Sub OnHELO(oClient) progress?

[RvdH]

Latest is 5.6.9-B2602.49

Simply install the latest production and/or beta artifact from the URL below, then copy and overwrite files in this archive in hmailserver '/bin' directory
https://build.hmailserver.com/viewLog.h ... =artifacts (login as guest)

1. Added: OnHELO(oClient) event, issue #153
2. Fix: Incorrect DEBUG logging for event 'OnDeliverMessage', issue #181
3. Added: Include HTMLBody into IMAP TEXT search, pull #193
4. Fix: implicit conversion: "int" to "unsigned char" pull #204
5. Fix: Faulty SMTP 'Disconnect client after too many invalid commands' pull issue #160
6. Fix: SMTP server error "550 Unsupported ESMTP extension" on MAIL FROM:... AUTH=<> [with fix] issue #164
7. Fix: Removed warning if backup was more than 1,5GB and 15GB limit. There's no longer a recommended max-size - the time will vary with the installation size. issue #69
8. Fix: Speed up 'update hm_messages set messageflags' issue #221
9. A̶d̶d̶e̶d̶:̶ ̶t̶h̶r̶e̶a̶t̶ ̶a̶u̶t̶h̶e̶n̶t̶i̶c̶a̶t̶e̶d̶ ̶u̶s̶e̶r̶s̶ ̶a̶s̶ ̶l̶o̶c̶a̶l̶s̶e̶n̶d̶e̶r̶ ̶i̶f̶ ̶t̶h̶e̶ ̶s̶e̶n̶d̶e̶r̶ ̶i̶s̶ ̶a̶u̶t̶h̶e̶n̶t̶i̶c̶a̶t̶e̶d̶ ̶a̶n̶d̶ ̶A̶u̶t̶h̶U̶s̶e̶r̶I̶s̶L̶o̶c̶a̶l̶=̶1̶ ̶I̶N̶I̶ ̶s̶e̶t̶t̶i̶n̶g̶ ̶O̶f̶f̶i̶c̶e̶ ̶2̶0̶1̶6̶/̶2̶0̶1̶9̶ ̶B̶u̶g̶
10. Added: Return-Path header as topmost header before sending the message to SA (+ delete Return-Path header after the SA check completes) issue #116
11. Added: Event OnClientLogon(oClient), New ClientInfo property oClient.Authenticated (Boolean)
12. Fix: Handling of long UIDL response lists was too slow. issue #93
13. Fix: When calling SpamAssassin and there was a connection failure, sometimes temporary files were left behind issue #100
14. Fix: SURBL detection properly fails to detect url's ending with a query string issue #108
15. Fix: If a route is set up, but the recipient does not match an address in the route address list, the domain catch-all should be used if specified. issue #74
16. Fix: ExternalFetcher DELE when no RETR, pull pull #254
17. Fix: SMTP multiply max message size with 1024 issue #267
18. Added: email address variable to SignatureAdder.cpp pull #265
19. Fix: DKIM on acccount-rule 'reply' not applied #172 issue #172
20. Fix: preserve RewriteEnvelopeFromWhenForwarding setting when forwarding from account rule
21. Fix: The logical flow should be to disregard "Require SMTP authentication" if "Allow deliveries from" is unselected issue #287
22. Added: ability to DKIM sign NDR messages (forwarded to external) pull #301
23. Added: Use custom daemonaddressdomain from INI pull #301
24. Fix: SURBL regex pull #320
25. A̶d̶d̶e̶d̶:̶ ̶R̶M̶S̶P̶F̶ ̶l̶i̶b̶r̶a̶r̶y̶ ̶S̶p̶a̶m̶T̶e̶s̶t̶S̶P̶F̶ ̶R̶e̶s̶u̶l̶t̶ ̶t̶o̶ ̶D̶E̶B̶U̶G̶ ̶l̶o̶g̶g̶i̶n̶g̶,̶ ̶s̶e̶e̶ ̶t̶h̶i̶s̶ ̶f̶o̶r̶u̶m̶ ̶t̶o̶p̶i̶c̶
26. Fix: Ignore SpamTestSPF and SpamTestHeloHost when send thru local IP Address, see this forum topic
27. Added: SPF test to include "HELO/EHLO host" used by DNS macros pull 353
28. Fix: 'Unencrypted Cleartext Login' vulnerability detection pull 242
29. Fix: Anti-spam; Maximum message to scan (KB) is now limited to 256MB, see this forum topic
30. Added: "UseDNSCache" INI setting. 1 = Use cache in DNS Client service (default). 0 = Bypass cache in DNS Client service. pull 396
31. Fix: AWStats::LogDeliveryFailure was called twice for each message in OnDeliveryFailed pull 368
32. Fix: oMessage object was empty (in some circumstances) when called from OnDeliveryFailed pull 369
33. Added: Experimental events OnRecipientUnknown(oClient, oMessage) and OnTooManyInvalidCommands(oClient, oMessage) pull #390
34. Added: TLS server cipher preference support and support for prioritizing ChaCha20Poly1305 pull 379
35. Added: DKIM signature for domain aliases pull 383
36. Added: "DNSServer" INI setting. Single (local) DNS server IPv4 addresses to use within hMailServer instead of default system DNS. pull 396
37. Added: Auto-Submitted header for auto-generated messages pull 386
38. Added: New ClientInfo properties oClient.EncryptedConnection (Boolean), oClient.CipherVersion, oClient.CipherName and oClient.CipherBits pull #391
39. Added: DomainMembers DistributionList mode pull #392
40. Added: X-hMailServer-Envelope-From header, grouping off all X-hMailServer-* headers, For consistency equalize Return-Path format used within hMailServer, eg: Return-Path: <return-route-addr> (always use angle brackets)
41. Fix: integer overflow check for SPF macro segment count pull #399
42. Added: New ClientInfo property oClient.SessionID (long) issue #401
43. Added: New Status property oApp.Status.ThreadID (long) this forum topic
44. Added: rDNS/PTR AntiSpam Check pull #413
45. Added: Prefer IPv6 over IPv4 pull #415
46. Fix: SpamTestHeloHost IPv6 Fix pull #416
47. Fix: Changed ClamAV Scan from STREAM to INSTREAM. issue #420
48. Added: MIME Recipient Headers as configurable comma delimited string pull #428
49. Fix: AUTH PLAIN followed by base64 encoded username and password (on same line) in log exposed account password. pull #437
50. Fix: rfc4954 After a successful AUTH command completes, a server MUST reject any further AUTH commands with a 503 reply. pull #438
51. Fix: HM5157 SpamAssassinClient::OnReadError, The WinSock error code is 2. issue #167

Important! This fork requires you to add additional entries to the hm_settings database table, eg:

MariaDB, MySQL

Code: Select all

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'TlsOptions', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='TlsOptions');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'ascheckptr', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='ascheckptr');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'ascheckptrscore', '', 1 from dual
where not exists 
  (select settingname from hm_settings where settingname='ascheckptrscore');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'IPv6Preferred', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='IPv6Preferred');

alter table hm_fetchaccounts add column if not exists famimerecipientheaders varchar(255) not null default 'To,CC,X-RCPT-TO,X-Envelope-To';

update hm_dbversion set value = 5606;

MSSQL

Code: Select all

IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'TlsOptions')
INSERT INTO hm_settings(settingname, settingstring, settinginteger) VALUES ('TlsOptions','','0')
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'ascheckptr')
insert into hm_settings (settingname, settingstring, settinginteger) values ('ascheckptr', '', 0)
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'ascheckptrscore')
insert into hm_settings (settingname, settingstring, settinginteger) values ('ascheckptrscore', '', 1)
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'IPv6Preferred')
insert into hm_settings (settingname, settingstring, settinginteger) values ('IPv6Preferred', '', 0)
GO
IF NOT EXISTS (
  SELECT
    *
  FROM
    INFORMATION_SCHEMA.COLUMNS
  WHERE
    TABLE_NAME = 'hm_fetchaccounts' AND COLUMN_NAME = 'famimerecipientheaders')
BEGIN
  ALTER TABLE hm_fetchaccounts
    ADD famimerecipientheaders nvarchar(255) NOT NULL DEFAULT 'To,CC,X-RCPT-TO,X-Envelope-To'
END;
GO
UPDATE hm_dbversion SET value = 5606
GO

Download
https://d-fault.nl/files/hMailServer-Bu ... 2602.49.7z

* Included hMailAdmin.exe fixes sorting of DateTime and IPAddress (IP4) values, not reflected in server application version numbering

