Gmail "be careful with this message"

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
michaeljwyo
Normal user
Normal user
Posts: 81
Joined: 2020-02-11 19:02

Re: Gmail "be careful with this message"

Post by michaeljwyo » 2022-08-04 22:53

Thank you SO much for your time, Mike. Okay so everything checks out as far as I know. Maybe you'll see something I don't. There is so much spam hitting the server so you'll see a lot of stuff in the logs. It gets rejected but it taxes that server so much that it takes forever for things to "hit the list". I am not sure if our rules were "working" if it would help with that too. I have spent countless hours going into Windows Firewall blocking IP address ranges and stuff and yet they just find new ones and start hitting again. Having to attach the logs in a zip file. I see no other way around it. Just too big. Hope that works.
Thanks again for helping me. You have no idea how appreciative I am.
Attachments
hmailserver logs_evh.zip
logs & eventhandlers script
(151.74 KiB) Downloaded 24 times

palinka
Senior user
Senior user
Posts: 3647
Joined: 2017-09-12 17:57

Re: Gmail "be careful with this message"

Post by palinka » 2022-08-05 07:02

michaeljwyo wrote:
2022-08-04 22:53
Thank you SO much for your time, Mike. Okay so everything checks out as far as I know. Maybe you'll see something I don't. There is so much spam hitting the server so you'll see a lot of stuff in the logs. It gets rejected but it taxes that server so much that it takes forever for things to "hit the list". I am not sure if our rules were "working" if it would help with that too. I have spent countless hours going into Windows Firewall blocking IP address ranges and stuff and yet they just find new ones and start hitting again. Having to attach the logs in a zip file. I see no other way around it. Just too big. Hope that works.
Thanks again for helping me. You have no idea how appreciative I am.
You appear to be an open relay. Disable account abdx AT abdx DOT org immediately.

I haven't been following this thread, but if that is your mailing list account, you need to disable it until you sort this out. You'll get blacklisted if you don't sort this out quickly (stop the bleeding).

"SMTPC" 7760 5 "2022-08-04 14:11:03.323" "67.195.228.110" "RECEIVED: 421 [IPTS04] Messages from 65.38.140.167 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes"

Look at the first few messages in the log to see if the recipients are valid list recipients or spam targets. At least near the top, they're all yahoo addresses and there are lots of them. It smells like spam to me.

michaeljwyo
Normal user
Normal user
Posts: 81
Joined: 2020-02-11 19:02

Re: Gmail "be careful with this message"

Post by michaeljwyo » 2022-08-05 16:16

You are correct. That is the main address of my list. And it makes a lot of sense now, especially when yahoo users complain that they don't get any mail from the list. I've always had problems with Yahoo anyways so that's why I didn't think much of it. That has been our "list address" forever and I'd really like to keep it. If we can get this sorted out then hopefully I can work on trying to remedy the problem with Yahoo (and most likely the other big boys like Verizon and Comcast and Charter and so forth). I saw all of those addresses and knew most were fake so I knew we were being relayed. Just don't know how to fix it, other than to get the other mechanism fixed where ONLY list members are allowed to send anything. That would fix it, right?

mikedibella
Senior user
Senior user
Posts: 773
Joined: 2016-12-08 02:21

Re: Gmail "be careful with this message"

Post by mikedibella » 2022-08-05 16:53

Double check that the front-end Account is forwarded to the Distribution List account address and not to itself.

Also check the Distribution List membership and make sure that both the front-end Account and the Distribution List address are both NOT present in the list. Delete if present.

If neither of the above conditions exist in the current configuration, make a settings-only backup using Utilities | Backup . Extract the .7z archive and edit the hMailServerBackup.xml file to scrub any sensitive passwords. Zip the file and PM it to me.

michaeljwyo
Normal user
Normal user
Posts: 81
Joined: 2020-02-11 19:02

Re: Gmail "be careful with this message"

Post by michaeljwyo » 2022-08-05 18:22

Thanks Mike! The front-end account (abdx@abdx.org) is forwarded to the distrubution list account (abdxlist@abdx.org). I checked the distribution list membership and no, neither are present.

