hMailServer 5.1, Build 327 (Alpha)

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
Post Reply
User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

hMailServer 5.1, Build 327 (Alpha)

Post by martin » 2009-02-02 19:11

This is an alpha. It should not be run in production systems, and you should only install it if you want to take a look at some of the new features. If you experience a serious issue with the build, I would be glad to hear about it. There are some smaller GUI problems that I'm already aware of so if you run into any small problems, please ignore them until a beta is released.

http://download.hmailserver.com/dev/hMa ... 1-B327.exe

The following changes have been made:
  • hMailServer now supports DKIM. Signing options are available in the domain settings and verification options in the anti-spam settings.
  • The "Forwarding relay" option is no longer a setting in IP ranges but instead stored separately as "Incoming relays". The settings are found next to the IP ranges in hMailServer Administrator and WebAdmin. This change was made partly because the term "Forwarding relay" was a bit confusing and partly to improve performance.
  • In the external account settings, there's now options to enable Anti-spam and Anti-virus. In earlier versions, the IP range configuration was used to determine whether or not Anti-spam or Anti-virus should be run for external accounts.
  • In IP ranges, you can now specify an expiration time when the IP range will be automatically removed by hMailServer.
  • It's now possible to auto-ban users after a number of failed logon attempts. When a user is auto-banned, an IP range matching his IP address is created which prevents the client from connecting again. By default, a user who fails to log on 3 times within 30 minutes will have his IP address banned for 60 minutes.
  • In IP ranges, it's no longer possible to select Require authentication for deliveries to local account or Require authentication for deliveries to external accounts. Instead, there is a single option named Require SMTP authentication. When this option is selected, local users must authenticate prior to sending an email.
  • The layout in WebAdmin has been changed to a tab-based system. This makes the user interface less cluttered.
  • If you're doing a new installation, the installation program will ask you whether you want to use the built-in database or an external one. If you're upgrading, the installation program will assume you want to keep the current database and not ask you about it.

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: hMailServer 5.1, Build 327 (Alpha)

Post by ^DooM^ » 2009-02-02 19:27

All sounds great,

I'll install on my backup server later and let you know of any issues (if any) i come across.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

User avatar
DFitch
Senior user
Senior user
Posts: 258
Joined: 2006-09-16 20:40

Re: hMailServer 5.1, Build 327 (Alpha)

Post by DFitch » 2009-02-02 19:55

Nice work again Martin,

I upgraded my backup server with no issues.

One question about the autoban feature, to protect all valid users: I just need to create an iprange for them?
D
hMailServer 5.3.3: External MySql
Win2k3 Server | eWall 4.0 Anti-Spam Anti-Virus SMTP Proxy {http://sssolutions.net/}
SpamAssassin 3.31 - ClamAV on backend Ubuntu Server 10.04(VMware)

User avatar
DFitch
Senior user
Senior user
Posts: 258
Joined: 2006-09-16 20:40

Re: hMailServer 5.1, Build 327 (Alpha)

Post by DFitch » 2009-02-02 20:27

I can telnet fine, however when trying to connect through smtp or imap its errors, using any client.

Logs:
"TCPIP" 984 "2009-02-02 13:12:48.640" "TCPConnection - Posting AcceptEx on 0:26"
"DEBUG" 984 "2009-02-02 13:12:48.640" "Created TCPConnection"
"DEBUG" 984 "2009-02-02 13:12:48.640" "Deleted TCPConnection"
"TCPIP" 1868 "2009-02-02 13:14:03.062" "TCPConnection - Posting AcceptEx on 0:143"
"DEBUG" 1868 "2009-02-02 13:14:03.062" "Created TCPConnection"
"DEBUG" 1868 "2009-02-02 13:14:03.062" "Deleted TCPConnection"

Is there any caching issues due to upgrading from 5.0?

Thanks
D
hMailServer 5.3.3: External MySql
Win2k3 Server | eWall 4.0 Anti-Spam Anti-Virus SMTP Proxy {http://sssolutions.net/}
SpamAssassin 3.31 - ClamAV on backend Ubuntu Server 10.04(VMware)

brucestr21
Normal user
Normal user
Posts: 96
Joined: 2008-06-23 18:47

Re: hMailServer 5.1, Build 327 (Alpha)

Post by brucestr21 » 2009-02-02 21:25

DFitch wrote:I can telnet fine, however when trying to connect through smtp or imap its errors, using any client.

