Setting up internal user and external user

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
gnoppix
New user
New user
Posts: 21
Joined: 2015-10-26 07:27

Setting up internal user and external user

Post by gnoppix » 2016-07-12 10:33

Good day. I'm using hmailserver for a while now as a distribution server ( all users can send in and out, managing both POP and SMTP ). I will now be incorporating internal user that can only send email locally and will not allowed to send and receive to and :? from external. I had a few test done through the IP Ranges options but it does not work.

I need some advise from you to help me find where and what am i missing to implement this.

Thanks you very much.

gnoppix :?

User avatar
jimimaseye
Moderator
Moderator
Posts: 8120
Joined: 2011-09-08 17:48

Re: Setting up internal user and external user

Post by jimimaseye » 2016-07-12 10:38

IP RANGE for internal LAN range: Enable LOCAL TO LOCAL deliveries, disable or others.

This will only allow people within you lan to send to other accounts locally.

If that is not what you meant, you might also find solace here: viewtopic.php?f=20&t=28045
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

gnoppix
New user
New user
Posts: 21
Joined: 2015-10-26 07:27

Re: Setting up internal user and external user

Post by gnoppix » 2016-07-12 10:42

Please find attached IP Range setup that i made.

But unfortunately 192.168.1.141 can receive email from external... but cannot send to external.

Hope to have immediate response from the forum.

Thanks again.
gnoppix :wink:
Attachments
hmail setup.jpg

User avatar
jimimaseye
Moderator
Moderator
Posts: 8120
Joined: 2011-09-08 17:48

Re: Setting up internal user and external user

Post by jimimaseye » 2016-07-12 10:53

Not sure what you are doing there or why. Anyway, I do see you have opened yourself up for receiving LOTS OF SPAM (local to local without authentication on full internet range). And yet, strangely, you choose to ensure your local users on .141 must have authentication for the same.

Anyway, loook at your logs. Send an email from a user on the .141 address and take a look at the log. (post the resultant SMTP logs here if needed)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

gnoppix
New user
New user
Posts: 21
Joined: 2015-10-26 07:27

Re: Setting up internal user and external user

Post by gnoppix » 2016-07-13 02:35

jimimaseye wrote:Not sure what you are doing there or why. Anyway, I do see you have opened yourself up for receiving LOTS OF SPAM (local to local without authentication on full internet range). And yet, strangely, you choose to ensure your local users on .141 must have authentication for the same.

Anyway, loook at your logs. Send an email from a user on the .141 address and take a look at the log. (post the resultant SMTP logs here if needed)

