Is this right?

Forum for things that doesn't really have anything to do with hMailServer. Such as php.ini, beer, etc etc.
Post Reply
User avatar
RvdH
Senior user
Senior user
Posts: 1116
Joined: 2008-06-27 14:42
Location: Netherlands

Is this right?

Post by RvdH » 2019-07-05 16:22

Have been fiddling around with the IP ranges, when I disallow Deliveries from External to External for a IP Range but do not uncheck External to External in Require SMTP authentication the error message displayed is:
"530 SMTP authentication is required."

Only if I also uncheck External to External in Require SMTP authentication the error message is correct. eg:
"550 Delivery is not allowed to this address."

This seems incorrect to me...Don't you think?
I think settings in Allow deliveries must always be the preferred and appointed criteria above settings in Require SMTP authentication, in Administrator GUI this looks to be the case as the Require SMTP authentication checkbox is greyed-out/readonly as soon you uncheck Allow deliveries, but in the code it seems to function visa versa


https://github.com/hmailserver/hmailser ... n.cpp#L681
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
jimimaseye
Moderator
Moderator
Posts: 8730
Joined: 2011-09-08 17:48

Re: Is this right?

Post by jimimaseye » 2019-07-05 19:30

I agree.

You logged a github issue (fwiw)?

Although the error 'authenticating required' is enough to confuse the determined unwanted as they may think that (guessing) authentication is their way in When in actual fact they will never succeed, whereas the 'delivery not allowed to this address' simply gives away the real truth and tells them they can try something else (which, if they are lucky, they might succeed with).

It's like giving them a bucket of orange balls and telling them they can come in if they can find the green one.

Perhaps for these undesirables the rejection should simply be

500 Nah. Jog on!

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
RvdH
Senior user
Senior user
Posts: 1116
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Is this right?

Post by RvdH » 2019-07-05 19:53

I think it is the other way around, I suspect these are bots/infected systems trying to relay...those expect SMTP error 550 (Non-existent email address) or 551 (Relaying not allowed), but hmailserver returns 530, so they keep trying...over and over again, 551 doesn't exist on hmailserver though
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
SorenR
Senior user
Senior user
Posts: 3748
Joined: 2006-08-21 15:38
Location: Denmark

Re: Is this right?

Post by SorenR » 2019-07-05 23:39

The logical flow should be to disregard "Require SMTP authentication" if "Allow deliveries from" is unselected.

I have not yet looked in the code (other than I found Martin can't spell "deliveries") but it's somewhere in the SMTP logic. The priority of option checking needs to be altered.
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
jimimaseye
Moderator
Moderator
Posts: 8730
Joined: 2011-09-08 17:48

Re: Is this right?

Post by jimimaseye » 2019-07-05 23:43

SorenR wrote:
2019-07-05 23:39
The logical flow should be to disregard "Require SMTP authentication" if "Allow deliveries from" is unselected.

I have not yet looked in the code (other than I found Martin can't spell "deliveries") but it's somewhere in the SMTP logic. The priority of option checking needs to be altered.
I agree. (From a logic procedural point of view)

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
RvdH
Senior user
Senior user
Posts: 1116
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Is this right?

Post by RvdH » 2019-07-06 00:17

I have already made a test build *.21
I reversed the logic in that build, lines 681 till 699 and line 662 till 679 are switched
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

Post Reply