Logs:
"TCPIP" 984 "2009-02-02 13:12:48.640" "TCPConnection - Posting AcceptEx on 0:26"
"DEBUG" 984 "2009-02-02 13:12:48.640" "Created TCPConnection"
"DEBUG" 984 "2009-02-02 13:12:48.640" "Deleted TCPConnection"
"TCPIP" 1868 "2009-02-02 13:14:03.062" "TCPConnection - Posting AcceptEx on 0:143"
"DEBUG" 1868 "2009-02-02 13:14:03.062" "Created TCPConnection"
"DEBUG" 1868 "2009-02-02 13:14:03.062" "Deleted TCPConnection"

Is there any caching issues due to upgrading from 5.0?

Thanks
D
I have the exact same problem
hMailServer v5.2.1 Build 360
XAMPP 1.70
Horde Groupware Webmail 1.2.3
Windows Server 2003 SBS

MP3Freak
Normal user
Normal user
Posts: 221
Joined: 2007-06-13 22:19

Re: hMailServer 5.1, Build 327 (Alpha)

Post by MP3Freak » 2009-02-02 21:36

In IP ranges, it's no longer possible to select Require authentication for deliveries to local account or Require authentication for deliveries to external accounts. Instead, there is a single option named Require SMTP authentication. When this option is selected, local users must authenticate prior to sending an email.
In my view that's a really bad idea! Think of Web applications in an internal network (PHP) that are not able to do SMTP-AUTH. They will all not work anymore!!

User avatar
DFitch
Senior user
Senior user
Posts: 258
Joined: 2006-09-16 20:40

Re: hMailServer 5.1, Build 327 (Alpha)

Post by DFitch » 2009-02-02 21:44

In my view that's a really bad idea!
How is this a problem? Just uncheck it for your internal network .
hMailServer 5.3.3: External MySql
Win2k3 Server | eWall 4.0 Anti-Spam Anti-Virus SMTP Proxy {http://sssolutions.net/}
SpamAssassin 3.31 - ClamAV on backend Ubuntu Server 10.04(VMware)

Shiloh
Normal user
Normal user
Posts: 163
Joined: 2006-04-14 00:00

Re: hMailServer 5.1, Build 327 (Alpha)

Post by Shiloh » 2009-02-02 21:49

MP3Freak: That was my initial reaction as well. But then I reread what Martin posted and realized this was not the case. The change actually makes sense and should not be any trouble. Since this was in the IPRanges tab, you should still be able to not require SMTP AUTH for the IP of the webmail app (localhost or whatever else). And the change actually sounds like Martin simply removed the "Require authentication for deliveries to local account" option. I am not sure when anybody would have required SMTP AUTH for deliveries to local accounts. It is definitely not an option I have ever used for any IP range. The option "Require authentication for deliveries to external accounts" is still there but simply renamed to "Require SMTP authentication", which makes a lot more sense than the previous pair of options in the GUI. You will still be able to disable that option for the IP address that your webmail application is hosted on (localhost or whatever else).

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: hMailServer 5.1, Build 327 (Alpha)

Post by martin » 2009-02-02 21:54

DFitch,
Can you check whether you have a new IP range blocking you from connecting? It sounds almost like you've gotten blacklisted. I'm running the same build myself and has been since saturday. :-\ As for whitelist users from autobanning, yes, you can create an IP range covering all the users with a higher priority than 20, which I believe is the prio of the auto-ban IP range.

MP3Freak,
Shiloh's response here is correct. Just disable the SMTP auth required option if you don't want to do it. (Before, hMailServer checked the recipient to determine whether SMTP auth should be used. Now it checks the sender address as well. If the sender is local and the option is selected, SMTP auth will be required.)

MP3Freak
Normal user
Normal user
Posts: 221
Joined: 2007-06-13 22:19

Re: hMailServer 5.1, Build 327 (Alpha)

Post by MP3Freak » 2009-02-02 21:54

How is this a problem? Just uncheck it for your internal network .
For instance, I have one range (currently one IP address) which should be able to deliver internally adresses without AUTH. But I will not open up this one for sending outbound stuff without AUTH, just for security reasons.

