Hardening hMailServer - The ongoing saga!
Re: Hardening hMailServer - The ongoing saga!
SorenR(or other guru) are there any rules around the ODBC driver that has to be installed for either the 64/32-bit driver in Part 3 or doesn't it matter. If everything is 64-bit obviously use the 64-bit driver, but if hMail is 32-bit using 32-bit mysql.dll and MySQL is V8.x(64-bit) should I stick with the 32-bit driver or we don't care.
Re: Hardening hMailServer - The ongoing saga!
I'm still running 32-bit on my old server but as far as I can read, your driver need to follow your database, however there are other issues with the latest versions of MySQL. Perhaps MariaDB is worth looking intoCraigT wrote: ↑2020-05-02 08:37SorenR(or other guru) are there any rules around the ODBC driver that has to be installed for either the 64/32-bit driver in Part 3 or doesn't it matter. If everything is 64-bit obviously use the 64-bit driver, but if hMail is 32-bit using 32-bit mysql.dll and MySQL is V8.x(64-bit) should I stick with the 32-bit driver or we don't care.
SørenR.
To understand recursion, you must first understand recursion.
To understand recursion, you must first understand recursion.
Re: Hardening hMailServer - The ongoing saga!
Got it. Thanks guys. Waiting on the 64-bit hMailserver for a production server to do the update so everything is 64-bit, but Soren's scripts are too good to pass up, as the server seems to have an attraction to "sheskyhigh" and "blueskyhotel" plus a few others just connecting and dropping out. Plus it will make the log file much shorter. 
Re: Hardening hMailServer - The ongoing saga!
Just an idea, might prevent genuine user to be listed in IDS which experience unexpected timeouts or the alike
Code: Select all
Sub OnClientLogon(oClient)
If oClient.Authenticated then
REM Unregister IP address from IDS registry
Call idsDelIP(oClient.IPAddress)
End if
End Sub
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Hardening hMailServer - The ongoing saga!
Have you checked how many times IMAP authenticate during a session ?RvdH wrote: ↑2020-05-10 15:38Just an idea, might prevent genuine user to be listed in IDS which experience unexpected timeouts or the alikeCode: Select all
Sub OnClientLogon(oClient) If oClient.Authenticated then REM Unregister IP address from IDS registry Call idsDelIP(oClient.IPAddress) End if End Sub
The idea is to check SMTP traffic only and the IP is registered in OnClientConnect and unregistered in OnAcceptMessage. I have not had one false positive since I introduced it in my script over 1 years ago.
SørenR.
To understand recursion, you must first understand recursion.
To understand recursion, you must first understand recursion.
Re: Hardening hMailServer - The ongoing saga!
Quite often, but that check will take maybe 000.1 second, especially when it doesn't exist....but you also could specify ports or just ignore the suggestionSorenR wrote: ↑2020-05-10 17:33Have you checked how many times IMAP authenticate during a session ?RvdH wrote: ↑2020-05-10 15:38Just an idea, might prevent genuine user to be listed in IDS which experience unexpected timeouts or the alikeCode: Select all
Sub OnClientLogon(oClient) If oClient.Authenticated then REM Unregister IP address from IDS registry Call idsDelIP(oClient.IPAddress) End if End Sub
The idea is to check SMTP traffic only and the IP is registered in OnClientConnect and unregistered in OnAcceptMessage. I have not had one false positive since I introduced it in my script over 1 years ago.
I know i will utilize it
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Hardening hMailServer - The ongoing saga!
Heyho,
i'm running a hMailServer on a Window-Server and i want to use this scripts:
#2 How to only allow client access from specific GEO locations. --> viewtopic.php?p=209543#p209543
#3 How to stop the annoying half-connections from BOT's and misconfigured spammers. --> viewtopic.php?p=209545#p209545
I found the "Scripts"-Button in "Advanced"-Settings, but i'm new in hMailServer and i don't know how to implement the scripts to my Server
I hope you can help me or show me a tutorial for that.
Thanks in advance.
Greetings
Colin
i'm running a hMailServer on a Window-Server and i want to use this scripts:
#2 How to only allow client access from specific GEO locations. --> viewtopic.php?p=209543#p209543
#3 How to stop the annoying half-connections from BOT's and misconfigured spammers. --> viewtopic.php?p=209545#p209545
I found the "Scripts"-Button in "Advanced"-Settings, but i'm new in hMailServer and i don't know how to implement the scripts to my Server
I hope you can help me or show me a tutorial for that.
Thanks in advance.
Greetings
Colin
Re: Hardening hMailServer - The ongoing saga!
basic scripting here >> https://www.hmailserver.com/documentati ... ce_scripts
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Hardening hMailServer - The ongoing saga!
Thanks for your reply!
So if i want to implement this Script "#2 How to only allow client access from specific GEO locations." my "EventHandlers.vbs" should look like this?
Which data must i enter here?
And where can i get the "codes" for germany, so that i can only connect from german country / ip?
Thanks in advance!
Greetings
So if i want to implement this Script "#2 How to only allow client access from specific GEO locations." my "EventHandlers.vbs" should look like this?
