I have a situation where Hmailserver is used with a domain that was registered in the mid 1990's and over many years, has become a HUGE spam target. While I manage to mitigate most of the crap that comes in via due diligent locked-down configs and DNSBL/SpamAssassin setup, there is one particular scenario from a spammer which is a challenge.
I can receive 40 to 50 SMTP session attempts, sequentially and NOT concurrently, from the same IP address trying to send spam. In other words - I have spam coming in from the same IP, addressed to individual people on the domain, sent to one recipient at a time in the SMTP session. The spammer is NOT using CC or BCC, it is literally one recipient in the SMTP session... Naturally that spammer is not going to "hit" everyone on the domain, so almost daily, the Hmailserver Queue gets built-up with "undeliverable" attempts from that spammer. The spam is part of a botnet, so no I am not going to manually blacklist several dozen if not hundreds of IP addresses or add this to a firewall. Geo-IP blocking is out of the question as well.
I see no way to immediately block SMTP sessions from an IP address that try to send spam, AFTER that system has been tested positive for blacklisting or fails the SpamAssassin test. OR another way to look at it - If Hmailserver receives XX amount of SMTP sessions from the SAME IP address within YY seconds/minutes of each other, ban that IP address.
This is a feature found in Icewarp, a commercial software product. That product has a robust "cache" of IP addresses of every single incoming SMTP session. If that IP address breaks the rules you define, for whatever the reason, they end up in that cache and can be banned for a period you define... even before an SMTP session takes place.
Atreyu
Block SpamProtection IP's
Re: Block SpamProtection IP's
I think this could be done with some clever scripting...
This thread shows how to add detail to the database >> viewtopic.php?f=20&t=13890
You could either check frequently with a scheduled task driven script, or perhaps use SQL triggers, for new timed IP ranges to be created (like Autoban does). hMailserver deletes these automatically.
Can you script in VBS?
What sort of mail volume is on that server? I'm guessing enough to warrant using a database table rather than a flat file...
This thread shows how to add detail to the database >> viewtopic.php?f=20&t=13890
You could either check frequently with a scheduled task driven script, or perhaps use SQL triggers, for new timed IP ranges to be created (like Autoban does). hMailserver deletes these automatically.
Can you script in VBS?
What sort of mail volume is on that server? I'm guessing enough to warrant using a database table rather than a flat file...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
-
- New user
- Posts: 4
- Joined: 2015-07-31 16:06
Re: Block SpamProtection IP's
Hi there, I have intermediate VB-scripting experience... I am no expert by any means. The mail server processes around 5 thousand messages per day. I understand the idea behind scripting/SQL but I'm not quite sure where or how to "hook" into whatever function that handles the "live" condition upon SpamProtection being activated.
On the Icewarp product I mentioned, there is one screen that controls this as per the condition I explained earlier... it would be very nice to have that same screen instead of having to resort to scripting.
Atreyu
On the Icewarp product I mentioned, there is one screen that controls this as per the condition I explained earlier... it would be very nice to have that same screen instead of having to resort to scripting.
Atreyu
Re: Block SpamProtection IP's
Whilst I understand that, and agree in some ways (just learning bash scripts for a Linux firewall ATM), hMailserver typically doesn't add 'fluff' that can be easily scripted, especially if only a few users would ever use it.Atreyu4055 wrote:it would be very nice to have that same screen instead of having to resort to scripting.
Look at the hMailserver COM API >> https://www.hmailserver.com/documentati ... om_objects
especially the securityrange and securityranges >> https://www.hmailserver.com/documentati ... rityranges & https://www.hmailserver.com/documentati ... urityrange
Here's an example that adds an autoban that will last a year. You just need to call it with the IP as a string passed.
Code: Select all
Sub AutobanIP(IPAddress)
Dim oApp
Set oApp = CreateObject("hMailServer.Application")
' Give this script permission to access all
' hMailServer settings.
Call oApp.Authenticate("Administrator", g_sAdminPassword)
Dim oSecurityRange
Set oSecurityRange = oApp.Settings.SecurityRanges.Add()
With oSecurityRange
.lowerip = ipaddress
.upperip = ipaddress
.priority = 20
.allowdeliveryfromlocaltolocal = False
.allowdeliveryfromlocaltoremote = False
.allowdeliveryfromremotetolocal = False
.allowdeliveryfromremotetoremote = False
.allowimapconnections = False
.allowsmtpconnections = False
.allowpop3connections = False
.expires = True
.ExpiresTime = DateAdd("d", 365, Now())
.name = "added from script"
.save
End With
End Sub
OH, and please detail a POLL question and answer for this thread so that we can vote for it...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Block SpamProtection IP's
Well Matt, my suggestion is a bit more advanced - and everything is off to begin with, no point in forcing it off.