Working on the settings backup and will get that to you shortly. I appreciate it so much.

mikedibella
Senior user
Senior user
Posts: 773
Joined: 2016-12-08 02:21

Re: Gmail "be careful with this message"

Post by mikedibella » 2022-08-05 19:23

Looking at hmailserver_2022-08-04.log, I do not see any logging for the recipient abdx@abdx.org. Did you send a message directed at the front-end account during the time period covered by the log?

michaeljwyo
Normal user
Normal user
Posts: 81
Joined: 2020-02-11 19:02

Re: Gmail "be careful with this message"

Post by michaeljwyo » 2022-08-05 20:59

Hi Mike - yes. Look at this line:

"2022-08-04 12:37:40.261" "209.193.73.228" "SENT: 220 abdx.org ESMTP"

That's where the path of my message starts. You'll see stuff related to vcn.com. 209.193 is one of their banks. You should be able to follow it from there...hopefully

michaeljwyo
Normal user
Normal user
Posts: 81
Joined: 2020-02-11 19:02

Re: Gmail "be careful with this message"

Post by michaeljwyo » 2022-08-06 03:28

I was wrong. I was looking at a different log I had. Here is the one I was talking about when I referenced the line in my other message.

Sorry about that. This log is the one.
Attachments
hmailserver_2022-08-04(7a-130p).zip
other log
(177.76 KiB) Downloaded 22 times

mikedibella
Senior user
Senior user
Posts: 773
Joined: 2016-12-08 02:21

Re: Gmail "be careful with this message"

Post by mikedibella » 2022-08-06 18:41

Line 1041: "APPLICATION" 11136 "2022-08-04 14:12:10.141" "SMTPDeliverer - Message 1038166: The message was not delivered to abdx@abdx.org. Delivery to this account was canceled by an account rule Rule name: X-Member, ID: 16."
Send a screen shot of the criteria and actions for rule "X-Member". if the action is Run Function, send the name of the function.

michaeljwyo
Normal user
Normal user
Posts: 81
Joined: 2020-02-11 19:02

Re: Gmail "be careful with this message"

Post by michaeljwyo » 2022-08-07 10:02

Okay Mike - here is what you were asking for:
ss1.JPG
The problem is that THIS rule is doing its job. It's looking for the custom "x-member-of-list" field that the previous rule named "tag list member" is supposed to create:
ss2.JPG
The function it runs is called "taglistmember". As I had mentioned, I think that is what's broken. Something with that function. It's not writing out that custom header.
Since I have the rule "x-member" disabled right now, all messages will go through whether the header is there or not. Here is an excerpt from a list email - pretty sure this area is where the header would be (and should have because it's from a list member):

From: Glenn Hauser <wghauser@gmail.com>
Date: Sun, 7 Aug 2022 00:03:17 +0000
Message-ID: <CACaJMsOy17O9O81DtFLQaBJTyUO0ojsnmnSiJqmS_q_neo6_Ww@mail.gmail.com>
Subject: [abdx.org] Glenn Hauser logs August 5-6. 2022
To: abdx@abdx.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Envelope-To: abdx@abdx.org
X-Envelope-OriginalTo: abdx@abdx.org
X-Envelope-From: wghauser@gmail.com
Reply-To: abdx@abdx.org
X-hMailServer-LoopCount: 1
X-Virus-Scanned: ClamAV using VCN Spam Filter (darmstadtium.vcn.com)


I did some extensive research to find out when it quit working and it actually hasn't worked since 6/7/2021. Here is excerpt from the last email that it worked for:

Date: Mon, 7 Jun 2021 21:16:44 -0700
Subject: [abdx.org] License cancelled
Message-Id: <0BE5961A-3292-4793-8855-A638F60931C5@gmail.com>
To: ABDX <abdx@abdx.org>
X-Mailer: iPad Mail (18E212)
X-Envelope-To: abdx@abdx.org
X-Envelope-OriginalTo: abdx@abdx.org
X-Envelope-From: wb6tnb@gmail.com
Reply-To: abdx@abdx.org
X-Member-Of-List: abdxlist@abdx.org
X-hMailServer-LoopCount: 1
X-Virus-Scanned: ClamAV using VCN Spam Filter (darmstadtium.vcn.com)


After that, there is quite a gap...about a month. And it coincides with THIS problem:

https://www.hmailserver.com/forum/viewt ... =7&t=36941

I know. Now the plot thickens. So I am not sure if we did something to fix the spam problem there, that in accordance I needed to turn off that x-member rule and it's been off ever since. I remember making that post, but I just put 2 and 2 together and realized that's the last time our "list-member filtering" actually was working. I wouldn't think one would have to do with another, but it could be.