[RvdH]

Latest is 5.6.9-B2602.51

Simply install the latest production and/or beta artifact from the URL below, then copy and overwrite files in this archive in hmailserver '/bin' directory
https://build.hmailserver.com/viewLog.h ... =artifacts (login as guest)

1. Added: OnHELO(oClient) event, issue #153
2. Fix: Incorrect DEBUG logging for event 'OnDeliverMessage', issue #181
3. Added: Include HTMLBody into IMAP TEXT search, pull #193
4. Fix: implicit conversion: "int" to "unsigned char" pull #204
5. Fix: Faulty SMTP 'Disconnect client after too many invalid commands' pull issue #160
6. Fix: SMTP server error "550 Unsupported ESMTP extension" on MAIL FROM:... AUTH=<> [with fix] issue #164
7. Fix: Removed warning if backup was more than 1,5GB and 15GB limit. There's no longer a recommended max-size - the time will vary with the installation size. issue #69
8. Fix: Speed up 'update hm_messages set messageflags' issue #221
9. A̶d̶d̶e̶d̶:̶ ̶t̶h̶r̶e̶a̶t̶ ̶a̶u̶t̶h̶e̶n̶t̶i̶c̶a̶t̶e̶d̶ ̶u̶s̶e̶r̶s̶ ̶a̶s̶ ̶l̶o̶c̶a̶l̶s̶e̶n̶d̶e̶r̶ ̶i̶f̶ ̶t̶h̶e̶ ̶s̶e̶n̶d̶e̶r̶ ̶i̶s̶ ̶a̶u̶t̶h̶e̶n̶t̶i̶c̶a̶t̶e̶d̶ ̶a̶n̶d̶ ̶A̶u̶t̶h̶U̶s̶e̶r̶I̶s̶L̶o̶c̶a̶l̶=̶1̶ ̶I̶N̶I̶ ̶s̶e̶t̶t̶i̶n̶g̶ ̶O̶f̶f̶i̶c̶e̶ ̶2̶0̶1̶6̶/̶2̶0̶1̶9̶ ̶B̶u̶g̶
10. Added: Return-Path header as topmost header before sending the message to SA (+ delete Return-Path header after the SA check completes) issue #116
11. Added: Event OnClientLogon(oClient), New ClientInfo property oClient.Authenticated (Boolean)
12. Fix: Handling of long UIDL response lists was too slow. issue #93
13. Fix: When calling SpamAssassin and there was a connection failure, sometimes temporary files were left behind issue #100
14. Fix: SURBL detection properly fails to detect url's ending with a query string issue #108
15. Fix: If a route is set up, but the recipient does not match an address in the route address list, the domain catch-all should be used if specified. issue #74
16. Fix: ExternalFetcher DELE when no RETR, pull pull #254
17. Fix: SMTP multiply max message size with 1024 issue #267
18. Added: email address variable to SignatureAdder.cpp pull #265
19. Fix: DKIM on acccount-rule 'reply' not applied #172 issue #172
20. Fix: preserve RewriteEnvelopeFromWhenForwarding setting when forwarding from account rule
21. Fix: The logical flow should be to disregard "Require SMTP authentication" if "Allow deliveries from" is unselected issue #287
22. Added: ability to DKIM sign NDR messages (forwarded to external) pull #301
23. Added: Use custom daemonaddressdomain from INI pull #301
24. Fix: SURBL regex pull #320
25. A̶d̶d̶e̶d̶:̶ ̶R̶M̶S̶P̶F̶ ̶l̶i̶b̶r̶a̶r̶y̶ ̶S̶p̶a̶m̶T̶e̶s̶t̶S̶P̶F̶ ̶R̶e̶s̶u̶l̶t̶ ̶t̶o̶ ̶D̶E̶B̶U̶G̶ ̶l̶o̶g̶g̶i̶n̶g̶,̶ ̶s̶e̶e̶ ̶t̶h̶i̶s̶ ̶f̶o̶r̶u̶m̶ ̶t̶o̶p̶i̶c̶
26. Fix: Ignore SpamTestSPF and SpamTestHeloHost when send thru local IP Address, see this forum topic
27. Added: SPF test to include "HELO/EHLO host" used by DNS macros pull 353
28. Fix: 'Unencrypted Cleartext Login' vulnerability detection pull 242
29. Fix: Anti-spam; Maximum message to scan (KB) is now limited to 256MB, see this forum topic
30. Added: "UseDNSCache" INI setting. 1 = Use cache in DNS Client service (default). 0 = Bypass cache in DNS Client service. pull 396
31. Fix: AWStats::LogDeliveryFailure was called twice for each message in OnDeliveryFailed pull 368
32. Fix: oMessage object was empty (in some circumstances) when called from OnDeliveryFailed pull 369
33. Added: Experimental events OnRecipientUnknown(oClient, oMessage) and OnTooManyInvalidCommands(oClient, oMessage) pull #390
34. Added: TLS server cipher preference support and support for prioritizing ChaCha20Poly1305 pull 379
35. Added: DKIM signature for domain aliases pull 383
36. Added: "DNSServer" INI setting. Single (local) DNS server IPv4 addresses to use within hMailServer instead of default system DNS. pull 396
37. Added: Auto-Submitted header for auto-generated messages pull 386
38. Added: New ClientInfo properties oClient.EncryptedConnection (Boolean), oClient.CipherVersion, oClient.CipherName and oClient.CipherBits pull #391
39. Added: DomainMembers DistributionList mode pull #392
40. Added: X-hMailServer-Envelope-From header, grouping off all X-hMailServer-* headers, For consistency equalize Return-Path format used within hMailServer, eg: Return-Path: <return-route-addr> (always use angle brackets)
41. Fix: integer overflow check for SPF macro segment count pull #399
42. Added: New ClientInfo property oClient.SessionID (long) issue #401
43. Added: New Status property oApp.Status.ThreadID (long) this forum topic
44. Added: rDNS/PTR AntiSpam Check pull #413
45. Added: Prefer IPv6 over IPv4 pull #415
46. Fix: SpamTestHeloHost IPv6 Fix pull #416
47. Fix: Changed ClamAV Scan from STREAM to INSTREAM. issue #420
48. Added: MIME Recipient Headers as configurable comma delimited string pull #428
49. Fix: AUTH PLAIN followed by base64 encoded username and password (on same line) in log exposed account password. pull #437
50. Fix: rfc4954 After a successful AUTH command completes, a server MUST reject any further AUTH commands with a 503 reply. pull #438
51. Fix: HM5157 SpamAssassinClient::OnReadError, The WinSock error code is 2. issue #167
52. Fix: TCP/IP Ports 'Default' button in GUI did not add the standard port SMTP 587 (this port is standard added by SQL script during installation) #pull 441
53. Removed: Collection of statistics, since it's no longer being used. issue #435

Important! This fork requires you to add additional entries to the hm_settings database table, eg:

MariaDB, MySQL

Code: Select all

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'TlsOptions', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='TlsOptions');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'ascheckptr', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='ascheckptr');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'ascheckptrscore', '', 1 from dual
where not exists 
  (select settingname from hm_settings where settingname='ascheckptrscore');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'IPv6Preferred', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='IPv6Preferred');

alter table hm_fetchaccounts add column if not exists famimerecipientheaders varchar(255) not null default 'To,CC,X-RCPT-TO,X-Envelope-To';

update hm_dbversion set value = 5606;

MSSQL

Code: Select all

IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'TlsOptions')
INSERT INTO hm_settings(settingname, settingstring, settinginteger) VALUES ('TlsOptions','','0')
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'ascheckptr')
insert into hm_settings (settingname, settingstring, settinginteger) values ('ascheckptr', '', 0)
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'ascheckptrscore')
insert into hm_settings (settingname, settingstring, settinginteger) values ('ascheckptrscore', '', 1)
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'IPv6Preferred')
insert into hm_settings (settingname, settingstring, settinginteger) values ('IPv6Preferred', '', 0)
GO
IF NOT EXISTS (
  SELECT
    *
  FROM
    INFORMATION_SCHEMA.COLUMNS
  WHERE
    TABLE_NAME = 'hm_fetchaccounts' AND COLUMN_NAME = 'famimerecipientheaders')
BEGIN
  ALTER TABLE hm_fetchaccounts
    ADD famimerecipientheaders nvarchar(255) NOT NULL DEFAULT 'To,CC,X-RCPT-TO,X-Envelope-To'
END;
GO
UPDATE hm_dbversion SET value = 5606
GO

Download
https://d-fault.nl/files/hMailServer-Bu ... 2602.51.7z

* Included hMailAdmin.exe fixes sorting of DateTime and IPAddress (IP4) values, not reflected in server application version numbering

[gotspatel]

@Rvdh

Latest is 5.6.9-B2602.51

Is the Sub OnClientValidatePassword() part of this build?

