a, the PAUSE or stop function in hmailserver doesnt work (gui 'freezes' or the ComAPI command oApp.stop command freezes)
b, trying to issue a STOP to the windows service also fails to complete.
Code: Select all
C:\Users\Administrator>net stop hmailserver The service is not responding to the control function. More help is available by typing NET HELPMSG 2186.
But then tonight, whilst using TCPVIEW, I noticed that as soon as Hmailserver service is started I have a load of SYN_RCVD appear almost immediately from the same range of IP addresses (91.203.101.xxx and 91.203.103.xxx) on to port 587. And they seemingly stayed around at SYN_RCVD state and steadily increased in quantity (see attached screenshot).
Putting autoban range in to cover the addresses didnt make any difference. And even enabling TCP logging and event.log writing of oClient.ipaddress didnt actually record anything out to the the logs. Very weird.
However, as soon as I put the range in to windows firewall (inbound port) to block those addresses in they immediately disappeared (as you would expect) and normal service resumed (gui PAUSE was responsive and net stop / net start worked as it should).
Does anyone know:
a, who these address belong to? Some of them resolved to 'askalo .info', and all are located in Germany.
b, Why do they sit at SYN_RCVD and not move to any other state?
c, Why, at that state, are they seriously screwing around with the performance of the hmailserver service (inability to pause or stop completely) ?
d, WHY ME?! Is anyone else having similar?
e, Why doesnt the connection reach Hmailserver and show as a connection in logging (or hit its autoban range) despite being port 587 and showing as connected (at SYN_RCVD state) to the hmailserver.exe process?
@pailnka: you have similar issues with your serviuce not stopping cleanly. You chould sheck your system at these times too
@Dravion: come on big man, give me the answers.