I have been blacklisted by spamcop because someone sent emails to my sever spoofing my email address and for some reason hmailserver allows this?
I changed my password and it keeps happening. I do not allow external to external emails without authentication. Here is an example header where clearly the IP address this originated from is not mine:
Received: from BN6PR1101CA0018.namprd11.prod.outlook.com
(2603:10b6:405:4a::28) by CY4PR11MB1928.namprd11.prod.outlook.com
(2603:10b6:903:11e::18) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.24; Fri, 20 Sep
2019 10:40:42 +0000
Received: from SN1NAM01FT009.eop-nam01.prod.protection.outlook.com
(2a01:111:f400:7e40::204) by BN6PR1101CA0018.outlook.office365.com
(2603:10b6:405:4a::28) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2284.19 via Frontend
Transport; Fri, 20 Sep 2019 10:40:42 +0000
Authentication-Results: spf=pass (sender IP is 93.174.95.43)
smtp.mailfrom=stdcarriers.com; student.sjvc.edu; dkim=fail (invalid public
key) header.d=stdcarriers.com;student.sjvc.edu; dmarc=pass action=none
header.from=stdcarriers.com;
Received-SPF: Pass (protection.outlook.com: domain of stdcarriers.com
designates 93.174.95.43 as permitted sender) receiver=protection.outlook.com;
client-ip=93.174.95.43; helo=mail.copblaster.com;
Received: from mail.copblaster.com (93.174.95.43) by
SN1NAM01FT009.mail.protection.outlook.com (10.152.65.54) with Microsoft SMTP
Server id 15.20.2199.13 via Frontend Transport; Fri, 20 Sep 2019 10:40:41
+0000
dkim-signature: v=1; a=rsa-sha256; d=stdcarriers.com; s=dkim;
c=relaxed/relaxed; q=dns/txt; h=From:Reply-To:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-Description;
bh=cckFWA8U9nJF45DxzSYjGjNf1N52CBPP/vzUa998DzY=;
b=NPFMpsmc+FjHVEJ7te0no4S0lo8ulLEIm2GEv5bjXp+tVwPN2dUciNpYbEVdD96pOrnPZJcDQjW+aU1IGJjwDzLb5ig3xGzAXbfSl5JMscuOHHu5tBkYw3J1S8n6+668Z6tR6+QPJ8JA62MuqJuSVOJT9AQxaJimT+DEe/EKrIggq4HCJfNcKsFrkghW/L8+60PGIUVnNGJKTulyndQaMZrZpaI2sPp1YCJXJH2Tyu9e8hDp0rFNR0AERl
V+5ljQ9/ODaDF928aCysCNFgLVpjVElUkHMyhKWhd9Uu+oVkUzUhzehVaIPb2velfh79XesvpKtoa5bIiQ90AEKe/icg==
Received: from [192.168.8.101] (Unknown [197.255.167.137])
by mail.copblaster.com with ESMTP
; Fri, 20 Sep 2019 02:20:52 -0700
Message-ID: <7E32DCCB-C0BD-4CD9-8956-C1E898A3BB65@mail.copblaster.com>
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Subject: Attention Fund Beneficiary
To: Recipients <webmaster@stdcarriers.com>
From: "Mr. John Wagner" <webmaster@stdcarriers.com>
Date: Fri, 20 Sep 2019 10:20:50 +0100
Reply-To: sprinig12@163.com
X-Antivirus: Avast (VPS 190919-4, 09/19/2019), Outbound message
X-Antivirus-Status: Clean
Return-Path: webmaster@stdcarriers.com
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 3eb71b57-cc15-4846-8f7d-9f4b5370070a:0
X-Forefront-Antispam-Report: CIP:93.174.95.43;IPV:NLI;CTRY:NL;EFV:NLI;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 479fe40f-29c0-4348-659d-08d73db6fbde
X-Microsoft-Antispam:
BCL:6;PCL:0;RULEID:(2390118)(7020095)(4652040)(5600167)(711020)(4605104)(4709080)(1402095)(71702078);SRVR:CY4PR11MB1928;
X-MS-TrafficTypeDiagnostic: CY4PR11MB1928:
X-MS-Exchange-PUrlCount: 1
hmailserver Relaying Spam without Permission HELP!
-
CopBlaster
- New user
- Posts: 23
- Joined: 2019-06-28 11:17
- Location: Portland, Oregon
- Contact:
-
jimimaseye
- Moderator
- Posts: 9920
- Joined: 2011-09-08 17:48
Re: hmailserver Relaying Spam without Permission HELP!
run this and post the results: https://www.hmailserver.com/forum/viewt ... 20&t=30914
[Entered by mobile. Excuse my spelling.]
[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
CopBlaster
- New user
- Posts: 23
- Joined: 2019-06-28 11:17
- Location: Portland, Oregon
- Contact:
Re: hmailserver Relaying Spam without Permission HELP!
Here are the results of the script. I just enabled requiring authentication for internal to external addresses, so that is new.
Generated by HMSSettingsDiagnostics v1.95, Hmailserver Forum.
