Greylist most but not all

This section contains user-submitted tutorials.
Post Reply
User avatar
mattg
Moderator
Moderator
Posts: 19810
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Greylist most but not all

Post by mattg » 2016-02-18 13:47

Greylisting is great.
It really cuts down the spam no end.

It does come at a cost.
With Outlook.com and gmail.com hosting more and more commercial mail domains, I'm finding it harder and harder to keep up with their mailserver IPs to greylist >> Whitelist them
The MX records only show IP addresses of their incoming servers, not their outgoing servers, which is what we need to greylist

As an alternative to trawling the logs looking for all relevant IP addresses I've developed this script.

Code: Select all

Sub OnSMTPData(oClient, oMessage)
	Dim TempString
	If InStr(oClient.helo,"outbound.protection.outlook.com")>0 _
	   Or InStr(oClient.helo,"google.com")>0 Then
		 ' somehow skip greylisying
		 dim oApp, NewWhitelistEntry, oWhiteList, i, checker
		 Set oApp = CreateObject("hMailServer.Application")
	
		' Give this script permission to access all
		' hMailServer settings.
		Call oApp.Authenticate("Administrator", "SecretPassword") ' change the password as required
		Set oWhiteList = oApp.Settings.AntiSpam.GreyListingWhiteAddresses

		checker = 0
		For i = 1 To oWhiteList.count
			If oWhiteList.item(i-1).ipAddress = oclient.IPAddress Then
				checker = checker +1
				Exit For
			End If
		Next 'i	
		If checker = 0 Then
			Set NewWhitelistEntry = oWhiteList.Add
			With NewWhitelistEntry
				.IPAddress = oClient.IPAddress
				.Description = "Auto Added - HELO = '" & oClient.helo & "'"
				.Save
			End With	
		End If 'checker
	End If
End Sub
This will greylist >> whitelist the sending IP just in time to bypass greylisting (if the IP doesn't already exist in greylist >> whitelist)
Other Spam checks are still performed.

Greylisting still occurs for all other domains as usual.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 7954
Joined: 2011-09-08 17:48

Re: Greylist most but not all

Post by jimimaseye » 2016-02-18 14:59

Looks good.

(Am I right in thinking that as hitting the match means nothing is required, line 18 could actually be EXIT SUB (instead of EXIT FOR and without the need of 'checker' variable) just for further speed? Just wondered. Youre the expert.)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3140
Joined: 2006-08-21 15:38
Location: Denmark

Re: Greylist most but not all

Post by SorenR » 2016-02-18 16:17

viewtopic.php?f=20&t=13682&p=155530&hil ... st#p155530

viewtopic.php?f=20&t=13682&p=155530&hil ... st#p155678

This was a quick search so there may be newer versions somewhere... I'm using this and have been for a very long time...
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
mattg
Moderator
Moderator
Posts: 19810
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Greylist most but not all

Post by mattg » 2016-02-18 23:55

Those are add to whitelist, not add to greylist >> whitelist

By adding to greylist >> whitelist other spam checks still occur, including SpamAssassin


Whitelisted addresses have no Anti-SPAM checking at all.
I figured that mail from gmail or Outlook.com may still be SPAM, AND Ultimately will get delivered (gmail.com and Outlook.com are unlikely in my view to drop a mail message after they have accepted it)

This script allows me to have greylisting enabled for most mail and still spam check this mail
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
mattg
Moderator
Moderator
Posts: 19810
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Greylist most but not all

Post by mattg » 2016-02-18 23:59

jimimaseye wrote:(Am I right in thinking that as hitting the match means nothing is required, line 18 could actually be EXIT SUB (instead of EXIT FOR and without the need of 'checker' variable) just for further speed? Just wondered. Youre the expert.)
Mate, I'm no expert.

In this cut down version, yes that is probably correct.
I have some additional custom logging going on in my actual script.

(I did modify my custom log script to incorporate SorenR's file lock fix - works brilliantly. Actually had two days in the last week without a daily error log thanks to this and your SpamAssassin timeout settings) Now If i can just leave my eventhandlers.vbs alone for a few days, I'll stop creating logs as I debug. :roll: )
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
SorenR
Senior user
Senior user
Posts: 3140
Joined: 2006-08-21 15:38
Location: Denmark

Re: Greylist most but not all

Post by SorenR » 2016-02-19 00:03

mattg wrote:Those are add to whitelist, not add to greylist >> whitelist

By adding to greylist >> whitelist other spam checks still occur, including SpamAssassin


Whitelisted addresses have no Anti-SPAM checking at all.
I figured that mail from gmail or Outlook.com may still be SPAM, AND Ultimately will get delivered (gmail.com and Outlook.com are unlikely in my view to drop a mail message after they have accepted it)

This script allows me to have greylisting and still spam check this mail
Ah... Well, I assumed that if you send an email to someone you'd like them to be able to reply ;-)

Anyways I get your point... I wonder if Percepts's old scripts can be altered... Hmm... Something for me to hack into tomorrow ;-)
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
mattg
Moderator
Moderator
Posts: 19810
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Greylist most but not all

