Block Spammed Email
Block Spammed Email
Hi Experts, We received a bunch of emails every day using our email address. Below is one of them viewed from the email property. Please advise! Thank you!
Return-Path: sales@xxx.com
Received: from [203.155.38.234] (Unknown [203.155.38.234])
by xxx.com with ESMTP
; Tue, 3 Oct 2017 09:24:44 -0500
MIME-Version: 1.0
Date: Tue, 03 Oct 2017 21:24:44 +0700
Message-ID: <dCAb2d1464489A4F49F676d93628D0c5b0b702d70959e301401@mail.gmail.com>
Subject: INVOICE
From: Gale Kingsley <sales@xxx.com>
To: data@xxx.com
Content-Type: multipart/mixed; boundary=18e1101567890fe77c7c9cf1d958
Envelope-To: <data@xxx.com>
Return-Path: sales@xxx.com
Received: from [203.155.38.234] (Unknown [203.155.38.234])
by xxx.com with ESMTP
; Tue, 3 Oct 2017 09:24:44 -0500
MIME-Version: 1.0
Date: Tue, 03 Oct 2017 21:24:44 +0700
Message-ID: <dCAb2d1464489A4F49F676d93628D0c5b0b702d70959e301401@mail.gmail.com>
Subject: INVOICE
From: Gale Kingsley <sales@xxx.com>
To: data@xxx.com
Content-Type: multipart/mixed; boundary=18e1101567890fe77c7c9cf1d958
Envelope-To: <data@xxx.com>
- jimimaseye
- Moderator
- Posts: 8170
- Joined: 2011-09-08 17:48
Re: Block Spammed Email
Spoofing is a common spam problem. Check your system is well protected - run this and post the results: viewtopic.php?f=20&t=30914
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
Re: Block Spammed Email
Below is the running report. Please advise! Thank you!
[code]2017-10-03 Hmailserver: 5.5.2-B2129
DOMAINS
"Domain1.com" - axxxxxxxxx.net Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
"Domain2.com" - kxxxxxx.com Enabled: True
|- "Alias1.com" - kxxxxxxx.com
|- "Alias2.com" - kxxxxxx.com
|- "Alias3.com" - kxxxx.com
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
"Domain3.com" - lxxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
-----------------------------------------------------------------------------------------------
IP RANGES
IP: 203.155.38.234 - 203.155.38.234 Priority: 20 Name: Argentina Ban
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 110.175.54.4 - 110.175.54.4 Priority: 20 Name: Australian Ban
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 114.217.78.63 - 114.217.78.63 Priority: 20 Name: Auto-ban: 15
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 117.247.232.48 - 117.247.232.48 Priority: 20 Name: Indian Ban
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 14.141.80.58 - 14.141.80.58 Priority: 20 Name: Indian Ban 2
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 103.18.122.231 - 103.18.122.231 Priority: 20 Name: Indian Ban 3
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 110.227.121.216 - 110.227.121.216 Priority: 20 Name: Indian Ban 5
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 182.72.195.155 - 182.72.195.155 Priority: 20 Name: Indian Ban 6
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 14.177.37.50 - 14.177.37.50 Priority: 20 Name: Inidan Ban 4
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 80.234.143.226 - 80.234.143.226 Priority: 20 Name: London-ban
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 128.199.62.244 - 128.199.62.244 Priority: 20 Name: Netherland Ban
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 51.39.117.1 - 51.39.117.1 Priority: 20 Name: SA Ban
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 123.231.125.30 - 123.231.125.30 Priority: 20 Name: Sri Lanka Ban
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 203.155.38.234 - 203.155.38.234 Priority: 20 Name: Thailand Ban
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 166.38.70.182 - 166.38.70.182 Priority: 20 Name: US Ban
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 173.0.51.8 - 173.0.51.8 Priority: 20 Name: US Ban-2
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 174.47.172.122 - 174.47.172.122 Priority: 20 Name: US Ban 3
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 155.195.72.182 - 155.195.72.182 Priority: 20 Name: US Bank 4
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 58.187.68.191 - 58.187.68.191 Priority: 20 Name: Vietmna Spam 1
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 171.232.39.60 - 171.232.39.60 Priority: 20 Name: Vietnam spam
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 127.0.0.1 - 127.0.0.1 Priority: 15 Name: My computer
Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - True
External To External - True External To External - True
IP: 0.0.0.0 - 255.255.255.255 Priority: 10 Name: Internet
Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - True External To External - True
------------------------------------------------------
AUTOBANNED Local Addresses:
No entries
-----------------------------------------------------------------------------------------------
AUTOBAN
Autoban Enabled: True Max invalid logon attempts: 5
Minutes Before Reset: 30 (0.50 hours, 0.02 days)
Minutes to Autoban: 60 (1.00 hours, 0.04 days)
There is a total of 1 auto-ban IP ranges.