Thanks jimimaseye, please find logs below.
"DEBUG" 2468 "2016-07-12 17:03:47.620" "TCP connection started for session 505192"
"SMTPD" 2468 505192 "2016-07-12 17:03:47.620" "192.168.1.141" "SENT: 220 mydomain.com.ph ESMTP"
"SMTPD" 2500 505192 "2016-07-12 17:03:47.636" "192.168.1.141" "RECEIVED: EHLO chot"
"SMTPD" 2500 505192 "2016-07-12 17:03:47.636" "192.168.1.141" "SENT: 250-mydomain.com.ph[nl]250-SIZE 15000000[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD" 2500 505192 "2016-07-12 17:03:47.636" "192.168.1.141" "RECEIVED: AUTH LOGIN"
"SMTPD" 2500 505192 "2016-07-12 17:03:47.636" "192.168.1.141" "SENT: 334 VXNlcm5hbWU6"
"SMTPD" 2468 505192 "2016-07-12 17:03:47.636" "192.168.1.141" "RECEIVED: Y2FzaXVzcmV5LnNvbGFtaW5Ac3RhcnBhcGVyLmNvbS5waA=="
"SMTPD" 2468 505192 "2016-07-12 17:03:47.636" "192.168.1.141" "SENT: 334 UGFzc3dvcmQ6"
"SMTPD" 2484 505192 "2016-07-12 17:03:47.636" "192.168.1.141" "RECEIVED: ***"
"SMTPD" 2484 505192 "2016-07-12 17:03:47.636" "192.168.1.141" "SENT: 235 authenticated."
"SMTPD" 2468 505192 "2016-07-12 17:03:47.636" "192.168.1.141" "RECEIVED: MAIL FROM: <casius@mydomain.com.ph>"
"SMTPD" 2468 505192 "2016-07-12 17:03:47.651" "192.168.1.141" "SENT: 250 OK"
"SMTPD" 2484 505192 "2016-07-12 17:03:47.651" "192.168.1.141" "RECEIVED: RCPT TO: <gnoppix@mydomain.com.ph>"
"SMTPD" 2484 505192 "2016-07-12 17:03:47.651" "192.168.1.141" "SENT: 250 OK"
"SMTPD" 2500 505192 "2016-07-12 17:03:47.651" "192.168.1.141" "RECEIVED: RCPT TO: <gnoppix@gmail.com>"
"SMTPD" 2500 505192 "2016-07-12 17:03:47.651" "192.168.1.141" "SENT: 550 Delivery is not allowed to this address."
"DEBUG" 2500 "2016-07-12 17:03:47.651" "AWStats::LogDeliveryFailure"
"SMTPD" 2500 505192 "2016-07-12 17:03:47.776" "192.168.1.141" "RECEIVED: RSET"
"DEBUG" 2500 "2016-07-12 17:03:47.776" "Deleting message file."
"SMTPD" 2500 505192 "2016-07-12 17:03:47.776" "192.168.1.141" "SENT: 250 OK"
"SMTPC" 2484 505165 "2016-07-12 17:03:48.041" "63.250.192.45" "SENT: [nl]."
"DEBUG" 2484 "2016-07-12 17:03:48.213" "Creating session 505234"
"TCPIP" 2484 "2016-07-12 17:03:48.213" "TCP - 192.168.0.199 connected to 192.168.0.54:110."
"DEBUG" 2500 "2016-07-12 17:03:48.306" "Ending session 505232"
"SMTPD" 2500 505192 "2016-07-12 17:03:50.647" "192.168.1.141" "RECEIVED: RSET"
"SMTPD" 2500 505192 "2016-07-12 17:03:50.647" "192.168.1.141" "SENT: 250 OK"

Success from Gmail to @mydomain
"SMTPD" 2468 505253 "2016-07-12 17:06:00.564" "209.85.220.169" "SENT: 220 mydomain.com.ph ESMTP"
"SMTPD" 2516 505253 "2016-07-12 17:06:00.798" "209.85.220.169" "RECEIVED: EHLO mail-qk0-f169.google.com"
"SMTPD" 2516 505253 "2016-07-12 17:06:00.798" "209.85.220.169" "SENT: 250-mydomaincom.ph[nl]250-SIZE 15000000[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD" 2492 505253 "2016-07-12 17:06:01.017" "209.85.220.169" "RECEIVED: MAIL FROM:<gnoppix@gmail.com> SIZE=2342"
"SMTPD" 2492 505253 "2016-07-12 17:06:03.138" "209.85.220.169" "SENT: 250 OK"
"SMTPD" 2468 505253 "2016-07-12 17:06:03.357" "209.85.220.169" "RECEIVED: RCPT TO:<Casius@mydomain.com.ph>"
"SMTPD" 2468 505253 "2016-07-12 17:06:03.372" "209.85.220.169" "SENT: 250 OK"
"SMTPD" 2468 505253 "2016-07-12 17:06:03.606" "209.85.220.169" "RECEIVED: DATA"
"SMTPD" 2468 505253 "2016-07-12 17:06:03.606" "209.85.220.169" "SENT: 354 OK, send."
"SMTPD" 2180 505253 "2016-07-12 17:06:03.981" "209.85.220.169" "SENT: 250 Queued (0.384 seconds)"
"SMTPD" 2492 505253 "2016-07-12 17:06:04.199" "209.85.220.169" "RECEIVED: QUIT"
"SMTPD" 2492 505253 "2016-07-12 17:06:04.199" "209.85.220.169" "SENT: 221 goodbye"

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: Setting up internal user and external user

Post by percepts » 2016-07-13 02:55

localuser 192.168.1.141 192.168.1.141 priority 10
internet1 0.0.0.0 192.168.1.140 priority 11
internet2 192.168.1.142 255.255.255.255 priority 12

try that and see if it solves problem. I don't think you can use same priority value more than once.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8120
Joined: 2011-09-08 17:48

Re: Setting up internal user and external user

Post by jimimaseye » 2016-07-13 03:28

percepts wrote:I don't think you can use same priority value more than once
All auto bans are priority 20.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

gnoppix
New user
New user
Posts: 21
Joined: 2015-10-26 07:27

Re: Setting up internal user and external user

Post by gnoppix » 2016-07-13 03:43

Did all your suggestion, but email coming from external can still be receive by user 192.168.1.141 / i know this is straight forward but i might be missing something here.. i also enable the smtp authentication for local to local. Any more suggestion for this ?

