SETTINGS DIAGNOSTIC REPORT

This section contains scripts that hMailServer has contributed with. hMailServer 5 is needed to use these.
User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2017-08-22 23:43

v1.72
* remove unnecessary blank lines for minor space savings in DOMAINS to reduce report length
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2017-08-25 08:39

v 1.73
* Bug fix to still show EVENT log path even when the log is non-existant (and state as such)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2017-09-01 15:54

v1.74
* Removed unecessary score values where Enabled=False on ANTISPAM
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2017-10-14 13:51

v1.75

* (Cosmetic). Linewrap of CUSTOMAV entry for tidiness.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2017-10-28 12:10

v1.76

* Added listing of ROUTES under SMTP protocol (showing internal and masked external domain routes)

eg

Code: Select all

  Routes:
        Domain2.com              - Addresses: All
        Alias1.com               - Addresses: All
        rexxxxx.hoxxxx.net       - Addresses: Selective   !! NO ADDRESSES LISTED !!
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2017-11-02 11:14

v1.77

* Added MIRRORING

Code: Select all

-----------------------------------------------------------------------------------------------

MIRRORING         user@maxx.ouxxx.com
-----------------------------------------------------------------------------------------------
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 20224
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SETTINGS DIAGNOSTIC REPORT

Post by mattg » 2017-11-02 13:32

:D
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2017-11-03 16:38

v1.78

* Bug fix for incorrect SIGNATURE 'Local' boolean.
* Re-ordered the ANTISPAM entries to match that of Admin screen layout
* Added specific information where entries are found but not active for DNSBL, SURBL, and Greylist-enabled Domains
eg

Code: Select all

Greylist DOMAINS enabled:
  !! No active domains enabled - GREYLISTING INEFFECTIVE !!
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2017-11-08 22:02

v1.80

* Minor redesign/reorder of the SMTP RELAY entry.
* Checks RELAYS and ROUTES to ensure they dont have incestuous resolution back to the server.

Note: Lookups only if the external ip address can be determined (some company firewalls, for example, may block this ability to self find) - ignoring the lookups if it cant (saving time and flashing).
  • It should report if lookup is good - "(ok)"
  • Lookups against internal IP address not available - "(Unable to check - LAN IP not available)" - (although I hope this is never the case)
  • Lookups point to Lan address - "!! POINTS TO SERVER'S LAN IP ADDRESS !!"
  • Route resolves to own external address - "!! TARGET RESOLVES TO SELF !!"
  • Route doesnt resolve - "!! Target does not resolve !!"
  • Relay points to self "!!POINTS TO LOCAL DOMAIN!!"
  • Relay resolves to local server - "!! RESOLVES TO LOCAL SERVER !!"
  • Relay lookups not done due to own external ip not obtainable - "(unchecked)" - (company firewalls/proxys etc interfering)
  • Route not possible as external IP address of server is not available - "(No incest check - ext. IP unavailable)"
  • Route not possible as internal NIC addresses of server is not available - "(Unable to check - LAN IP unavailable)"
Ive also done some minor layout changes around the SMTP Relayer.

!! CAPITALS !! are problems
!! Proper case !! are warnings that you may like to address or ignore but have consequences
(info) are for information

Example (showing some of the !! errors !! that can appear):

Code: Select all

SMTP
GENERAL             DELIVERY                  RFC COMPLIANCE            ADVANCED
No. Connections:  0  No Retries:  4 Mins:  5   Plain Text:        False  Bind: 
                     Host: Domain1.com         Empty sender:       True  Batch recipients:   100
Max Msg Size: 20480  Relay:-                   Incorrect endings:  True  Use STARTTLS:      True
                      EXTERNAL.TLD             Disc. on invalid:   True  Delivered-To hdr: False
                  !! RESOLVES TO LOCAL SERVER !!
                     Port:  25                 Max number commands:   2  Loop limit:           5
                     Req Auth: True !! NO USER SET !!                    Recipient hosts:     15
                     Con. Sec.: SSL/TLS
  Routes:
        daxxxxxxxx.co.uk         - Addresses: All         !! TARGET RESOLVES TO SELF !!
        daxxxx.hoxxxx.net        - Addresses: All         !! Target does not resolve !!
        yaxxx.com                - Addresses: All         (ok)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 20224
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SETTINGS DIAGNOSTIC REPORT

