Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting,
please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
-
MarHMS
- Normal user
- Posts: 136
- Joined: 2015-12-11 17:10
Post
by MarHMS » 2018-05-22 21:04
I require assistance on how to deal with the below mess.
We have 4 accounts that are constantly being locked out and that's due to hMailServer.
The accounts are authenticated via a domain controller.
Upon inspection of the logs, I've identified quite a few of our accounts that are being "drilled" by over 20 IP addresses.
These IP addresses are blacklisted IP addresses.
We utilize SpamAssassin.
What do you recommend?
Thanks in advance.
Apologies for the theatrics subject
Sample of the log below:
Code: Select all
"IMAPD" 2036 64410 "2018-05-22 06:10:17.861" "92.63.193.20" "RECEIVED: 2 emailaddress ***"
"IMAPD" 2036 64410 "2018-05-22 06:10:17.861" "92.63.193.20" "SENT: 2 NO Invalid user name or password."
"IMAPD" 2004 64409 "2018-05-22 06:10:18.380" "5.188.9.185" "RECEIVED: 2 login emailaddress ***"
"IMAPD" 2004 64409 "2018-05-22 06:10:18.380" "5.188.9.185" "SENT: 2 NO Invalid user name or password."
Code: Select all
"IMAPD" 2000 62097 "2018-05-22 01:51:07.446" "94.100.178.104" "RECEIVED: 6 MYRIGHTS "Junk E-mail""
"IMAPD" 2000 62097 "2018-05-22 01:51:07.446" "94.100.178.104" "SENT: * MYRIGHTS "Junk E-mail" lrswipkxtea[nl]6 OK Myrights complete"
Code: Select all
"SMTPD" 1028 64357 "2018-05-22 06:05:49.332" "185.234.218.134" "RECEIVED: ***"
"SMTPD" 1028 64357 "2018-05-22 06:05:49.332" "185.234.218.134" "SENT: 535 Authentication failed. Restarting authentication process."
-
jimimaseye
- Moderator
- Posts: 10060
- Joined: 2011-09-08 17:48
Post
by jimimaseye » 2018-05-22 22:56
Ensure passwords are strong and your autoban settings are strong.
If you want them reviewed then run this and post the results:
viewtopic.php?f=20&t=30914
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
mattg
- Moderator
- Posts: 22437
- Joined: 2007-06-14 05:12
- Location: 'The Outback' Australia
Post
by mattg » 2018-05-23 01:19
MarHMS wrote: ↑2018-05-22 21:04
Upon inspection of the logs, I've identified quite a few of our accounts that are being "drilled" by over 20 IP addresses.
These IP addresses are blacklisted IP addresses.
I get heaps of these too
I routinely block all logon attempts from outside Australia.
MarHMS wrote: ↑2018-05-22 21:04
These IP addresses are blacklisted IP addresses.
Using Autoban or IP ranges in hMailserver? At your firewall? Using SPamAssassin? how are they blackilisted? (it seems clear that what you are doing isn't working if they are still connecting to your hmailserver)
MarHMS wrote: ↑2018-05-22 21:04
The accounts are authenticated via a domain controller.
Is this using AD integration in hMailserver?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
-
MarHMS
- Normal user
- Posts: 136
- Joined: 2015-12-11 17:10
Post
by MarHMS » 2018-05-23 13:51
jimimaseye wrote: ↑2018-05-22 22:56
Ensure passwords are strong and your autoban settings are strong.
If you want them reviewed then run this and post the results:
viewtopic.php?f=20&t=30914
I will perform the test tomorrow. It's now a holiday here: Labour Day.
-
MarHMS
- Normal user
- Posts: 136
- Joined: 2015-12-11 17:10
Post
by MarHMS » 2018-05-23 13:55
mattg wrote: ↑2018-05-23 01:19
MarHMS wrote: ↑2018-05-22 21:04
Upon inspection of the logs, I've identified quite a few of our accounts that are being "drilled" by over 20 IP addresses.
These IP addresses are blacklisted IP addresses.
I get heaps of these too
I routinely block all logon attempts from outside Australia.
MarHMS wrote: ↑2018-05-22 21:04
These IP addresses are blacklisted IP addresses.