Post by mattg » 2016-02-19 00:48

SorenR wrote:Ah... Well, I assumed that if you send an email to someone you'd like them to be able to reply ;-)
Sure, but that is different than getting unexpected mail from a domain hosted by gMail or on Outlook.com

These two hosters in particular don't play well with greylisting, because they round-robin which IP they send from. Mail often takes > 24 hours to receive from these domain hosters, even though my greylist settings give a pass on re-submission after only 10 or 15 minutes minutes.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
SorenR
Senior user
Senior user
Posts: 3140
Joined: 2006-08-21 15:38
Location: Denmark

Re: Greylist most but not all

Post by SorenR » 2016-02-19 15:21

mattg wrote:
SorenR wrote:Ah... Well, I assumed that if you send an email to someone you'd like them to be able to reply ;-)
Sure, but that is different than getting unexpected mail from a domain hosted by gMail or on Outlook.com

These two hosters in particular don't play well with greylisting, because they round-robin which IP they send from. Mail often takes > 24 hours to receive from these domain hosters, even though my greylist settings give a pass on re-submission after only 10 or 15 minutes minutes.
Percepts code only whitelist specific email addresses, not entire domains. I have my "expire from whitelist" set to 180 days but you could always set it to 5 days and run the ExpireWhiteList code every day.

It's like issuing a visitors pass to your guests, it's personal and it's only valid for a short period of time and it will give you access to the building ;-)
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
mattg
Moderator
Moderator
Posts: 19810
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Greylist most but not all

Post by mattg » 2016-02-20 01:04

So it appears that my script only picks up HELO, and not EHLO lines

I can't see a way in the COM API to get the EHLO connections. Any ideas??
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
mattg
Moderator
Moderator
Posts: 19810
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Greylist most but not all

Post by mattg » 2016-02-20 01:51

so I've gone through my logs for his month and found 323 individual IP addresses that EHLO from Outlook.com


I guess that I'll add them to my greylist whitelist, and then develop a script to parse the logs each month and add any new ones, and perhaps remove old ones...

This is a pain. No wonder mail from unknown recipients who use Outlook.com often takes 24 hours to arrive

