I know this could cause some "Well if you are worried about plain test in a file, then you have larger concerns" flame fest. Just know that this is not an option in my world. There can never be any plain text passwords in any flat file on out network (Well none that we own )
Description:
ProxyBan.exe is called from your EventHandlers.vbs whenever some criteria is met which warrants a ban. It takes a simple command syntax, which then calls the "Interop.hMailServer.dll" which is included in your installation. The offending IP address is now banned for 1 day.
In order to avoid passing plain text from script, ProxyBan.exe is designed to use a "secret". If the secret is correct, it will accept a ban request, and on-the-fly decrypt your hmailserver password and ban the IP that you passed.
e.g. a command line syntax for a ban would be: "C:\Program Files (x86)\hMailServer\Bin\ProxyBan.exe" -secret=mySecret 1.1.1.1
a vbs syntax would be:
Set oShell = CreateObject("WScript.Shell")
oShell.Run """C:\Program Files (x86)\hMailServer\Bin\ProxyBan.exe"" -secret=mySecret " & oClient.IPAddress
BE CAREFUL with the above VB. If you don't call it properly, you will start soft banning everything. You must call it only when something meets a criteria that you would want to ban an IP address for
Setup:
copy ProxyBan.exe to: "C:\Program Files (x86)\hMailServer\Bin\" - folder
Edit your hMailServer.INI file with the following ([Security]should already be there):
[Security]
secretWord=mySecret
Note: mySecret should be whatever you want your secret word to be
You now need to setup you encrypted password. In order to do this, you will need to key in your real Hmailserver's Administrator password. This is a one time thing so that it can proxy the password moving forward
"C:\Program Files (x86)\hMailServer\Bin\ProxyBan.exe" -secret=mySecret -setPass=RealPassword
After you do this, a new line will be created in your hMailServer.INI:
proxyPass=<obscurepassword>
That's it. You are now sending your password to Hmailserver without having to hard code your password in plain text.
So here's how i use it:
I use this with RvdH's fantastic OnClientConnect(oClient) spamrats checker. If you don't know what that is, look here. It allows you to ban a known spammer before they even pass data. Of course, you can call this ban proxy for whatever you want.
Reference: https://vdhout.nl/2017/08/using-spamrat ... mailserver
Here is how you can call it from your EventHandlers.vbs:
Code: Select all
Sub OnClientConnect(oClient)
If SpamRatsAuthHacker(oClient.IPAddress) Then
REM call AutobanIP(oClient.IPAddress)
Set oShell = CreateObject("WScript.Shell")
oShell.Run """C:\Program Files (x86)\hMailServer\Bin\ProxyBan.exe"" -secret=mySecret " & oClient.IPAddress
Result.Value = 1
REM Debug
EventLog.Write("Message from: " & oClient.IPAddress & " Blocked as authentication hacker")
Exit Sub
End If
End Sub
Function SpamRatsAuthHacker(strIP)
SpamRatsAuthHacker = false
Dim a : a = Split(strIP, ".")
On Error Resume Next
With CreateObject("DNSLibrary.DNSResolver")
strIP = .DNSLookup(a(3) & "." & a(2) & "." & a(1) & "." & a(0) & ".auth.spamrats.com")
End With
On Error Goto 0
Dim strRegEx : strRegEx = "^(127\.0\.0\.43)$"
SpamRatsAuthHacker = Lookup(strRegEx, strIP)
End Function
Function Lookup(strRegEx, strMatch)
With CreateObject("VBScript.RegExp")
.Global = False
.Pattern = strRegEx
.IgnoreCase = True
Lookup = .Test(strMatch)
End With
End Function
added from script - Auth Hacker BAN for 1 day - ipaddress
You will also see reference to this ban in C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log if you copied to above verbatim.
Again, the above is not my work. I just use it verbatim to what RvdH has shared!
I just wrote the executable to meet my companies (and mine) requirements. If you find that it could be useful for you, give it a go and let me know
P.S. ProxyBan.exe /? will give you some minor syntax help