Using Autoban or IP ranges in hMailserver? At your firewall? Using SPamAssassin? how are they blackilisted? (it seems clear that what you are doing isn't working if they are still connecting to your hmailserver)
MarHMS wrote: ↑2018-05-22 21:04
The accounts are authenticated via a domain controller.
Is this using AD integration in hMailserver?
Yes, we're utilizing the AD integration in hMailServer..
I've made a list of majority of the IP addresses, particularly the ones that are causing the AD user account lockouts. I tested each on mxtoolbox and they were blacklisted.
For now, the account lockouts have ended (maybe temporarily), because I have blocked traffic from all those addresses in our main firewall.
-
jimimaseye
- Moderator
- Posts: 10060
- Joined: 2011-09-08 17:48
Post
by jimimaseye » 2018-05-23 23:25
run this and post the results:
viewtopic.php?f=20&t=30914
Let's see your settings.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
MarHMS
- Normal user
- Posts: 136
- Joined: 2015-12-11 17:10
Post
by MarHMS » 2018-05-24 14:02
Code: Select all
2018-05-24 Hmailserver: 5.6.4-B2283
DOMAINS
"Domain1.com" - emxxxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
"Domain2.com" - fixxxxxxxxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
"Domain3.com" - fixxxxxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
"Domain4.com" - otxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
"Domain5.com" - pixxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
-----------------------------------------------------------------------------------------------
RULES
1, Global Spam Rule Criteria: Use AND
Custom: X-Spam-Level Contains *********
-----Actions-----
Move To Folder Spam
---------------------------------------------------------------------
2, whereareyounow.net Spam Criteria: Use AND
From Contains whereareyounow.net
-----Actions-----
Forward ITDEPARTMENT@Domain3.com
-----------------------------------------------------------------------------------------------
IP RANGES
IP: 127.0.0.1 - 127.0.0.1 Priority: 15 Name: My computer
Allow connections Other
SMTP: True Antispam : True
POP3: True !! Protocol DISABLED !! Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - False
External To Local - True External To Local - False
External To External - True External To External - True
IP: 0.0.0.0 - 255.255.255.255 Priority: 10 Name: Internet
Allow connections Other
SMTP: True Antispam : True
POP3: True !! Protocol DISABLED !! Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - True External To External - True
------------------------------------------------------
AUTOBANNED Local Addresses:
No entries
-----------------------------------------------------------------------------------------------
AUTOBAN
Autoban Enabled: False
There is a total of 2 auto-ban IP ranges.
-----------------------------------------------------------------------------------------------
INCOMING RELAYS
No entries
-----------------------------------------------------------------------------------------------
MIRRORING Disabled
-----------------------------------------------------------------------------------------------
PROTOCOLS
SMTP
GENERAL DELIVERY RFC COMPLIANCE ADVANCED
No. Connections: 0 No Retries: 30 Mins: 5 Plain Text: False Bind:
Host: EXTERNAL.TLD Empty sender: True Batch recipients: 10
Max Msg Size: 25600 Relay:- Incorrect endings: True Use STARTTLS: True
(none entered) Disc. on invalid: True Delivered-To hdr: False
Max number commands: 50 Loop limit: 5
Recipient hosts: 15
Routes:
No routes defined.
POP3
!! Service Not Enabled !!
IMAP
GENERAL PUBLIC FOLDERS ADVANCED
No. Connections: 0 Public folder name: #Public IMAP sort: True
IMAP Quota: True
IMAP Idle: True
IMAP ACL: True
Delim: "."