Call AutoBan( oClient.IPAddress, "This text is listed under Names in IP Ranges"", 1, "yyyy")
CPorts immediately disconnect the TCP/IP session, like "kill" does in Unix. I found that sometimes these buggers are hard to get rid of
Find it here -> http://www.nirsoft.net/utils/cports.html
Function LockFile is a simple session lock so that sessions do not check & update the same record simultaneously. I found that it may lead to execution errors.
Function Wait - There is a timer missing in VBScript
There are 3 different suggestions as not all will work with all OS versions and 32/64 bit... Microsoft in a nutShell... ha ha.. get it... Shell... Oh well - geek joke
Call AutoBan( oClient.IPAddress, "This text is listed under Names in IP Ranges"", 1, "yyyy")
CPorts immediately disconnect the TCP/IP session, like "kill" does in Unix. I found that sometimes these buggers are hard to get rid of
Find it here -> http://www.nirsoft.net/utils/cports.html
Function LockFile is a simple session lock so that sessions do not check & update the same record simultaneously. I found that it may lead to execution errors.
Function Wait - There is a timer missing in VBScript
There are 3 different suggestions as not all will work with all OS versions and 32/64 bit... Microsoft in a nutShell... ha ha.. get it... Shell... Oh well - geek joke
Code: Select all
Sub AutoBan(sIPAddress, sReason, iDuration, sType)
'
' sType can be one of the following;
'
' "yyyy" Year, "m" Month, "d" Day, "h" Hour, "n" Minute, "s" Second
'
' Cports can be obtained here -> http://www.nirsoft.net/utils/cports.html
'
Dim oApp : Set oApp = CreateObject("hMailServer.Application")
Call oApp.Authenticate(ADMIN, PASSWORD)
With LockFile("c:\hmailserver\temp\autoban.lck")
On Error Resume Next
oApp.Settings.SecurityRanges.Refresh
If (oApp.Settings.SecurityRanges.ItemByName("(" & sReason & ") " & sIPAddress) Is Nothing) Then
With oApp.Settings.SecurityRanges.Add
.Name = "(" & sReason & ") " & IPAddress
.LowerIP = sIPAddress
.UpperIP = sIPAddress
.Priority = 20
.Expires = True
.ExpiresTime = DateAdd(sType, iDuration, Now())
.Save
End With
End If
oApp.Settings.SecurityRanges.Refresh
On Error Goto 0
.Close
End With
With CreateObject("WScript.Shell")
.Run "CPorts /close * * " & sIPAddress & " *", 0, True
End With
End Sub
Function LockFile(strPath)
Const Append = 8
Const Unicode = -1
With CreateObject("Scripting.FileSystemObject")
Dim oFile, i
For i = 0 To 30
On Error Resume Next
Set oFile = .OpenTextFile(strPath, Append, True, Unicode)
If (Not Err.Number = 70) Then
Set LockFile = oFile
On Error Goto 0
Exit For
End If
On Error Goto 0
Wait(1)
Next
End With
Set oFile = Nothing
If (Err.Number = 70) Then
EventLog.Write("ERROR: EventHandlers.vbs")
EventLog.Write("File " & strPath & " is locked and timeout was exceeded.")
Err.Clear
ElseIf (Err.Number <> 0) Then
EventLog.Write("ERROR: EventHandlers.vbs : Function LockFile")
EventLog.Write("Error : " & Err.Number)
EventLog.Write("Error (hex) : 0x" & Hex(Err.Number))
EventLog.Write("Source : " & Err.Source)
EventLog.Write("Description : " & Err.Description)
Err.Clear
End If
End Function
Function Wait(sec)
With CreateObject("WScript.Shell")
.Run "timeout /T " & Int(sec), 0, True
' .Run "sleep -m " & Int(sec * 1000), 0, True
' .Run "powershell Start-Sleep -Milliseconds " & Int(sec * 1000), 0, True
End With
End Function
SørenR.
Woke is Marxism advancing through Maoist cultural revolution.
Woke is Marxism advancing through Maoist cultural revolution.
Re: Block SpamProtection IP's
Of course!SorenR wrote:Well Matt, my suggestion is a bit more advanced
You are much better at this stuff than I am.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: RE: Re: Block SpamProtection IP's
Not better, different !mattg wrote:Of course!SorenR wrote:Well Matt, my suggestion is a bit more advanced
You are much better at this stuff than I am.
SørenR.
Woke is Marxism advancing through Maoist cultural revolution.
Woke is Marxism advancing through Maoist cultural revolution.