Code: Select all

104.47.0.102	RECEIVED: EHLO EUR01-HE1-obe.outbound.protection.outlook.com
104.47.0.114	RECEIVED: EHLO EUR01-HE1-obe.outbound.protection.outlook.com
104.47.0.119	RECEIVED: EHLO EUR01-HE1-obe.outbound.protection.outlook.com
104.47.0.204	RECEIVED: EHLO EUR01-HE1-obe.outbound.protection.outlook.com
104.47.1.118	RECEIVED: EHLO EUR01-VE1-obe.outbound.protection.outlook.com
104.47.1.134	RECEIVED: EHLO EUR01-VE1-obe.outbound.protection.outlook.com
104.47.100.112	RECEIVED: EHLO IND01-MA1-obe.outbound.protection.outlook.com
104.47.101.104	RECEIVED: EHLO IND01-BO1-obe.outbound.protection.outlook.com
104.47.101.113	RECEIVED: EHLO IND01-BO1-obe.outbound.protection.outlook.com
104.47.101.125	RECEIVED: EHLO IND01-BO1-obe.outbound.protection.outlook.com
104.47.101.126	RECEIVED: EHLO IND01-BO1-obe.outbound.protection.outlook.com
104.47.101.130	RECEIVED: EHLO IND01-BO1-obe.outbound.protection.outlook.com
104.47.101.91	RECEIVED: EHLO IND01-BO1-obe.outbound.protection.outlook.com
104.47.124.100	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.103	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.104	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.105	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.106	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.107	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.108	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.109	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.110	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.113	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.115	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.117	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.118	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.119	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.120	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.121	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.122	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.124	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.125	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.126	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.128	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.129	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.130	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.131	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.132	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.133	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.134	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.135	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.136	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.137	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.138	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.213	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.218	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.220	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.226	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.244	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.245	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.40	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.41	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.42	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.43	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.44	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.45	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.46	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.47	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.48	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.49	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.50	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.51	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.52	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.53	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.54	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.55	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.56	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.57	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.58	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.59	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.61	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.62	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.63	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.64	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.65	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.66	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.67	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.68	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.69	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.70	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.71	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.72	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.73	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.74	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.75	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.76	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.77	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.78	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.79	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.80	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.81	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.82	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.83	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.84	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.85	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.86	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.87	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.88	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.89	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.90	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.91	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.92	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.95	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.96	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.97	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.98	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.124.99	RECEIVED: EHLO APC01-HK2-obe.outbound.protection.outlook.com
104.47.125.100	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.101	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.102	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.103	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.106	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.107	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.108	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.109	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.110	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.112	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.113	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.114	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.115	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.117	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.118	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.120	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.122	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.123	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.124	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.126	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.127	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.129	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.130	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.132	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.133	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.134	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.135	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.136	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.137	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.138	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.139	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.209	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.219	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.227	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.40	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.41	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.42	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.44	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.45	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.46	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.47	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.48	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.49	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.50	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.51	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.52	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.53	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.54	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.55	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.56	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.57	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.58	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.59	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.60	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.61	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.62	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.63	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.64	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.65	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.66	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.67	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.68	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.69	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.70	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.71	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.72	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.73	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.74	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.75	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.76	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.77	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.78	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.79	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.80	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.81	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.82	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.83	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.84	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.85	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.86	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.87	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.88	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.89	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.91	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.92	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.93	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.95	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.96	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.98	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.125.99	RECEIVED: EHLO APC01-SG2-obe.outbound.protection.outlook.com
104.47.126.100	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.101	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.102	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.104	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.105	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.106	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.107	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.109	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.110	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.112	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.113	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.114	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.115	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.116	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.117	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.119	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.120	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.122	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.123	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.124	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.125	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.126	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.127	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.128	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.129	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.130	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.131	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.132	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.133	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.135	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.136	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.137	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.138	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.139	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.203	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.204	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.212	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.215	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.230	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.247	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.248	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.40	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.41	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.42	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.43	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.44	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.45	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.46	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.47	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.48	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.49	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.52	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.53	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.54	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.55	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.56	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.57	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.58	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.59	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.60	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.61	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.62	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.63	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.64	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.65	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.69	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.71	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.72	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.73	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.74	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.75	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.76	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.78	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.79	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.80	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.82	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.83	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.84	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.85	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.86	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.87	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.89	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.90	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.91	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.92	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.93	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.95	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.96	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.97	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.126.98	RECEIVED: EHLO APC01-PU1-obe.outbound.protection.outlook.com
104.47.2.104	RECEIVED: EHLO EUR01-DB5-obe.outbound.protection.outlook.com
104.47.2.117	RECEIVED: EHLO EUR01-DB5-obe.outbound.protection.outlook.com
104.47.2.127	RECEIVED: EHLO EUR01-DB5-obe.outbound.protection.outlook.com
157.55.234.109	RECEIVED: EHLO emea01-db3-obe.outbound.protection.outlook.com
157.55.234.110	RECEIVED: EHLO emea01-db3-obe.outbound.protection.outlook.com
157.55.234.112	RECEIVED: EHLO emea01-db3-obe.outbound.protection.outlook.com
157.55.234.113	RECEIVED: EHLO emea01-db3-obe.outbound.protection.outlook.com
157.55.234.114	RECEIVED: EHLO emea01-db3-obe.outbound.protection.outlook.com
157.55.234.117	RECEIVED: EHLO emea01-db3-obe.outbound.protection.outlook.com
157.55.234.136	RECEIVED: EHLO emea01-db3-obe.outbound.protection.outlook.com
157.55.234.137	RECEIVED: EHLO emea01-db3-obe.outbound.protection.outlook.com
157.55.234.139	RECEIVED: EHLO emea01-db3-obe.outbound.protection.outlook.com
157.55.234.142	RECEIVED: EHLO emea01-db3-obe.outbound.protection.outlook.com
157.55.234.144	RECEIVED: EHLO emea01-db3-obe.outbound.protection.outlook.com
157.55.234.146	RECEIVED: EHLO emea01-db3-obe.outbound.protection.outlook.com
157.56.110.250	RECEIVED: EHLO na01-bn1-obe.outbound.protection.outlook.com
157.56.110.252	RECEIVED: EHLO na01-bn1-obe.outbound.protection.outlook.com
157.56.111.246	RECEIVED: EHLO na01-bn1-obe.outbound.protection.outlook.com
157.56.112.104	RECEIVED: EHLO emea01-am1-obe.outbound.protection.outlook.com
157.56.112.105	RECEIVED: EHLO emea01-am1-obe.outbound.protection.outlook.com
157.56.112.109	RECEIVED: EHLO emea01-am1-obe.outbound.protection.outlook.com
157.56.112.113	RECEIVED: EHLO emea01-am1-obe.outbound.protection.outlook.com
157.56.112.116	RECEIVED: EHLO emea01-am1-obe.outbound.protection.outlook.com
157.56.112.121	RECEIVED: EHLO emea01-am1-obe.outbound.protection.outlook.com
157.56.112.125	RECEIVED: EHLO emea01-am1-obe.outbound.protection.outlook.com
157.56.112.132	RECEIVED: EHLO emea01-am1-obe.outbound.protection.outlook.com
157.56.112.135	RECEIVED: EHLO emea01-am1-obe.outbound.protection.outlook.com
157.56.112.137	RECEIVED: EHLO emea01-am1-obe.outbound.protection.outlook.com
157.56.112.142	RECEIVED: EHLO emea01-am1-obe.outbound.protection.outlook.com
157.56.112.143	RECEIVED: EHLO emea01-am1-obe.outbound.protection.outlook.com
157.56.112.145	RECEIVED: EHLO emea01-am1-obe.outbound.protection.outlook.com
157.56.112.146	RECEIVED: EHLO emea01-am1-obe.outbound.protection.outlook.com
157.56.112.148	RECEIVED: EHLO emea01-am1-obe.outbound.protection.outlook.com
207.46.100.246	RECEIVED: EHLO na01-by2-obe.outbound.protection.outlook.com
207.46.100.249	RECEIVED: EHLO na01-by2-obe.outbound.protection.outlook.com
And I guess Google will be the same...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
SorenR
Senior user
Senior user
Posts: 3140
Joined: 2006-08-21 15:38
Location: Denmark