Code: Select all
Option Explicit
'******************************************************************************************************************************
'********** Settings **********
'******************************************************************************************************************************
'
' COM authentication
'
Private Const ADMIN = "Administrator"
Private Const PASSWORD = "########"
'******************************************************************************************************************************
'********** Functions **********
'******************************************************************************************************************************
Function GeoLookup(strIP) : GeoLookup = "zz"
Dim a, element, group, strLookup
a = Split(strIP, ".")
With CreateObject("DNSLibrary.DNSResolver")
strLookup = .TXT(a(3) & "." & a(2) & "." & a(1) & "." & a(0) & ".zz.countries.nerd.dk")
End With
If Trim(strLookup) = "" Then
EventLog.Write( "- GeoLookup(" & strIP & ") = " & GeoLookup )
Exit Function
End If
group = Split(strLookup, vbCrLf)
If UBound(group) > 0 Then
For Each element In group
If (Trim(element) <> "") Then EventLog.Write( "- GeoLookup(" & strIP & ") = " & element )
Next
Else
GeoLookup = group(0)
End If
End Function
'******************************************************************************************************************************
'********** hMailServer Triggers **********
'******************************************************************************************************************************
Sub OnClientConnect(oClient)
'
' Exclude local LAN from test
'
If (Left(oClient.IPAddress, 10) = "192.168.0.") Then Exit Sub
'
' Only allow non-SMTP connect from "Rigsfællesskabet"/"Naalagaaffeqatigiit"/"Ríkisfelagsskapurin" = The Danish Realm.
' zz = N/A, dk = Denmark, gl = Greenland, fo = Faroe Islands
'
If (oClient.Port <> 25) Then
If (InStr("|dk|gl|fo|", GeoLookup(oClient.IPAddress)) = 0) Then
Result.Value = 1
Exit Sub
End If
End If
End Sub
' Sub OnSMTPData(oClient, oMessage)
' End Sub
' Sub OnAcceptMessage(oClient, oMessage)
' End Sub
' Sub OnDeliveryStart(oMessage)
' End Sub
' Sub OnDeliverMessage(oMessage)
' End Sub
' Sub OnBackupFailed(sReason)
' End Sub
' Sub OnBackupCompleted()
' End Sub
' Sub OnError(iSeverity, iCode, sSource, sDescription)
' End Sub
' Sub OnDeliveryFailed(oMessage, sRecipient, sErrorMessage)
' End Sub
' Sub OnExternalAccountDownload(oFetchAccount, oMessage, sRemoteUID)
' End SubCode: Select all
Private Const ADMIN = "Administrator"
Private Const PASSWORD = "########"Thanks in advance!
Greetings
Re: Hardening hMailServer - The ongoing saga!
The admin user MUST be = 'Administrator"udgesbou wrote: ↑2021-04-06 21:11Which data must i enter here?Code: Select all
Private Const ADMIN = "Administrator" Private Const PASSWORD = "########"
The PASSWORD is your hMailserver admin GUI password
Germany is 127.0.1.20
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Hardening hMailServer - The ongoing saga!
Maybe simply look at the examples given/quoted?
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Hardening hMailServer - The ongoing saga!
Hello,palinka wrote: ↑2019-10-31 10:58I discovered that yesterday too. I added outbound.protection.outlook.com$ to the list of "known false positives" so they skip the test.nitro wrote: ↑2019-10-31 10:28You have to be careful with the lords of Microsoft.
It can be a false positive in, FQDN as HELO.
Code: Select all
AM5EUR02FT035.mail.protection.outlook.com EUR04-DB3-obe.outbound.protection.outlook.com EUR03-VE1-obe.outbound.protection.outlook.com
I've notice that emails from "protection.outlook.com" mark as spam or "known false positives" though it isn't, which list do I add these so it could skip the test?
Re: Hardening hMailServer - The ongoing saga!
viewtopic.php?f=20&t=33602ashtec014 wrote: ↑2021-06-06 09:32Hello,palinka wrote: ↑2019-10-31 10:58I discovered that yesterday too. I added outbound.protection.outlook.com$ to the list of "known false positives" so they skip the test.nitro wrote: ↑2019-10-31 10:28You have to be careful with the lords of Microsoft.
It can be a false positive in, FQDN as HELO.
Code: Select all
AM5EUR02FT035.mail.protection.outlook.com EUR04-DB3-obe.outbound.protection.outlook.com EUR03-VE1-obe.outbound.protection.outlook.com
I've notice that emails from "protection.outlook.com" mark as spam or "known false positives" though it isn't, which list do I add these so it could skip the test?
Have a look at this thread.
Re: Hardening hMailServer - The ongoing saga!
Hello All, Hope everyone fine.
I am trying to extend the functionality of IDS to make a threatfeed (text file) for my Hardware firewall to block the IP from Firewall itself.
- take the IP which the IDS is blocking
- Check if threatfeed text file exists if not create it
- check if IP is already listed in file and if not write it to new line in the test file.
IS the below code perfect? as I am not able to get IP's blocked by IDS in the file.
the FULL IDSADDIP Function
I am trying to extend the functionality of IDS to make a threatfeed (text file) for my Hardware firewall to block the IP from Firewall itself.
- take the IP which the IDS is blocking
- Check if threatfeed text file exists if not create it
- check if IP is already listed in file and if not write it to new line in the test file.