User avatar
mattg
Moderator
Moderator
Posts: 20108
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Setting up internal user and external user

Post by mattg » 2016-07-13 03:46

Not that it matters for this example, but If multiple IP ranges have the same priority, I think that the time of creation applies (ie the first one created will be the one used)

Making different priorities is much more explicit though, and a much better idea than using the same priority for all three IP ranges.

This scenario detailed by Percepts is the same as the OPs and doesn't utilise priorities at all, but uses the IP range to define what happens / is required.


I'd suggest default settings (it uses priorities) there is a default button ...
internet 0.0.0.0 >> 255.255.255.255 priority 10
My computer 127.0.0.1 >> 127.0.0.1 priority 15
Then add local user 192.168.1.141 >> 192.168.1.141 priority 25



Autoban will generate IP ranges at priority 20
The 'local user' at 192.168.1.141 will never get auto banned with a priority of 25.


ALSO the OP should understand that LOCAL or EXTERNAL as used in IP ranges is not related to the LAN, but in fact depicts whether or not the mail account (or domain if no route or catchall is used) is locally hosted or not.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

gnoppix
New user
New user
Posts: 21
Joined: 2015-10-26 07:27

Re: Setting up internal user and external user

Post by gnoppix » 2016-07-13 04:39

Thanks Sir Mattg, I will try this on our live server.

By the way, sorry for the little knowhow, do i really need to have "My computer 127.0.0.1 >> 127.0.0.1 priority 15" as one of the IP Range.
What does it do. This is one of the default range but i deleted it when spam got into our email server.

Lastly what does OPs stand for ? :oops:

Thanks again.

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: Setting up internal user and external user

Post by percepts » 2016-07-13 04:57

OP stands for Original Post/Poster

I think Matt missed the point that the specific IP number that I suggested be priority 10 would only have "Allow Connections" for local to local set so would therefore work. It really doesn't matter what priority you give it providing its not in any other IP Range. If you do as matt suggests then it does matter that the priority is higher so that it takes precedence because the IP is within the internet range.

[Edit]

I corrected my error which was not reading the full requirement properly before replying. But the principle still stands.
Last edited by percepts on 2016-07-13 05:26, edited 1 time in total.

User avatar
mattg
Moderator
Moderator
Posts: 20108
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Setting up internal user and external user

Post by mattg » 2016-07-13 05:18

gnoppix wrote:I will now be incorporating internal user that can only send email locally and will not allowed to send and receive to and :? from external.
gnoppix wrote:Please find attached IP Range setup that i made.

But unfortunately 192.168.1.141 can receive email from external... but cannot send to external.
Just to clarify what you want....
You want users of hmailserver to ONLY send to each other, with no chance of there being any incoming mail from the internet, and no outgoing mail to the internet?
Is this for ALL users?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

gnoppix
New user
New user
Posts: 21
Joined: 2015-10-26 07:27

Re: Setting up internal user and external user

Post by gnoppix » 2016-07-13 06:05

mattg wrote:
gnoppix wrote:I will now be incorporating internal user that can only send email locally and will not allowed to send and receive to and :? from external.
gnoppix wrote:Please find attached IP Range setup that i made.

But unfortunately 192.168.1.141 can receive email from external... but cannot send to external.
Just to clarify what you want....
You want users of hmailserver to ONLY send to each other, with no chance of there being any incoming mail from the internet, and no outgoing mail to the internet?
Is this for ALL users?
Im sorry if the OP is not that clear. This is how it goes.

I have already setup the hmailserver with only 1 IP Range 0.0.0.0 - 255.255.255.255 and its working well. ( all of the accounts can send local to local, external to local, local to external.)

