Unexpected Behavior from hMail with 3rd Party Spam Filter

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
RangerRik1
Normal user
Normal user
Posts: 62
Joined: 2007-01-11 22:26
Location: Florida

Unexpected Behavior from hMail with 3rd Party Spam Filter

Post by RangerRik1 » 2007-04-18 22:28

I'm having a problem with SpamFighter SMTP filter/proxy and...

I have a question about how hMail would process inbound mail from an authenticated user for a local user account. [IE: example.com is an hMail controlled domain. user1@example.com sends user2@example.com a message]

Scenario: Spamfighter monitors SMTP port 25. It filters accordingly and delivers mail to port 26, which hmail is listening to [both programs running on the same server]. Suddenly, the server has been maxing CPU utilization. The culprit is filter.exe, spamfighter's executable. After a lot of trial and error, I discovered the trigger. Whenever a remote user of hmail authenticates (directly to port 26 BTW) and sends an email to another local user on the same domain, filter.exe goes crazy. Now I'm confused as to why these messages are going through the filter at all. Yet the spamfighter log file clearly shows inbound delivery (must be on port 25) from the local IP address [like it is coming from hMail]. I checked, double checked, and triple checked the remote client software (outlook 2003) was configured to deliver to port 26.

It is like hMail is resending these inbound messages from a local user back to itself for delivery to another local user. Does this make sense? I would have expected hMail to accept the message and deliver it directly to the target user's mailbox.

Any ideas?

I've had the SpamFighter people working on this for about 10+ days now and they are kind of perplexed. I'm just trying to understand why the message makes it to the spam filter at all...

BTW, I set the remote users to temporarly use their local ISP's SMTP server and the problem (filter.exe consuming 100% CPU) has gone away. But the users are suppose to be truly mobile and should be using my email server to send...

Regards,
--Rick

PS:

----sniplet of spamfighter log file showing the "error"----
007/04/10 11:11:10 00000002: Peer: MY IP ADDRESS (HELO MAIL.MYDOMAIN.COM)
2007/04/10 11:11:10 00000002: Content: multipart/related (406777 bytes)
2007/04/10 11:11:10 00000002: Identity: <4BA00B1E-D154-427B-B02D-7E882DDD1E8D@mail.mydomain.com>
2007/04/10 11:11:10 00000002: Subject: test 4
2007/04/10 11:11:10 00000002: Sender: <dana@example.com> (Envelope)
2007/04/10 11:11:10 00000002: Sender: <dana@example.com> (Header)
2007/04/10 11:11:10 00000002: Recipient: <jvargas@example.com.> (Envelope)
2007/04/10 11:11:10 00000002: Recipient: <jvargas@example.com.> (Header)
2007/04/10 11:11:10 00000002: -> No Policy Defined
2007/04/10 11:11:10 00000003: Peer: MY IP ADDRESS (HELO MAIL.MYDOMAIN.COM)
2007/04/10 11:11:10 00000003: Content: multipart/related (407208 bytes)
2007/04/10 11:11:10 00000003: Identity: <46C62432-899E-473C-984A-585F679F945B@mail.mydomain.com>
2007/04/10 11:11:10 00000003: Subject: test 4
2007/04/10 11:11:10 00000003: Sender: <dana@example.com> (Envelope)
2007/04/10 11:11:10 00000003: Sender: <dana@example.com> (Header)
2007/04/10 11:11:10 00000003: Recipient: <jvargas@example.com.> (Envelope)
2007/04/10 11:11:10 00000003: Recipient: <jvargas@example.com.> (Header)
2007/04/10 11:11:10 00000003: -> No Policy Defined
-----END-----

The log file keeps repeating the last 16 entries indefinitely. I guess that is where the 100% CPU utilization is coming from. SpamFighter should always have an "evaluation" policy for all users. It is encountering something it can't handle...

minsik
Normal user
Normal user
Posts: 92
Joined: 2006-08-03 13:08
Location: South Australia

this might help?

Post by minsik » 2007-04-19 03:47

We have similar setup but with ASSP in front of iamailserver.

assp input is port 25 ,sending its output is port 225, to the email program which is smtp listning on port 225, as well the is normal 110 for pop3 connections.

Now when a user either internally or externally connects to get their email its on port 110 for them to send or retrieve email. when the email program recieves or sends email out to the wide world then its done via port 225 from the email program to ASSP which then goes to port 25 to send the email to the other WWW servers.

I cant see why port 26 is invlolved in a user doing his email. As if i see the ASSP logging shows me email coming in and email coming out to the WWW but not email being collected by users.

maybe i havnt it right but i was surprised when i see port 26 mentioned for a user logging into the email server program. wouldnt this be on port 110?

sounds like the user is connecting to port 26 which should be the out path from the email program only! Thats when the email program wants to send email it uses port 26 which reverses through the spam filter back onto port 25 to the outside world>

Ok might not be a help but may just clarify how this all works for me.

Good luck.
Windows XP
hmailserver (latest beta allways) (except db versions)
test config, trying to convince the boss to use hmail!
ASSP - front end SPam killer

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Post by ^DooM^ » 2007-04-19 09:32

Port 26 shouldn't be involved to my knowledge. If you run TCPView on your server you can see what is using each port. This could just be a misconfiguration in one of your clients mail programs.

Post Reply