[RvdH]

@Rvdh

Latest is 5.6.9-B2602.51

Is the Sub OnClientValidatePassword() part of this build?

It is removed for a long time, read comments here:
https://github.com/hmailserver/hmailserver/pull/338

[gotspatel]

Thank you for the info

Regards

[RvdH]

Thank you for the info

Regards

Any specific need for it? (5.7 still has this event, although i think it should be removed)

[gotspatel]

Thank you for the info

Regards

Any specific need for it? (5.7 still has this event, although i think it should be removed)

To catch password used by bruteforce/bots trying to login

[bagu]

Hello,

Why not disconnect and ban clients who have too many failed connections?

[RvdH]

Thank you for the info

Regards

Any specific need for it? (5.7 still has this event, although i think it should be removed)

To catch password used by bruteforce/bots trying to login

Does that catch passwords? Doubt it, not? I thought it was to override the account password with a script defined password

[RvdH]

Hello,

Why not disconnect and ban clients who have too many failed connections?

I do something similar in the OnClientLogon event all domains on my server have abuse@ and postmaster@ aliases, but i do not allow logins from those and some other generic unused account names
eg: honeypot accounts, i also submit those to abuseipdb.com & blocklist.de reputation services

Code: Select all

Sub OnClientLogon(oClient)
    
    Dim strRegEx : strRegEx = Empty
    strRegEx = "^(root|test|unix|sales|library|ldap|admin|administrator|postmaster|printer|abuse|logs)\@.+$"
    If Lookup(strRegEx, oClient.Username) Then
        Call AutoBan(oClient.IPAddress, oClient.Username & " (" & oClient.Port & ")", 1, "d")
        If (ReportToAbuseIPDB(oClient.IPAddress, "18,14", "Unauthorized connection attempt from IP address " & oClient.IPAddress & " on port " & oClient.Port)) Then
            EventLog.Write("INFO: ReportToAbuseIPDB: Unauthorized connection attempt from IP address " & oClient.IPAddress & " on port " & oClient.Port)
        End If
        Call fail2ban(oClient.IPAddress, service, Escape(Now() & vbTab & "Failed login for a non-existent email address/account (honeypot)" & vbCrLf & Now() & vbTab & "Connection from IP address: " & oClient.IPAddress & " on port: " & oClient.Port))
        Exit Sub
    End If
    
End Sub

Function Lookup(strRegEx, strMatch)
    If strRegEx = "" Then Exit Function
    With CreateObject("VBScript.RegExp")
        .Global = False
        .Pattern = strRegEx
        .IgnoreCase = True
        Lookup = .Test(strMatch)
    End With
End Function

[gotspatel]

Any specific need for it? (5.7 still has this event, although i think it should be removed)

To catch password used by bruteforce/bots trying to login

Does that catch passwords? Doubt it, not? I thought it was to override the account password with a script defined password

I was just going through this and wanted to know, if it is possible to get all the failed passwords.

HERE

[RvdH]

To catch password used by bruteforce/bots trying to login

Does that catch passwords? Doubt it, not? I thought it was to override the account password with a script defined password

I was just going through this and wanted to know, if it is possible to get all the failed passwords.

HERE

Not with my 5.6.x builds, OnClientValidatePassword is a security concern as described in the github topic posted above and i do not like logging passwords for that same reason, SorenRR has a build capable of returning/logging of passwords

[gotspatel]

Does that catch passwords? Doubt it, not? I thought it was to override the account password with a script defined password

I was just going through this and wanted to know, if it is possible to get all the failed passwords.

HERE

Not with my 5.6.x builds, OnClientValidatePassword is a security concern as described in the github topic posted above and i do not like logging passwords for that same reason, SorenRR has a build capable of returning/logging of passwords

Yep I better stick with your build



BTW can you point me where i can get fail2ban for Windows

[RvdH]

I was just going through this and wanted to know, if it is possible to get all the failed passwords.

HERE

Not with my 5.6.x builds, OnClientValidatePassword is a security concern as described in the github topic posted above and i do not like logging passwords for that same reason, SorenRR has a build capable of returning/logging of passwords

Yep I better stick with your build



BTW can you point me where i can get fail2ban for Windows

That isn't really fail2ban for windows, but something (C# console app) i named similar for use with blocklist.de, https://d-fault.nl/files

Code: Select all

fail2ban Options:
  -a, --apikey=VALUE         Your blocklist.de account API key
  -e, --email=VALUE          Your blocklist.de account registered email or Id
  -i, --ipaddress=VALUE      Attacker IP address
  -s, --service=VALUE        Attacked service, eg: pop3, smtp, imap
  -l, --logs=VALUE           Attack logs
  -v, --verbose              increase debug message verbosity
  -h, --help                 show this message and exit

Code: Select all

Function fail2ban(sIPAddress, sService, sLogs)
	dim filePath : filePath = "C:\Program Files (x86)\hMailServer\Events\fail2ban.exe"
	With CreateObject("WScript.Shell")
		.Run Chr(34) & filePath & Chr(34) &_
		" /a " & FAIL2BANKEY &_
		" /e " & FAIL2BANID &_
		" /i " & sIPAddress &_
		" /s " & sService &_
		" /l " & sLogs &_
		"",0,True
	End With
End Function

[gotspatel]

Not with my 5.6.x builds, OnClientValidatePassword is a security concern as described in the github topic posted above and i do not like logging passwords for that same reason, SorenRR has a build capable of returning/logging of passwords

Yep I better stick with your build



BTW can you point me where i can get fail2ban for Windows

That isn't really fail2ban for windows, but something (C# console app) i named similar for use with blocklist.de, https://d-fault.nl/files

Thank you very much

Regards,

GP

[RvdH]

Thank you very much

Regards,

GP

i believe -l, --logs=VALUE needs at least 1 linebreak, eg:VbCrLF otherwise it won't work

[SorenR]

I was just going through this and wanted to know, if it is possible to get all the failed passwords.

HERE

Not with my 5.6.x builds, OnClientValidatePassword is a security concern as described in the github topic posted above and i do not like logging passwords for that same reason, SorenRR has a build capable of returning/logging of passwords

Yep I better stick with your build

I believe there are minimal differences on Ruud's an mine fork... I think I have a few extra tweaks like only disclosing passwords in OnClientLogon() if authentication failed, a newer SPF library (1.12 vs 1.10) and the reply to EHLO is not ending in "250 HELP" but rather based on the options selected. That makes it difficult to identify the server as hMailServer

Could be fun to compare

[gotspatel]

Not with my 5.6.x builds, OnClientValidatePassword is a security concern as described in the github topic posted above and i do not like logging passwords for that same reason, SorenRR has a build capable of returning/logging of passwords

Yep I better stick with your build

I believe there are minimal differences on Ruud's an mine fork... I think I have a few extra tweaks like only disclosing passwords in OnClientLogon() if authentication failed, a newer SPF library (1.12 vs 1.10) and the reply to EHLO is not ending in "250 HELP" but rather based on the options selected. That makes it difficult to identify the server as hMailServer

Could be fun to compare

Would love to check but first will have to learn compiling from source then from your github code

[tstrike2000]

I get an error on MySQL running: alter table hm_fetchaccounts add column if not exists famimerecipientheaders varchar(255) not null default 'To,CC,X-RCPT-TO,X-Envelope-To';

I'm using the MySQL script. I don't know enough when using phpmyadmin to insert this correctly manually.

[ralfik]

Suggestion for improvement.. hMailServer 5.6.x does not work with TLS 1.1 and TLS 1.2 enabled only.

ADO: [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.

[RvdH]

I get an error on MySQL running: alter table hm_fetchaccounts add column if not exists famimerecipientheaders varchar(255) not null default 'To,CC,X-RCPT-TO,X-Envelope-To';

I'm using the MySQL script. I don't know enough when using phpmyadmin to insert this correctly manually.

What error? What MySQL version?