IS the below code perfect? as I am not able to get IP's blocked by IDS in the file.
the FULL IDSADDIP Function
Code: Select all
Function idsAddIP(sIPAddress, iPort)
Dim oApp : Set oApp = CreateObject("hMailServer.Application")
Call oApp.Authenticate(ADMIN, PASSWORD)
Include(oApp.Settings.Directories.EventDirectory & "\VbsJson.vbs") '<---- It Points to Event Directory
Dim ReturnCode, Json, oGeoip, oXML
Set Json = New VbsJson
'new GEOIPLOOKUP
Dim m_CountryCode, m_CountryName
Call GeoIPLookup(sIPAddress, m_CountryCode, m_CountryName)
On Error Resume Next
Dim idsTable
idsTable = DBIDSTBL
Dim strSQL, oDB : Set oDB = GetDatabaseObject
If IsMySQL Then
strSQL = "INSERT INTO hm_ids (timestamp,ipaddress,port,hits,country) VALUES (" & DBGetCurrentDateTime() & ",'" & sIPAddress & "','" & iPort & "',1,'" & m_CountryName & "') ON DUPLICATE KEY UPDATE hits=(hits+1),TIMESTAMP=" & DBGetCurrentDateTime() & ";"
ElseIf IsMSSQL Then
strSQL = "IF NOT EXISTS (SELECT 1 FROM " & idsTable & " WHERE ipaddress = '" & sIPAddress & "') INSERT INTO " & idsTable & " (timestamp,ipaddress,port,hits,country) VALUES (" & DBGetCurrentDateTime() & ",'" & sIPAddress & "'," & iPort &",'1','" & m_CountryName & "') ELSE UPDATE " & idsTable & " SET hits=(hits+1), timestamp=" & DBGetCurrentDateTime() & " WHERE ipaddress= '" & sIPAddress & "';"
End If
Set objFSO = Wscript.CreateObject("Scripting.FileSystemObject")
Set objShell = Wscript.CreateObject("Wscript.Shell")
Const FORREADING = 1
Const FORWRITING = 2
Const FORAPPENDING = 8
Dim sToSearch: sToSearch = "sIPAddress"
Dim sFileName: sFileName = "C:\inetpub\wwwroot\Threatfeed\ids_iplist.txt"
Dim sContent, Found
If Not objFSO.FileExists(sFileName) Then
EventLog.Write( "Function IDSADDIP - ERROR: ids_iplist.txt doesnot exist" )
Set TxtFile = objFSO.OpenTextFile(sFileName, ForWriting, True)
TxtFile.WriteLine sToSearch
WScript.Quit 0
End If
Set TxtFile = objFSO.OpenTextFile(sFileName,FORREADING)
sContent = TxtFile.ReadAll
If InStr(sContent,sToSearch) Then Found = True End If
Set TxtFile = Nothing
If Not Found Then
Set TxtFile = objFSO.OpenTextFile(sFileName,FORAPPENDING)
TxtFile.WriteLine sToSearch
End If
Set sFileName = Nothing
Call oDB.ExecuteSQL(strSQL)
Set oDB = Nothing
End Function
Re: Hardening hMailServer - The ongoing saga!
First, are you using MySQL or MSSQL? You don't need both.
Secondly, you're probably better off running a handler script that adds ips from the database to the text file. In that case, you may want to add a new column that let's you know if the ip has been picked up by the handler script already, so you don't have any duplication. Then nothing would change from the original script in your eventhandlers.vbs and you would run the handler from task scheduler every hour or whatever.
Secondly, you're probably better off running a handler script that adds ips from the database to the text file. In that case, you may want to add a new column that let's you know if the ip has been picked up by the handler script already, so you don't have any duplication. Then nothing would change from the original script in your eventhandlers.vbs and you would run the handler from task scheduler every hour or whatever.
Re: Hardening hMailServer - The ongoing saga!
Hi,
I am using MYSQL (MSSQL I just kept don't know why?)
2nd, I want to use the code to write/delete the ip for both function IDSAPPIP and IDSDELIP in eventhandlers so as if the ip is removed by IDS then it is also removed from the text file.
very bad at coding just use the snippets from the internet and transform them to my use.
I am using MYSQL (MSSQL I just kept don't know why?)
2nd, I want to use the code to write/delete the ip for both function IDSAPPIP and IDSDELIP in eventhandlers so as if the ip is removed by IDS then it is also removed from the text file.
very bad at coding just use the snippets from the internet and transform them to my use.
Re: Hardening hMailServer - The ongoing saga!
There's a flaw in your logic / sequence of events. There's a reason there is a 3 strike rule. Some connections that get added to ids are false positives caused by network errors and such. You don't want to firewall ban those IPs until you're sure that they're actually malicious. Therefore, you don't want to add them to the text file every time IDSADD is called. You will only want to add them when they reach the strike limit, at which point you're more sure that the IP is malicious and not the result of a temporary error.
Try this. Revert the code back to the original. Then run this powershell from task scheduler every 5 minutes. I pulled this out of my firewall ban code. Its not tested!
Try this. Revert the code back to the original. Then run this powershell from task scheduler every 5 minutes. I pulled this out of my firewall ban code. Its not tested!