-----------------------------------------------------------------------------------------------
ANTISPAM
GENERAL SPAM TESTS Score SPAMASSASSIN
Spam Mark: 5 Use SPF: True - 3 Use Spamassassin: True
Add X-HmailServer-Spam: True Check HELO host: True - 2 Hostname: 127.0.0.1
Add X-HmailServer-Reason: True Check MX records: True - 2 Port: 783
Add X-HmailServer-Subject: True Verify DKIM: False Use SA score: False - 5
Subject Text: "[Possible Spam]"
Spam delete threshold: 8 Maximum message size: 1024
DNSBL ENTRIES:
zen.spamhaus.org Score: 5 Result: 127.0.0.2-8|127.0.0.10-11
bl.spamcop.net Score: 3 Result: 127.0.0.2
hostkarma.junkemailfilter.com Score: 2 Result: 127.0.0.2|127.0.0.4
b.barracudacentral.org Score: 2 Result: 127.0.0.2|127.0.0.4
SURBL ENTRIES:
multi.surbl.org Score: 3
GREYLISTING:
Greylisting: False
WHITELISTING
No entries
-----------------------------------------------------------------------------------------------
ANTIVIRUS
GENERAL:
When found - Delete email. Notify Sender: False, Notify Receiver: True
Max Message Size: 26214
CLAM AV: True Hostname: localhost Port: 3310
CLAMWIN: False
CUSTOMAV: False
Block Attachments: True
*.bat Batch processing file
*.cmd Command file for Windows NT
*.com Command
*.cpl Windows Control Panel extension
*.csh CSH script
*.exe Executable file
*.inf Setup file
*.js JavaScript files
*.lnk Windows link file
*.msi Windows Installer file
*.msp Windows Installer patch
*.pif Program information file
*.rar Winrar archives
*.reg Registration key
*.scf Windows Explorer command
*.scr Windows Screen saver
*.vbs VBScript
-----------------------------------------------------------------------------------------------
SSL CERTIFICATES
No entries
-----------------------------------------------------------------------------------------------
SSL/TLS
SSL 3.0 : True
TLS 1.0 : True
TLS 1.1 : True
TLS 1.2 : True Verify Remote SSL/TLS Certs: True
SslCipherList :
ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384 - DHE-RSA-AES128-GCM-SHA256 - DHE-DSS-AES128-GCM-SHA256
kEDH+AESGCM - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA - ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES128-SHA256 - DHE-RSA-AES128-SHA - DHE-DSS-AES128-SHA256
DHE-RSA-AES256-SHA256 - DHE-DSS-AES256-SHA - DHE-RSA-AES256-SHA
AES128-GCM-SHA256 - AES256-GCM-SHA384 - ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA - AES128 - AES256
RC4-SHA - HIGH - !aNULL
!eNULL - !EXPORT - !DES
!3DES - !MD5 - !PSK;
-----------------------------------------------------------------------------------------------
TCPIP PORTS Connection Sec
0.0.0.0 / 25 / SMTP - None
0.0.0.0 / 110 / POP3 - None
0.0.0.0 / 143 / IMAP - None
0.0.0.0 / 465 / SMTP - None
0.0.0.0 / 587 / SMTP - None
-----------------------------------------------------------------------------------------------
LOGGING Logging Enabled: True
Paths:-
Current: E:\HMAIL\Logs\hmailserver_2018-05-24.log
Error: E:\HMAIL\Logs\ERROR_hmailserver_2018-05-24.log - !! ERRORS PRESENT !!
Event: E:\HMAIL\Logs\hmailserver_events.log - Not present
Awstats: E:\HMAIL\Logs\hmailserver_awstats.log
APPLICATION - True
SMTP - True
POP3 - True
IMAP - True
TCPIP - True
DEBUG - True
AWSTATS - True
-----------------------------------------------------------------------------------------------
SYSTEM TESTS
Database type: MSSQL Compact
IPv6 support is available in operating system.
Backup directory E:\Backup is writable.
ERROR: Messages exists which are located outside of the data directory E:\HMAIL\Data.
ERROR: Full paths are stored in the database.
-----------------------------------------------------------------------------------------------
HMAILSERVER.INI
[Directories]
Program folder: C:\Program Files (x86)\hMailServer\
Database folder: C:\Program Files (x86)\hMailServer\Database
Data folder: E:\HMAIL\Data
Log folder: E:\HMAIL\Logs
Temp folder: E:\HMAIL\Temp
Event folder: E:\HMAIL\Events
[Database]
Type= MSSQLCE
Username=
PasswordEncryption=1
Port= 0
Server=
Internal= 1
-----------------------------------------------------------------------------------------------
Generated by HMSSettingsDiagnostics v1.92, Hmailserver Forum.
-
MarHMS
- Normal user
- Posts: 136
- Joined: 2015-12-11 17:10
Post
by MarHMS » 2018-05-24 14:07
Now that I am seeing this, I realize that auto-ban is disabled.
I believed we had disabled same due to the warning that our webmail could be blocked too. This is likely if staff's AD passwords have expired and they continue the log in attempt. Our approach is to lock user accounts for 1 hour after 5 invalid attempts. We should whitelist the webmail's IP, or is it the IP staff uses to access the webmail?
