Another Spam issue : From & To are my address...

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
HMax
New user
New user
Posts: 5
Joined: 2007-01-23 17:25

Another Spam issue : From & To are my address...

Post by HMax » 2008-12-23 12:33

Hello there,

I have a serious SPAM issue that has been killing me for some time now and I really don't know how the hell I can solve it.

I keep on receiving messages from and to my address, even if I obviously didn't send it. All the domains managed by hMailserver are victim if this and I really don't know how to handle it.

Here are the headers of the mail :

Code: Select all

Return-Path: <webmaster@mydomain.com>
Received: from 82-44-93-150.cable.ubr08.nmal.blueyonder.co.uk ([82.44.93.150])
	by ns123456.ovh.net
	with hMailServer ; Mon, 22 Dec 2008 23:15:39 +0100
Message-ID: <09D36A72-31E8-45F2-8561-329FEA647941@ns123456.ovh.net>
To: <webmaster@mydomain.com>
Subject: She will surely enjoy your changes
From: <webmaster@mydomain.com>
MIME-Version: 1.0
Importance: High
Content-Type: text/html
You may have already received this kind of mail, it's an ad for blue pills and so on...

My server requires SMTP authentication.
As of IP Ranges settings :
- "My Computer" allows delivery to all but External to External, and requires no authentication for deliveries.
- "Internet" allows the same but requires authentication for delivery to remote accounts.

But if I set "require auth for delivery to local accounts", it seems no single mail is delivered anymore, as in this example, a mail sent from GMail to my email address (managed by HMailserver) :

Code: Select all

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 530 530 SMTP authentication is required. (state 14).
I just don't get it. Thanks for any help...

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Another Spam issue : From & To are my address...

Post by martin » 2008-12-23 12:43

Either start to use SPF for your domains, or set up a script which makes hMailServer require authentication when email messages are sent from local addresses. (First example here: http://www.hmailserver.com/documentatio ... eptmessage).

By default, hMailServer doesn't require authentication for deliveries to local accounts. The senders address does not affect this.

This is as-designed, but in version 5.1, the functionality will be modified to take sender address into account.

HMax
New user
New user
Posts: 5
Joined: 2007-01-23 17:25

Re: Another Spam issue : From & To are my address...

Post by HMax » 2008-12-23 13:05

Thank you Martin,

I'm gonna go for the scripting solution for now, and start implementing & checking SPF records for all the domains.

This seems to be working fine for now with scripting, I'll see what happens to the spam now!

Thanks again for your *fast* reply!

brashquido
Normal user
Normal user
Posts: 249
Joined: 2006-06-26 07:14
Location: Melbourne, Australia
Contact:

Re: Another Spam issue : From & To are my address...

Post by brashquido » 2008-12-29 03:22

Time to tighten up my SPF I think, as I've been having this issue as well. Is there anyway that script could feed in all the domains hosted on the server, or would it be better to manually place each domain in separately? If the later, how would you do this?
Dominic Ryan
astroroad.com.au

ynot2k
New user
New user
Posts: 18
Joined: 2005-09-20 22:55

Re: Another Spam issue : From & To are my address...

Post by ynot2k » 2009-01-03 21:36

Hi there - agreed with the increase in spam with a sender address being my own (or from a local account). I have dropped in the script from http://www.hmailserver.com/documentatio ... eptmessage to check to make sure that local senders be authenticated before proceeding with delivery of the email. But i would prefer this to be part of the application instead of the expensive external script.

Perhaps the section in the IP Ranges area could look more like this:

ALLOW DELIVERIES FROM
[] Local to local accounts [] Require Authentication
[] Local to external accounts [] Require Authentication
[] External to local accounts [] Require Authentication
[] External to external accounts [] Require Authentication


further - i second the request to have a quicker way to check the sender email address against all local accounts for this script to be effective in a multi-domain / many-user application.

thanks, gw

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Another Spam issue : From & To are my address...

Post by martin » 2009-01-03 22:42

ynot2k, maybe you missed the following:
This is as-designed, but in version 5.1, the functionality will be modified to take sender address into account.

User avatar
matty
Senior user
Senior user
Posts: 330
Joined: 2005-08-22 16:29
Location: New York
Contact:

Re: Another Spam issue : From & To are my address...