Now, i will be adding an account/s wherein the only feature is to send local to local ( not allow to send or receive from external ). That is why i put the 192.168.1.141 in the IP range, configured to send and receive only from local to local and split the internet range into 2 with the assumption that it has to be like that.

Hope this clarify the confusion.
thanks, gnoppix

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: Setting up internal user and external user

Post by percepts » 2016-07-13 06:34

there is an alternative methodolgy for setting up internal email only.

See: https://www.hmailserver.com/documentati ... t_up_local

if you create a domain in hmail say for example "internal.mail" and then add a user so you have user@internal.mail
Just make sure you don't use a real tld to be sure that the domain doesn't exist externally.

in their email client you set the smtp and pop/imap server to be the IP of hmailserver.
Their username will be user@internal.mail

nobody externally will be able to send them email since the domain internal.mail has no dns mx record so they can't be found. They can try and send externally but most servers will reject the mail because they have no dns mx records to vaildate source of mail. That usually causes a mailer daemon bounce message. To improve that scenario you can implement the following script code in your onAcceptMessage sub of eventhandlers.vbs
Using this code means you don't need to mess with IP Ranges. And they will get an immediate failure message in their email client if they try and send externally rather than a delayed mailer daemon mail.

Code: Select all

Sub OnAcceptMessage(oClient, oMessage)

if (InStr(1, oMessage.FromAddress, "internal.mail", 1) > 0)  Then
 Dim oRecipient
 For oRecipient = oMessage.Recipients.Count-1 to 0 Step -1
  If Not (oMessage.Recipients(oRecipient).IsLocalUser) Then
   Result.Message = "Error - External email addresses are NOT permitted"
   Result.Value = 2
   Exit For
  End If
 Next 
End If

End Sub
the IsLocalUser means any domain defined in hmailserver. You could modify the code to allow to only specific local domains if you have several and want to limit it to specific ones including internal.mail.

So now any users you want to limit to sending mail internally, you just set them up as a user in your local domain "internal.mail" and give them the email client setup information. So its just managed like any other local domain with users. Those users who you want to be able to send and receive mail externally you set up in a normal domain as before.
Any local users(defined in hmail) will be able to send mail to user@internal.mail

gnoppix
New user
New user
Posts: 21
Joined: 2015-10-26 07:27

Re: Setting up internal user and external user

Post by gnoppix » 2016-07-13 07:51

@percepts, now i'm the one who is confused . . .

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: Setting up internal user and external user

Post by percepts » 2016-07-13 08:08

and I thought it was plain as daylight. Why are you confused?

Correct me if I'm wrong. You want to be able to setup one or more of your users to only be able to send mail internally and others to be able to send and receive mail internally and externally.

You can either do that by maintaining a list of their IP numbers and setting each of them up in IP Ranges or you can do what I suggested above. Take your pick. They both have their pros and cons.

For example, if user moves to a different workstation and logs in then then their IP changes and you have to change the IP Range to accomodate that. That'll be fun for you everyday. And then they might plug in with a laptop somewhere external to the company so they'll have a different IP again. How are you planning on managing that. If you do it the way I suggest you won't have that problem because its not IP dependant.

I'm struggling to find the cons with the methodolgy I've suggested. They can use any device they likle with the methodoogy I given you. I'm sure I'll think of one or two cons if I really put my mind to it but none spring to mind at the moment.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8120
Joined: 2011-09-08 17:48

Re: Setting up internal user and external user

Post by jimimaseye » 2016-07-13 08:30

gnoppix wrote:Good day. I'm using hmailserver for a while now as a distribution server ( all users can send in and out, managing both POP and SMTP ). I will now be incorporating internal user that can only send email locally and will not allowed to send and receive to and :? from external. I had a few test done through the IP Ranges options but it does not work.

I need some advise from you to help me find where and what am i missing to implement this.

Thanks you very much.

gnoppix :?
Restore all IP RANGES back to how they were (press DEFAULT).
You can then implement this script: viewtopic.php?f=20&t=28045 and add your choice of allowed users to the list (the list being your choice of ALLOWED users or DISALLOWED users sending to external addresses). It keeps all incoming emails from external whilst blocking certain users from sending out to external.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 20108
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Setting up internal user and external user

Post by mattg » 2016-07-13 09:01

Setting up an IP range for this ONE user will NOT stop incoming mail from the internet to this user. It will at best only allow this user to send to local accounts.