Code: Select all
### MYSQL VARIABLES ###
$DatabaseType = 'MYSQL'
$SQLAdminUserName = 'hmailserver'
$SQLAdminPassword = 'supersecretpassword'
$SQLDatabase = 'hmailserver'
$SQLHost = '127.0.0.1'
$SQLPort = 3306
$SQLSSL = 'none'
### SQL SSL OPTIONS ###
# Set to 'none' if Powershell and MySQL on same machine
#
# None - Do not use SSL.
# Preferred - Use SSL if the server supports it, but allow connection in all cases.
# Required - Always use SSL. Deny connection if server does not support SSL.
# VerifyCA - Always use SSL. Validate the CA but tolerate name mismatch.
# VerifyFull - Always use SSL. Fail if the host name is not correct.
### IDS OPTIONS ###
$IDSIPList = 'C:\inetpub\wwwroot\Threatfeed\IDSIPList.txt'
$IDSNew = 5 # New Entries interval in minutes
$IDSExpire = 3 # Interval in days
Function MySQLQuery($Query) {
$Today = (Get-Date).ToString("yyyyMMdd")
$DBErrorLog = "$PSScriptRoot\$Today-DBError.log"
$ConnectionString = "server=" + $SQLHost + ";port=" + $SQLPort + ";uid=" + $SQLAdminUserName + ";pwd=" + $SQLAdminPassword + ";database=" + $SQLDatabase + ";SslMode=" + $SQLSSL + ";"
Try {
[void][System.Reflection.Assembly]::LoadWithPartialName("MySql.Data")
$Connection = New-Object MySql.Data.MySqlClient.MySqlConnection
$Connection.ConnectionString = $ConnectionString
$Connection.Open()
$Command = New-Object MySql.Data.MySqlClient.MySqlCommand($Query, $Connection)
$DataAdapter = New-Object MySql.Data.MySqlClient.MySqlDataAdapter($Command)
$DataSet = New-Object System.Data.DataSet
$RecordCount = $dataAdapter.Fill($dataSet, "data")
$DataSet.Tables[0]
}
Catch {
Write-Output "$(Get-Date -f G) : ERROR : Unable to run query : $query `n$($Error[0])" | Out-File $DBErrorLog -Append -Encoding ASCII
}
Finally {
$Connection.Close()
}
}
<#######################################>
<# #>
<# IDS #>
<# (Intrusion Detection System) #>
<# #>
<#######################################>
<# Pickup entries from IDS #>
$Query = "SELECT ipaddress FROM hm_ids WHERE hits > 2 AND timestamp > (NOW() - INTERVAL $IDSNew MINUTE);"
MySQLQuery $Query | foreach {
<# Add to IDSIPList #>
$_ | Out-File $IDSIPList -Append -Encoding ASCII
}
<# Expire old IDS entries #>
$Query = "SELECT ipaddress FROM hm_ids WHERE timestamp < (NOW() - INTERVAL $IDSExpire DAY);"
MySQLQuery $Query | ForEach {
Set-Content -Path $IDSIPList -Value (Get-Content -Path $IDSIPList | Select-String -Pattern '$($_)' -NotMatch)
}
$Query = "DELETE FROM hm_ids WHERE timestamp < (NOW() - INTERVAL $IDSExpire DAY);"
MySQLQuery $Query
Re: Hardening hMailServer - The ongoing saga!
Atlast Got some hits
Any help how to remove the column headers
OUTPUT OF "IDSIPList.txt"
Any help how to remove the column headers
OUTPUT OF "IDSIPList.txt"
Code: Select all
ipaddress <<<< REMOVE THIS
--------- <<<< AND THIS
51.81.155.71
ipaddress
---------
103.150.8.116
ipaddress
---------
185.167.97.31
ipaddress
---------
185.180.143.77
ipaddress
---------
112.132.123.233
Re: Hardening hMailServer - The ongoing saga!
Change this line:gotspatel wrote: ↑2021-12-10 14:47Atlast Got some hits
Any help how to remove the column headers
OUTPUT OF "IDSIPList.txt"
Code: Select all
ipaddress <<<< REMOVE THIS --------- <<<< AND THIS 51.81.155.71 ipaddress --------- 103.150.8.116 ipaddress --------- 185.167.97.31 ipaddress --------- 185.180.143.77 ipaddress --------- 112.132.123.233
Code: Select all
$_ | Out-File $IDSIPList -Append -Encoding ASCIICode: Select all
$_.ipaddress | Out-File $IDSIPList -Append -Encoding ASCIIRe: Hardening hMailServer - The ongoing saga!
This Worked and Also I have integrated it in your Firewall ban Scriptpalinka wrote: ↑2021-12-10 16:17Code: Select all
$_.ipaddress | Out-File $IDSIPList -Append -Encoding ASCII
Re: Hardening hMailServer - The ongoing saga!
You said you might make a new post for IDS. Still waiting.SorenR wrote: ↑2019-01-28 17:57#3 How to stop the annoying half-connections from BOT's and misconfigured spammers
This is an attempt to create some form of IDS (Intrusion Detection System) into hMailServer. It works by using the system database of hMailServer - in this case MySQL.
Functionality:
Case A.
1 - When server connect on port 25, the IP address is added to the IDS registry.
2 - When this connection produces an email, the IP address is removed from IDS registry.