Post by matty » 2009-01-06 19:47

A few points for anyone that is implementing this script to combat SPAM being sent from a local user to that local user:
http://www.hmailserver.com/documentatio ... eptmessage

1) Double check your webmail implementation. My SquirelMail users (only those whose domains were in my script) were no longer able to send mail until I set the SMTP authentication setting from "none" to "login".

2) Watch if you have any programs that are using your mail server to send mail. In my case we have some programs that report their status via email and they did not use authentication so enabling the check in this script for the domain used in the from address from these programs broke them. For those domains, I had to check just individual email addresses for users having this SPAM problem instead of the entire domain.

3) I tweaked the script to be more efficient if you have many domains and also to handle issue 2 above. It is below in case anyone is interested.

Code: Select all

Sub OnAcceptMessage(oClient, oMessage)
	dim frm, bolCheckLocal, domn
	bolCheckLocal = false
	frm = lcase(oMessage.FromAddress)
	domn = right(frm, len(frm) - InStr(1, frm, "@", 1))
  
	select case frm
		case "aaa@somedomain.com", "bbb@somedomain.com"
			bolCheckLocal = true
		case else
			select case domn
				case "domain1com", "domain2.com", "domain3.com"
					bolCheckLocal = true
			end select
	end select
	        
	 If bolCheckLocal then
		If (oClient.Username = "") Then
			' Local user.
			Result.Message = "You must be authenticated to send from local domain."
			Result.Value = 2
 		End If
 	End If
 End Sub

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: Another Spam issue : From & To are my address...

Post by ^DooM^ » 2009-01-06 20:21

Nice one matty, Any way to expand on this by checking connecting IP? If not a local IP the result 2 ?

I currently allow my servers to send without authentication using the mail(); function and nowhere in my code is the ability to authenticate. Now i have been receiving mail from myself in the from address and an easy spot for me would be if they were coming from any ip's that weren't in my LAN.

Cheers!
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

User avatar
matty
Senior user
Senior user
Posts: 330
Joined: 2005-08-22 16:29
Location: New York
Contact:

Re: Another Spam issue : From & To are my address...

Post by matty » 2009-01-08 04:40

Nice one matty
Thanks... every once and a while I come up with something useful that I think is worth sharing.
Any way to expand on this by checking connecting IP
That was my first idea as well but I could not find anything in the COM API documentation for the message object that got the IP directly. There is HeaderValue property that I was thinking about but I could not quickly find simple and consistent way to use this that would work for all emails - and I did not have the time to investigate much either.
I currently allow my servers to send without authentication using the mail(); function and nowhere in my code is the ability to authenticate.
This was similar to my problem - the component we use to send status emails from several of our programs has no method for authenticating and rather than changing the code, I came up with this fix.

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: Another Spam issue : From & To are my address...

Post by ^DooM^ » 2009-01-08 10:30

I see, Thanks for the reply.

I feel a feature request coming along ;)
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

bigcrawdaddy
Normal user
Normal user
Posts: 53
Joined: 2008-02-19 14:41

Re: Another Spam issue : From & To are my address...

Post by bigcrawdaddy » 2009-01-09 23:00

I do the following check:

Code: Select all

 If oClient.Username <> "" Then
    If LCase(oClient.Username) <> LCase(oMessage.FromAddress) Then
      EventLog.Write(oClient.Username & " Did Not Match " & oMessage.FromAddress)
      Result.Value = 2
      Result.Message = "You are only allowed to send from your own account"
    End If
  End If
This works great for me and I know the limits this places on my users but they all know it up front.
Myself, I use Thunderbird and have several accounts and set each account to use the correct username.

But I do have an issue that I have yet to figure out a fix for. I have two hmailservers. Both use the same Anti-Spam settings including Use SPF. One runs as primary and the second on a different box and ip as a backup.

When an e-mail is received by the backup server that has a To and From address of an account on the primary server the backup server does not check the SPF before forwarding it on the to the primary server. Once the primary gets it a SPF check is done on the orginal senders IP and of course returns a fail. The fail is then sent back to the backup server. Once the backup server gets the fail error message it generates and mail-demon@backupserver.com message sent to the account on the primary server.