-----------------------------------------------------------------------------------------------
INCOMING RELAYS
No entries
-----------------------------------------------------------------------------------------------
PROTOCOLS
SMTP
GENERAL DELIVERY RFC COMPLIANCE ADVANCED
No. Connections: 50 No Retries: 4 Mins: 30 Plain Text: False Bind:
Host: Domain2.com Empty sender: True Batch recipients: 100
Max Msg Size: 11000 Relay:- Incorrect endings: True Use STARTTLS: True
(none entered) Disc. on invalid: False Delivered-To hdr: False
Req Auth: False Loop limit: 5
Recipient hosts: 15
Con. Sec.: None
POP3
No. Connections: 50
IMAP
GENERAL PUBLIC FOLDERS ADVANCED
No. Connections: 50 Public folder name: #Public IMAP sort: True
IMAP Quota: True
IMAP Idle: True
IMAP ACL: True
Delim: "."
-----------------------------------------------------------------------------------------------
ANTISPAM
GENERAL SPAM TESTS Score SPAMASSASSIN
Spam Mark: 5 Use SPF: True - 3 Use Spamassassin: True
Add X-HmailServer-Spam: True Check HELO host: True - 3 Hostname: localhost
Add X-HmailServer-Reason: True Check MX records: True - 3 Port: 783
Add X-HmailServer-Subject: True Verify DKIM: False Use SA score: False - 5
Subject Text: "[SPAM-HMS]"
Spam delete threshold: 5 Maximum message size: 1024
GREYLISTING:
Greylisting: True Defer mins: 5 Days Unused: 2 Days Used: 32
Bypass SPF: False Bypass A/MX: False
Greylist WHITELIST ENTRIES:
IP Address: 69.41.173.84
Greylist DOMAINS enabled:
No entries
DNSBL ENTRIES:
zen.spamhaus.org Score: 7 Result: 127.0.0.*
bl.spamcop.net Score: 6 Result: 127.0.0.*
psbl.surriel.com Score: 6 Result: 127.0.0.*
virbl.dnsbl.bit.nl Score: 6 Result: 127.0.0.*
b.barracudacentral.org Score: 6 Result: 127.0.0.*
SURBL ENTRIES:
multi.surbl.org Score: 6
0spamurl.fusionzero.com Score: 6
ru.countries.nerd.dk Score: 6
-----------------------------------------------------------------------------------------------
WHITELISTING
-----------------------------------------------------------------------------------------------
ANTIVIRUS
GENERAL:
When found - Delete email. Notify Sender: False, Notify Receiver: False
Max Message Size: 1024
CLAM AV: True Hostname: localhost Port: 3310
CLAMWIN: False
CUSTOMAV: False
Block Attachments: True
*.bat Batch processing file
*.cmd Command file for Windows NT
*.com Command
*.cpl Windows Control Panel extension
*.csh CSH script
*.exe
*.inf Setup file
*.js
*.lnk Windows link file
*.msi Windows Installer file
*.msp Windows Installer patch
*.pid
*.pif
*.reg Registration key
*.rtf
*.scf Windows Explorer command
*.scr Windows Screen saver
“.PDF.EXE
-----------------------------------------------------------------------------------------------
SSL/TLS
SslCipherList :
-----------------------------------------------------------------------------------------------
TCPIP PORTS Connection Sec
0.0.0.0 / 25 / SMTP - None
0.0.0.0 / 110 / POP3 - None
0.0.0.0 / 143 / IMAP - None
-----------------------------------------------------------------------------------------------
LOGGING Logging Enabled: True
Paths:-
Current: C:\Program Files (x86)\hMailServer\Logs\hmailserver_2017-10-03.log
Error: C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2017-10-03.log - !! ERRORS PRESENT !!
