Windows Firewall - hMailServer Portsettings Howto

This section contains user-submitted tutorials.
Post Reply
User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Windows Firewall - hMailServer Portsettings Howto

Post by Dravion » 2018-06-30 21:20

This little howto is intended to make sure all by hMailServer required ports are open if you have any Windows Firewall related connectionproblems.This can be helpfull because durning the Windows installation you have to decide if your want to apply Home/Work or Public Network access settings to your Computer.If you choose for example "Home" nothing will be blocked at all but if you choose for instance "Public" any ports will be closed by default.

Lets begin:
Open the Windows Command prompt as admin and type in the following Netshell commands to open the required ports for hMailServer
PS: We only discuss the officially recommended encrypted ports for Mailtransport.

Email-Sendingpart:
  • SMTP (required for hMailserver for send and receive Emails from and to the Internet)
    netsh advfirewall firewall add rule name="SMTP" dir=in action=allow protocol=TCP localport=25
    netsh advfirewall firewall add rule name="SMTP" dir=out action=allow protocol=TCP localport=25
  • Submission (required if your hMailServer is configured for STARTTLS MailApp sent access)
    netsh advfirewall firewall add rule name="Submission" dir=in action=allow protocol=TCP localport=587
    netsh advfirewall firewall add rule name="Submission" dir=out action=allow protocol=TCP localport=587
  • SMTPS (required if your hMailServer is configured for SSL/TLS MailApp sent access - could be necessary for example: MS-Outlook)
    netsh advfirewall firewall add rule name="SMTPS" dir=in action=allow protocol=TCP localport=465
    netsh advfirewall firewall add rule name="SMTPS" dir=out action=allow protocol=TCP localport=465
Email-Receivingpart:
  • IMAPS (required if you want to use your MailApp to view Emails via SSL/TLS from your hMailServer)
    netsh advfirewall firewall add rule name="IMAP" dir=in action=allow protocol=TCP localport=993
    netsh advfirewall firewall add rule name="IMAP" dir=out action=allow protocol=TCP localport=993
  • POP3S (required if you want to use your MailApp for download and delete serverside Emails via SSL/TLS from hMailServer)
    netsh advfirewall firewall add rule name="POP3S" dir=in action=allow protocol=TCP localport=995
    netsh advfirewall firewall add rule name="POP3S" dir=out action=allow protocol=TCP localport=995
Info:
Take a look if the above Netsh commands are executed correctly and the response is allways "OK". If not, this indicates a diffrent Windows Firewallrule with the same name is allready in affect or your Windows Firewall simply isnt running.

tunis
Senior user
Senior user
Posts: 351
Joined: 2015-01-05 20:22
Location: Sweden

Re: Windows Firewall - hMailServer Portsettings Howto

Post by tunis » 2018-07-02 10:09

I open ports by program.

netsh advfirewall firewall add rule name="hMailServer" dir=in program="c:\pathtohmailserver\bin\hmailserver.exe" action=allow
HMS 5.6.8 B2534.28 on Windows Server 2019 Core VM.
HMS 5.6.9 B2641.67 on Windows Server 2016 Core VM.

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Windows Firewall - hMailServer Portsettings Howto

Post by mattg » 2018-07-02 12:31

Opening by ports is much safer. The 'program' may answer to remote admin commands in some circumstances.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Voltaire
New user
New user
Posts: 28
Joined: 2020-08-06 13:27

Re: Windows Firewall - hMailServer Portsettings Howto

Post by Voltaire » 2021-05-31 17:19

Both look nice – but both are not working ...

... after resetting firewall rules in Windows 8.1 to default values (what was necessary for any reason)...

a) when checking mail from a client results in error 0x800ccc0e after about 10 to 15 seconds

b) when applying above rules (both – IP and program) checking mail from a client results in error 0x800ccc0f immediately

btw: it does not make any difference if appying above rules or adding hmailserver.exe in /bin folder via settings from within firewall advanced settings ...

only turning firewall completely off is working ... but that's no solution ... so how (and by what means) to configure windows firewall?

palinka
Senior user
Senior user
Posts: 4455
Joined: 2017-09-12 17:57

Re: Windows Firewall - hMailServer Portsettings Howto

Post by palinka » 2021-05-31 20:02

Voltaire wrote:
2021-05-31 17:19
Both look nice – but both are not working ...