Post by mattg » 2017-11-08 23:41

Can we get details of the SSL certs (like we do for DKIM certs) added please, and TCP/IP can include which cert is used for the various security protocols
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2017-11-09 00:04

Noted. I'll put it on the 'to do' list to look in to it.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

paultilley100
Normal user
Normal user
Posts: 72
Joined: 2017-01-05 23:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by paultilley100 » 2017-11-09 15:18

Just ran this on my server and noticed that the ANTISPAM section, WHITELISTING area is listing the email address in clear text.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2017-11-09 15:44

paultilley100 wrote:Just ran this on my server and noticed that the ANTISPAM section, WHITELISTING area is listing the email address in clear text.
the reason for that is for tracing problems where people say "ive have antispam set yet it is not blocking this spam". With whitelist entries showing we can highlight that the cause is beause the email sender has been whitelisted. It has happened a few time where people simply dont understand whitelisting and inadvertently whitelist everyone (eg, " 0.0.0.0 to 255.255.255.255 * " (As whitelist addresses are EXTERNAL references it shouldnt be any securuty concern for the local server.) However, users are free to obfuscate the entries if they wish to and the reason for the diags does not involve a scenario as mentioned.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2017-11-09 23:21

v1.82

* Added route and relay checking to also check local HOSTS file (as well as DNS) for incest.

Routes/relays will return with error: !! POINTS TO LOCAL SERVER BY 'HOSTS' ENTRY !!
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

paultilley100
Normal user
Normal user
Posts: 72
Joined: 2017-01-05 23:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by paultilley100 » 2017-11-10 13:55

jimimaseye wrote:
paultilley100 wrote:Just ran this on my server and noticed that the ANTISPAM section, WHITELISTING area is listing the email address in clear text.
the reason for that is for tracing problems where people say "ive have antispam set yet it is not blocking this spam". With whitelist entries showing we can highlight that the cause is beause the email sender has been whitelisted. It has happened a few time where people simply dont understand whitelisting and inadvertently whitelist everyone (eg, " 0.0.0.0 to 255.255.255.255 * " (As whitelist addresses are EXTERNAL references it shouldnt be any securuty concern for the local server.) However, users are free to obfuscate the entries if they wish to and the reason for the diags does not involve a scenario as mentioned.
Understood - It was just that I saw one of my addresses in there - a whitelisted address from our internal VOIP phone system (sending voicemails), which I wouldnt want displayed publically. Sorry for wasting your time, but I thought it might be important to people if they didnt realise this, and blindly posted their results.

First time I have run this script - thought I would investigate to be prepared for when something goes wrong, rather than firefight in a blind panic ;-)

User avatar
mattg
Moderator
Moderator
Posts: 20224
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SETTINGS DIAGNOSTIC REPORT

Post by mattg » 2017-11-11 01:56

I understand both sides to this, and I agree with both

jimimaseye could the email addressess in the whitelists be changed so that they read something like
name[at]example[dot]com

This way they won't be easily picked up by bots searching this forum
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2017-11-11 17:02

v1.84

* Internals. A rework of RELAY/ROUTES coding.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2017-11-25 13:26

v1.85

* Disguise whitelist addresses to "user[@t]domain[dot]com" format to confuse/break email address scrapers
* Add "!! No SMTP Port 25 defined. Direct external SMTP inbound not possible !!" warning (to TCPIP ports) if SMTP is enabled but no port 25 is set
* Added warnings on ip range 0.0.0.0 - 255.255.255.255 if External to Local is disabled or requires authentication.
* Removed the 'Deliveries' settings when SMTP protocol = false for IP RANGES or the SMTP protocol is disabled

eg

Code: Select all

IP: 0.0.0.0 - 255.255.255.255     Priority: 10     Name: Internet

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True           !! External To Local    -  True !!
       !! EXTERNAL INBOUND ON SUB IP RANGES OR EXTERNAL DOWNLOADS ONLY !!  
     External To External - False           

OR

IP: 0.0.0.0 - 255.255.255.255     Priority: 10     Name: Internet

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    - False     !! Inbound on Sub IP ranges or External Downloads only !! 
     External To External - False           
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2017-11-26 14:32

mattg wrote:Can we get details of the SSL certs (like we do for DKIM certs) added please, and TCP/IP can include which cert is used for the various security protocols
Done

v1.86

* Added the SSL certificate details list and state the name against the TCPIP ports
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 20224
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SETTINGS DIAGNOSTIC REPORT