Getting what you want requires a script of some kind, either one that Percepts or jimimaseye show will do the trick, they just do it slightly differently to each other.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: Setting up internal user and external user

Post by percepts » 2016-07-13 09:48

slightly? That's an under statement.

The way I suggest only requires entering the user details/name once and has a much simpler script. Less is more as they say. I don't like code bloat. :wink:

gnoppix
New user
New user
Posts: 21
Joined: 2015-10-26 07:27

Re: Setting up internal user and external user

Post by gnoppix » 2016-07-13 10:05

For me to avoid complication on my setup, is there anyone know who can tell me the exact behavior of my setup with regards to the "local user 1" ? (please refer to picture attached)
( i've already enable SMTP authentication for local to local for both Internet and internet1 range. )

gnoppix

User avatar
jimimaseye
Moderator
Moderator
Posts: 8120
Joined: 2011-09-08 17:48

Re: Setting up internal user and external user

Post by jimimaseye » 2016-07-13 10:35

Gnoppix, back to basics....


are you aware that limiting 192.168.1.141 from sending and receiving emails (to/from external addresses) is NOT the same as limiting the USER? Because that USER can simply go to another device (phone or other pc), logon on that device and carry on unrestricted. Similarly, by blocking 192.168.1.141 you are blocking ALL USERS on THAT DEVICE ?

So are you trying to limit a USER (eg, SalesFred@yourdomain) or are you trying to stop the DEVICE 192.168.1.141 ?

Please confirm you understand this and what you want.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: Setting up internal user and external user

Post by percepts » 2016-07-13 11:34

gnoppix wrote:For me to avoid complication on my setup, is there anyone know who can tell me the exact behavior of my setup with regards to the "local user 1" ? (please refer to picture attached)
( i've already enable SMTP authentication for local to local for both Internet and internet1 range. )

gnoppix
I already told you. It is undefined. See following and look at what it says for "Priority"

https://www.hmailserver.com/documentati ... ce_iprange

User avatar
jimimaseye
Moderator
Moderator
Posts: 8120
Joined: 2011-09-08 17:48

Re: Setting up internal user and external user

Post by jimimaseye » 2016-07-13 11:53

percepts wrote:I already told you. It is undefined. See following and look at what it says for "Priority"

https://www.hmailserver.com/documentati ... ce_iprange
This is not the case, it is incorrect.

As he has already written and pointed out earlier in the thread his ip range is priority 10 and does not overlap any other ranges matching the same address.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: Setting up internal user and external user

Post by percepts » 2016-07-13 11:55

jimimaseye wrote:
percepts wrote:I already told you. It is undefined. See following and look at what it says for "Priority"

https://www.hmailserver.com/documentati ... ce_iprange
This is not the case, it is incorrect.

As he has already written and pointed out earlier in the thread his ip range is priority 10 and does not overlap any other ranges matching the same address.
No that is wrong. hmail may apply the conditions of any of the three ranges which have priority 10. It is undefined which one will take effect when the priorities are the same.

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: Setting up internal user and external user

Post by percepts » 2016-07-13 12:01

gnoppix wrote:For me to avoid complication on my setup, is there anyone know who can tell me the exact behavior of my setup with regards to the "local user 1" ? (please refer to picture attached)
( i've already enable SMTP authentication for local to local for both Internet and internet1 range. )

gnoppix
either do what matt told you or what I told you. But it will not work how you think it or want it to. As I pointed out, if user moves to another machine he will not be blocked unless you block the IP of the machine they have moved to.

Best implement a local domain as I suggested. It's a 5 minute job to do. Very simple.

gnoppix
New user
New user
Posts: 21
Joined: 2015-10-26 07:27

Re: Setting up internal user and external user

Post by gnoppix » 2016-07-13 12:05

jimimaseye wrote:Gnoppix, back to basics....


are you aware that limiting 192.168.1.141 from sending and receiving emails (to/from external addresses) is NOT the same as limiting the USER? Because that USER can simply go to another device (phone or other pc), logon on that device and carry on unrestricted. Similarly, by blocking 192.168.1.141 you are blocking ALL USERS on THAT DEVICE ?