Re: Greylist most but not all

Post by SorenR » 2016-02-20 15:56

mattg wrote:So it appears that my script only picks up HELO, and not EHLO lines

I can't see a way in the COM API to get the EHLO connections. Any ideas??
oClient.HELO should reveal both HELO and EHLO - however OnClientConnect() is one step too early - and OnSMTPData is one step too late when using Greylisting ;-)

I modified my code (5.4.2) so I now have a "Sub OnHELO(oClient)" that kicks in when the object "oClient.HELO" is populated... It's an ugly hack but it works :oops:

I use it to blacklist/autoban "ylmf-pc" and similar worms so I don't have to process every single connection attempt.
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
SorenR
Senior user
Senior user
Posts: 3140
Joined: 2006-08-21 15:38
Location: Denmark

Re: Greylist most but not all

Post by SorenR » 2016-02-20 16:05

Stop press... !!!! Found this one...

https://technet.microsoft.com/en-us/lib ... .150).aspx
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
jimimaseye
Moderator
Moderator
Posts: 7954
Joined: 2011-09-08 17:48

Re: Greylist most but not all

Post by jimimaseye » 2016-02-20 16:22

SorenR wrote:Stop press... !!!! Found this one...

https://technet.microsoft.com/en-us/lib ... .150).aspx
And here is Googles Support answer on how to find their block of addresses. Not as nice, though, Im afraid (but maybe something you can script to do periodically, parse the lookup results, and then update your whitelist automatically)

https://support.google.com/a/answer/60764?hl=en

(It seems that actually there is only one list that applies at the moment:
ip4:64.18.0.0/20
ip4:64.233.160.0/19
ip4:66.102.0.0/20
ip4:66.249.80.0/20
ip4:72.14.192.0/18
ip4:74.125.0.0/16
ip4:108.177.8.0/21
ip4:173.194.0.0/16
ip4:207.126.144.0/20
ip4:209.85.128.0/17
ip4:216.58.192.0/19
ip4:216.239.32.0/19 and
ip4:172.217.0.0/19

(not including ipv6 addresses)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3140
Joined: 2006-08-21 15:38
Location: Denmark

Re: Greylist most but not all

Post by SorenR » 2016-02-20 16:39

jimimaseye wrote:And here is Googles Support answer on how to find their block of addresses. Not as nice, though, Im afraid (but maybe something you can script to do periodically, parse the lookup results, and then update your whitelist automatically)

https://support.google.com/a/answer/60764?hl=en
Oh man, this sucks....

Anywho... The "dig" utility can be found in the ZIP file containing ISC BIND from https://www.isc.org, any other source can be ... er ... questionable :wink:
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
jimimaseye
Moderator
Moderator
Posts: 7954
Joined: 2011-09-08 17:48

Re: Greylist most but not all

Post by jimimaseye » 2016-02-20 18:18

This is a Perl script that you can download and run with Perl that will parse the IP RANGE from - to addresses for CIDR notation input: http://jodies.de/ipcalc-faq/win32.html

Script: obtain googles range by doing the relevant NSLOOKUPS
parse to clean CIDR
pass to the above tool
enter into whitelist

Simples!....(if you know how to do it. :| )
SorenR wrote:
Anywho... The "dig" utility can be found in the ZIP file containing ISC BIND from https://www.isc.org, any other source can be ... er ... questionable :wink:
(why bother with DIG when you already have NSLOOKUP on the windows system? I had some 'Support Department' try to tell me "use DIG because we dont trust NSLOOKUP - it is old and deprecated". Old and deprecated it might be (if it is!), but doesnt mean it cant do a bloody NSLOOKUP like it has always been able to do!)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3140
Joined: 2006-08-21 15:38
Location: Denmark

Re: Greylist most but not all

Post by SorenR » 2016-02-20 21:05

jimimaseye wrote:(why bother with DIG when you already have NSLOOKUP on the windows system? I had some 'Support Department' try to tell me "use DIG because we dont trust NSLOOKUP - it is old and deprecated". Old and deprecated it might be (if it is!), but doesnt mean it cant do a bloody NSLOOKUP like it has always been able to do!)
You don't dig it ?? :mrgreen:
"Early in the development of BIND 9, the Internet Systems Consortium planned to deprecate nslookup in favor of host and dig. However, this decision was reversed in 2004 with the release of BIND 9.3,[1] and nslookup has been fully supported since then."
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
mattg
Moderator
Moderator
Posts: 19810
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Greylist most but not all

Post by mattg » 2016-02-21 06:10

SorenR wrote:I modified my code (5.4.2) so I now have a "Sub OnHELO(oClient)" that kicks in when the object "oClient.HELO" is populated... It's an ugly hack but it works
Would it be possible for you fork github and show this change, and then make a pull request to main.