You could try to leave out the 'if not exists' part, eg:

Code: Select all

alter table `hm_fetchaccounts` add column `famimerecipientheaders` varchar(255) not null default 'To,CC,X-RCPT-TO,X-Envelope-To';

[RvdH]

Suggestion for improvement.. hMailServer 5.6.x does not work with TLS 1.1 and TLS 1.2 enabled only.

ADO: [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.

Would this fix that?
https://github.com/Kilowhisky/hmailserv ... d75de67085

Can you try, https://d-fault.nl/files/hMailServer-Bu ... 2602.52.7z

[tstrike2000]

I get an error on MySQL running: alter table hm_fetchaccounts add column if not exists famimerecipientheaders varchar(255) not null default 'To,CC,X-RCPT-TO,X-Envelope-To';

I'm using the MySQL script. I don't know enough when using phpmyadmin to insert this correctly manually.

What error? What MySQL version?

You could try to leave out the 'if not exists' part, eg:

Code: Select all

alter table `hm_fetchaccounts` add column `famimerecipientheaders` varchar(255) not null default 'To,CC,X-RCPT-TO,X-Envelope-To';

Removing 'if not exists' worked. Thanks!

[ralfik]

Suggestion for improvement.. hMailServer 5.6.x does not work with TLS 1.1 and TLS 1.2 enabled only.

ADO: [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.

Would this fix that?
https://github.com/Kilowhisky/hmailserv ... d75de67085

Can you try, https://d-fault.nl/files/hMailServer-Bu ... 2602.52.7z

You're the best. Thank you, it works.

[RvdH]

You're the best. Thank you, it works.

Thx for feedback!

Latest is 5.6.9-B2602.52

Simply install the latest production and/or beta artifact from the URL below, then copy and overwrite files in this archive in hmailserver '/bin' directory
https://build.hmailserver.com/viewLog.h ... =artifacts (login as guest)

1. Added: OnHELO(oClient) event, issue #153
2. Fix: Incorrect DEBUG logging for event 'OnDeliverMessage', issue #181
3. Added: Include HTMLBody into IMAP TEXT search, pull #193
4. Fix: implicit conversion: "int" to "unsigned char" pull #204
5. Fix: Faulty SMTP 'Disconnect client after too many invalid commands' pull issue #160
6. Fix: SMTP server error "550 Unsupported ESMTP extension" on MAIL FROM:... AUTH=<> [with fix] issue #164
7. Fix: Removed warning if backup was more than 1,5GB and 15GB limit. There's no longer a recommended max-size - the time will vary with the installation size. issue #69
8. Fix: Speed up 'update hm_messages set messageflags' issue #221
9. A̶d̶d̶e̶d̶:̶ ̶t̶h̶r̶e̶a̶t̶ ̶a̶u̶t̶h̶e̶n̶t̶i̶c̶a̶t̶e̶d̶ ̶u̶s̶e̶r̶s̶ ̶a̶s̶ ̶l̶o̶c̶a̶l̶s̶e̶n̶d̶e̶r̶ ̶i̶f̶ ̶t̶h̶e̶ ̶s̶e̶n̶d̶e̶r̶ ̶i̶s̶ ̶a̶u̶t̶h̶e̶n̶t̶i̶c̶a̶t̶e̶d̶ ̶a̶n̶d̶ ̶A̶u̶t̶h̶U̶s̶e̶r̶I̶s̶L̶o̶c̶a̶l̶=̶1̶ ̶I̶N̶I̶ ̶s̶e̶t̶t̶i̶n̶g̶ ̶O̶f̶f̶i̶c̶e̶ ̶2̶0̶1̶6̶/̶2̶0̶1̶9̶ ̶B̶u̶g̶
10. Added: Return-Path header as topmost header before sending the message to SA (+ delete Return-Path header after the SA check completes) issue #116
11. Added: Event OnClientLogon(oClient), New ClientInfo property oClient.Authenticated (Boolean)
12. Fix: Handling of long UIDL response lists was too slow. issue #93
13. Fix: When calling SpamAssassin and there was a connection failure, sometimes temporary files were left behind issue #100
14. Fix: SURBL detection properly fails to detect url's ending with a query string issue #108
15. Fix: If a route is set up, but the recipient does not match an address in the route address list, the domain catch-all should be used if specified. issue #74
16. Fix: ExternalFetcher DELE when no RETR, pull pull #254
17. Fix: SMTP multiply max message size with 1024 issue #267
18. Added: email address variable to SignatureAdder.cpp pull #265
19. Fix: DKIM on acccount-rule 'reply' not applied #172 issue #172
20. Fix: preserve RewriteEnvelopeFromWhenForwarding setting when forwarding from account rule
21. Fix: The logical flow should be to disregard "Require SMTP authentication" if "Allow deliveries from" is unselected issue #287
22. Added: ability to DKIM sign NDR messages (forwarded to external) pull #301
23. Added: Use custom daemonaddressdomain from INI pull #301
24. Fix: SURBL regex pull #320
25. A̶d̶d̶e̶d̶:̶ ̶R̶M̶S̶P̶F̶ ̶l̶i̶b̶r̶a̶r̶y̶ ̶S̶p̶a̶m̶T̶e̶s̶t̶S̶P̶F̶ ̶R̶e̶s̶u̶l̶t̶ ̶t̶o̶ ̶D̶E̶B̶U̶G̶ ̶l̶o̶g̶g̶i̶n̶g̶,̶ ̶s̶e̶e̶ ̶t̶h̶i̶s̶ ̶f̶o̶r̶u̶m̶ ̶t̶o̶p̶i̶c̶
26. Fix: Ignore SpamTestSPF and SpamTestHeloHost when send thru local IP Address, see this forum topic
27. Added: SPF test to include "HELO/EHLO host" used by DNS macros pull 353
28. Fix: 'Unencrypted Cleartext Login' vulnerability detection pull 242
29. Fix: Anti-spam; Maximum message to scan (KB) is now limited to 256MB, see this forum topic
30. Added: "UseDNSCache" INI setting. 1 = Use cache in DNS Client service (default). 0 = Bypass cache in DNS Client service. pull 396
31. Fix: AWStats::LogDeliveryFailure was called twice for each message in OnDeliveryFailed pull 368
32. Fix: oMessage object was empty (in some circumstances) when called from OnDeliveryFailed pull 369
33. Added: Experimental events OnRecipientUnknown(oClient, oMessage) and OnTooManyInvalidCommands(oClient, oMessage) pull #390
34. Added: TLS server cipher preference support and support for prioritizing ChaCha20Poly1305 pull 379
35. Added: DKIM signature for domain aliases pull 383
36. Added: "DNSServer" INI setting. Single (local) DNS server IPv4 addresses to use within hMailServer instead of default system DNS. pull 396
37. Added: Auto-Submitted header for auto-generated messages pull 386
38. Added: New ClientInfo properties oClient.EncryptedConnection (Boolean), oClient.CipherVersion, oClient.CipherName and oClient.CipherBits pull #391
39. Added: DomainMembers DistributionList mode pull #392
40. Added: X-hMailServer-Envelope-From header, grouping off all X-hMailServer-* headers, For consistency equalize Return-Path format used within hMailServer, eg: Return-Path: <return-route-addr> (always use angle brackets)
41. Fix: integer overflow check for SPF macro segment count pull #399
42. Added: New ClientInfo property oClient.SessionID (long) issue #401
43. Added: New Status property oApp.Status.ThreadID (long) this forum topic
44. Added: rDNS/PTR AntiSpam Check pull #413
45. Added: Prefer IPv6 over IPv4 pull #415
46. Fix: SpamTestHeloHost IPv6 Fix pull #416
47. Fix: Changed ClamAV Scan from STREAM to INSTREAM. issue #420
48. Added: MIME Recipient Headers as configurable comma delimited string pull #428
49. Fix: AUTH PLAIN followed by base64 encoded username and password (on same line) in log exposed account password. pull #437
50. Fix: rfc4954 After a successful AUTH command completes, a server MUST reject any further AUTH commands with a 503 reply. pull #438
51. Fix: HM5157 SpamAssassinClient::OnReadError, The WinSock error code is 2. issue #167
52. Fix: TCP/IP Ports 'Default' button in GUI did not add the standard port SMTP 587 (this port is standard added by SQL script during installation) #pull 441
53. Removed: Collection of statistics, since it's no longer being used. issue #435
54. Fix: If MSSQL OLE DB Provider 18 or later is installed, prefer that one, since it supports TLS1.1/1.2 which older providers do not. issue 186

Important! This fork requires you to add additional entries to the hm_settings database table, eg:

MariaDB, MySQL

Code: Select all

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'TlsOptions', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='TlsOptions');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'ascheckptr', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='ascheckptr');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'ascheckptrscore', '', 1 from dual
where not exists 
  (select settingname from hm_settings where settingname='ascheckptrscore');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'IPv6Preferred', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='IPv6Preferred');

alter table hm_fetchaccounts add column if not exists famimerecipientheaders varchar(255) not null default 'To,CC,X-RCPT-TO,X-Envelope-To';

update hm_dbversion set value = 5606;

MSSQL

Code: Select all

IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'TlsOptions')
INSERT INTO hm_settings(settingname, settingstring, settinginteger) VALUES ('TlsOptions','','0')
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'ascheckptr')
insert into hm_settings (settingname, settingstring, settinginteger) values ('ascheckptr', '', 0)
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'ascheckptrscore')
insert into hm_settings (settingname, settingstring, settinginteger) values ('ascheckptrscore', '', 1)
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'IPv6Preferred')
insert into hm_settings (settingname, settingstring, settinginteger) values ('IPv6Preferred', '', 0)
GO
IF NOT EXISTS (
  SELECT
    *
  FROM
    INFORMATION_SCHEMA.COLUMNS
  WHERE
    TABLE_NAME = 'hm_fetchaccounts' AND COLUMN_NAME = 'famimerecipientheaders')
BEGIN
  ALTER TABLE hm_fetchaccounts
    ADD famimerecipientheaders nvarchar(255) NOT NULL DEFAULT 'To,CC,X-RCPT-TO,X-Envelope-To'
END;
GO
UPDATE hm_dbversion SET value = 5606
GO

Download
https://d-fault.nl/files/hMailServer-Bu ... 2602.52.7z

* Included hMailAdmin.exe fixes sorting of DateTime and IPAddress (IP4) values, not reflected in server application version numbering

[manos2000]

@RvdH, Perfect, installed it today

Thanks!

[RvdH]

IMPORTANT BUG FIX

Anyone using *.49 or higher, here is a small bug fix release that should solve a possible issue that could result in high CPU consumption by hmailserver.exe

Issue/bug reference: https://www.hmailserver.com/forum/viewt ... =7&t=39711

https://d-fault.nl/files/hMailServer-Bu ... -1.1.1s.7z (also updated to OpenSSL 1.1.1s)

[fremen]

Hi!

I'd like to migrate from the internal MSSQL CE to MySQL database.
Because my database is too large, I cannot use the backup util, so I installed this version of hmail server.

The only problem, that I don't know how should I insert the code to the hm_settings database table.

Could you please help with it?

Thanks!

[RvdH]

I usually use HeidiSQL, but phpMyAdmin or MySQL WorkBench could be used as well
Basically what you have to do is you select the database (hmailserver), and in a query windows paste the sql code posted above and execute (run) those queries

[fremen]

Thanks for your help RcdH!

Unfortunatelly when I select hm_settings in the hmailserver.sdf and try to run the query, it gives back error:
1. the specific table doesn't exist: dual

or

2. there was an error parsing the query: token line number = 1, token line offset = 41, token in error = if ]

I tried this with SDF Viewer, on a copy of the sdf file.

I cannot figure out how can I open an sdf in Heidisql.

[katip]

I tried this with SDF Viewer, on a copy of the sdf file.

I cannot figure out how can I open an sdf in Heidisql.

i doubt HeidiSQL can read MSSQL CE.
you may want to try this: https://www.etl-tools.com/database-brow ... rview.html

[RvdH]

I tried this with SDF Viewer, on a copy of the sdf file.

I cannot figure out how can I open an sdf in Heidisql.

i doubt HeidiSQL can read MSSQL CE.
you may want to try this: https://www.etl-tools.com/database-brow ... rview.html

Ah yes, i was under the impression he already migrated from MSSQL CE to MySQL
I have little experience with MSSQL CE myself, but if i remember right you could use a tool like https://github.com/christianhelle/sqlcequery/releases and/or https://github.com/ErikEJ/SqlCeToolbox/releases (3.5) or the one katip suggested

To obtain the sdf password, copy Password=*** value under [Database] in hMailServer.ini
if PasswordEncryption=1 under [Database] in hMailServer.ini you need to decrypt it using C:\Program Files (x86)\hMailServer\Addons\Utilities\DecryptBlowfish.vbs

[jimimaseye]

FYI

I also documented accessing this in https://www.hmailserver.com/forum/viewt ... 21&t=28914 - bottom of first post look for "**FOOTNOTE"

[RvdH]

Latest is 5.6.9-B2602.53

Note FYI i have disabled download access to older versions of my custom builds, you from now on always should be redirected to the latest build when downloading

Simply install the latest production and/or beta artifact from the URL below, then copy and overwrite files in this archive in hmailserver '/bin' directory
https://build.hmailserver.com/viewLog.h ... =artifacts (login as guest)

1. Added: OnHELO(oClient) event, issue #153
2. Fix: Incorrect DEBUG logging for event 'OnDeliverMessage', issue #181
3. Added: Include HTMLBody into IMAP TEXT search, pull #193
4. Fix: implicit conversion: "int" to "unsigned char" pull #204
5. Fix: Faulty SMTP 'Disconnect client after too many invalid commands' pull issue #160
6. Fix: SMTP server error "550 Unsupported ESMTP extension" on MAIL FROM:... AUTH=<> [with fix] issue #164
7. Fix: Removed warning if backup was more than 1,5GB and 15GB limit. There's no longer a recommended max-size - the time will vary with the installation size. issue #69
8. Fix: Speed up 'update hm_messages set messageflags' issue #221
9. A̶d̶d̶e̶d̶:̶ ̶t̶h̶r̶e̶a̶t̶ ̶a̶u̶t̶h̶e̶n̶t̶i̶c̶a̶t̶e̶d̶ ̶u̶s̶e̶r̶s̶ ̶a̶s̶ ̶l̶o̶c̶a̶l̶s̶e̶n̶d̶e̶r̶ ̶i̶f̶ ̶t̶h̶e̶ ̶s̶e̶n̶d̶e̶r̶ ̶i̶s̶ ̶a̶u̶t̶h̶e̶n̶t̶i̶c̶a̶t̶e̶d̶ ̶a̶n̶d̶ ̶A̶u̶t̶h̶U̶s̶e̶r̶I̶s̶L̶o̶c̶a̶l̶=̶1̶ ̶I̶N̶I̶ ̶s̶e̶t̶t̶i̶n̶g̶ ̶O̶f̶f̶i̶c̶e̶ ̶2̶0̶1̶6̶/̶2̶0̶1̶9̶ ̶B̶u̶g̶
10. Added: Return-Path header as topmost header before sending the message to SA (+ delete Return-Path header after the SA check completes) issue #116
11. Added: Event OnClientLogon(oClient), New ClientInfo property oClient.Authenticated (Boolean)
12. Fix: Handling of long UIDL response lists was too slow. issue #93
13. Fix: When calling SpamAssassin and there was a connection failure, sometimes temporary files were left behind issue #100
14. Fix: SURBL detection properly fails to detect url's ending with a query string issue #108
15. Fix: If a route is set up, but the recipient does not match an address in the route address list, the domain catch-all should be used if specified. issue #74
16. Fix: ExternalFetcher DELE when no RETR, pull pull #254
17. Fix: SMTP multiply max message size with 1024 issue #267
18. Added: email address variable to SignatureAdder.cpp pull #265
19. Fix: DKIM on acccount-rule 'reply' not applied #172 issue #172
20. Fix: preserve RewriteEnvelopeFromWhenForwarding setting when forwarding from account rule
21. Fix: The logical flow should be to disregard "Require SMTP authentication" if "Allow deliveries from" is unselected issue #287
22. Added: ability to DKIM sign NDR messages (forwarded to external) pull #301
23. Added: Use custom daemonaddressdomain from INI pull #301
24. Fix: SURBL regex pull #320
25. A̶d̶d̶e̶d̶:̶ ̶R̶M̶S̶P̶F̶ ̶l̶i̶b̶r̶a̶r̶y̶ ̶S̶p̶a̶m̶T̶e̶s̶t̶S̶P̶F̶ ̶R̶e̶s̶u̶l̶t̶ ̶t̶o̶ ̶D̶E̶B̶U̶G̶ ̶l̶o̶g̶g̶i̶n̶g̶,̶ ̶s̶e̶e̶ ̶t̶h̶i̶s̶ ̶f̶o̶r̶u̶m̶ ̶t̶o̶p̶i̶c̶
26. Fix: Ignore SpamTestSPF and SpamTestHeloHost when send thru local IP Address, see this forum topic
27. Added: SPF test to include "HELO/EHLO host" used by DNS macros pull 353
28. Fix: 'Unencrypted Cleartext Login' vulnerability detection pull 242
29. Fix: Anti-spam; Maximum message to scan (KB) is now limited to 256MB, see this forum topic
30. Added: "UseDNSCache" INI setting. 1 = Use cache in DNS Client service (default). 0 = Bypass cache in DNS Client service. pull 396
31. Fix: AWStats::LogDeliveryFailure was called twice for each message in OnDeliveryFailed pull 368
32. Fix: oMessage object was empty (in some circumstances) when called from OnDeliveryFailed pull 369
33. Added: Experimental events OnRecipientUnknown(oClient, oMessage) and OnTooManyInvalidCommands(oClient, oMessage) pull #390
34. Added: TLS server cipher preference support and support for prioritizing ChaCha20Poly1305 pull 379
35. Added: DKIM signature for domain aliases pull 383
36. Added: "DNSServer" INI setting. Single (local) DNS server IPv4 addresses to use within hMailServer instead of default system DNS. pull 396
37. Added: Auto-Submitted header for auto-generated messages pull 386
38. Added: New ClientInfo properties oClient.EncryptedConnection (Boolean), oClient.CipherVersion, oClient.CipherName and oClient.CipherBits pull #391
39. Added: DomainMembers DistributionList mode pull #392
40. Added: X-hMailServer-Envelope-From header, grouping off all X-hMailServer-* headers, For consistency equalize Return-Path format used within hMailServer, eg: Return-Path: <return-route-addr> (always use angle brackets)
41. Fix: integer overflow check for SPF macro segment count pull #399
42. Added: New ClientInfo property oClient.SessionID (long) issue #401
43. Added: New Status property oApp.Status.ThreadID (long) this forum topic
44. Added: rDNS/PTR AntiSpam Check pull #413
45. Added: Prefer IPv6 over IPv4 pull #415
46. Fix: SpamTestHeloHost IPv6 Fix pull #416
47. Fix: Changed ClamAV Scan from STREAM to INSTREAM. issue #420
48. Added: MIME Recipient Headers as configurable comma delimited string pull #428
49. Fix: AUTH PLAIN followed by base64 encoded username and password (on same line) in log exposed account password. pull #437
50. Fix: rfc4954 After a successful AUTH command completes, a server MUST reject any further AUTH commands with a 503 reply. pull #438
51. Fix: HM5157 SpamAssassinClient::OnReadError, The WinSock error code is 2. issue #167
52. Fix: TCP/IP Ports 'Default' button in GUI did not add the standard port SMTP 587 (this port is standard added by SQL script during installation) #pull 441
53. Removed: Collection of statistics, since it's no longer being used. issue #435
54. Fix: If MSSQL OLE DB Provider 18 or later is installed, prefer that one, since it supports TLS1.1/1.2 which older providers do not. issue 186
55. Added: %MACRO_ORIGINAL_HEADER% macro expansion for 'Set header value' rules