Post by mattg » 2017-11-27 01:10

Purely cosmetic feedback - great work jimimaseye

In IP ranges, slight spacing adjustment needed - require AUTH External to local

Code: Select all

IP RANGES

IP: 127.0.0.1 - 127.0.0.1     Priority: 60     Name: this Computer

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:  False                              Antivirus:   True
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       - False
     Local To External    -  True              Local To External    - False
     External To Local    -  True       External To Local    - False
     External To External -  True              External To External -  True
SSL Certs, should be certificate file and Private 'KEY' file (The word Key is missing)

Code: Select all

SSL CERTIFICATES
   LetsEncrypt
           Certificate: \\192.168.0.193\mx.Domain6.com\fullchain.pem
           Private:     \\192.168.0.193\mx.Domain6.com\privkey.pem
-----------------------------------------------------------------------------------------------
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2017-11-27 09:42

mattg wrote:Purely cosmetic feedback - great work jimimaseye

In IP ranges, slight spacing adjustment needed - require AUTH External to local
.....
SSL Certs, should be certificate file and Private 'KEY' file (The word Key is missing)
....
Cheers.

Done. (same v1.86)

(Cant understand how I cocked up the External to Local formatting whenb I was only adding SSL stuff. I must have been sleep walking).
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2017-12-02 00:48

v1.87
* Added warning for missing/invalid SSL certificates stated in TCPIP PORTS.

eg,

Code: Select all

TCPIP PORTS                                         Connection Sec
               0.0.0.0         / 25    / SMTP   -   StartTLS Required   !! NO VALID CERTIFICATE !!
               0.0.0.0         / 110   / POP3   -   None                
               0.0.0.0         / 143   / IMAP   -   StartTLS Required   Cert: SSL2
               0.0.0.0         / 587   / SMTP   -   None                
-----------------------------------------------------------------------------------------------
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 20224
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SETTINGS DIAGNOSTIC REPORT

Post by mattg » 2017-12-02 01:37

Port 25 STartTLS 'required' and 'SSL' should also be flagged as incorrect

Port 25 should ALWAYS be startTLS Optional or No Security, else limited mail from the internet

Oh and do you magic with hiding domain names on the certificate names and disk storage locations please...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

mikedibella
Normal user
Normal user
Posts: 180
Joined: 2016-12-08 02:21

Re: SETTINGS DIAGNOSTIC REPORT

Post by mikedibella » 2017-12-02 03:22

Oh and do you magic with hiding domain names on the certificate names and disk storage locations please...
That's how I got the certificate file from the other case. If you don't intend for that to be possible, you should to obfuscate the both the file name and the subject of the certificate since they both typically contain the FQDN of the published interface.

As I said in my other post, only the key is sensitive data. If you know the layer 3 address of a published SSL/TLS interface, it is rudimentary to extract the certificate using openssl.exe or another tool. It is certainly not an "exfiltration" since reading this data is required to perform SSL/TLS negotiation.

User avatar
mattg
Moderator
Moderator
Posts: 20224
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SETTINGS DIAGNOSTIC REPORT

Post by mattg » 2017-12-02 03:29

Yep, I get that.

jimimaseye has said that he doesn't want domain names shown in this report in general.
Other things that can happen with the domain name include DNS MX record checks, which is often useful in tracking down tricky problems.

This board gets read by many bots looking for information that can be used for nefarious means. We've seen servers attacked hours after posting poor configuration, so we need to be careful about what information is publicly accessible.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

mikedibella
Normal user
Normal user
Posts: 180
Joined: 2016-12-08 02:21

Re: SETTINGS DIAGNOSTIC REPORT

Post by mikedibella » 2017-12-02 03:33

Know that my efforts here are always good faith attempts to uphold the spirit of "community supported." I really appreciate the value I get from hMailServer and want to pay it forward...

User avatar
mattg
Moderator
Moderator
Posts: 20224
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SETTINGS DIAGNOSTIC REPORT

Post by mattg » 2017-12-02 06:01

understood and appreciated.

I'm self taught, a manager of healthcare facilities by vocation, not a trained tech.
I definitely don't want to scare anyone away from helping out with answers.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2017-12-02 14:03

mattg wrote:Oh and do you magic with hiding domain names on the certificate names and disk storage locations please...
It already does (on the path name). But it can only mask domains that actual exist as a Domain or Alias in the settings (and consequently have a pseudonym) - if it doesnt then it is an unrecognisable string of characters and it cant possible know what is a domain/FQDN and what isnt.