Code: Select all
2019-09-20 Hmailserver: 5.6.7-B2425
DOMAINS
"Domain1.com" - coxxxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: c:\pmta\dkim.Domain1.com.pem
Selector: dkim
"Domain2.com" - cyxxxxxxxxxxxxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: c:\pmta\dkim.Domain2.com.pem
Selector: dkim
"Domain3.com" - cyxxxxxxxxxxx.net Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
"Domain4.com" - noxxxxxxxxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: c:\pmta\dkim.Domain4.com.pem
Selector: dkim
"Domain5.com" - noxxxxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: c:\pmta\dkim.Domain5.com.pem
Selector: dkim
"Domain6.com" - stxxxxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: c:\pmta\dkim.Domain6.com.pem
Selector: dkim
"Domain7.com" - stxxxxxxxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
"Domain8.com" - suxxxxxxxxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
-----------------------------------------------------------------------------------------------
IP RANGES
IP: 127.0.0.1 - 127.0.0.1 Priority: 15 Name: My computer
Allow connections Other
SMTP: True Antispam : False
POP3: True Antivirus: False
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 0.0.0.0 - 255.255.255.255 Priority: 10 Name: Internet
Allow connections Other
SMTP: True Antispam : False
POP3: True Antivirus: False
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
------------------------------------------------------
AUTOBANNED Local Addresses:
No entries
-----------------------------------------------------------------------------------------------
AUTOBAN
Autoban Enabled: False
No problems were found in the IP range configuration.
-----------------------------------------------------------------------------------------------
INCOMING RELAYS
No entries
-----------------------------------------------------------------------------------------------
MIRRORING Disabled
-----------------------------------------------------------------------------------------------
PROTOCOLS
SMTP
GENERAL DELIVERY RFC COMPLIANCE ADVANCED
No. Connections: 0 No Retries: 4 Mins: 60 Plain Text: False Bind:
Host: EXTERNAL.TLD Empty sender: False Batch recipients: 100
Max Msg Size: 20480 Relay:- Incorrect endings: True Use STARTTLS: False
(none entered) Disc. on invalid: False Delivered-To hdr: False
Loop limit: 5
Recipient hosts: 15
Routes:
No routes defined.
POP3
No. Connections: 0
IMAP
GENERAL PUBLIC FOLDERS ADVANCED
No. Connections: 0 Public folder name: #Public IMAP sort: True
IMAP Quota: True
IMAP Idle: True
IMAP ACL: True
Delim: "."
-----------------------------------------------------------------------------------------------
ANTISPAM
GENERAL SPAM TESTS Score SPAMASSASSIN
Spam Mark: 5 Use SPF: True - 3 Use Spamassassin: False
Add X-HmailServer-Spam: True Check HELO host: True - 2
Add X-HmailServer-Reason: True Check MX records: True - 2
Add X-HmailServer-Subject: False Verify DKIM: True - 5
Spam delete threshold: 20 Maximum message size: 1024
DNSBL ENTRIES:
zen.spamhaus.org Score: 3 Result: 127.0.0.2-8|127.0.0.10-11
bl.spamcop.net Score: 3 Result: 127.0.0.2
SURBL ENTRIES:
multi.surbl.org Score: 3
GREYLISTING:
Greylisting: False
WHITELISTING
No entries
-----------------------------------------------------------------------------------------------
ANTIVIRUS: No application configured.
Block Attachments: True
*.bat Batch processing file
*.cmd Command file for Windows NT
*.com Command
*.cpl Windows Control Panel extension
*.csh CSH script
*.exe Executable file
*.inf Setup file
*.lnk Windows link file
*.msi Windows Installer file
*.msp Windows Installer patch
*.pif Program Information file
*.reg Registration key
*.scf Windows Explorer command
*.scr Windows Screen saver
-----------------------------------------------------------------------------------------------
SSL CERTIFICATES
*Domain1.com
Certificate: C:\Users\Administrator\Documents\sslbk\certificate.cert
Private key: C:\Users\Administrator\Documents\sslbk\key.key
-----------------------------------------------------------------------------------------------
SSL/TLS
SSL 3.0 : True
TLS 1.0 : True
TLS 1.1 : True
TLS 1.2 : True Verify Remote SSL/TLS Certs: True
SslCipherList :
ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384 - DHE-RSA-AES128-GCM-SHA256 - DHE-DSS-AES128-GCM-SHA256
kEDH+AESGCM - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA - ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES128-SHA256 - DHE-RSA-AES128-SHA - DHE-DSS-AES128-SHA256
DHE-RSA-AES256-SHA256 - DHE-DSS-AES256-SHA - DHE-RSA-AES256-SHA
AES128-GCM-SHA256 - AES256-GCM-SHA384 - ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA - AES128 - AES256
RC4-SHA - HIGH - !aNULL
!eNULL - !EXPORT - !DES
!3DES - !MD5 - !PSK;
-----------------------------------------------------------------------------------------------
TCPIP PORTS Connection Sec
0.0.0.0 / 25 / SMTP - SSL/TLS !! External Email Blocked !! Cert: *Domain1.com
0.0.0.0 / 110 / POP3 - None
0.0.0.0 / 143 / IMAP - StartTLS Optional Cert: *Domain1.com
0.0.0.0 / 587 / SMTP - StartTLS Optional Cert: *Domain1.com
-----------------------------------------------------------------------------------------------
LOGGING Logging Enabled: False
Paths:-
Error: C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2019-09-20.log - !! ERRORS PRESENT !!