Important! This fork requires you to add additional entries to the hm_settings database table, eg:

MariaDB, MySQL

Code: Select all

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'TlsOptions', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='TlsOptions');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'ascheckptr', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='ascheckptr');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'ascheckptrscore', '', 1 from dual
where not exists 
  (select settingname from hm_settings where settingname='ascheckptrscore');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'IPv6Preferred', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='IPv6Preferred');

alter table hm_fetchaccounts add column if not exists famimerecipientheaders varchar(255) not null default 'To,CC,X-RCPT-TO,X-Envelope-To';

update hm_dbversion set value = 5606;

MSSQL

Code: Select all

IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'TlsOptions')
INSERT INTO hm_settings(settingname, settingstring, settinginteger) VALUES ('TlsOptions','','0')
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'ascheckptr')
insert into hm_settings (settingname, settingstring, settinginteger) values ('ascheckptr', '', 0)
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'ascheckptrscore')
insert into hm_settings (settingname, settingstring, settinginteger) values ('ascheckptrscore', '', 1)
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'IPv6Preferred')
insert into hm_settings (settingname, settingstring, settinginteger) values ('IPv6Preferred', '', 0)
GO
IF NOT EXISTS (
  SELECT
    *
  FROM
    INFORMATION_SCHEMA.COLUMNS
  WHERE
    TABLE_NAME = 'hm_fetchaccounts' AND COLUMN_NAME = 'famimerecipientheaders')
BEGIN
  ALTER TABLE hm_fetchaccounts
    ADD famimerecipientheaders nvarchar(255) NOT NULL DEFAULT 'To,CC,X-RCPT-TO,X-Envelope-To'
END;
GO
UPDATE hm_dbversion SET value = 5606
GO

Download
https://d-fault.nl/files/hMailServer-Bu ... -1.1.1s.7z

* Included hMailAdmin.exe fixes sorting of DateTime and IPAddress (IP4) values, not reflected in server application version numbering

[kimboslice]

Been running your builds for a few months now @RvdH, really glad to see some active development! kudos

I notice you package the WebAdmin, are there unique changes here that I need to merge with a pre-existing setup? I'm running the redesign project on GitHub (I'm sure you know the one )

An issue I've seen from hMail that doesn't seem to get any attention is the built-in backup setup seems to have some issues, IIRC any pre-existing data in the backup folder almost always causes the backup to hang indefinitely, then when the next scheduled backup runs it will fail because hMail believes the backup has already been started.

I've worked around this with a couple of scripts, but it'd just be nice to see fixed. I can see how it may be considered a trivial issue, however.

[RvdH]

Been running your builds for a few months now @RvdH, really glad to see some active development! kudos

I notice you package the WebAdmin, are there unique changes here that I need to merge with a pre-existing setup? I'm running the redesign project on GitHub (I'm sure you know the one )

An issue I've seen from hMail that doesn't seem to get any attention is the built-in backup setup seems to have some issues, IIRC any pre-existing data in the backup folder almost always causes the backup to hang indefinitely, then when the next scheduled backup runs it will fail because hMail believes the backup has already been started.

I've worked around this with a couple of scripts, but it'd just be nice to see fixed. I can see how it may be considered a trivial issue, however.

https://github.com/RvdHout/hmailserver-webadmin

There isn't much i can do with the backup routine (besides completely rewriting it) i am surprised to read people having backup issues, never had a single one with my build without any limits

[jimimaseye]

An issue I've seen from hMail that doesn't seem to get any attention is the built-in backup setup seems to have some issues, IIRC any pre-existing data in the backup folder almost always causes the backup to hang indefinitely, then when the next scheduled backup runs it will fail because hMail believes the backup has already been started.

I've worked around this with a couple of scripts, but it'd just be nice to see fixed. I can see how it may be considered a trivial issue, however.

There isn't much i can do with the backup routine (besides completely rewriting it) i am surprised to read people having backup issues, never had a single one with my build without any limits

It is true - this does happen. I wrote about it some years ago in the forum somewhere based on my experience and happening exactly as above. The cause for the initial failure is unknown (I guess it could be anything eg, user being impatient and thinking its finished or hanging). But yes, if the temporary backup directory is not empty then the above applies and the service requires restarting.

[johang]

An issue I've seen from hMail that doesn't seem to get any attention is the built-in backup setup seems to have some issues, IIRC any pre-existing data in the backup folder almost always causes the backup to hang indefinitely, then when the next scheduled backup runs it will fail because hMail believes the backup has already been started.

I've worked around this with a couple of scripts, but it'd just be nice to see fixed. I can see how it may be considered a trivial issue, however.