Event: C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Not present
Awstats: C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
APPLICATION - True
SMTP - True
POP3 - True
IMAP - .
TCPIP - .
DEBUG - True
AWSTATS - .
-----------------------------------------------------------------------------------------------
SYSTEM TESTS
Database type: PostgreSQL
IPv6 support is available in operating system.
Backup directory C:\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\Storage\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\Backups\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\hMailServer is writable.
Relative message paths are stored in the database for all messages.
-----------------------------------------------------------------------------------------------
HMAILSERVER.INI
[Directories]
Program folder: C:\Program Files (x86)\hMailServer\
Database folder:
Data folder: C:\Program Files (x86)\hMailServer\Data
Log folder: C:\Program Files (x86)\hMailServer\Logs
Temp folder: C:\Program Files (x86)\hMailServer\Temp
Event folder: C:\Program Files (x86)\hMailServer\Events
[Database]
Type= PostgreSQL
Username= postgres
PasswordEncryption=1
Port= 5432
Server= localhost
Internal= 0
-----------------------------------------------------------------------------------------------
Error 438. Out-dated version. Some fields or objects missing.
[/code]Generated by HMSSettingsDiagnostics v1.74, Hmailserver Forum.
[code]2017-10-03 Hmailserver: 5.5.2-B2129
DOMAINS
"Domain1.com" - axxxxxxxxx.net Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
"Domain2.com" - kxxxxxx.com Enabled: True
|- "Alias1.com" - kxxxxxxx.com
|- "Alias2.com" - kxxxxxx.com
|- "Alias3.com" - kxxxx.com
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
"Domain3.com" - lxxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
-----------------------------------------------------------------------------------------------
IP RANGES
IP: 203.155.38.234 - 203.155.38.234 Priority: 20 Name: Argentina Ban
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 110.175.54.4 - 110.175.54.4 Priority: 20 Name: Australian Ban
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 114.217.78.63 - 114.217.78.63 Priority: 20 Name: Auto-ban: 15
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 117.247.232.48 - 117.247.232.48 Priority: 20 Name: Indian Ban
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 14.141.80.58 - 14.141.80.58 Priority: 20 Name: Indian Ban 2
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 103.18.122.231 - 103.18.122.231 Priority: 20 Name: Indian Ban 3
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 110.227.121.216 - 110.227.121.216 Priority: 20 Name: Indian Ban 5
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 182.72.195.155 - 182.72.195.155 Priority: 20 Name: Indian Ban 6
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 14.177.37.50 - 14.177.37.50 Priority: 20 Name: Inidan Ban 4
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 80.234.143.226 - 80.234.143.226 Priority: 20 Name: London-ban
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 128.199.62.244 - 128.199.62.244 Priority: 20 Name: Netherland Ban
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 51.39.117.1 - 51.39.117.1 Priority: 20 Name: SA Ban
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 123.231.125.30 - 123.231.125.30 Priority: 20 Name: Sri Lanka Ban
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 203.155.38.234 - 203.155.38.234 Priority: 20 Name: Thailand Ban
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 166.38.70.182 - 166.38.70.182 Priority: 20 Name: US Ban
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 173.0.51.8 - 173.0.51.8 Priority: 20 Name: US Ban-2
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 174.47.172.122 - 174.47.172.122 Priority: 20 Name: US Ban 3
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 155.195.72.182 - 155.195.72.182 Priority: 20 Name: US Bank 4
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 58.187.68.191 - 58.187.68.191 Priority: 20 Name: Vietmna Spam 1
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 171.232.39.60 - 171.232.39.60 Priority: 20 Name: Vietnam spam
Allow connections Other
SMTP: False Antispam : False
POP3: False Antivirus: False
IMAP: False SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - False
Local To External - False
External To Local - False
External To External - False
IP: 127.0.0.1 - 127.0.0.1 Priority: 15 Name: My computer
Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - True
External To External - True External To External - True
IP: 0.0.0.0 - 255.255.255.255 Priority: 10 Name: Internet
Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - True External To External - True
------------------------------------------------------
AUTOBANNED Local Addresses:
No entries
-----------------------------------------------------------------------------------------------
AUTOBAN
Autoban Enabled: True Max invalid logon attempts: 5
Minutes Before Reset: 30 (0.50 hours, 0.02 days)
Minutes to Autoban: 60 (1.00 hours, 0.04 days)
There is a total of 1 auto-ban IP ranges.