3 - A handler will load data from the database and determine if a BAN on the IP address is needed.
Case B.
1 - A connection from outside the defined Realm is detected, the IP address is added to the IDS registry
2 - A handler will load data from the database and BAN the IP address.
The code is split into two in order to put as little stress on hMailServer mail functionality as possible.
The file Handler.vbs is executed by Windows Scheduler every 1 minute and will do the banning and housekeeping of the IDS registry.
Banning criteria:
1: Violation of Realm = immediate BAN
2: 3 "half-connections" within 180 minutes.
File: EventHandlers.vbsFile: Handler.vbsCode: Select all
Option Explicit '****************************************************************************************************************************** '********** Settings ********** '****************************************************************************************************************************** ' ' COM authentication ' Private Const ADMIN = "Administrator" Private Const PASSWORD = "########" '****************************************************************************************************************************** '********** hMailServer IDS Client Code (MySQL) ********** '****************************************************************************************************************************** Private Const idsTable = "hm_ids" ' ' DRIVER={MySQL ODBC 5.3 Unicode Driver};Server=localhost;Port=3306;Database=%idsdb%;Uid=%idsuid%;Pwd=%idspwd%;Option=3; ' ' Table: CREATE TABLE %idsTable% ( ' timestamp DATETIME, ' ipaddress VARCHAR (192) PRIMARY KEY, ' port INTEGER, ' hits INTEGER); ' Function idsAddIP(sIPAddress, iPort) Dim strSQL, oDB : Set oDB = GetDatabaseObject strSQL = "INSERT INTO " & idsTable & " (timestamp,ipaddress,port,hits) VALUES (NOW(),'" & sIPAddress & "'," & iPort & ",1) ON DUPLICATE KEY UPDATE hits=(hits+1),timestamp=NOW();" Call oDB.ExecuteSQL(strSQL) End Function Function idsDelIP(sIPAddress) Dim strSQL, oDB : Set oDB = GetDatabaseObject strSQL = "DELETE FROM " & idsTable & " WHERE ipaddress = '" & sIPAddress & "';" Call oDB.ExecuteSQL(strSQL) End Function '****************************************************************************************************************************** '********** Functions ********** '****************************************************************************************************************************** Function GetDatabaseObject() Dim oApp : Set oApp = CreateObject("hMailServer.Application") Call oApp.Authenticate(ADMIN, PASSWORD) Set GetDatabaseObject = oApp.Database End Function Function GeoLookup(strIP) : GeoLookup = "zz" Dim a, element, group, strLookup a = Split(strIP, ".") With CreateObject("DNSLibrary.DNSResolver") strLookup = .TXT(a(3) & "." & a(2) & "." & a(1) & "." & a(0) & ".zz.countries.nerd.dk") End With If Trim(strLookup) = "" Then EventLog.Write( "- GeoLookup(" & strIP & ") = " & GeoLookup ) Exit Function End If group = Split(strLookup, vbCrLf) If UBound(group) > 0 Then For Each element In group If (Trim(element) <> "") Then EventLog.Write( "- GeoLookup(" & strIP & ") = " & element ) Next Else GeoLookup = group(0) End If End Function '****************************************************************************************************************************** '********** hMailServer Triggers ********** '****************************************************************************************************************************** Sub OnClientConnect(oClient) ' ' Exclude local LAN from test ' If (Left(oClient.IPAddress, 10) = "192.168.0.") Then Exit Sub ' ' Only allow non-SMTP connect from "Rigsfællesskabet"/"Naalagaaffeqatigiit"/"Ríkisfelagsskapurin" = The Danish Realm. ' zz = N/A, dk = Denmark, gl = Greenland, fo = Faroe Islands ' If (oClient.Port <> 25) Then If (InStr("|dk|gl|fo|", GeoLookup(oClient.IPAddress)) = 0) Then ' ' Add unauthorized access to IDS registry ' Call idsAddIP(oClient.IPAddress, oClient.Port) Result.Value = 1 Exit Sub End If End If ' ' Only test SMTP traffic on defined ports 25, 587 and 465. ' Register IP address in IDS registry. ' If (InStr("|25|587|465|", oClient.Port) > 0) Then Call idsAddIP(oClient.IPAddress, 0) End Sub '* Sub OnHELO(oClient) '* End Sub '* '* ********** SPAM test: DNSBlackLists, HeloHost, MXRecords, SPF '* '* Sub OnSMTPData(oClient, oMessage) '* End Sub '* '* ********** SPAM test: SURBL, DKIM, SpamAssassin '* Sub OnAcceptMessage(oClient, oMessage) ' ' Unregister IP address from IDS registry ' Call idsDelIP(oClient.IPAddress) End Sub '* '* ********** Saving EML to DATA '* '* Sub OnDeliveryStart(oMessage) '* End Sub '* '* ********** Antivirus check, Global rules '* '* Sub OnDeliverMessage(oMessage) '* End Sub '* '* ********** Local rules, Message delivered to recipient(s) '* '* Sub OnDeliveryFailed(oMessage, sRecipient, sErrorMessage) '* End Sub '* Sub OnExternalAccountDownload(oFetchAccount, oMessage, sRemoteUID) '* End Sub '* Sub OnBackupFailed(sReason) '* End Sub '* Sub OnBackupCompleted() '* End Sub '* Sub OnError(iSeverity, iCode, sSource, sDescription) '* End Sub '****************************************************************************************************************************** '********** END ********** '******************************************************************************************************************************NOTE:Code: Select all