There isn't much i can do with the backup routine (besides completely rewriting it) i am surprised to read people having backup issues, never had a single one with my build without any limits

It is true - this does happen. I wrote about it some years ago in the forum somewhere based on my experience and happening exactly as above. The cause for the initial failure is unknown (I guess it could be anything eg, user being impatient and thinking its finished or hanging). But yes, if the temporary backup directory is not empty then the above applies and the service requires restarting.

in my case i had another "server maintainance background task" which would sometimes take longer then expected ( and ate a whole lot more diskspace then anticipated ) which would at some times cross timepaths with the backup .. making the backup "impossible to run successfully" ( lack of diskspace ), the other server maintainance background task in the meantime got to what it was supposed to do and cleared its tracks... making it kinda a hard guessing what was up... ( had to sit through a couple of nightly backups to catch it in the making...

would have been awesome with som error handleing code telling there wasnt enough space on disk to complete backup.... ( i know.. its up to me to know.. my disk checking script wasnt running more then every 2 hours, and not catching this... ; did i improve the disk checking script.. .. eeeh no.. i just added disk .. )

[RvdH]

There isn't much i can do with the backup routine (besides completely rewriting it) i am surprised to read people having backup issues, never had a single one with my build without any limits

It is true - this does happen. I wrote about it some years ago in the forum somewhere based on my experience and happening exactly as above. The cause for the initial failure is unknown (I guess it could be anything eg, user being impatient and thinking its finished or hanging). But yes, if the temporary backup directory is not empty then the above applies and the service requires restarting.

in my case i had another "server maintainance background task" which would sometimes take longer then expected ( and ate a whole lot more diskspace then anticipated ) which would at some times cross timepaths with the backup .. making the backup "impossible to run successfully" ( lack of diskspace ), the other server maintainance background task in the meantime got to what it was supposed to do and cleared its tracks... making it kinda a hard guessing what was up... ( had to sit through a couple of nightly backups to catch it in the making...

would have been awesome with som error handleing code telling there wasnt enough space on disk to complete backup.... ( i know.. its up to me to know.. my disk checking script wasnt running more then every 2 hours, and not catching this... ; did i improve the disk checking script.. .. eeeh no.. i just added disk .. )

Utilize event OnBackupFailed, eg: for notification mail or something in your custom backup script maybe?

Code: Select all

'   Sub OnBackupFailed(sReason)
'   End Sub

No reason the reinvent the wheel, not?

[johang]

No reason the reinvent the wheel, not?

thumbs up

[CraigT]

@RvdH I have noticed that 5.7.0 has appeared for download. Any update on what changes have occurred? Given that your fork is already installed on the servers, and SQL changes are up to date, can I just copy the new version over the old?
Also, thanks for all the work on this. It is appreciated!

[RvdH]

@RvdH I have noticed that 5.7.0 has appeared for download. Any update on what changes have occurred? Given that your fork is already installed on the servers, and SQL changes are up to date, can I just copy the new version over the old?
Also, thanks for all the work on this. It is appreciated!

Nope, this a build only for 5.7.0 APLHA branch users, eg: you will need to update to 5.7.0 first and then apply the mod package + sql updates identical as instructed for the 5.6.* branch.
It contains all of the 5.6.x patches listed above who are not already commited/made it into the 5.7.0 branch

[katip]

Nope, this a build only for 5.7.0 APLHA branch users, eg: you will need to update to 5.7.0 first and then apply the mod package + sql updates identical as instructed for the 5.6.* branch.
It contains all of the 5.6.x patches listed above who are not already commited/made it into the 5.7.0 branch

Thank you, much appreciated. This was what i was waiting for so long, can't wait to test it.
ehm, did you keep OnClientValidatePassword?

[RvdH]

Nope, this a build only for 5.7.0 APLHA branch users, eg: you will need to update to 5.7.0 first and then apply the mod package + sql updates identical as instructed for the 5.6.* branch.
It contains all of the 5.6.x patches listed above who are not already commited/made it into the 5.7.0 branch

Thank you, much appreciated. This was what i was waiting for so long, can't wait to test it.
ehm, did you keep OnClientValidatePassword?

Yes it is (still) in as it is part of the main 5.7 branch codebase

5.7.0-B2604.17

1. RMSPF 1.12, SPFMAXLOOKUPS 10 as per rfc7208
2. Fix 'Unencrypted Cleartext Login' vulnerability detection pull 342
3. Must issue STARTTLS first when STARTTLS is Required to every command other than NOOP, EHLO, STARTTLS, or QUIT. #pull 360
4. Added: X-hMailServer-Envelope-From header, grouping off all X-hMailServer-* headers, equalize Return-Path format used within hMailServer, eg: Return-Path: <return-route-addr> (always use angle brackets)
5. Added: Experimental events OnRecipientUnknown(oClient, oMessage) and OnTooManyInvalidCommands(oClient, oMessage)
6. Added: TLS server cipher preference support and support for prioritizing ChaCha20Poly1305 pull 379
7. Added: DKIM signature for domain aliases pull 383
8. F̶i̶x̶ ̶'̶S̶A̶S̶L̶ ̶d̶e̶l̶i̶m̶i̶n̶a̶t̶o̶r̶ ̶f̶r̶o̶m̶ ̶\̶t̶ ̶t̶o̶ ̶\̶0̶ ̶r̶e̶f̶ ̶R̶F̶C̶4̶6̶1̶6̶'̶ ̶p̶u̶l̶l̶ ̶3̶8̶5̶
9. Added: Auto-Submitted header for auto-generated messages pull 386
10. Added: New ClientInfo properties oClient.EncryptedConnection (Boolean), oClient.CipherVersion, oClient.CipherName and oClient.CipherBits pull #391
11. Added: DomainMembers DistributionList mode pull #392
12. W̶r̶i̶t̶e̶ ̶S̶P̶F̶ ̶t̶e̶s̶t̶ ̶r̶e̶s̶u̶l̶t̶ ̶t̶o̶ ̶D̶e̶b̶u̶g̶ ̶l̶o̶g̶ p̶u̶l̶l̶ ̶3̶2̶2̶
13. Added: prefer IPv6 over IPv4 pull 224
14. Added: MIME Recipient Headers as configurable comma delimited string pull #428
15. Fix: AUTH PLAIN followed by base64 encoded username and password (on same line) in log exposed account password. pull #437
16. Fix: rfc4954 After a successful AUTH command completes, a server MUST reject any further AUTH commands with a 503 reply. pull #438
17. Fix: HM5157 SpamAssassinClient::OnReadError, The WinSock error code is 2. issue #167
18. Fix: TCP/IP Ports 'Default' button in GUI did not add the standard port SMTP 587 (this port is standard added by SQL script during installation) pull #441
19. Added: %MACRO_ORIGINAL_HEADER% macro expansion for 'Set header value' rules

[nasrallah.larech]

Latest is 5.6.9-B2602.49

Simply install the latest production.....

hi there. i am in the process of installing the RVDH fork of the 5.6.9 version. so when i copied the content files on the bin directory and i tried to connect to the HM admin console get this message " your database is not up to date and needs upgraded ...." see the screenshot.
i understand that i ve to alter the hm database with the code provided in this post. the problem is am under "MS SQL server compact edition" and i don't see where i can alter the database structure ? thank you for your feedback.

[RvdH]

Latest is 5.6.9-B2602.49

Simply install the latest production.....

install1.pnghi there. i am in the process of installing the RVDH fork of the 5.6.9 version. so when i copied the content files on the bin directory and i tried to connect to the HM admin console get this message " your database is not up to date and needs upgraded ...." see the screenshot.
i understand that i ve to alter the hm database with the code provided in this post. the problem is am under "MS SQL server compact edition" and i don't see where i can alter the database structure ? thank you for your feedback.

https://www.hmailserver.com/forum/viewt ... 80#p244180

[RvdH]

Latest is 5.6.9-B2607.57

Note FYI i have disabled download access to older versions of my custom builds, you from now on always should be redirected to the latest build when downloading

Simply install the latest production and/or beta artifact from the URL below, then copy and overwrite files in this archive in hmailserver '/bin' directory
https://build.hmailserver.com/repositor ... -B2607.exe (login as guest)