Ill work on masking the certificate name (under the same conditions)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2017-12-02 14:45

v1.88
* Give pseudonym references to local domains and aliases in SSL certificates names and paths.
* Give warning when SSL/StartTLS is required on port 25 for SMTP

eg

Code: Select all

-----------------------------------------------------------------------------------------------

TCPIP PORTS                                         Connection Sec
               0.0.0.0         / 25    / SMTP   -   StartTLS Required   !! External Email Blocked !!
-----------------------------------------------------------------------------------------------
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 20224
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SETTINGS DIAGNOSTIC REPORT

Post by mattg » 2017-12-03 02:54

Perhaps a warning on SMTP relayer, where port 25 is picked plus SSL/TLS.

Port 25 with StartTLS may work for some providers although most will be 587 + StartTLS, or 25 + no security, or 465 + SSL/TLS
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
mattg
Moderator
Moderator
Posts: 20224
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SETTINGS DIAGNOSTIC REPORT

Post by mattg » 2018-01-10 23:54

viewtopic.php?f=7&t=32256&p=201577#p201576

Route detail needs to show the switches please, ie whether or not the recipient and sender are considered local or external

Also what does
!! Warning: DEFAULT DOMAIN is SET !! - "EXTERNAL.TLD"
mean?
Does that mean that the user picked a completely different domain than they host as the default, one that matches the 'local server name' in SMTP?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2018-01-11 01:08

ROUTES: I'm thinking about adding an option at run time to include route detail (or even a separate script to list the routes out). Under normal situations they are not needed but occasionally......
mattg wrote: Also what does
!! Warning: DEFAULT DOMAIN is SET !! - "EXTERNAL.TLD"
mean?
Does that mean that the user picked a completely different domain than they host as the default, one that matches the 'local server name' in SMTP?
Yes. They have entered a domain that isn't one of their hosted domains so doesn't appear as any of the pseudos (domain1.com, domain2. com etc) and so its external to this server. (Of course it may also be sub.domain1.com too but that is also not normally ideal)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2018-01-28 14:30

mattg wrote: Route detail needs to show the switches please, ie whether or not the recipient and sender are considered local or external
Done.,

v1.89
* Routes now show the switches against 'S' (sender) and 'R' (recipient).

Adjusted layout:

Code: Select all

  Routes:
    Domain2.com              - S: Local   R: Remote - Addr: All         (ok)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2018-01-29 01:30

(Coming soon. Im working on RULES output. Very indepth......)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2018-01-30 00:20

v1.90

* Added RULES

When running the script there is now a 3rd prompt asking whether to include rules or not (default = N). Under normal circumstances they are not required but if dealing with someone where they are important simply ask them to "run the script and reply 'Y' to the 3rd prompt." (They appear immediately after the domains and the domain names are masked). NOTE: the rules appear in order of processing.

Output example showing all action options:

Code: Select all


RULES
   TestRule                    Criteria:  Use AND
             Body                   Contains        Some body Text
     Custom: X-MYHEADER-1           Equals          ValueX

                               -Actions-
             Delete
             Forward                                user@Domain1.com
             Move To Folder                         Spammy
             Reply
             Run Function                           MyScript
             Set Header Value                       MyCustomerHeader = Yes
             Stop Rule Processing
             Create and Send Copy
             Bind to local IP                       11.22.33.44
             Send Using Route                       dexxxxxxxx.co.uk
             
   Known Spam                  Criteria:  Use OR
             To                     Regular Expr    (?i:^.*(emailsales@|fax@|bouncednotifications@).*$)
             From                   Contains        Yvonne Sahm

                               -Actions-
             Set Header Value                       X-SPAMCHECK = Yes
             Move To Folder                         Spam Folder
(More examples in the initial post example report)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 20224
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SETTINGS DIAGNOSTIC REPORT

Post by mattg » 2018-01-30 02:15

looking good jimimaseye

What's next?
- A copy of Eventhandlers.vbs contents?
- Auto include the last 10 Error log lines if today's error log exists?
- A list of all of the individual WARNINGS additionally shown together at the top of the screen
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2018-01-31 22:44