mikedibella
Senior user
Senior user
Posts: 773
Joined: 2016-12-08 02:21

Re: Gmail "be careful with this message"

Post by mikedibella » 2022-08-07 18:14

On line 158 of your eventhandlers.vbs, comment out the following statement, add the single-quote as shown below:

Code: Select all

'  on error resume next
Reload scripts and send a message to the list to fire the function, then post the updated ERROR_hmailserver_XXX.log file.

michaeljwyo
Normal user
Normal user
Posts: 81
Joined: 2020-02-11 19:02

Re: Gmail "be careful with this message"

Post by michaeljwyo » 2022-08-07 21:47

Done.
Here's the error log text:

"ERROR" 8380 "2022-08-07 13:43:12.657" "Script Error: Source: hMailServer COM library - Error: 800403E9 - Description: You do not have access to this property / method. Ensure that hMailServer.Application.Authenticate() is called with proper login credentials. - Line: 170 Column: 2 - Code: (null)"

michaeljwyo
Normal user
Normal user
Posts: 81
Joined: 2020-02-11 19:02

Re: Gmail "be careful with this message"

Post by michaeljwyo » 2022-08-07 22:06

BTW, I did check the user and pass (line 160 and 161) and they are absolutely correct. I used the "mail" program here on the server to check the mail and used those exact credentials and it checks the mail just fine. Is there some kind of different type of authentication that it's doing when the eventhandlers script tries to get in?

User avatar
SorenR
Senior user
Senior user
Posts: 5530
Joined: 2006-08-21 15:38
Location: Denmark

Re: Gmail "be careful with this message"

Post by SorenR » 2022-08-07 22:58

michaeljwyo wrote:
2022-08-07 22:06
BTW, I did check the user and pass (line 160 and 161) and they are absolutely correct. I used the "mail" program here on the server to check the mail and used those exact credentials and it checks the mail just fine. Is there some kind of different type of authentication that it's doing when the eventhandlers script tries to get in?
Without knowing the contents of your eventhandlers.vbs I am guessing you need to use "Administrator" and the associated password. The same password you use for hMailAdmin.exe.

Hmm... Found an old version of your script... It's NOT "Administrator". Sub TagListMembers ??? I's an alternative access to scripting ... need to do some snooping around.
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

User avatar
SorenR
Senior user
Senior user
Posts: 5530
Joined: 2006-08-21 15:38
Location: Denmark

Re: Gmail "be careful with this message"

Post by SorenR » 2022-08-07 23:09

I believe this will fail if not executed by hMailServer Administrator - it may work if the account signing in to the API also IS sProxyAddress ... Never tried it myself that way.

Code: Select all

set oProxyAccount = oPostDomain.Accounts.ItemByAddress(sProxyAddress)
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

User avatar
SorenR
Senior user
Senior user
Posts: 5530
Joined: 2006-08-21 15:38
Location: Denmark

Re: Gmail "be careful with this message"

Post by SorenR » 2022-08-07 23:22

Brainstorming.....

Code: Select all

	set oMailServer = CreateObject("hMailServer.Application")
	oMailServer.Authenticate sMailUser, sMailPass
Is this "sMailUser" account defined with "Administration level"; User, Domain or Server ??
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

michaeljwyo
Normal user
Normal user
Posts: 81
Joined: 2020-02-11 19:02

Re: Gmail "be careful with this message"

Post by michaeljwyo » 2022-08-08 00:52

Without knowing the contents of your eventhandlers.vbs I am guessing you need to use "Administrator" and the associated password. The same password you use for hMailAdmin.exe.
It looks like you were right, Soren. I changed it to the actualy login info for hmailserver itself. Not one of the accounts. Sure enough it looks like it's working. I sent one from an account that IS on the list, and it went through. I sent one from an account that is NOT on the list, and the rule did its work and deleted it. I can't believe it may have been that simple all along, although I want to say that it WAS working before (last year) by using the proxy account's user/pass . But that's okay. If it works this way then I am fine with that.

I am seeing some other things going on with looping and max loops reached...not sure about that or if it's related but I will post it here a little later on and see what you guys think. THANK YOU GUYS for all your help. I can't say that enough. For now I THINK it's working but I am keeping a close eye on it.