-----------------------------------------------------------------------------------------------
INCOMING RELAYS
No entries
-----------------------------------------------------------------------------------------------
PROTOCOLS
SMTP
GENERAL DELIVERY RFC COMPLIANCE ADVANCED
No. Connections: 50 No Retries: 4 Mins: 30 Plain Text: False Bind:
Host: Domain2.com Empty sender: True Batch recipients: 100
Max Msg Size: 11000 Relay:- Incorrect endings: True Use STARTTLS: True
(none entered) Disc. on invalid: False Delivered-To hdr: False
Req Auth: False Loop limit: 5
Recipient hosts: 15
Con. Sec.: None
POP3
No. Connections: 50
IMAP
GENERAL PUBLIC FOLDERS ADVANCED
No. Connections: 50 Public folder name: #Public IMAP sort: True
IMAP Quota: True
IMAP Idle: True
IMAP ACL: True
Delim: "."
-----------------------------------------------------------------------------------------------
ANTISPAM
GENERAL SPAM TESTS Score SPAMASSASSIN
Spam Mark: 5 Use SPF: True - 3 Use Spamassassin: True
Add X-HmailServer-Spam: True Check HELO host: True - 3 Hostname: localhost
Add X-HmailServer-Reason: True Check MX records: True - 3 Port: 783
Add X-HmailServer-Subject: True Verify DKIM: False Use SA score: False - 5
Subject Text: "[SPAM-HMS]"
Spam delete threshold: 5 Maximum message size: 1024
GREYLISTING:
Greylisting: True Defer mins: 5 Days Unused: 2 Days Used: 32
Bypass SPF: False Bypass A/MX: False
Greylist WHITELIST ENTRIES:
IP Address: 69.41.173.84
Greylist DOMAINS enabled:
No entries
DNSBL ENTRIES:
zen.spamhaus.org Score: 7 Result: 127.0.0.*
bl.spamcop.net Score: 6 Result: 127.0.0.*
psbl.surriel.com Score: 6 Result: 127.0.0.*
virbl.dnsbl.bit.nl Score: 6 Result: 127.0.0.*
b.barracudacentral.org Score: 6 Result: 127.0.0.*
SURBL ENTRIES:
multi.surbl.org Score: 6
0spamurl.fusionzero.com Score: 6
ru.countries.nerd.dk Score: 6
-----------------------------------------------------------------------------------------------
WHITELISTING
-----------------------------------------------------------------------------------------------
ANTIVIRUS
GENERAL:
When found - Delete email. Notify Sender: False, Notify Receiver: False
Max Message Size: 1024
CLAM AV: True Hostname: localhost Port: 3310
CLAMWIN: False
CUSTOMAV: False
Block Attachments: True
*.bat Batch processing file
*.cmd Command file for Windows NT
*.com Command
*.cpl Windows Control Panel extension
*.csh CSH script
*.exe
*.inf Setup file
*.js
*.lnk Windows link file
*.msi Windows Installer file
*.msp Windows Installer patch
*.pid
*.pif
*.reg Registration key
*.rtf
*.scf Windows Explorer command
*.scr Windows Screen saver
“.PDF.EXE
-----------------------------------------------------------------------------------------------
SSL/TLS
SslCipherList :
-----------------------------------------------------------------------------------------------
TCPIP PORTS Connection Sec
0.0.0.0 / 25 / SMTP - None
0.0.0.0 / 110 / POP3 - None
0.0.0.0 / 143 / IMAP - None
-----------------------------------------------------------------------------------------------
LOGGING Logging Enabled: True
Paths:-
Current: C:\Program Files (x86)\hMailServer\Logs\hmailserver_2017-10-03.log
Error: C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2017-10-03.log - !! ERRORS PRESENT !!
