ ̶l̶i̶b̶r̶a̶r̶y̶ ̶S̶p̶a̶m̶T̶e̶s̶t̶S̶P̶F̶ ̶R̶e̶s̶u̶l̶t̶ ̶t̶o̶ ̶D̶E̶B̶U̶G̶ ̶l̶o̶g̶g̶i̶n̶g̶,̶ ̶s̶e̶e̶ ̶t̶h̶i̶s̶ ̶f̶o̶r̶u̶m̶ ̶t̶o̶p̶i̶c̶
  26. Fix: Ignore SpamTestSPF and SpamTestHeloHost when send thru local IP Address, see this forum topic
  27. Added: SPF test to include "HELO/EHLO host" used by DNS macros pull 353
  28. Fix: 'Unencrypted Cleartext Login' vulnerability detection pull 242
  29. Fix: Anti-spam; Maximum message to scan (KB) is now limited to 256MB, see this forum topic
  30. Added: "UseDNSCache" INI setting. 1 = Use cache in DNS Client service (default). 0 = Bypass cache in DNS Client service. pull 396
  31. Fix: AWStats::LogDeliveryFailure was called twice for each message in OnDeliveryFailed pull 368
  32. Fix: oMessage object was empty (in some circumstances) when called from OnDeliveryFailed pull 369
  33. Added: Experimental events OnRecipientUnknown(oClient, oMessage) and OnTooManyInvalidCommands(oClient, oMessage) pull #390
  34. Added: TLS server cipher preference support and support for prioritizing ChaCha20Poly1305 pull 379
  35. Added: DKIM signature for domain aliases pull 383
  36. Added: "DNSServer" INI setting. Single (local) DNS server IPv4 addresses to use within hMailServer instead of default system DNS. pull 396
  37. Added: Auto-Submitted header for auto-generated messages pull 386
  38. Added: New ClientInfo properties oClient.EncryptedConnection (Boolean), oClient.CipherVersion, oClient.CipherName and oClient.CipherBits pull #391
  39. Added: DomainMembers DistributionList mode pull #392
  40. Added: X-hMailServer-Envelope-From header, grouping off all X-hMailServer-* headers, For consistency equalize Return-Path format used within hMailServer, eg: Return-Path: <return-route-addr> (always use angle brackets)
  41. Fix: integer overflow check for SPF macro segment count pull #399
  42. Added: New ClientInfo property oClient.SessionID (long) issue #401
  43. Added: New Status property oApp.Status.ThreadID (long) this forum topic
  44. Added: rDNS/PTR AntiSpam Check pull #413
  45. Added: Prefer IPv6 over IPv4 pull #415
  46. Fix: SpamTestHeloHost IPv6 Fix pull #416
  47. Fix: Changed ClamAV Scan from STREAM to INSTREAM. issue #420
  48. Added: MIME Recipient Headers as configurable comma delimited string pull #428
  49. Fix: AUTH PLAIN followed by base64 encoded username and password (on same line) in log exposed account password. pull #437
  50. Fix: rfc4954 After a successful AUTH command completes, a server MUST reject any further AUTH commands with a 503 reply. pull #438
  51. Fix: HM5157 SpamAssassinClient::OnReadError, The WinSock error code is 2. issue #167
  52. Fix: TCP/IP Ports 'Default' button in GUI did not add the standard port SMTP 587 (this port is standard added by SQL script during installation) #pull 441
  53. Removed: Collection of statistics, since it's no longer being used. issue #435
  54. Fix: If MSSQL OLE DB Provider 18 or later is installed, prefer that one, since it supports TLS1.1/1.2 which older providers do not. issue 186
Important! This fork requires you to add additional entries to the hm_settings database table, eg:

MariaDB, MySQL

Code: Select all

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'TlsOptions', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='TlsOptions');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'ascheckptr', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='ascheckptr');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'ascheckptrscore', '', 1 from dual
where not exists 
  (select settingname from hm_settings where settingname='ascheckptrscore');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'IPv6Preferred', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='IPv6Preferred');

alter table hm_fetchaccounts add column if not exists famimerecipientheaders varchar(255) not null default 'To,CC,X-RCPT-TO,X-Envelope-To';

update hm_dbversion set value = 5606;
MSSQL

Code: Select all

IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'TlsOptions')
INSERT INTO hm_settings(settingname, settingstring, settinginteger) VALUES ('TlsOptions','','0')
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'ascheckptr')
insert into hm_settings (settingname, settingstring, settinginteger) values ('ascheckptr', '', 0)
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'ascheckptrscore')
insert into hm_settings (settingname, settingstring, settinginteger) values ('ascheckptrscore', '', 1)
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'IPv6Preferred')
insert into hm_settings (settingname, settingstring, settinginteger) values ('IPv6Preferred', '', 0)
GO
IF NOT EXISTS (
  SELECT
    *
  FROM
    INFORMATION_SCHEMA.COLUMNS
  WHERE
    TABLE_NAME = 'hm_fetchaccounts' AND COLUMN_NAME = 'famimerecipientheaders')
BEGIN
  ALTER TABLE hm_fetchaccounts
    ADD famimerecipientheaders nvarchar(255) NOT NULL DEFAULT 'To,CC,X-RCPT-TO,X-Envelope-To'
END;
GO
UPDATE hm_dbversion SET value = 5606
GO
Download
https://d-fault.nl/files/hMailServer-Bu ... 2602.52.7z

* Included hMailAdmin.exe fixes sorting of DateTime and IPAddress (IP4) values, not reflected in server application version numbering
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

Post Reply