Option Explicit '****************************************************************************************************************************** '********** Settings ********** '****************************************************************************************************************************** ' ' COM authentication ' Private Const ADMIN = "Administrator" Private Const PASSWORD = "########" ' ' MySQL ' Private Const DBNAME = "hmailserver" Private Const DBUID = "hmsuser" Private Const DBPW = "########" Private Const idsTable = "hm_ids" Private Const idsHits = 3 Private Const idsMinutes = 180 Dim idsDBDrv : idsDBDrv = "DRIVER={MySQL ODBC 5.3 Unicode Driver};Database="&DBNAME&";Uid="&DBUID&";Pwd="&DBPW&";Option=3;" ' ' DRIVER={MySQL ODBC 5.3 Unicode Driver};Server=localhost;Port=3306;Database=%idsdb%;Uid=%idsuid%;Pwd=%idspwd%;Option=3; ' ' Table: CREATE TABLE %idsTable% ( ' timestamp DATETIME, ' ipaddress VARCHAR (192) PRIMARY KEY, ' port INTEGER, ' hits INTEGER); ' '****************************************************************************************************************************** '********** Classes ********** '****************************************************************************************************************************** Class LogWriter Private m_oApp, m_LogID, m_LogFile, m_LogType, m_LogDir Private i, t, temp, strDay, strMonth, strTime, strLogFile, strLogDate Private Sub Class_Initialize() Set m_oApp = CreateObject("hMailServer.Application") Call m_oApp.Authenticate(ADMIN, PASSWORD) m_LogFile = "LogWriter" m_LogType = "M" m_LogDir = m_oApp.Settings.Directories.LogDirectory m_LogID = CStr(m_oApp.Status.ProcessedMessages) End Sub Private Sub Class_Terminate() ' ' Termination code goes here. ' End Sub Public Property Let LogFile(strFile) m_LogFile = Trim(strFile) End Property Public Property Let LogDir(strDir) If (Right(strDir, 1) = "\") Then m_LogDir = Trim(Left(strDir, Len(strDir) - 1)) Else m_LogDir = Trim(strDir) End If End Property Public Property Let LogType(strType) m_LogType = Trim(strType) End Property Public Function Wait(sec) With CreateObject("WScript.Shell") .Run "timeout /T " & Int(sec), 0, True ' Windows 7/2003/2008 or later ' .Run "sleep -m " & Int(sec * 1000), 0, True ' Windows 2003 Resource Kit ' .Run "powershell Start-Sleep -Milliseconds " & Int(sec * 1000), 0, True End With End Function Public Function OpenFile(strPath) Const Append = 8 Const Unicode = -1 With CreateObject("Scripting.FileSystemObject") Dim oFile For i = 0 To 30 On Error Resume Next Set oFile = .OpenTextFile(strPath, Append, True, Unicode) If Not (Err.Number = 70) Then Set OpenFile = oFile On Error Goto 0 Exit For End If On Error Goto 0 Wait(1) Next End With If (Err.Number = 70) Then EventLog.Write( "ERROR: VBScript Class LogWriter" ) EventLog.Write( "File " & strPath & " is locked and timeout was exceeded." ) Err.Clear ElseIf (Err.Number <> 0) Then EventLog.Write( "ERROR: VBScript Class LogWriter : Function OpenFile" ) EventLog.Write( "Error : " & Err.Number ) EventLog.Write( "Error (hex) : 0x" & Hex(Err.Number) ) EventLog.Write( "Source : " & Err.Source ) EventLog.Write( "Description : " & Err.Description ) Err.Clear End If End Function Public Function Write(strText) t = Timer temp = Int(t) strMonth = DatePart("yyyy",Date) & "-" & Right("0" & DatePart("m",Date), 2) strDay = strMonth & "-" & Right("0" & DatePart("d",Date), 2) strTime = Right("0" & Hour(Now), 2) & ":" &_ Right("0" & Minute(Now), 2) & ":" &_ Right("0" & Second(Now), 2) & "." &_ Right("00" & (Int((t-temp) * 1000)), 3) strLogDate = strDay & " " & strTime If (m_LogType = "M") Then strLogFile = m_LogDir & "\" & m_LogFile & "_" & strMonth & ".log" Else strLogFile = m_LogDir & "\" & m_LogFile & "_" & strDay & ".log" End If With OpenFile(strLogFile) .WriteLine(m_LogID & vbTab & Chr(34) & strLogDate & Chr(34) & vbTab & Chr(34) & strText & Chr(34)) .Close End With Write = Err.Number End Function End Class '****************************************************************************************************************************** '********** Functions ********** '****************************************************************************************************************************** Function AutoBan(sIPAddress, sReason, iDuration, sType) : AutoBan = False ' ' sType can be one of the