HMS v5 Windows Server Core - Installation

This section contains user-submitted tutorials.
Post Reply
User avatar
Dravion
Senior user
Senior user
Posts: 1402
Joined: 2015-09-26 11:50
Location: Germany
Contact:

HMS v5 Windows Server Core - Installation

Post by Dravion » 2015-10-06 04:07

If you are using Windows Server Core (Console Version of Windows Server) (2008_R2 or 2012_R2 Vanilla or higher) you can use hMailserver as well.

This setup is tested on a fresh install of Windows Server 2012 R2 Core (without any windows updates or system changes)

1) Login with the credentials of a user which is member of the local machine group "administrators"
2) We assume you use the User "Administrator" with its password, open Command prompt "as Administrator".
3) Install/Enable .NET3 "dism /online /enable-feature /featurename:netfx3 /all /source:d:\sources\sxs" (in drive d:\ Windows install DVD)
4) Open the Powershell command prompt in the elevated Windows command prompt running "powershell"
5) run cd .\Downloads; Invoke-WebRequest "https://www.hmailserver.com/download_fi ... loadid=249" -OutFile "hms.exe"; .\hms.exe
* wait until hMailserver is downloaded and the install hMailserver Setup-Wizzard shows up
6) Follow the Install procedures, select local built in SQL DB and go ahead.
7) Leave powershell mode with "exit" and run the hMailAdmin with the command "%programfiles(x86)%"\hMailServer\Bin\hMailAdmin

#Configure IPv4-Address, Gateway, DNS-Server#
netsh interface ip set address name="Ethernet" source=static addr=192.168.0.99 mask=255.255.255.0 gateway=192.168.0.1 gwmetric=1
netsh interface ip set dns name="Ethernet" source=static addr=192.168.0.104 register=none

#Uninstall/disable IPv6 Stack if you dont need it #
reg add hklm\system\currentcontrolset\services\tcpip6\parameters /v DisabledComponents /t REG_DWORD /d 0xFF and restart " shutdown -r -t 0"

#Windows Firewall settings#
1) Check if Windows Firewall is enabled "netsh advfirewall set allprofiles state on"
2) Drop the default rules and allow only the ports we need
netsh advfirewall firewall delete rule name=all dir=in profile=any
netsh advfirewall firewall delete rule name=all dir=out profile=any
netsh advfirewall firewall delete rule name=all
3)# Set Firewall log netsh advfirewall set currentprofile logging filename "C:\my_firewall.log"

3) #SMTP#
netsh advfirewall firewall add rule name="SMTP" dir=in action=allow protocol=TCP localport=25
netsh advfirewall firewall add rule name="SMTP" dir=out action=allow protocol=TCP localport=25

4) #SMTPS#
netsh advfirewall firewall add rule name="SMTPS" dir=in action=allow protocol=TCP localport=587
netsh advfirewall firewall add rule name="SMTPS" dir=out action=allow protocol=TCP localport=587

5)#IMAP#
netsh advfirewall firewall add rule name="IMAP" dir=in action=allow protocol=TCP localport=143
netsh advfirewall firewall add rule name="IMAP" dir=out action=allow protocol=TCP localport=143

6)#POP3#
netsh advfirewall firewall add rule name="POP3" dir=in action=allow protocol=TCP localport=110
netsh advfirewall firewall add rule name="POP3" dir=out action=allow protocol=TCP localport=110

Hint:
If you screwed up something, you can allways reset it to the Windows default Firewall settings with "netsh advfirewall reset"

#Verify port status#
After all an Nmap scan should be executed to ensure only the ports we need are open
Scanning mail.testing.org.projects (192.168.0.99) [1000 ports]

PORT STATE SERVICE VERSION
25/tcp open smtp hMailServer smtpd
110/tcp open pop3 hMailServer pop3d
143/tcp open imap hMailServer imapd
587/tcp open smtp hMailServer smtpd
MAC Address: 08:00:27:06:AC:78

Sending a Testmail with Thunderbird:
Return-Path: testo@testing.org.projects
Received: from [192.168.0.100] (camelot [192.168.0.100])
by WIN-S7121QC9ITH with ESMTPA
; Mon, 5 Oct 2015 17:51:13 -0700
To: testo@testing.org.projects
From: "testo@testing.org.projects" <testo@testing.org.projects>
Subject: testo@testing.org.projects

#Additions#
#Enabling Remotedesktop#
1) run "powershell"
2) set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0
3) leave powershell mode with "exit" and run netsh firewall set service type = remotedesktop mode=enable

Now you can login to your Windows 2012 R2 Server Core using the Remote Desktop Client, using the IP-Address 192.168.0.99 and your Adminuser.

prisma
Senior user
Senior user
Posts: 309
Joined: 2010-07-09 13:16

Re: HMS v5 Windows Server Core - Installation

Post by prisma » 2015-10-07 16:20

If you want to serve also the phpAdmin you'll have to got through the DCOM hell:

On e.g. a Server 2008 Core:
use "dcomperm -al {5EDEC473-39E0-43F6-A234-1947071721C8} set IIS_IUSRS permit level:ll,la". Dcomperm is included as sample in "Windows SDK for Windows Server 2008". You'll have to build the executable yourself.

viewtopic.php?t=18679

User avatar
Dravion
Senior user
Senior user
Posts: 1402
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: HMS v5 Windows Server Core - Installation

Post by Dravion » 2015-10-07 17:10

@prisma

You are right. I noticed thadt if you run the hmailserver admin GUI-Client on Windows Server core it looks like all works like a charm but least one error (Exception) shows up in the tab where you can replace the built in with another ssl certificate. Kust if you click the open Button an .NET (WinForms Vista dialog cannot created Exception), so its not possible right know changing ssl certificates as intended via the admin gui program on windows servef 2012 R2 core vanilla.

Post Reply