User avatar
DFitch
Senior user
Senior user
Posts: 258
Joined: 2006-09-16 20:40

Re: hMailServer 5.1, Build 327 (Alpha)

Post by DFitch » 2009-02-02 22:02

Can you check whether you have a new IP range blocking you from connecting?
Just to 2 default ones. Since this was an upgrade from v5, do you want me to try a clean install? I haven't tried yet to just help you if there was an issue with upgrading.
hMailServer 5.3.3: External MySql
Win2k3 Server | eWall 4.0 Anti-Spam Anti-Virus SMTP Proxy {http://sssolutions.net/}
SpamAssassin 3.31 - ClamAV on backend Ubuntu Server 10.04(VMware)

coby
New user
New user
Posts: 12
Joined: 2008-12-04 18:57

Re: hMailServer 5.1, Build 327 (Alpha)

Post by coby » 2009-02-02 22:21

argh after the update, i can't connect to imap or pop3. no entry in the error log

User avatar
DFitch
Senior user
Senior user
Posts: 258
Joined: 2006-09-16 20:40

Re: hMailServer 5.1, Build 327 (Alpha)

Post by DFitch » 2009-02-02 22:32

Martin,

I have the same issues on a clean install on another server.
hMailServer 5.3.3: External MySql
Win2k3 Server | eWall 4.0 Anti-Spam Anti-Virus SMTP Proxy {http://sssolutions.net/}
SpamAssassin 3.31 - ClamAV on backend Ubuntu Server 10.04(VMware)

rjvrijn
Normal user
Normal user
Posts: 161
Joined: 2008-03-31 22:13
Location: NL

Re: hMailServer 5.1, Build 327 (Alpha)

Post by rjvrijn » 2009-02-02 23:48

Ok, I'd an upgrade of 5.0 B626 and install went fine. However I can confirm that I'm not able to telnet anymore. To be more specific: From my internal network I cannot do a telnet to port 25, 110 and 143. In the settings the port are open for my internal network.

NB, from within my localhost I can connect to these ports as usual.

Testing further....

-edit- OK, same as DFitch and others, the connections are deleted.
"TCPIP" 2916 "2009-02-02 22:49:59.843" "TCPConnection - Posting AcceptEx on 0:25"
"DEBUG" 2916 "2009-02-02 22:49:59.843" "Created TCPConnection"
"DEBUG" 2916 "2009-02-02 22:49:59.859" "Deleted TCPConnection"
"TCPIP" 2916 "2009-02-02 22:50:02.999" "TCPConnection - Posting AcceptEx on 0:25"
"DEBUG" 2916 "2009-02-02 22:50:02.999" "Created TCPConnection"
"DEBUG" 2916 "2009-02-02 22:50:03.015" "Deleted TCPConnection"
"TCPIP" 3068 "2009-02-02 22:50:06.765" "TCPConnection - Posting AcceptEx on 0:110"
"DEBUG" 3068 "2009-02-02 22:50:06.765" "Created TCPConnection"
"DEBUG" 3068 "2009-02-02 22:50:06.765" "Deleted TCPConnection"
"TCPIP" 3068 "2009-02-02 22:50:08.749" "TCPConnection - Posting AcceptEx on 0:110"
"DEBUG" 3068 "2009-02-02 22:50:08.749" "Created TCPConnection"
"DEBUG" 3068 "2009-02-02 22:50:08.749" "Deleted TCPConnection"
"TCPIP" 2916 "2009-02-02 22:50:14.468" "TCPConnection - Posting AcceptEx on 0:143"
"DEBUG" 2916 "2009-02-02 22:50:14.468" "Created TCPConnection"
"DEBUG" 2916 "2009-02-02 22:50:14.468" "Deleted TCPConnection"
WXP x32 - hMailServer v5.3.2 B1769 / MySQL
Horde Groupware Webmail Edition 3.3.6 / SquirrelMail 1.4.17

User avatar
DFitch
Senior user
Senior user
Posts: 258
Joined: 2006-09-16 20:40

Re: hMailServer 5.1, Build 327 (Alpha)

Post by DFitch » 2009-02-03 07:19

Update Martin,

I was running different test to find where the problem seemed to be.
Seems that the default IPranges are NOT binding to all IPs. However, when i use 127.0.0.1 I do see activity. If i remove the domain and then re-add it. All seems to work properly, I can send and receive!