That'd make life for this script
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
mattg
Moderator
Moderator
Posts: 19810
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Greylist most but not all

Post by mattg » 2016-02-21 06:16

Using SPF lists is an interesting idea.

hMailserver already has a 'pass greylisting on SPF' checkbox, but the issue with using it is that some many domains have a '+all' at the end of their spf record, which effectively negates the whole concept.

If we could selectively trust gmail.com and outlook.com spf records, but not others then that may also work.

I like greylisting, but I also want to get important business mail quickly. Even my kids government school is using an outlook.com hosted domain
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
mattg
Moderator
Moderator
Posts: 19810
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Greylist most but not all

Post by mattg » 2016-02-21 07:39

Meanwhile I have manually uploaded the IP ranges pointed to above

Thanks Guys

Code: Select all

Option Explicit
' Assumes greylist >> whitelist currently empty

Dim j, List(51), GoogleList(12), OutlookList(37), oAddresses

Dim oApp
Set oApp = CreateObject("hMailServer.Application")
	' Give this script permission to access all
	' hMailServer settings.
Call oApp.Authenticate("Administrator", "TopSecretPassword")

Set oAddresses = oApp.Settings.AntiSpam.GreyListingWhiteAddresses


OutlookList(0) = "23.103.132.0/22"
OutlookList(1) = "23.103.144.0/22"
OutlookList(2) = "23.103.191.0/24"
OutlookList(3) = "23.103.198.0/23"
OutlookList(4) = "23.103.200.0/21"
OutlookList(5) = "23.103.136.0/21"
OutlookList(6) = "40.107.0.0/16  "
OutlookList(7) = "64.4.22.64/26"
OutlookList(8) = "65.55.83.128/27"
OutlookList(9) = "65.55.88.0/24"
OutlookList(10) = "65.55.169.0/24"
OutlookList(11) = "94.245.120.64/26"
OutlookList(12) = "104.47.0.0/17"
OutlookList(13) = "134.170.132.0/24"
OutlookList(14) = "134.170.140.0/24"
OutlookList(15) = "134.170.171.0/24"
OutlookList(16) = "157.55.133.160/27"
OutlookList(17) = "157.55.158.0/23"
OutlookList(18) = "157.55.206.0/23"
OutlookList(19) = "157.55.234.0/24"
OutlookList(20) = "157.56.73.0/24"
OutlookList(21) = "157.56.87.192/26"
OutlookList(22) = "157.56.108.0/24"
OutlookList(23) = "157.56.110.0/24"
OutlookList(24) = "157.56.111.0/24"
OutlookList(25) = "157.56.112.0/24"
OutlookList(26) = "157.56.206.0/24"
OutlookList(27) = "157.56.208.0/22"
OutlookList(28) = "207.46.51.64/26"
OutlookList(29) = "207.46.100.0/24"
OutlookList(30) = "207.46.101.128/26"
OutlookList(31) = "207.46.163.0/24"
OutlookList(32) = "213.199.154.0/24"
OutlookList(33) = "213.199.180.128/26"
OutlookList(34) = "216.32.180.0/24"
OutlookList(35) = "216.32.181.0/24"
OutlookList(36) = "2a01:111:f400:7c00::/54"
OutlookList(37) = "2a01:111:f400:fc00::/54"

GoogleList(0) = "64.18.0.0/20"		
GoogleList(1) = "64.233.160.0/19"		
GoogleList(2) = "66.102.0.0/20"		
GoogleList(3) = "66.249.80.0/20"		
GoogleList(4) = "72.14.192.0/18"		
GoogleList(5) = "74.125.0.0/16"		
GoogleList(6) = "108.177.8.0/21"		
GoogleList(7) = "173.194.0.0/16"		
GoogleList(8) = "207.126.144.0/20"		
GoogleList(9) = "209.85.128.0/17"		
GoogleList(10) = "216.58.192.0/19"		
GoogleList(11) = "216.239.32.0/19 and"		
GoogleList(12) = "172.217.0.0/19"		

For j= 0 To UBound(OutlookList)
	With oAddresses.Add
		.IPAddress = OutlookList(j)
		.Description = "Script added Outlook Range"
		.save
	End With
Next

For j= 0 To UBound(GoogleList)
	With oAddresses.Add
		.IPAddress = GoogleList(j)
		.Description = "Script added Google Range"
		.save
	End With
Next

With oAddresses.Add
	.IPAddress = "127.0.0.1"
	.Description = "Script added LocalHost"
	.save
End With
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
mattg
Moderator
Moderator
Posts: 19810
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Greylist most but not all

Post by mattg » 2016-02-21 11:16

cept that hMailserver doesn't seem to read ranges, and I need to add them individually... :? :?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 7954
Joined: 2011-09-08 17:48

Re: Greylist most but not all

Post by jimimaseye » 2016-02-21 12:01

mattg wrote:OutlookList(0) = "23.103.132.0/22".....
Does HMS actually adhere to the CIDR format then? Im surprised.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3140
Joined: 2006-08-21 15:38
Location: Denmark

Re: Greylist most but not all

Post by SorenR » 2016-02-21 16:11

mattg wrote:
SorenR wrote:I modified my code (5.4.2) so I now have a "Sub OnHELO(oClient)" that kicks in when the object "oClient.HELO" is populated... It's an ugly hack but it works
Would it be possible for you fork github and show this change, and then make a pull request to main.