-
jimimaseye
- Moderator
- Posts: 10060
- Joined: 2011-09-08 17:48
Post
by jimimaseye » 2018-05-24 14:13
So set an individual IP RANGE that covers the webmail server, set it priority 25 or more then re-enable autoban.
BTW this:
Code: Select all
IP: 0.0.0.0 - 255.255.255.255 Priority: 10 Name: Internet
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Leaves you open to receiving spam.
ie,
from fictional@yourdomain TO you@yourdomain
Subject: do you want bigger tits?
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
MarHMS
- Normal user
- Posts: 136
- Joined: 2015-12-11 17:10
Post
by MarHMS » 2018-05-24 15:09
jimimaseye wrote: ↑2018-05-24 14:13
So set an individual IP RANGE that covers the webmail server, set it priority 25 or more then re-enable autoban.
BTW this:
Code: Select all
IP: 0.0.0.0 - 255.255.255.255 Priority: 10 Name: Internet
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Leaves you open to receiving spam.
ie,
from fictional@yourdomain TO you@yourdomain
Subject: do you want bigger tits?
Thanks a lot! Will do.
Should I enable authentication for Local To Local?
-
jimimaseye
- Moderator
- Posts: 10060
- Joined: 2011-09-08 17:48
Post
by jimimaseye » 2018-05-24 15:11
yes
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
MarHMS
- Normal user
- Posts: 136
- Joined: 2015-12-11 17:10
Post
by MarHMS » 2018-05-24 18:29
Here are the new settings
Code: Select all
2018-05-24 Hmailserver: 5.6.4-B2283
DOMAINS
"Domain1.com" - emxxxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
"Domain2.com" - fixxxxxxxxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
"Domain3.com" - fixxxxxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
"Domain4.com" - otxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
"Domain5.com" - pixxxxxxx.com Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
-----------------------------------------------------------------------------------------------
RULES
1, Global Spam Rule Criteria: Use AND
Custom: X-Spam-Level Contains *********
-----Actions-----
Move To Folder Spam
---------------------------------------------------------------------
2, whereareyounow.net Spam Criteria: Use AND
From Contains whereareyounow.net
-----Actions-----
Forward ITDEPARTMENT@Domain3.com
-----------------------------------------------------------------------------------------------
IP RANGES
IP: x.x.x.x - x.x.x.x Priority: 25 Name: Webmail1
Allow connections Other
SMTP: True Antispam : True
POP3: True !! Protocol DISABLED !! Antivirus: True
IMAP: True SSL/TLS: True
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - True External To External - True
IP: x.x.x.x - x.x.x.x Priority: 25 Name: Webmail2
Allow connections Other
SMTP: True Antispam : True
POP3: True !! Protocol DISABLED !! Antivirus: True
IMAP: True SSL/TLS: True
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - True External To External - True
IP: x.x.x.x - x.x.x.x Priority: 25 Name: Webmail3
Allow connections Other
SMTP: True Antispam : True
POP3: True !! Protocol DISABLED !! Antivirus: True
IMAP: True SSL/TLS: True
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - True External To External - True
IP: 127.0.0.1 - 127.0.0.1 Priority: 15 Name: My computer
Allow connections Other
SMTP: True Antispam : True
POP3: True !! Protocol DISABLED !! Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - False
External To Local - True External To Local - False
External To External - True External To External - True
IP: 0.0.0.0 - 255.255.255.255 Priority: 10 Name: Internet
Allow connections Other
SMTP: True Antispam : True
POP3: True !! Protocol DISABLED !! Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - True External To External - True
------------------------------------------------------
AUTOBANNED Local Addresses:
No entries
-----------------------------------------------------------------------------------------------
AUTOBAN
Autoban Enabled: True Max invalid logon attempts: 10
Minutes Before Reset: 30 (0.50 hours, 0.02 days)
Minutes to Autoban: 60 (1.00 hours, 0.04 days)
There is a total of 3 auto-ban IP ranges.
-----------------------------------------------------------------------------------------------
INCOMING RELAYS
No entries
-----------------------------------------------------------------------------------------------
MIRRORING Disabled
-----------------------------------------------------------------------------------------------
PROTOCOLS
SMTP
GENERAL DELIVERY RFC COMPLIANCE ADVANCED
No. Connections: 0 No Retries: 30 Mins: 5 Plain Text: False Bind:
Host: EXTERNAL.TLD Empty sender: True Batch recipients: 10
Max Msg Size: 25600 Relay:- Incorrect endings: True Use STARTTLS: True
(none entered) Disc. on invalid: True Delivered-To hdr: False
Max number commands: 50 Loop limit: 5
Recipient hosts: 15
Routes:
No routes defined.