1. Added: OnHELO(oClient) event, issue #153
2. Fix: Incorrect DEBUG logging for event 'OnDeliverMessage', issue #181
3. Added: Include HTMLBody into IMAP TEXT search, pull #193
4. Fix: implicit conversion: "int" to "unsigned char" pull #204
5. Fix: Faulty SMTP 'Disconnect client after too many invalid commands' pull issue #160
6. Fix: SMTP server error "550 Unsupported ESMTP extension" on MAIL FROM:... AUTH=<> [with fix] issue #164
7. Fix: Removed warning if backup was more than 1,5GB and 15GB limit. There's no longer a recommended max-size - the time will vary with the installation size. issue #69
8. Fix: Speed up 'update hm_messages set messageflags' issue #221
9. A̶d̶d̶e̶d̶:̶ ̶t̶h̶r̶e̶a̶t̶ ̶a̶u̶t̶h̶e̶n̶t̶i̶c̶a̶t̶e̶d̶ ̶u̶s̶e̶r̶s̶ ̶a̶s̶ ̶l̶o̶c̶a̶l̶s̶e̶n̶d̶e̶r̶ ̶i̶f̶ ̶t̶h̶e̶ ̶s̶e̶n̶d̶e̶r̶ ̶i̶s̶ ̶a̶u̶t̶h̶e̶n̶t̶i̶c̶a̶t̶e̶d̶ ̶a̶n̶d̶ ̶A̶u̶t̶h̶U̶s̶e̶r̶I̶s̶L̶o̶c̶a̶l̶=̶1̶ ̶I̶N̶I̶ ̶s̶e̶t̶t̶i̶n̶g̶ ̶O̶f̶f̶i̶c̶e̶ ̶2̶0̶1̶6̶/̶2̶0̶1̶9̶ ̶B̶u̶g̶
10. Added: Return-Path header as topmost header before sending the message to SA (+ delete Return-Path header after the SA check completes) issue #116
11. Added: Event OnClientLogon(oClient), New ClientInfo property oClient.Authenticated (Boolean)
12. Fix: Handling of long UIDL response lists was too slow. issue #93
13. Fix: When calling SpamAssassin and there was a connection failure, sometimes temporary files were left behind issue #100
14. Fix: SURBL detection properly fails to detect url's ending with a query string issue #108
15. Fix: If a route is set up, but the recipient does not match an address in the route address list, the domain catch-all should be used if specified. issue #74
16. Fix: ExternalFetcher DELE when no RETR, pull pull #254
17. Fix: SMTP multiply max message size with 1024 issue #267
18. Added: email address variable to SignatureAdder.cpp pull #265
19. Fix: DKIM on acccount-rule 'reply' not applied #172 issue #172
20. Fix: preserve RewriteEnvelopeFromWhenForwarding setting when forwarding from account rule
21. Fix: The logical flow should be to disregard "Require SMTP authentication" if "Allow deliveries from" is unselected issue #287
22. Added: ability to DKIM sign NDR messages (forwarded to external) pull #301
23. Added: Use custom daemonaddressdomain from INI pull #301
24. Fix: SURBL regex pull #320
25. A̶d̶d̶e̶d̶:̶ ̶R̶M̶S̶P̶F̶ ̶l̶i̶b̶r̶a̶r̶y̶ ̶S̶p̶a̶m̶T̶e̶s̶t̶S̶P̶F̶ ̶R̶e̶s̶u̶l̶t̶ ̶t̶o̶ ̶D̶E̶B̶U̶G̶ ̶l̶o̶g̶g̶i̶n̶g̶,̶ ̶s̶e̶e̶ ̶t̶h̶i̶s̶ ̶f̶o̶r̶u̶m̶ ̶t̶o̶p̶i̶c̶
26. Fix: Ignore SpamTestSPF and SpamTestHeloHost when send thru local IP Address, see this forum topic
27. Added: SPF test to include "HELO/EHLO host" used by DNS macros pull 353
28. Fix: 'Unencrypted Cleartext Login' vulnerability detection pull 242
29. Fix: Anti-spam; Maximum message to scan (KB) is now limited to 256MB, see this forum topic
30. Added: "UseDNSCache" INI setting. 1 = Use cache in DNS Client service (default). 0 = Bypass cache in DNS Client service. pull 396
31. Fix: AWStats::LogDeliveryFailure was called twice for each message in OnDeliveryFailed pull 368
32. Fix: oMessage object was empty (in some circumstances) when called from OnDeliveryFailed pull 369
33. Added: Experimental events OnRecipientUnknown(oClient, oMessage) and OnTooManyInvalidCommands(oClient, oMessage) pull #390
34. Added: TLS server cipher preference support and support for prioritizing ChaCha20Poly1305 pull 379
35. Added: DKIM signature for domain aliases pull 383
36. Added: "DNSServer" INI setting. Single (local) DNS server IPv4 addresses to use within hMailServer instead of default system DNS. pull 396
37. Added: Auto-Submitted header for auto-generated messages pull 386
38. Added: New ClientInfo properties oClient.EncryptedConnection (Boolean), oClient.CipherVersion, oClient.CipherName and oClient.CipherBits pull #391
39. Added: DomainMembers DistributionList mode pull #392
40. Added: X-hMailServer-Envelope-From header, grouping off all X-hMailServer-* headers, For consistency equalize Return-Path format used within hMailServer, eg: Return-Path: <return-route-addr> (always use angle brackets)
41. Fix: integer overflow check for SPF macro segment count pull #399
42. Added: New ClientInfo property oClient.SessionID (long) issue #401
43. Added: New Status property oApp.Status.ThreadID (long) this forum topic
44. Added: rDNS/PTR AntiSpam Check pull #413
45. Added: Prefer IPv6 over IPv4 pull #415
46. Fix: SpamTestHeloHost IPv6 Fix pull #416
47. Fix: Changed ClamAV Scan from STREAM to INSTREAM. issue #420
48. Added: MIME Recipient Headers as configurable comma delimited string pull #428
49. Fix: AUTH PLAIN followed by base64 encoded username and password (on same line) in log exposed account password. pull #437
50. Fix: rfc4954 After a successful AUTH command completes, a server MUST reject any further AUTH commands with a 503 reply. pull #438
51. Fix: HM5157 SpamAssassinClient::OnReadError, The WinSock error code is 2. issue #167
52. Fix: TCP/IP Ports 'Default' button in GUI did not add the standard port SMTP 587 (this port is standard added by SQL script during installation) #pull 441
53. Removed: Collection of statistics, since it's no longer being used. issue #435
54. Fix: If MSSQL OLE DB Provider 18 or later is installed, prefer that one, since it supports TLS1.1/1.2 which older providers do not. issue 186
55. Added: %MACRO_ORIGINAL_HEADER% macro expansion for 'Set header value' rules
56. Fix: S/MIME Signed Message Failing Signature Validation due to X-hMailServer-Envelope-From header position, effectively this means ungrouping of the X-hMailServer-* headers
57. Fix: Error logged if email address length exceeds 254 characters issue #393
58. Fix: DKIM Signing Not Performed On Messages > 10 MB issue #387
59. Fix: DKIM (header) verification fails when an email is received with no subject issue #245

Important! This fork requires you to add additional entries to the hm_settings database table, eg:

MariaDB, MySQL

Code: Select all

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'TlsOptions', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='TlsOptions');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'ascheckptr', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='ascheckptr');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'ascheckptrscore', '', 1 from dual
where not exists 
  (select settingname from hm_settings where settingname='ascheckptrscore');

insert into hm_settings (settingname, settingstring, settinginteger) 
  select 'IPv6Preferred', '', 0 from dual
where not exists 
  (select settingname from hm_settings where settingname='IPv6Preferred');

alter table hm_fetchaccounts add column if not exists famimerecipientheaders varchar(255) not null default 'To,CC,X-RCPT-TO,X-Envelope-To';

update hm_dbversion set value = 5606;

MSSQL

Code: Select all

IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'TlsOptions')
INSERT INTO hm_settings(settingname, settingstring, settinginteger) VALUES ('TlsOptions','','0')
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'ascheckptr')
insert into hm_settings (settingname, settingstring, settinginteger) values ('ascheckptr', '', 0)
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'ascheckptrscore')
insert into hm_settings (settingname, settingstring, settinginteger) values ('ascheckptrscore', '', 1)
GO
IF NOT EXISTS(SELECT settingname FROM hm_settings WHERE settingname = 'IPv6Preferred')
insert into hm_settings (settingname, settingstring, settinginteger) values ('IPv6Preferred', '', 0)
GO
IF NOT EXISTS (
  SELECT
    *
  FROM
    INFORMATION_SCHEMA.COLUMNS
  WHERE
    TABLE_NAME = 'hm_fetchaccounts' AND COLUMN_NAME = 'famimerecipientheaders')
BEGIN
  ALTER TABLE hm_fetchaccounts
    ADD famimerecipientheaders nvarchar(255) NOT NULL DEFAULT 'To,CC,X-RCPT-TO,X-Envelope-To'
END;
GO
UPDATE hm_dbversion SET value = 5606
GO

Download
https://d-fault.nl/files/hMailServer-Bu ... 2607.57.7z

* Included hMailAdmin.exe fixes sorting of DateTime and IPAddress (IP4) values, not reflected in server application version numbering

[nitro]

Thank you for your work once again, everything updated and working.