So are you trying to limit a USER (eg, SalesFred@yourdomain) or are you trying to stop the DEVICE 192.168.1.141 ?

Please confirm you understand this and what you want.
@jimimaseye: Yes i'm aware of it and i'm trying to limit the USER to send to EXTERNAL. (local to local and external to local only is allowed).

User avatar
jimimaseye
Moderator
Moderator
Posts: 8120
Joined: 2011-09-08 17:48

Re: Setting up internal user and external user

Post by jimimaseye » 2016-07-13 12:08

percepts wrote:No that is wrong. hmail may apply the conditions of any of the three ranges which have priority 10. It is undefined which one will take effect when the priorities are the same.
So by your reckoning, HMS looks up PRIORITIES first and if there is more than one, it it simply takes 'a record' from one of them and applies it irrespective of whether the IP range of addresses matches the connecting IP?!

No. It finds a match of addresses first, and if there is more than one match, it will take the highest priority. If there is 2 or more matching the address with the SAME priority then it is an 'undefined' order of process.
If hMailServer matches two IP ranges, the IP range with the highest priority will be used.
However, in the OP's case, there is only one matching IP RANGE matching the connecting address so the priority is not relevant (except in case of it being set as priority Zero which we know causes a problem). So, for his situation, that address will receiving priority 10 and will not be overridden by any other range as there is no other range matching the address.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8120
Joined: 2011-09-08 17:48

Re: Setting up internal user and external user

Post by jimimaseye » 2016-07-13 12:12

gnoppix wrote: @jimimaseye: Yes i'm aware of it and i'm trying to limit the USER to send to EXTERNAL. (local to local and external to local only is allowed).
Restore all IP RANGES back to how they were (press DEFAULT). (Ensure you remove 'local user 1' range).
You can then implement this script: viewtopic.php?f=20&t=28045 and add your choice of allowed users to the list (the list being your choice of ALLOWED users or DISALLOWED users sending to external addresses). It keeps all incoming emails from external whilst blocking certain users from sending out to external.

Add that USER to the blocklist (and any other user you may choose) and it will prevent him sending to external users irrespective of where they are and what device they use.

HOWEVER..... in your first post you wrote:
gnoppix wrote:user that can only send email locally and will not allowed to send and receive to and :? from external.
That says you want to stop them RECEIVING email from external too.

So, confirm, what do you want to stop this user from doing? If you want to stop them RECEIVING external email then you also need a different change.

You can simply add a rule that DELETES any inbound email to this user or you can add a script to reject any email that is bound TO this user so it never arrives at HMS in the first place. (In any case you can still use the above script to prevent the user from sending out to the external world).
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: Setting up internal user and external user

Post by percepts » 2016-07-13 12:14

jimimaseye wrote:
percepts wrote:No that is wrong. hmail may apply the conditions of any of the three ranges which have priority 10. It is undefined which one will take effect when the priorities are the same.
So by your reckoning, HMS looks up PRIORITIES first and if there is more than one, it it simply takes 'a record' from one of them and applies it irrespective of whether the IP range of addresses matches the connecting IP?!

No. It finds a match of addresses first, and if there is more than one match, it will take the highest priority. If there is 2 or more matching the address with the SAME priority then it is an 'undefined' order of process.
If hMailServer matches two IP ranges, the IP range with the highest priority will be used.
However, in the OP's case, there is only one matching IP RANGE matching the connecting address so the priority is not relevant (except in case of it being set as priority Zero which we know causes a problem). So, for his situation, that address will receiving priority 10 and will not be overridden by any other range as there is no other range matching the address.
So that'll be why its not working then. :roll:

User avatar
jimimaseye
Moderator
Moderator
Posts: 8120
Joined: 2011-09-08 17:48

Re: Setting up internal user and external user

Post by jimimaseye » 2016-07-13 12:27

percepts wrote:So that'll be why its not working then. :roll:
He never said it wasnt working. He said it isnt doing what he WANTS it to do.
gnoppix wrote:Please find attached IP Range setup that i made.

But unfortunately 192.168.1.141 can receive email from external... but cannot send to external.
Looks like it is doing exactly as the IP RANGE is set to do. He also wants to stop INBOUND emails from external and he cant do that with an IP RANGE.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Post Reply