The account user didn't create the To and From message.

Shouldn't the backup sever done the SPF check before forwarding it to the primary? If it did this it would save lots of bandwidth and stop these in-correct messages in the users mailbox?

Thanks
Chris

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Another Spam issue : From & To are my address...

Post by martin » 2009-01-09 23:08

When an e-mail is received by the backup server that has a To and From address of an account on the primary server the backup server does not check the SPF before forwarding it on the to the primary server.
That sounds a bit strange. Are you sure? Check that you've enabled anti-spam and de-selected "Forwarding relay" on the Internet IP range on the backup server.

bigcrawdaddy
Normal user
Normal user
Posts: 53
Joined: 2008-02-19 14:41

Re: Another Spam issue : From & To are my address...

Post by bigcrawdaddy » 2009-01-09 23:14

Those are my settings on the backup server.

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Another Spam issue : From & To are my address...

Post by martin » 2009-01-09 23:15

And you haven't added any new IP ranges?
Can you enable all logging on the backup server and the next time a message passes by, paste the log here so that I can see what spam protection is run?

bigcrawdaddy
Normal user
Normal user
Posts: 53
Joined: 2008-02-19 14:41

Re: Another Spam issue : From & To are my address...

Post by bigcrawdaddy » 2009-01-09 23:20

I might have just figured out the issue :( I had several of my user accounts whitelisted on the backup server with ip range of 0.0.0.0 to 255.255.255.255 pretty sure this might be it. Will edit those and see if that stops the problem.

Again thanks for getting back with me as soon as you did. Again a great JOB

Chris

deafway
New user
New user
Posts: 10
Joined: 2008-09-10 17:00

Re: Another Spam issue : From & To are my address...

Post by deafway » 2009-02-01 03:15

1) Double check your webmail implementation. My SquirelMail users (only those whose domains were in my script) were no longer able to send mail until I set the SMTP authentication setting from "none" to "login"


I was wonder does have simliar to setting need change on Horde webmail as it come with plesk for windows. as i installed hmailserver on it. but recently we getting lots of spam from own email address to send to own email address but i notice on header say otherwise.

i have read about the 'Onacceptmessage' script might install but i need to know is safe? and 'example.com' mean i need to change our domain name on it?

thanks
Paul

deafway
New user
New user
Posts: 10
Joined: 2008-09-10 17:00

Re: Another Spam issue : From & To are my address...

Post by deafway » 2009-02-04 12:28

I have applied and it seem working BUT!!!!!!!!

I have slight problem, cant send email from webmail like Horde ? and another things is.... I am using Plesk for windows 8.4 ususally they auto update and and automatic email to me as both same email address which end up asking for authentic.... how to get by-pass ? need add script?

Please advice.

thanks
Paul

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Another Spam issue : From & To are my address...

Post by martin » 2009-02-04 12:33

It depends entirely on how Horde and Plesk work and which script from this thread you added. So you solved the problem by enabling SMTP auth in SquirrelMail? Then do the same in Horde. I don't know if Plesk supports it.

deafway
New user
New user
Posts: 10
Joined: 2008-09-10 17:00

Re: Another Spam issue : From & To are my address...

Post by deafway » 2009-02-04 13:39

didnt have squirral mail on it as i was read the post earlier someone can change...i have looked into Horde config it can change but still refused.

I will look at horde for furthure assistance

another one things...as on Acccept message script...if i add whitelist on one email address can accept message without need auth?

thanks
PAul

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Another Spam issue : From & To are my address...

Post by martin » 2009-02-04 13:51

No. The whitelisting functionality has to do with whether spam protection will be used, not to do with whether SMTP authentication will be used.

Also, any script which is used overrides the behavior of hMailServer. The script could make use of the white list to allow for what you're asking for but it does not.

deafway
New user
New user
Posts: 10
Joined: 2008-09-10 17:00

Re: Another Spam issue : From & To are my address...