following; ' "yyyy" Year, "m" Month, "d" Day, "h" Hour, "n" Minute, "s" Second ' On Error Resume Next If (oApp.Settings.SecurityRanges.ItemByName("(" & sReason & ") " & sIPAddress) Is Nothing) Then With oApp.Settings.SecurityRanges.Add .Name = "(" & sReason & ") " & sIPAddress .LowerIP = sIPAddress .UpperIP = sIPAddress .Priority = 20 .Expires = True .ExpiresTime = DateAdd(sType, iDuration, Now()) .Save End With AutoBan = True End If oApp.Settings.SecurityRanges.Refresh On Error Goto 0 End Function '****************************************************************************************************************************** '********** CODE ********** '****************************************************************************************************************************** Dim oApp : Set oApp = CreateObject("hMailServer.Application") Call oApp.Authenticate(ADMIN, PASSWORD) Dim EventLog : Set EventLog = CreateObject("hMailServer.EventLog") Dim EventLogX : Set EventLogX = New LogWriter ' ' Name of the logfile. ' Default is monthly logs, for daily logs add: EventLogX.LogType = "D" ' EventLogX.LogFile = "handler" Dim strPort Dim oRecord, oConn : Set oConn = CreateObject("ADODB.Connection") oConn.Open idsDBDrv If oConn.State <> 1 Then EventLog.Write( "Handler - ERROR: Could not connect to database" ) WScript.Quit 1 End If Set oRecord = oConn.Execute("SELECT * FROM " & idsTable & " WHERE hits > " & idsHits & " AND port = 0;") If Err.Number <> 0 Then EventLog.Write( "Handler - ERROR: Table " & idsTable & " does not exist!" ) WScript.Quit 1 End If If Not oRecord.BOF And Not oRecord.EOF Then While Not oRecord.EOF EventLogX.Write( "Wohoo... IPAddress: " & oRecord("ipaddress") & " Port: " & oRecord("port") & " Hits: " & oRecord("hits") ) If (DateDiff("n", oRecord("timestamp"), Now()) < idsMinutes) Then If AutoBan(oRecord("ipaddress"), "IDS", 7, "d") Then _ EventLogX.Write( "AutoBan(" & oRecord("ipaddress") & ", IDS, 7, d)" ) End If oConn.Execute "DELETE FROM " & idsTable & " WHERE ipaddress = '" & oRecord("ipaddress") & "';" oRecord.MoveNext Wend End If Set oRecord = oConn.Execute("SELECT * FROM " & idsTable & " WHERE hits > " & idsHits & " AND port > 0;") If Not oRecord.BOF And Not oRecord.EOF Then While Not oRecord.EOF EventLogX.Write( "Wohoo... IPAddress: " & oRecord("ipaddress") & " Port: " & oRecord("port") & " Hits: " & oRecord("hits") ) If (DateDiff("n", oRecord("timestamp"), Now()) < idsMinutes) Then strPort = Trim(Mid("SMTP IMAP SMTPSSUBM IMAPS", InStr("25 143 465 587 993 ", oRecord("port")), 5)) If AutoBan(oRecord("ipaddress"), "GEOBLOCK - " & strPort, 7, "d") Then _ EventLogX.Write( "AutoBan(" & oRecord("ipaddress") & ", GEOBLOCK - " & strPort & ", 7, d)" ) End If oConn.Execute "DELETE FROM " & idsTable & " WHERE ipaddress = '" & oRecord("ipaddress") & "';" oRecord.MoveNext Wend End If oConn.Execute "DELETE FROM " & idsTable & " WHERE DATE_ADD(timestamp, INTERVAL 1 DAY) < NOW();" oConn.Close '****************************************************************************************************************************** '********** END ********** '******************************************************************************************************************************
Sub OnHELO(oClient) is NOT available in the original compilation.
If you wish to make use of this added trigger please see https://www.hmailserver.com/forum/viewt ... 39#p206039
ActiveX object DNSLibrary can be obtained from https://d-fault.nl/files/DNSResolverCom ... .3.exe.zip
Anyway, that inspired me to throw together a php viewer/stats app for it.
Demo: https://firewallban.dynu.net/ids/
Code: https://github.com/palinkas-jo-reggelt/ ... IDS-Viewer
And I'll be damned... I haven't even promoted it and it already has 72 clones at github. I did post a link to the demo in that other thread, but not to the code.
It doesn't even do much.
But it has dials and charts. Re: Hardening hMailServer - The ongoing saga!
Code: Select all
'******************************************************************************************************************************
'********** hMailServer Triggers **********
'******************************************************************************************************************************
Sub OnClientConnect(oClient)
'
' Exclude local LAN from test
'
If (Left(oClient.IPAddress, 10) = "192.168.0.") Then Exit Sub
'
' Only allow non-SMTP connect from "Rigsfællesskabet"/"Naalagaaffeqatigiit"/"Ríkisfelagsskapurin" = The Danish Realm.
' zz = N/A, dk = Denmark, gl = Greenland, fo = Faroe Islands
'
If (oClient.Port <> 25) Then
If (InStr("|dk|gl|fo|", GeoLookup(oClient.IPAddress)) = 0) Then
'
' Add unauthorized access to IDS registry
'
Call idsAddIP(oClient.IPAddress, oClient.Port)
Result.Value = 1
Exit Sub
End If
End Ifhow can i change this that only german connections are allowed?
Thank you very much!
Re: Hardening hMailServer - The ongoing saga!