User avatar
SorenR
Senior user
Senior user
Posts: 5530
Joined: 2006-08-21 15:38
Location: Denmark

Re: Gmail "be careful with this message"

Post by SorenR » 2022-08-08 09:20

michaeljwyo wrote:
2022-08-08 00:52
Without knowing the contents of your eventhandlers.vbs I am guessing you need to use "Administrator" and the associated password. The same password you use for hMailAdmin.exe.
It looks like you were right, Soren. I changed it to the actualy login info for hmailserver itself. Not one of the accounts. Sure enough it looks like it's working. I sent one from an account that IS on the list, and it went through. I sent one from an account that is NOT on the list, and the rule did its work and deleted it. I can't believe it may have been that simple all along, although I want to say that it WAS working before (last year) by using the proxy account's user/pass . But that's okay. If it works this way then I am fine with that.

I am seeing some other things going on with looping and max loops reached...not sure about that or if it's related but I will post it here a little later on and see what you guys think. THANK YOU GUYS for all your help. I can't say that enough. For now I THINK it's working but I am keeping a close eye on it.
Well... If the user you used have "Domain" Access level it may just work, there's got to be a reason why it was made this way :wink:
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

michaeljwyo
Normal user
Normal user
Posts: 81
Joined: 2020-02-11 19:02

Re: Gmail "be careful with this message"

Post by michaeljwyo » 2022-08-08 09:48

The user I WAS using, did have domain access. Actually it had sever access. So yeah it should have worked in theory....and I am pretty sure it DID work from the beginning. Just not sure what happened 6 months later that made it stop working.

User avatar
jimimaseye
Moderator
Moderator
Posts: 9584
Joined: 2011-09-08 17:48

Re: Gmail "be careful with this message"

Post by jimimaseye » 2022-08-08 10:26

My philosophy on this (as I always say to my users): Let's not dwell on the "was", lets just rejoice on what "IS" (although I know curiosity is going to niggle at you).
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 5530
Joined: 2006-08-21 15:38
Location: Denmark

Re: Gmail "be careful with this message"

Post by SorenR » 2022-08-08 10:48

michaeljwyo wrote:
2022-08-08 09:48
The user I WAS using, did have domain access. Actually it had sever access. So yeah it should have worked in theory....and I am pretty sure it DID work from the beginning. Just not sure what happened 6 months later that made it stop working.
Corona ... :mrgreen:
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

palinka
Senior user
Senior user
Posts: 3647
Joined: 2017-09-12 17:57

Re: Gmail "be careful with this message"

Post by palinka » 2022-08-08 11:40

SorenR wrote:
2022-08-08 10:48
michaeljwyo wrote:
2022-08-08 09:48
The user I WAS using, did have domain access. Actually it had sever access. So yeah it should have worked in theory....and I am pretty sure it DID work from the beginning. Just not sure what happened 6 months later that made it stop working.
Corona ... :mrgreen:
That's funny, but yeah, maybe should scan for viruses. Can't be too careful.

mikedibella
Senior user
Senior user
Posts: 773
Joined: 2016-12-08 02:21

Re: Gmail "be careful with this message"

Post by mikedibella » 2022-08-08 17:26

Looking at the eventhandlers code, you were using a value for the authentication user that was the username portion of the account address only, without the domain suffix. If you had a value set for Default Domain previously but blanked it out, it could explain why authentication worked before. With Default Domain blank, I believe the only user that can authentication with username portion only is Administrator.

Code: Select all

oMailServer.Authenticate sMailUser, sMailPass
if Err.Number > 0 then
	EventLog.Write "TagListMembers: Failed to authenticate."
What I can't understand is why the Err.Number wasn't set to non-zero when the authentication failure error was thrown.

michaeljwyo
Normal user
Normal user
Posts: 81
Joined: 2020-02-11 19:02

Re: Gmail "be careful with this message"

Post by michaeljwyo » 2022-08-08 18:27

I remember you telling me to use the username/password for the proxy account. Which is what it was set to, although yeah maybe the default domain was (is) blanked out...which would lead to why it didn't work. What are you guys' view one it? Okay to keep using the administrator account for the program, or better to try to get it to work with the proxy account's username?

michaeljwyo
Normal user
Normal user
Posts: 81
Joined: 2020-02-11 19:02

Re: Gmail "be careful with this message"

Post by michaeljwyo » 2022-08-17 03:29

Hey guys things seem to be working well. No problems with things making it to the list and no posts from outsiders. I just wanted to say thank you. You guys are the best. If it quits working or something goes sideways, I will try to solve it myself. If not, you know I will crawl back here and beg some more :)

Thanks again!

Post Reply