I do see this error now on send/receive:
"DEBUG" 4084 "2009-02-03 00:17:39.405" "The read operation failed. Bytes transferred: 0 Remote IP: 127.0.0.1, Error code: 10053, Message: An established connection was aborted by the software in your host machine"

Also, tested the Autoban. The ban worked and added the iprange, however when i removed it from the iprange in hMail Admin, it still showed up on the right side under ipranges. (strange) Info must be cached since the records were still in the DB after removal. (is this correct?)

Hope this helps.
D
hMailServer 5.3.3: External MySql
Win2k3 Server | eWall 4.0 Anti-Spam Anti-Virus SMTP Proxy {http://sssolutions.net/}
SpamAssassin 3.31 - ClamAV on backend Ubuntu Server 10.04(VMware)

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: hMailServer 5.1, Build 327 (Alpha)

Post by martin » 2009-02-03 09:39

Okay, so who of you guys installed this in a production system? :)

User avatar
DFitch
Senior user
Senior user
Posts: 258
Joined: 2006-09-16 20:40

Re: hMailServer 5.1, Build 327 (Alpha)

Post by DFitch » 2009-02-03 09:43

Not I, just on a test server here!
hMailServer 5.3.3: External MySql
Win2k3 Server | eWall 4.0 Anti-Spam Anti-Virus SMTP Proxy {http://sssolutions.net/}
SpamAssassin 3.31 - ClamAV on backend Ubuntu Server 10.04(VMware)

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: hMailServer 5.1, Build 327 (Alpha)

Post by martin » 2009-02-03 09:46

Good. :)

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: hMailServer 5.1, Build 327 (Alpha)

Post by martin » 2009-02-03 09:55

MP3Freak,

What do you think about adding a "For external deliveries only" option under "SMTP authentication"?

Then if the sender is local, hMailServer will require SMTP authentication by default. If you select "For external deliveries only", hMailServer will only require SMTP auth if the sender is local but the recipient is external. This would solve your case, right?

I think this makes more sense than reverting the back to the old behavior where *only* the recipient address was used to determine whether SMTP auth should be required. (Which had the effect that spammers could send messages from you@yourdomain.com to you@yourdomain.com without using SMTP auth).

MP3Freak
Normal user
Normal user
Posts: 221
Joined: 2007-06-13 22:19

Re: hMailServer 5.1, Build 327 (Alpha)

Post by MP3Freak » 2009-02-03 10:35

Martin,
What do you think about adding a "For external deliveries only" option under "SMTP authentication"?
That would make sense indeed.

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: hMailServer 5.1, Build 327 (Alpha)

Post by martin » 2009-02-03 13:44

Okay, this is what I got at the moment:
iprange.png
I've tried to figure out ways where this wouldn't make sense but haven't come up with any.
  • If message is being sent from local to local - SMTP authentication is required by default. If Only for deliveries to external addresses is selected, SMTP auth won't be needed.
  • If message is being sent from local to external - SMTP authentication is required by default. If Only for deliveries to external addresses is selected, SMTP auth will still be required. The only way a local user can send to an external address without using authentication is by de-selecting "Require SMTP authentication".
So in your case, you add a new IP range covering the web server, and select Require SMTP authentication and Only for deliveries to external addresses.. Now your script will be able to send messages to users on your server without using SMTP authentication. If your script tries to send to an external address, you will get a "SMTP authentication is required"-error. If you want to be able to do this, you need to de-select "Require SMTP authentication" entirely.

The benefits over the 5.0 behavior is:
  • You can require SMTP authentication when a local user delivers a message to another local user. This will reduce the amount of spam.
  • The option "Require SMTP authentication for deliveries to local accounts" is removed which should make users less confused. Just a short while ago some user had selected this because it sounded good, which had the effect that other servers could not send email to him.
Please write your signature on the line below to confirm this is good. I may use this against you at a later time. ;-)

___________________________

MP3Freak
Normal user
Normal user
Posts: 221
Joined: 2007-06-13 22:19

Re: hMailServer 5.1, Build 327 (Alpha)

Post by MP3Freak » 2009-02-03 13:56

Please write your signature on the line below to confirm this is good. I may use this against you at a later time. ;-)
I'll have to double-check this with my lawyer first... :D

That looks good!

(PGP-Signed)

Post Reply