POP3
!! Service Not Enabled !!
IMAP
GENERAL PUBLIC FOLDERS ADVANCED
No. Connections: 0 Public folder name: #Public IMAP sort: True
IMAP Quota: True
IMAP Idle: True
IMAP ACL: True
Delim: "."
-----------------------------------------------------------------------------------------------
ANTISPAM
GENERAL SPAM TESTS Score SPAMASSASSIN
Spam Mark: 5 Use SPF: True - 3 Use Spamassassin: True
Add X-HmailServer-Spam: True Check HELO host: True - 2 Hostname: 127.0.0.1
Add X-HmailServer-Reason: True Check MX records: True - 2 Port: 783
Add X-HmailServer-Subject: True Verify DKIM: False Use SA score: False - 5
Subject Text: "[Possible Spam]"
Spam delete threshold: 8 Maximum message size: 1024
DNSBL ENTRIES:
zen.spamhaus.org Score: 5 Result: 127.0.0.2-8|127.0.0.10-11
bl.spamcop.net Score: 3 Result: 127.0.0.2
hostkarma.junkemailfilter.com Score: 2 Result: 127.0.0.2|127.0.0.4
b.barracudacentral.org Score: 2 Result: 127.0.0.2|127.0.0.4
SURBL ENTRIES:
multi.surbl.org Score: 3
GREYLISTING:
Greylisting: False
WHITELISTING
No entries
-----------------------------------------------------------------------------------------------
ANTIVIRUS
GENERAL:
When found - Delete email. Notify Sender: False, Notify Receiver: True
Max Message Size: 26214
CLAM AV: True Hostname: localhost Port: 3310
CLAMWIN: False
CUSTOMAV: False
Block Attachments: True
*.bat Batch processing file
*.cmd Command file for Windows NT
*.com Command
*.cpl Windows Control Panel extension
*.csh CSH script
*.exe Executable file
*.inf Setup file
*.js JavaScript files
*.lnk Windows link file
*.msi Windows Installer file
*.msp Windows Installer patch
*.pif Program information file
*.rar Winrar archives
*.reg Registration key
*.scf Windows Explorer command
*.scr Windows Screen saver
*.vbs VBScript
-----------------------------------------------------------------------------------------------
SSL CERTIFICATES
No entries
-----------------------------------------------------------------------------------------------
SSL/TLS
SSL 3.0 : True
TLS 1.0 : True
TLS 1.1 : True
TLS 1.2 : True Verify Remote SSL/TLS Certs: True
SslCipherList :
ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384 - DHE-RSA-AES128-GCM-SHA256 - DHE-DSS-AES128-GCM-SHA256
kEDH+AESGCM - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA - ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES128-SHA256 - DHE-RSA-AES128-SHA - DHE-DSS-AES128-SHA256
DHE-RSA-AES256-SHA256 - DHE-DSS-AES256-SHA - DHE-RSA-AES256-SHA
AES128-GCM-SHA256 - AES256-GCM-SHA384 - ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA - AES128 - AES256
RC4-SHA - HIGH - !aNULL
!eNULL - !EXPORT - !DES
!3DES - !MD5 - !PSK;
-----------------------------------------------------------------------------------------------
TCPIP PORTS Connection Sec
0.0.0.0 / 25 / SMTP - None
0.0.0.0 / 110 / POP3 - None
0.0.0.0 / 143 / IMAP - None
0.0.0.0 / 465 / SMTP - None
0.0.0.0 / 587 / SMTP - None
-----------------------------------------------------------------------------------------------
LOGGING Logging Enabled: True
Paths:-
Current: E:\HMAIL\Logs\hmailserver_2018-05-24.log
Error: E:\HMAIL\Logs\ERROR_hmailserver_2018-05-24.log - !! ERRORS PRESENT !!
Event: E:\HMAIL\Logs\hmailserver_events.log - Not present
Awstats: E:\HMAIL\Logs\hmailserver_awstats.log
APPLICATION - True
SMTP - True
POP3 - True
IMAP - True
TCPIP - True
DEBUG - True
AWSTATS - True
-----------------------------------------------------------------------------------------------
SYSTEM TESTS
Database type: MSSQL Compact
IPv6 support is available in operating system.