Event: C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Not present
Awstats: C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
-----------------------------------------------------------------------------------------------
SYSTEM TESTS
Database type: MSSQL Compact
IPv6 support is available in operating system.
Backup directory C:\Program Files (x86)\hMailServer\hmailbk is writable.
Relative message paths are stored in the database for all messages.
-----------------------------------------------------------------------------------------------
HMAILSERVER.INI
[Directories]
Program folder: C:\Program Files (x86)\hMailServer\
Database folder: C:\Program Files (x86)\hMailServer\Database
Data folder: C:\Program Files (x86)\hMailServer\Data
Log folder: C:\Program Files (x86)\hMailServer\Logs
Temp folder: C:\Program Files (x86)\hMailServer\Temp
Event folder: C:\Program Files (x86)\hMailServer\Events
[Database]
Type= MSSQLCE
Username=
PasswordEncryption=1
Port= 0
Server=
Internal= 1
-----------------------------------------------------------------------------------------------
-
jimimaseye
- Moderator
- Posts: 9920
- Joined: 2011-09-08 17:48
Re: hmailserver Relaying Spam without Permission HELP!
Good. That was your cause.
Also do it for Local To Local otherwise you will have an inbox full of spam.
[Entered by mobile. Excuse my spelling.]
Also do it for Local To Local otherwise you will have an inbox full of spam.
[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
CopBlaster
- New user
- Posts: 23
- Joined: 2019-06-28 11:17
- Location: Portland, Oregon
- Contact:
Re: hmailserver Relaying Spam without Permission HELP!
How would it be possible for an external email to an external address to be treated as internal at any point?
How is an email from an external source effected by internal settings like that?
How is an email from an external source effected by internal settings like that?
-
CopBlaster
- New user
- Posts: 23
- Joined: 2019-06-28 11:17
- Location: Portland, Oregon
- Contact:
Re: hmailserver Relaying Spam without Permission HELP!
Now it seems like I can't send or receive any emails at all. Now that SMTP authentication is required even though I have passwords setup.
-
jimimaseye
- Moderator
- Posts: 9920
- Joined: 2011-09-08 17:48
Re: hmailserver Relaying Spam without Permission HELP!
'External' means "domain not hosted by you" (it's nothing to with the machine address). Now you know that, look back at your settings.
(You'r email client will now require passwords to send).
[Entered by mobile. Excuse my spelling.]
(You'r email client will now require passwords to send).
[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
CopBlaster
- New user
- Posts: 23
- Joined: 2019-06-28 11:17
- Location: Portland, Oregon
- Contact:
Re: hmailserver Relaying Spam without Permission HELP!
External is domain not hosted by me, so how can hMailServer allow emails that claim to be from 123.com?
-
jimimaseye
- Moderator
- Posts: 9920
- Joined: 2011-09-08 17:48
Re: hmailserver Relaying Spam without Permission HELP!
Without seeing the SMTP log file entries of the exchange it is not possible to verify this.
[Entered by mobile. Excuse my spelling.]
[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
CopBlaster
- New user
- Posts: 23
- Joined: 2019-06-28 11:17
- Location: Portland, Oregon
- Contact:
Re: hmailserver Relaying Spam without Permission HELP!
My delivery que has like 20,000 messages so I am deleting that, maybe then I can send and receive normally.
-
CopBlaster
- New user
- Posts: 23
- Joined: 2019-06-28 11:17
- Location: Portland, Oregon
- Contact:
Re: hmailserver Relaying Spam without Permission HELP!
Working good now
-
jimimaseye
- Moderator
- Posts: 9920
- Joined: 2011-09-08 17:48
Re: hmailserver Relaying Spam without Permission HELP!
Another spambot shut down.
Result.
[Entered by mobile. Excuse my spelling.]
Result.
[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
CopBlaster
- New user
- Posts: 23
- Joined: 2019-06-28 11:17
- Location: Portland, Oregon
- Contact:
Re: hmailserver Relaying Spam without Permission HELP!
Ah noA vulnerablity in hMailServer allowed these messages to be sent through the system without having to be authenticated.
This was CLEARLY a configuration issue with this ONE installation of hmailserver, where the mail admin changed a DEFAULT setting to an unsafe setting
And that site, no HTTPS, and copyright notice dated 2012
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: hmailserver Relaying Spam without Permission HELP!
LOL. He said vulnerability. Oh noes! I better properly configure my installation so I'm not vulnerable too!mattg wrote: ↑2019-09-21 02:11Ah noA vulnerablity in hMailServer allowed these messages to be sent through the system without having to be authenticated.
This was CLEARLY a configuration issue with this ONE installation of hmailserver, where the mail admin changed a DEFAULT setting to an unsafe setting
And that site, no HTTPS, and copyright notice dated 2012