... after resetting firewall rules in Windows 8.1 to default values (what was necessary for any reason)...

a) when checking mail from a client results in error 0x800ccc0e after about 10 to 15 seconds

b) when applying above rules (both – IP and program) checking mail from a client results in error 0x800ccc0f immediately

btw: it does not make any difference if appying above rules or adding hmailserver.exe in /bin folder via settings from within firewall advanced settings ...

only turning firewall completely off is working ... but that's no solution ... so how (and by what means) to configure windows firewall?
You may have a group policy restriction. Or any number of other networking errors, like a typo or other firewall blocking the connection, or router misconfigured or.....

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: Windows Firewall - hMailServer Portsettings Howto

Post by jimimaseye » 2021-05-31 20:45

Voltaire wrote:
2021-05-31 17:19
only turning firewall completely off is working ... but that's no solution ...
Therefore it's your firewall. You have missed something. Check and recheck.

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
katip
Senior user
Senior user
Posts: 1158
Joined: 2006-12-22 07:58
Location: Istanbul

Re: Windows Firewall - hMailServer Portsettings Howto

Post by katip » 2021-05-31 21:53

Voltaire wrote:
2021-05-31 17:19
Both look nice – but both are not working ...
i never had an experience with windows firewalls. never used it. my first things first after a new server OS installation was always turning off FW.
some months ago one customer abroad made a deal with an ISP for a dedicated 2016 cloud VM + 1Gb WAN, "direct plugged in" with a static IP nr.
they asked me to setup a full featured mail server with end-to-end SMTP, POP, IMAP, AV, AS, certs, domain name, DNS etc all in. piece of cake...
then came the question what now? how do i make this to talk to Internet? i thought i finally have to meet that famous MS Windows FW.

it took me less than half an hour. first 15-20 minutes to see what the f.ck at all this is, the rest to setup essential port forwards and some common security things.
job done. turnkey delivery.
i don't think it's atom science. my suggestion: take a deep breath and start over.
Katip
--
HMS 5.7, MariaDB 10.4.10, SA 4.0.0, ClamAV 0.103.8

Voltaire
New user
New user
Posts: 28
Joined: 2020-08-06 13:27

Re: Windows Firewall - hMailServer Portsettings Howto

Post by Voltaire » 2021-06-01 09:16

OK, more info:

until last week it was running untouched for several years without flaw. hMailServer is only used for local network. PC has dynamically distributed dedicated IP (always the same, but not static)

Last week the ethernet cable had to be removed for a short moment (about 10 to 20 minutes)

A new "network" (ethernet 4) was created and first set to "public network", then changed to "private network"

access to hMailServer mail accounts with eMail client from other PC in the local network is only possible when windows firewall on the PC running hMailServer is turned off

Btw: firewall settings do not look different compared to other PCs with (working) hMailserver and same OS in the local network

how to bring windows firewall to recognize automatically a already installed app/program and to ask for letting it pass through the firewall (as it is done after new installation)?

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: Windows Firewall - hMailServer Portsettings Howto

Post by jimimaseye » 2021-06-01 09:25

May be you have the destination ip address for your port forwarding wrong now that you have a new NIC?

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Voltaire
New user
New user
Posts: 28
Joined: 2020-08-06 13:27

Re: Windows Firewall - hMailServer Portsettings Howto

Post by Voltaire » 2021-06-01 09:45

The IP address is still the same – and the only difference to make it work or not is turning windows firewall on/off. Btw: windows was creating a new network connection – all the hardware (NIC) is still the same.

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: Windows Firewall - hMailServer Portsettings Howto

Post by jimimaseye » 2021-06-01 09:54

Voltaire wrote:
2021-06-01 09:45
the only difference to make it work or not is turning windows firewall on/off
Yes, you said. You haven't set your firewall correct.
Voltaire wrote:
2021-06-01 09:45
Btw: windows was creating a new network connection
Your clue is there. (Private? Public?)

It's pretty difficult for anyone to advise you on this. This is about modifying your windows firewall to adjust to the recent changes you made to your system. (In some respect it is nothing to do with hmailserver - hmailserver is just a tool to see if you have done it correctly).

Perhaps seek advice on Microsoft community forums - just ensure that you have the port forwarding done by port number (and not by application) first.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Voltaire
New user
New user
Posts: 28
Joined: 2020-08-06 13:27

Re: Windows Firewall - hMailServer Portsettings Howto

Post by Voltaire » 2021-06-01 10:17

OK, problem solved ... I just applied the troubleshoot option from the windows firewall, manually set to the hMailServer.exe app (that was told to be blocked) – and set it to no longer be blocked ... That was it ... but manually add the hMailServer.exe to the list of firewall exceptions for private networks did not work ...

don't ask me why ... :?

Post Reply