Post by deafway » 2009-02-09 03:11

I have resolved the Horde - as horde couldnt find but found on hmailserver older post and it worked...using....

http://www.hmailserver.com/forum/viewto ... 135#p75135

only remaining need something add allow without required need authentic smtp on localhost, like whitelist wont work as you mention....

will investigation further

Cheer

deafway
New user
New user
Posts: 10
Joined: 2008-09-10 17:00

Re: Another Spam issue : From & To are my address...

Post by deafway » 2009-02-10 18:51

got copy from previous message from one author (apologise didn't get your copy name that you made)


3) I tweaked the script to be more efficient if you have many domains and also to handle issue 2 above. It is below in case anyone is interested.

Code: Select all

Code:
Sub OnAcceptMessage(oClient, oMessage)
   dim frm, bolCheckLocal, domn
   bolCheckLocal = false
   frm = lcase(oMessage.FromAddress)
   domn = right(frm, len(frm) - InStr(1, frm, "@", 1))
 
   select case frm
      case "aaa@somedomain.com", "bbb@somedomain.com"
         bolCheckLocal = true
      case else
         select case domn
            case "domain1com", "domain2.com", "domain3.com"
               bolCheckLocal = true
         end select
   end select
          
    If bolCheckLocal then
      If (oClient.Username = "") Then
         ' Local user.
         Result.Message = "You must be authenticated to send from local domain."
         Result.Value = 2
      End If
   End If
End Sub

i want to check with you before i add to script, correct me wrong or right!!

the first part saying "aaa@somedomain.com" and "bbb@somedomain.com" that will accept the message without need authenticated??

next part same as above but "domain1com", "domain2.com" that will check authenticated before accept the message similar one to hmail down default script version?

thanks
Paul

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Another Spam issue : From & To are my address...

Post by martin » 2009-02-10 18:54

deafway,
It's the other way around. If the sender address matches one of those addresses or domain, hMailServer will require SMTP auth.

deafway
New user
New user
Posts: 10
Joined: 2008-09-10 17:00

Re: Another Spam issue : From & To are my address...

Post by deafway » 2009-02-10 19:07

hmm, is there script to allow eg, one email address is exempt from authenticated by any chance?

is worth for me upgrade to hm5, havent tested it yet.

thanks
Paul

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Another Spam issue : From & To are my address...

Post by martin » 2009-02-10 19:16

What are you trying to do?

deafway
New user
New user
Posts: 10
Joined: 2008-09-10 17:00

Re: Another Spam issue : From & To are my address...

Post by deafway » 2009-02-10 19:35

what i am trying to accept only one email for example

as I have already use Onacceptmessage script on it,

the problem is such as software like auto backup with email notify which has none extra setting that i need enable smtp auth to allow send email like compare like outlook etc have ticked to add need smtp auth for example

backup@domain.com to backup@domain.com that can be bypass the authenticated but do have own inbox

hope that explain clear?

thanks once again
Paul

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Another Spam issue : From & To are my address...

Post by martin » 2009-02-10 19:40

Have you considered adding an IP range covering the computer where the backup software is running and disable SMTP authentication for that IP range?

jchl118
New user
New user
Posts: 18
Joined: 2009-05-11 07:17

Re: Another Spam issue : From & To are my address...

Post by jchl118 » 2009-05-12 16:12

bigcrawdaddy wrote:I do the following check:

Code: Select all

 If oClient.Username <> "" Then
    If LCase(oClient.Username) <> LCase(oMessage.FromAddress) Then
      EventLog.Write(oClient.Username & " Did Not Match " & oMessage.FromAddress)
      Result.Value = 2
      Result.Message = "You are only allowed to send from your own account"
    End If
  End If
This works great for me and I know the limits this places on my users but they all know it up front.
Myself, I use Thunderbird and have several accounts and set each account to use the correct username.

But I do have an issue that I have yet to figure out a fix for. I have two hmailservers. Both use the same Anti-Spam settings including Use SPF. One runs as primary and the second on a different box and ip as a backup.

When an e-mail is received by the backup server that has a To and From address of an account on the primary server the backup server does not check the SPF before forwarding it on the to the primary server. Once the primary gets it a SPF check is done on the orginal senders IP and of course returns a fail. The fail is then sent back to the backup server. Once the backup server gets the fail error message it generates and mail-demon@backupserver.com message sent to the account on the primary server.

The account user didn't create the To and From message.