That'd make life for this script
Not a GIT expert and I don't have the tools to compile the latest version - however changes are small... Look for "OnHELO" as part of string ;-)

NOTE: Martin changed the syntax on some of the code (moving underscores from first to last in string and such, however the changes should be obvious!

Z:\hmailserver-5.4.2\hmailserver\source\Server\Common\Scripting\ScriptServer.h

Code: Select all

   public:
      
      enum Event
      {
         EventOnClientConnect = 1001,
         EventOnAcceptMessage = 1002,
         EventOnMessageDeliver = 1003,
         EventOnBackupCompleted = 1004,
         EventOnBackupFailed = 1005,
         EventOnDeliveryStart = 1006,
         EventOnError = 1007,
         EventOnDeliveryFailed = 1008,
         
         EventCustom = 1010,
         
         EventOnExternalAccountDownload = 1011,
         EventOnSMTPData = 1012,
         EventOnHELO = 1013,
      };

Code: Select all

      bool m_bHasOnClientConnect;
      bool m_bHasOnAcceptMessage;
      bool m_bHasOnDeliverMessage;
      bool m_bHasOnBackupCompleted;
      bool m_bHasOnBackupFailed;
      bool m_bHasOnDeliveryStart;
      bool m_bHasOnError;
      bool m_bHasOnDeliveryFailed;
      bool m_bHasOnExternalAccountDownload;
      bool m_bHasOnSMTPData;
      bool m_bHasOnHELO;
Z:\hmailserver-5.4.2\hmailserver\source\Server\Common\Scripting\ScriptServer.cpp

Code: Select all

namespace HM
{
   ScriptServer::ScriptServer(void) :
      m_bHasOnClientConnect(false),
      m_bHasOnAcceptMessage(false),
      m_bHasOnDeliverMessage(false),
      m_bHasOnBackupCompleted(false),
      m_bHasOnBackupFailed(false),
      m_bHasOnDeliveryStart(false),
      m_bHasOnError(false),
      m_bHasOnDeliveryFailed(false),
      m_bHasOnExternalAccountDownload(false),
      m_bHasOnSMTPData(false),
      m_bHasOnHELO(false)

Code: Select all

         // Determine which functions are available.
         m_bHasOnClientConnect = _DoesFunctionExist("OnClientConnect");
         m_bHasOnAcceptMessage = _DoesFunctionExist("OnAcceptMessage");
         m_bHasOnDeliverMessage = _DoesFunctionExist("OnDeliverMessage");
         m_bHasOnBackupCompleted = _DoesFunctionExist("OnBackupCompleted");
         m_bHasOnBackupFailed = _DoesFunctionExist("OnBackupFailed");
         m_bHasOnDeliveryStart = _DoesFunctionExist("OnDeliveryStart");
         m_bHasOnError = _DoesFunctionExist("OnError");
         m_bHasOnDeliveryFailed = _DoesFunctionExist("OnDeliveryFailed");
         m_bHasOnExternalAccountDownload = _DoesFunctionExist("OnExternalAccountDownload");
         m_bHasOnSMTPData = _DoesFunctionExist("OnSMTPData");
         m_bHasOnHELO = _DoesFunctionExist("OnHELO");

Code: Select all

      case EventOnSMTPData:
		  m_sEventName = _T("OnSMTPData");
         if (!m_bHasOnSMTPData)
            return;
         break;
      case EventOnHELO:
		  m_sEventName = _T("OnHELO");
         if (!m_bHasOnHELO)
            return;
         break;
Z:\hmailserver-5.4.2\hmailserver\source\Server\Common\Scripting\ScriptServer.cpp

Code: Select all

   void
   SMTPConnection::_ProtocolEHLO(const String &sRequest)
   {

      if (!_ReadDomainAddressFromHelo(sRequest))
      {
         // The client did not supply a parameter to
         // the helo command which is syntaxically
         // incorrect. Reject.
         _SendErrorResponse(501, "EHLO Invalid domain address.");
         return;
      }

      //
      // Event OnHELO
      //
      if (Configuration::Instance()->GetUseScriptServer())
      {
         shared_ptr<ScriptObjectContainer> pContainer = shared_ptr<ScriptObjectContainer>(new ScriptObjectContainer);
         shared_ptr<Result> pResult = shared_ptr<Result>(new Result);
         shared_ptr<ClientInfo> pClientInfo = shared_ptr<ClientInfo>(new ClientInfo);

         pClientInfo->SetIPAddress(GetIPAddressString());
         pClientInfo->SetPort(GetLocalPort());
         pClientInfo->SetHELO(m_sHeloHost);

         pContainer->AddObject("HMAILSERVER_CLIENT", pClientInfo, ScriptObject::OTClient);
         pContainer->AddObject("Result", pResult, ScriptObject::OTResult);