Backup directory E:\Backup is writable.
ERROR: Messages exists which are located outside of the data directory E:\HMAIL\Data.
ERROR: Full paths are stored in the database.
-----------------------------------------------------------------------------------------------
HMAILSERVER.INI
[Directories]
Program folder: C:\Program Files (x86)\hMailServer\
Database folder: C:\Program Files (x86)\hMailServer\Database
Data folder: E:\HMAIL\Data
Log folder: E:\HMAIL\Logs
Temp folder: E:\HMAIL\Temp
Event folder: E:\HMAIL\Events
[Database]
Type= MSSQLCE
Username=
PasswordEncryption=1
Port= 0
Server=
Internal= 1
-----------------------------------------------------------------------------------------------
Generated by HMSSettingsDiagnostics v1.92, Hmailserver Forum.
Also, can I untick the POP within the IP ranges?
Code: Select all
POP3: True !! Protocol DISABLED !!
-
jimimaseye
- Moderator
- Posts: 10060
- Joined: 2011-09-08 17:48
Post
by jimimaseye » 2018-05-24 23:08
Yes, untick pop3 in the ranges (the protocol is disabled).
This is high:
Mine is set at 1. Why have more? Allowed clients will already be configured so Invalid attempts will be deliberate attacks from unauthorised people.
(And, for what its worth, the GLOBAL SPAM rule has 9 asterix: I consider 3 as spam to spam folder on 3. I delete without trace on 7. I think your 9 is too high and you could improve by lowering assuming you are using standard scoring.)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
mattg
- Moderator
- Posts: 22437
- Joined: 2007-06-14 05:12
- Location: 'The Outback' Australia
Post
by mattg » 2018-05-24 23:31
ALSO that latest diagnostic shows that an error log is present
Please show the contents of the error log
(I have my invalid login attepmts in Autoban set to 3. 10 is a lot)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
-
MarHMS
- Normal user
- Posts: 136
- Joined: 2015-12-11 17:10
Post
by MarHMS » 2018-05-26 00:19
mattg wrote: ↑2018-05-24 23:31
ALSO that latest diagnostic shows that an error log is present
Please show the contents of the error log
(I have my invalid login attepmts in Autoban set to 3. 10 is a lot)
See excerpt below:
Code: Select all
"ERROR" 1072 "2018-05-24 00:00:00.011" "Severity: 3 (Medium), Code: HM5050, Source: File::CreateDirectory, Description: Could not create the directory M:\Data\domain.com\Georgia.Bruff\68. Tried 5 times without success., Error code: 3, Message: The system cannot find the path specified"
"ERROR" 1072 "2018-05-24 00:00:00.011" "Severity: 3 (Medium), Code: HM5026, Source: PersistentMessage::_WriteDataToMessageFile, Description: Message retrieval failed because message file M:\Data\domain.com\Georgia.Bruff\68\{68302791-CCF1-4C79-84ED-8E8DF87B5C68}.eml did not exist."
"ERROR" 1072 "2018-05-24 00:00:00.011" "Severity: 3 (Medium), Code: HM5136, Source: TCPConnection::AsyncReadCompleted, Description: An error occured while parsing data. Data length: 42, Data: 23 UID FETCH 222 (RFC822.SIZE BODY.PEEK[]). Remote IP: 94.100.185.204"
"ERROR" 1072 "2018-05-24 00:00:00.011" "Severity: 2 (High), Code: HM4208, Source: ExceptionHandler::Run, Description: An error occured while executing 'IOCPQueueWorkerTask'"
We do not have a M drive. Don't see where one is being referenced to in settings.
-
mattg
- Moderator
- Posts: 22437
- Joined: 2007-06-14 05:12
- Location: 'The Outback' Australia
Post
by mattg » 2018-05-26 00:26
That was exactly at midnight. Any backup going on...?
Check the .ini to confirm it hasn't changed.
Is there only the one group of messages like that? or does it repeat?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
-
jimimaseye
- Moderator
- Posts: 10060
- Joined: 2011-09-08 17:48
Post
by jimimaseye » 2018-05-26 00:28
Its related to this:
Code: Select all
ERROR: Messages exists which are located outside of the data directory E:\HMAIL\Data.