V1.91

* Bug fix to Cipher List output
* Compressed (space saving) rules output
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2018-02-25 21:03

v1.92

* Mod to make the output compatible to new forum style. (removal of [ size=85] tag)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2018-11-19 20:55

v1.93

* Minor bug fix for non-english boolean translation.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 20224
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SETTINGS DIAGNOSTIC REPORT

Post by mattg » 2018-11-21 02:14

Rules only includes global rules, not account level rules

Can we get account level rules added please
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2018-11-21 09:48

mattg wrote:
2018-11-21 02:14
Can we get account level rules added please
I had already considered it some time ago. The problem is that a domain can have tens or hundreds of users, and there can be hundreds of domains. 100 domains x 100 accounts = 10,000 potential account rules being listed. We wouldnt have enough virtual paper to (or browser screen) to display the report :wink: . Even if less (1 domain) we could be iterating through hundreds of accounts and displaying their rules when in reality we only require the rules for 1 account to be displayed (as we investigate a specific issue for someone).
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 20224
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SETTINGS DIAGNOSTIC REPORT

Post by mattg » 2018-11-21 10:19

Yeah that's correct I guess.

I was just wanting to show some of my account level rules to someone having trouble with rules
I like the way you format your output...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2018-11-21 12:09

Perhaps a secondary standalone script for 'account rules' that prompts for an account could do it. I'll give it a think.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2018-11-23 22:07

mattg wrote:
2018-11-21 10:19
Yeah that's correct I guess.

I was just wanting to show some of my account level rules to someone having trouble with rules
I like the way you format your output...
v1.94

* Added extra prompt for a single account address to have it's rules included (optional) if GLOBAL RULES are requested.

(You can always run it and extract/ edit the output to just display your account rules or run the s for several times for different accounts and merge the outputs together before posting).
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2018-11-24 13:45

v1.95

* Minor code changes (tidyup).
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2019-07-20 12:16

v1.96

* Minor bug fix for non-english boolean translation 'Greylist Bypass A/MX'
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 20224
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SETTINGS DIAGNOSTIC REPORT

Post by mattg » 2019-09-28 04:44

adds TLSv1.3 (and doesn't show SSLv3.0 in 5.7.0)

Code: Select all

' SSLTLS
   Txt = "SSL/TLS" & vbcrlf 
   Txt = Txt & space(13) & "SSL 3.0 : " & RJust(BooTrans(oTarget.SslVersion30Enabled),6) & vbcrlf
   Txt = Txt & space(13) & "TLS 1.0 : " & RJust(BooTrans(oTarget.TlsVersion10Enabled),6) & vbcrlf
   Txt = Txt & space(13) & "TLS 1.1 : " & RJust(BooTrans(oTarget.TlsVersion11Enabled),6) & vbcrlf
   Txt = Txt & space(13) & "TLS 1.2 : " & RJust(BooTrans(oTarget.TlsVersion12Enabled),6) & vbcrlf
   Txt = Txt & space(13) & "TLS 1.3 : " & RJust(BooTrans(oTarget.TlsVersion13Enabled),6) & space(15) & _
    " Verify Remote SSL/TLS Certs: " & RJust(BooTrans(oTarget.VerifyRemoteSslCertificate),6) & vbcrlf
   Txt = Txt & "SslCipherList  :" & vbcrlf & vbcrlf
   CipherList = Split(oTarget.SslCipherList, ":")
   X=0
   For Each Cipher in CipherList
      if not trim(Cipher) = "" then
         X = X + 1
         if not (X mod 3) = 1 then Txt = Txt & "- "
         Txt = Txt & LJust(Cipher,32)
         if (X mod 3) = 0 then Txt = Txt & vbcrlf 
      End if
   Next
   if (X mod 3) > 0 then Txt = Txt & vbcrlf
   Txt = Txt & string(95,"-") & vbcrlf
   objTextFile.WriteLine(txt)
' END SSLTLS
I see that the script mode is set to debug, and that I get this error at the bottom, but I can't see anything missing
Have sent output to you via PM

Code: Select all

Error 438. Out-dated version. Some fields or objects missing.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2019-09-29 18:43

v1.97 Modified SSL checks to account for v5.7
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8156
Joined: 2011-09-08 17:48

Re: SETTINGS DIAGNOSTIC REPORT

Post by jimimaseye » 2019-09-30 00:11

v1.98

* Minor code tidyup (removed random ambiguous line - no functionality change)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Post Reply