         String sEventCaller = "OnHELO(HMAILSERVER_CLIENT)";
         ScriptServer::Instance()->FireEvent(ScriptServer::EventOnHELO, sEventCaller, pContainer);
      }

      _SendEHLOKeywords();

      if (m_CurrentState == AUTHENTICATION)
         m_CurrentState = HEADER;
   }
   
   void
   SMTPConnection::_ProtocolHELO(const String &sRequest)
   {
      if (!_ReadDomainAddressFromHelo(sRequest))
      {
         // The client did not supply a parameter to
         // the helo command which is syntaxically
         // incorrect. Reject.
         _SendErrorResponse(501, "HELO Invalid domain address.");
         return;
      }

      //
      // Event OnHELO
      //
      if (Configuration::Instance()->GetUseScriptServer())
      {
         shared_ptr<ScriptObjectContainer> pContainer = shared_ptr<ScriptObjectContainer>(new ScriptObjectContainer);
         shared_ptr<Result> pResult = shared_ptr<Result>(new Result);
         shared_ptr<ClientInfo> pClientInfo = shared_ptr<ClientInfo>(new ClientInfo);

         pClientInfo->SetIPAddress(GetIPAddressString());
         pClientInfo->SetPort(GetLocalPort());
         pClientInfo->SetHELO(m_sHeloHost);

         pContainer->AddObject("HMAILSERVER_CLIENT", pClientInfo, ScriptObject::OTClient);
         pContainer->AddObject("Result", pResult, ScriptObject::OTResult);

         String sEventCaller = "OnHELO(HMAILSERVER_CLIENT)";
         ScriptServer::Instance()->FireEvent(ScriptServer::EventOnHELO, sEventCaller, pContainer);
      }

      _SendData("250 Hello.");

      if (m_CurrentState == AUTHENTICATION)
         m_CurrentState = HEADER;

   }
That's it... :wink:

PS.. To whomever is willing to take ownership... It would be nice to be able to return "554 Rejected" using "ReturnValue = 1" and I did try add the code... It crashed... Badly... Every time... :mrgreen:
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
mattg
Moderator
Moderator
Posts: 19810
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Greylist most but not all

Post by mattg » 2016-02-21 23:53

There is some 327000 Individual IP addresses in just the Google and Outlook.com IP ranges above.
Adding them to hMailserver via script takes > 20 minutes, and I'm sure must impact on hmailserver.

Far too big a list to implement

I'll chase up Sorens code into Github, and see...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
RvdH
Senior user
Senior user
Posts: 746
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Greylist most but not all

Post by RvdH » 2016-03-11 01:00

This Sub OnHELO(oClient) seems like a nice addition to the eventshandlers, would be nice to see this make it into the official build(s)

Martin?
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
martin
Developer
Developer
Posts: 6777
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Greylist most but not all

Post by martin » 2016-04-23 16:44

Will be included in 5.7.
Martin Knafve
martin@hmailserver.com
https://twitter.com/knafve

User avatar
mattg
Moderator
Moderator
Posts: 19810
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Greylist most but not all

Post by mattg » 2016-04-24 01:56

THANKS :D
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
SorenR
Senior user
Senior user
Posts: 3140
Joined: 2006-08-21 15:38
Location: Denmark

Re: Greylist most but not all

Post by SorenR » 2016-08-10 19:59

[quote="SorenR"]

Z:\hmailserver-5.4.2\hmailserver\source\Server\Common\Scripting\ScriptServer.h

Code: Select all

   public:
      
      enum Event
      {
         EventOnClientConnect = 1001,
         EventOnAcceptMessage = 1002,
         EventOnMessageDeliver = 1003,
         EventOnBackupCompleted = 1004,
         EventOnBackupFailed = 1005,
         EventOnDeliveryStart = 1006,
         EventOnError = 1007,
         EventOnDeliveryFailed = 1008,
         
         EventCustom = 1010,
         
         EventOnExternalAccountDownload = 1011,
         EventOnSMTPData = 1012,
         EventOnHELO = 1013,
      };

Code: Select all

      bool m_bHasOnClientConnect;
      bool m_bHasOnAcceptMessage;
      bool m_bHasOnDeliverMessage;
      bool m_bHasOnBackupCompleted;
      bool m_bHasOnBackupFailed;
      bool m_bHasOnDeliveryStart;
      bool m_bHasOnError;
      bool m_bHasOnDeliveryFailed;
      bool m_bHasOnExternalAccountDownload;
      bool m_bHasOnSMTPData;
      bool m_bHasOnHELO;
Z:\hmailserver-5.4.2\hmailserver\source\Server\Common\Scripting\ScriptServer.cpp