Event: C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Not present
Awstats: C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
APPLICATION - True
SMTP - True
POP3 - True
IMAP - .
TCPIP - .
DEBUG - True
AWSTATS - .
-----------------------------------------------------------------------------------------------
SYSTEM TESTS
Database type: PostgreSQL
IPv6 support is available in operating system.
Backup directory C:\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\Storage\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\Backups\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\hMailServer is writable.
Relative message paths are stored in the database for all messages.
-----------------------------------------------------------------------------------------------
HMAILSERVER.INI
[Directories]
Program folder: C:\Program Files (x86)\hMailServer\
Database folder:
Data folder: C:\Program Files (x86)\hMailServer\Data
Log folder: C:\Program Files (x86)\hMailServer\Logs
Temp folder: C:\Program Files (x86)\hMailServer\Temp
Event folder: C:\Program Files (x86)\hMailServer\Events
[Database]
Type= PostgreSQL
Username= postgres
PasswordEncryption=1
Port= 5432
Server= localhost
Internal= 0
-----------------------------------------------------------------------------------------------
Error 438. Out-dated version. Some fields or objects missing.
[/code]Generated by HMSSettingsDiagnostics v1.74, Hmailserver Forum.
Re: Block Spammed Email
These scripts will help >> viewtopic.php?p=68117#p68117
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
- jimimaseye
- Moderator
- Posts: 8170
- Joined: 2011-09-08 17:48
Re: Block Spammed Email
From your results I see the following:
1, You have LOCAL TO LOCAL DELIVERIES allowed without authentication required for the INTERNET range. This allows spammers to send you spam through your system and will explain some of the spam you receive. You must ENABLE AUTHENTICATION for 'local to local deliveries'.
2, You are using the 'internet ranges' to act as the autoban feature when you already have autoban enabled. However you may be finding that your autoban is not effective due to the high settings you have against it. Advice:
a, Create AUTOBAN entries for all of those 'ban' IP RANGES you have and then remove them from your IP RANGEs. You only really need the INTERNET and MY COMPUTER ip ranges.
b, Then, change your AUTOBAN settings and lower the " Max invalid logon attempts:" from 5 to 1 (or 2 maximum)
By using the autoban feature (instead of the way you do with IP Ranges) you will stop the rogue spammers connecting to your machine in the first place (rather than give then a connection and rejection). Also you dont have the hassle of keep entering them yourself (given that most spam connections have a short lifespan).
With the above changes you will be tighhtening up your system and minimising the risk of receiving those spam messages.
1, You have LOCAL TO LOCAL DELIVERIES allowed without authentication required for the INTERNET range. This allows spammers to send you spam through your system and will explain some of the spam you receive. You must ENABLE AUTHENTICATION for 'local to local deliveries'.
2, You are using the 'internet ranges' to act as the autoban feature when you already have autoban enabled. However you may be finding that your autoban is not effective due to the high settings you have against it. Advice:
a, Create AUTOBAN entries for all of those 'ban' IP RANGES you have and then remove them from your IP RANGEs. You only really need the INTERNET and MY COMPUTER ip ranges.
b, Then, change your AUTOBAN settings and lower the " Max invalid logon attempts:" from 5 to 1 (or 2 maximum)
By using the autoban feature (instead of the way you do with IP Ranges) you will stop the rogue spammers connecting to your machine in the first place (rather than give then a connection and rejection). Also you dont have the hassle of keep entering them yourself (given that most spam connections have a short lifespan).
With the above changes you will be tighhtening up your system and minimising the risk of receiving those spam messages.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
Re: Block Spammed Email
Thank you experts! Do you mean that all of the bans created under the IP range needs to be removed? Thank you!