Shouldn't the backup sever done the SPF check before forwarding it to the primary? If it did this it would save lots of bandwidth and stop these in-correct messages in the users mailbox?

Thanks
Chris
****If oClient.Username <> "" !!!! because oClient.Username will be away empty
check on search with client.username, posted by hophms. Posted: 2008-08-29 00:10
Martin reply
The username property is supposed to be empty. The event is sent directly after the client has connected, and at this time hMailServer does not know which user is connecting. I've updated the docs about this.

ok, If oClient.Username = "" but waste time to has this.

*****pls confirm it yourself, I might be wrong*****
from jchl118
Last edited by jchl118 on 2009-05-13 05:12, edited 1 time in total.

User avatar
mattg
Moderator
Moderator
Posts: 20789
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Another Spam issue : From & To are my address...

Post by mattg » 2009-05-13 02:58

jchl118 wrote:****If oClient.Username <> "" bugs!!!! because oClient.Username will be away empty
You seem to be a little confused.

On the post that you mention, it is clearly stated that oClient.Username will be empty when used in the OnClientConnect Sub, but will contain the appropriate information when the OnAcceptMessage Sub is used.

The script in this thread works VERY WELL when used as defined here. It works as expected. The script in this thread uses the OnAcceptMessage Sub.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

jchl118
New user
New user
Posts: 18
Joined: 2009-05-11 07:17

Re: Another Spam issue : From & To are my address...

Post by jchl118 » 2009-05-13 07:33

Yes I do confused.

correct me if I'm wrong.

hMS call the vbscript in following order.
onclientconnect(oclient)
...
OnAcceptMessage(oclient,..)
...
if is in such order
Class/Object of oclient and all the values of this object's properties will
remain same. until entire task end. please explain.

Test output to Log needed.

User avatar
mattg
Moderator
Moderator
Posts: 20789
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Another Spam issue : From & To are my address...

Post by mattg » 2009-05-13 07:37

jchl118 wrote:Class/Object of oclient and all the values of this object's properties will
remain same. until entire task end.
Why do you say that?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Another Spam issue : From & To are my address...

Post by martin » 2009-05-13 21:54

jchl118 wrote:Class/Object of oclient and all the values of this object's properties will
remain same. until entire task end.
No it doesn't. For example, the Username of the oClient object is set in the OnAcceptMessage-event but not in the OnClientConnect-event.

jchl118
New user
New user
Posts: 18
Joined: 2009-05-11 07:17

Re: Another Spam issue : From & To are my address...

Post by jchl118 » 2009-05-15 04:09

For me, I will assigned
protectd array{Port, Ip, Username, .....} to oClient object right after validated
then all values of oClient object will be remain same and cosistency to pass it on untill the whole proceduce end

will be nice if in evenhandlers.vbs, has remarks each event for which thread(smtp pop3 or others,..).

Sorry brothers/sisters can't be more helpful.
otherwise I might end up unwelcome, . .
my this post end here and no reply needed. good luck
Last edited by jchl118 on 2009-05-15 04:48, edited 3 times in total.

User avatar
mattg
Moderator
Moderator
Posts: 20789
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Another Spam issue : From & To are my address...

Post by mattg » 2009-05-15 04:32

jchl118 wrote:then all values of oClient object will be remain same and cosistency to pass it on untill the whole proceduce end
As martin has said...
martin wrote:
jchl118 wrote:Class/Object of oclient and all the values of this object's properties will
remain same. until entire task end.
No it doesn't. For example, the Username of the oClient object is set in the OnAcceptMessage-event but not in the OnClientConnect-event.
I think you are really confused about how this works.

The eventhandler.vbs isn't implemented just once for each message (which is what you seem to suggest). The various sub routines in eventhandler.vbs are called at different times by the hMaislerver.exe program. The eventhandler.vbs is a group of some subs and functions that AUGMENT the main program. Each of the subroutines are called independently of each other.

What you say happens, just doesn't happen. Test it for yourself. Martin is the developer - he knows implicitly what happens and when. I know as an experienced user (who uses this particular component) that what you say just isn't correct. You seem either to be guessing or deliberately creating trouble - neither of which I can understand the reasons for.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Post Reply