Code: Select all

namespace HM
{
   ScriptServer::ScriptServer(void) :
      m_bHasOnClientConnect(false),
      m_bHasOnAcceptMessage(false),
      m_bHasOnDeliverMessage(false),
      m_bHasOnBackupCompleted(false),
      m_bHasOnBackupFailed(false),
      m_bHasOnDeliveryStart(false),
      m_bHasOnError(false),
      m_bHasOnDeliveryFailed(false),
      m_bHasOnExternalAccountDownload(false),
      m_bHasOnSMTPData(false),
      m_bHasOnHELO(false)

Code: Select all

         // Determine which functions are available.
         m_bHasOnClientConnect = _DoesFunctionExist("OnClientConnect");
         m_bHasOnAcceptMessage = _DoesFunctionExist("OnAcceptMessage");
         m_bHasOnDeliverMessage = _DoesFunctionExist("OnDeliverMessage");
         m_bHasOnBackupCompleted = _DoesFunctionExist("OnBackupCompleted");
         m_bHasOnBackupFailed = _DoesFunctionExist("OnBackupFailed");
         m_bHasOnDeliveryStart = _DoesFunctionExist("OnDeliveryStart");
         m_bHasOnError = _DoesFunctionExist("OnError");
         m_bHasOnDeliveryFailed = _DoesFunctionExist("OnDeliveryFailed");
         m_bHasOnExternalAccountDownload = _DoesFunctionExist("OnExternalAccountDownload");
         m_bHasOnSMTPData = _DoesFunctionExist("OnSMTPData");
         m_bHasOnHELO = _DoesFunctionExist("OnHELO");

Code: Select all

      case EventOnSMTPData:
		  m_sEventName = _T("OnSMTPData");
         if (!m_bHasOnSMTPData)
            return;
         break;
      case EventOnHELO:
		  m_sEventName = _T("OnHELO");
         if (!m_bHasOnHELO)
            return;
         break;
Z:\hmailserver-5.4.2\hmailserver\source\source\Server\SMTP\SMTPConnection.cpp

Code: Select all

   void
   SMTPConnection::_ProtocolEHLO(const String &sRequest)
   {

      if (!_ReadDomainAddressFromHelo(sRequest))
      {
         // The client did not supply a parameter to
         // the helo command which is syntaxically
         // incorrect. Reject.
         _SendErrorResponse(501, "EHLO Invalid domain address.");
         return;
      }

      //
      // Event OnHELO
      //
      if (Configuration::Instance()->GetUseScriptServer())
      {
         shared_ptr<ScriptObjectContainer> pContainer = shared_ptr<ScriptObjectContainer>(new ScriptObjectContainer);
         shared_ptr<Result> pResult = shared_ptr<Result>(new Result);
         shared_ptr<ClientInfo> pClientInfo = shared_ptr<ClientInfo>(new ClientInfo);

         pClientInfo->SetIPAddress(GetIPAddressString());
         pClientInfo->SetPort(GetLocalPort());
         pClientInfo->SetHELO(m_sHeloHost);

         pContainer->AddObject("HMAILSERVER_CLIENT", pClientInfo, ScriptObject::OTClient);
         pContainer->AddObject("Result", pResult, ScriptObject::OTResult);

         String sEventCaller = "OnHELO(HMAILSERVER_CLIENT)";
         ScriptServer::Instance()->FireEvent(ScriptServer::EventOnHELO, sEventCaller, pContainer);
      }

      _SendEHLOKeywords();

      if (m_CurrentState == AUTHENTICATION)
         m_CurrentState = HEADER;
   }
   
   void
   SMTPConnection::_ProtocolHELO(const String &sRequest)
   {
      if (!_ReadDomainAddressFromHelo(sRequest))
      {
         // The client did not supply a parameter to
         // the helo command which is syntaxically
         // incorrect. Reject.
         _SendErrorResponse(501, "HELO Invalid domain address.");
         return;
      }

      //
      // Event OnHELO
      //
      if (Configuration::Instance()->GetUseScriptServer())
      {
         shared_ptr<ScriptObjectContainer> pContainer = shared_ptr<ScriptObjectContainer>(new ScriptObjectContainer);
         shared_ptr<Result> pResult = shared_ptr<Result>(new Result);
         shared_ptr<ClientInfo> pClientInfo = shared_ptr<ClientInfo>(new ClientInfo);

         pClientInfo->SetIPAddress(GetIPAddressString());
         pClientInfo->SetPort(GetLocalPort());
         pClientInfo->SetHELO(m_sHeloHost);

         pContainer->AddObject("HMAILSERVER_CLIENT", pClientInfo, ScriptObject::OTClient);
         pContainer->AddObject("Result", pResult, ScriptObject::OTResult);

         String sEventCaller = "OnHELO(HMAILSERVER_CLIENT)";
         ScriptServer::Instance()->FireEvent(ScriptServer::EventOnHELO, sEventCaller, pContainer);
      }

      _SendData("250 Hello.");

      if (m_CurrentState == AUTHENTICATION)
         m_CurrentState = HEADER;

   }
Now with correct filenames :oops:
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

Post Reply