ERROR: Full paths are stored in the database.
Run through this procedure:
viewtopic.php?f=21&t=28914
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
MarHMS
- Normal user
- Posts: 136
- Joined: 2015-12-11 17:10
Post
by MarHMS » 2018-06-11 23:40
jimimaseye wrote: ↑2018-05-26 00:28
Its related to this:
Code: Select all
ERROR: Messages exists which are located outside of the data directory E:\HMAIL\Data.
ERROR: Full paths are stored in the database.
Run through this procedure:
viewtopic.php?f=21&t=28914
I remember I had this issue before. I was advised then to run Data Directory Synchroniser. I had, but obviously it wasn't resolved. I believed it had ran for a few days.
Anyways, I'm experiencing difficulties accessing the database file with DatabaseBrowserPortable. I'm getting the error attached.
However, it works with LINQPad. The SQL query doesn't work with it though.
[There was an error parsing the query. Token in error = right]
-
Attachments
-
-
jimimaseye
- Moderator
- Posts: 10060
- Joined: 2011-09-08 17:48
Post
by jimimaseye » 2018-06-11 23:51
Are you using the correct password? (It is not the admin password but the database password, decrypted, as stored in your ini file).
I know it works because i have used it myself.
Also are you using a windows user that had access permissions to the file (the same as your hmailserver service does).
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
MarHMS
- Normal user
- Posts: 136
- Joined: 2015-12-11 17:10
Post
by MarHMS » 2018-06-11 23:58
jimimaseye wrote: ↑2018-06-11 23:51
Are you using the correct password? (It is not the admin password but the database password, decrypted, as stored in your ini file).
I know it works because i have used it myself.
Yes, it is the correct password. I followed the procedure to acquire the password, and same was used to access the database in a different application, LINQPad. However, the new issue was with the SQL command.
I'm now getting the below error when I ran it as an Administrator.
I'm aware that this error is related to us using the default database rather than an external one. Same will be addressed soon.
-
Attachments
-
-
MarHMS
- Normal user
- Posts: 136
- Joined: 2015-12-11 17:10
Post
by MarHMS » 2018-06-13 00:13
@jimimaseye any word on the SQL query?
-
jimimaseye
- Moderator
- Posts: 10060
- Joined: 2011-09-08 17:48
Post
by jimimaseye » 2018-06-13 00:16
MarHMS wrote: ↑2018-06-13 00:13
@jimimaseye any word on the SQL query?
I'm away at the moment so not with computer to test. I will reply when I'm back.
[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
MarHMS
- Normal user
- Posts: 136
- Joined: 2015-12-11 17:10
Post
by MarHMS » 2018-06-19 15:22
jimimaseye wrote: ↑2018-06-13 00:16
MarHMS wrote: ↑2018-06-13 00:13
@jimimaseye any word on the SQL query?
I'm away at the moment so not with computer to test. I will reply when I'm back.
[Entered by mobile. Excuse my spelling.]
Just a simple reminder
-
jimimaseye
- Moderator
- Posts: 10060
- Joined: 2011-09-08 17:48
Post
by jimimaseye » 2018-06-21 00:27
It seems that DatabasePortable has some restrictions on what it accepts as syntax the some rather limited SQL commands.
You can test for the absolute paths using:
Code: Select all
SELECT * FROM hm_messages where messagefilename not like '{%' ;
Im not sure how you can update them though (if it returns some results) because the DatabasePortable doesnt like the LEFT() and RIGHT() operators.
Lets hope that all of your paths are relative (ie, the above statement doesnt return any results).
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
jimimaseye
- Moderator
- Posts: 10060
- Joined: 2011-09-08 17:48
Post
by jimimaseye » 2018-06-21 01:08
Here you go:
The guide has been updated with commands that will also work for you using DatabaseBrowser:
viewtopic.php?f=21&t=28914
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
MarHMS
- Normal user
- Posts: 136
- Joined: 2015-12-11 17:10
Post
by MarHMS » 2018-06-23 10:54
Thanks a lot! Will try on Monday.
-
MarHMS
- Normal user
- Posts: 136
- Joined: 2015-12-11 17:10
Post
by MarHMS » 2018-06-25 22:09
It works on my test environment... thanks a lot...
Now to migrate this database to SQL Server and perform the updates.