- jimimaseye
- Moderator
- Posts: 8170
- Joined: 2011-09-08 17:48
Re: Block Spammed Email
Yes.
Also you are running an old version and should update to the latest version that features many improvements and security updates.
Also you are running an old version and should update to the latest version that features many improvements and security updates.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
- jimimaseye
- Moderator
- Posts: 8170
- Joined: 2011-09-08 17:48
Re: Block Spammed Email
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
Re: Block Spammed Email
You suggest: Create AUTOBAN entries for all of those 'ban' IP RANGES you have.
My question: Where to create the auto ban entries?
Thank you!
My question: Where to create the auto ban entries?
Thank you!
- jimimaseye
- Moderator
- Posts: 8170
- Joined: 2011-09-08 17:48
Re: Block Spammed Email
Sorry, let me clarify: by this I was suggesting that those IP RANGES that you have do not have an EXPIRY set against them as you created them manually and made them permanent. (Maybe because you thought that the ip address was constant and long term). I was suggesting that you expire them (delete them) or at least set an expiry date on them as they are unlikely to be effective any more. It will not make much difference to your system except clean it up. The above suggested changes to your autoban settings and scripts offered be Mattg will give you a greater protection and autonomy.Jessy14 wrote:You suggest: Create AUTOBAN entries for all of those 'ban' IP RANGES you have.
My question: Where to create the auto ban entries?
Thank you!
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
Re: Block Spammed Email
Thank you experts!
I am going to add the following scripts. Do I need to add my user name to this line? If oClient.Username <> "my user name" Then
Do I need to add the password and where? Appreciate!
Sub OnAcceptMessage(oClient, oMessage)
If oClient.Username <> "" Then
dim authemail, authemail_value, fromemail, fromemail_value
authemail = Split ( (oClient.Username) , "@" )
authemail_value = authemail(1)
fromemail = Split ( (oMessage.FromAddress) , "@" )
fromemail_value = fromemail(1)
If LCase(authemail_value) <> LCase(fromemail_value) Then
Result.Value = 2
Result.Message = "You are only allowed to send from your domain"
End If
End If
End Sub
I am going to add the following scripts. Do I need to add my user name to this line? If oClient.Username <> "my user name" Then
Do I need to add the password and where? Appreciate!
Sub OnAcceptMessage(oClient, oMessage)
If oClient.Username <> "" Then
dim authemail, authemail_value, fromemail, fromemail_value
authemail = Split ( (oClient.Username) , "@" )
authemail_value = authemail(1)
fromemail = Split ( (oMessage.FromAddress) , "@" )
fromemail_value = fromemail(1)
If LCase(authemail_value) <> LCase(fromemail_value) Then
Result.Value = 2
Result.Message = "You are only allowed to send from your domain"
End If
End If
End Sub
- jimimaseye
- Moderator
- Posts: 8170
- Joined: 2011-09-08 17:48
Re: Block Spammed Email
Just add the script as displayed. No changes or password required.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
- jimimaseye
- Moderator
- Posts: 8170
- Joined: 2011-09-08 17:48
Re: Block Spammed Email
Remember that script will only work if you make the amendments I explained above regarding enabling authentication.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
Re: Block Spammed Email
The scripts have been added. It looks like the junk emails were blocked.
But there are too many emails queued in the server which are not delivered. Now we cannot receive the emails any more. Please advise! Thank you!
But there are too many emails queued in the server which are not delivered. Now we cannot receive the emails any more. Please advise! Thank you!
Re: Block Spammed Email
clear the queue (right click on the queue and 'clear')
ALL mail will be removed (including any genuine mail - this will all be lost)
You will then need to remove yourself from BlackLists
Good luck
ALL mail will be removed (including any genuine mail - this will all be lost)
You will then need to remove yourself from BlackLists
Good luck
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Block Spammed Email
After removing the scripts, it is fine now. BTW I didn't have anything on the blacklist. How to remove myself from the blacklist? Thank you!
Re: Block Spammed Email
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Block Spammed Email
I need some spam for research purposes. So hopefully spammers will scan this email address cf.harper@yandex.com