Maybe If (InStr("de" etc. ???udgesbou wrote: ↑2022-04-04 14:44Hey,Code: Select all
'****************************************************************************************************************************** '********** hMailServer Triggers ********** '****************************************************************************************************************************** Sub OnClientConnect(oClient) ' ' Exclude local LAN from test ' If (Left(oClient.IPAddress, 10) = "192.168.0.") Then Exit Sub ' ' Only allow non-SMTP connect from "Rigsfællesskabet"/"Naalagaaffeqatigiit"/"Ríkisfelagsskapurin" = The Danish Realm. ' zz = N/A, dk = Denmark, gl = Greenland, fo = Faroe Islands ' If (oClient.Port <> 25) Then If (InStr("|dk|gl|fo|", GeoLookup(oClient.IPAddress)) = 0) Then ' ' Add unauthorized access to IDS registry ' Call idsAddIP(oClient.IPAddress, oClient.Port) Result.Value = 1 Exit Sub End If End If
how can i change this that only german connections are allowed?
Thank you very much!
Re: Hardening hMailServer - The ongoing saga!
Ok, i tried this
Here is my Eventhandlers.vbs:
Code: Select all
Option Explicit
'******************************************************************************************************************************
'********** Settings **********
'******************************************************************************************************************************
'
' COM authentication
'
Private Const ADMIN = "Administrator"
Private Const PASSWORD = "MY-hMailServer-Password"
'******************************************************************************************************************************
'********** hMailServer IDS Client Code (MySQL) **********
'******************************************************************************************************************************
Private Const idsTable = "hm_ids"
'
' DRIVER={MySQL ODBC 5.3 Unicode Driver};Server=localhost;Port=3306;Database=%idsdb%;Uid=%idsuid%;Pwd=%idspwd%;Option=3;
'
' Table: CREATE TABLE %idsTable% (
' timestamp DATETIME,
' ipaddress VARCHAR (192) PRIMARY KEY,
' port INTEGER,
' hits INTEGER);
'
Function idsAddIP(sIPAddress, iPort)
Dim strSQL, oDB : Set oDB = GetDatabaseObject
strSQL = "INSERT INTO " & idsTable & " (timestamp,ipaddress,port,hits) VALUES (NOW(),'" & sIPAddress & "'," & iPort & ",1) ON DUPLICATE KEY UPDATE hits=(hits+1),timestamp=NOW();"
Call oDB.ExecuteSQL(strSQL)
End Function
Function idsDelIP(sIPAddress)
Dim strSQL, oDB : Set oDB = GetDatabaseObject
strSQL = "DELETE FROM " & idsTable & " WHERE ipaddress = '" & sIPAddress & "';"
Call oDB.ExecuteSQL(strSQL)
End Function
'******************************************************************************************************************************
'********** Functions **********
'******************************************************************************************************************************
Function GetDatabaseObject()
Dim oApp : Set oApp = CreateObject("hMailServer.Application")
Call oApp.Authenticate(ADMIN, PASSWORD)
Set GetDatabaseObject = oApp.Database
End Function
Function GeoLookup(strIP) : GeoLookup = "zz"
Dim a, element, group, strLookup
a = Split(strIP, ".")
With CreateObject("DNSLibrary.DNSResolver")
strLookup = .TXT(a(3) & "." & a(2) & "." & a(1) & "." & a(0) & ".zz.countries.nerd.dk")
End With
If Trim(strLookup) = "" Then
EventLog.Write( "- GeoLookup(" & strIP & ") = " & GeoLookup )
Exit Function
End If
group = Split(strLookup, vbCrLf)
If UBound(group) > 0 Then
For Each element In group
If (Trim(element) <> "") Then EventLog.Write( "- GeoLookup(" & strIP & ") = " & element )
Next
Else
GeoLookup = group(0)
End If
End Function
'******************************************************************************************************************************
'********** hMailServer Triggers **********
'******************************************************************************************************************************
Sub OnClientConnect(oClient)
'
' Exclude local LAN from test
'
If (Left(oClient.IPAddress, 10) = "192.168.0.") Then Exit Sub
'
' Only allow non-SMTP connect from "Rigsfællesskabet"/"Naalagaaffeqatigiit"/"Ríkisfelagsskapurin" = The Danish Realm.
' zz = N/A, dk = Denmark, gl = Greenland, fo = Faroe Islands
'
If (oClient.Port <> 25) Then
If (InStr("de", GeoLookup(oClient.IPAddress)) = 0) Then
'
' Add unauthorized access to IDS registry
'
Call idsAddIP(oClient.IPAddress, oClient.Port)
Result.Value = 1
Exit Sub
End If
End If
'
' Only test SMTP traffic on defined ports 25, 587 and 465.
' Register IP address in IDS registry.
'
If (InStr("|25|587|465|", oClient.Port) > 0) Then Call idsAddIP(oClient.IPAddress, 0)
End Sub
'* Sub OnHELO(oClient)
'* End Sub
'*
'* ********** SPAM test: DNSBlackLists, HeloHost, MXRecords, SPF
'*
'* Sub OnSMTPData(oClient, oMessage)
'* End Sub
'*
'* ********** SPAM test: SURBL, DKIM, SpamAssassin
'*
Sub OnAcceptMessage(oClient, oMessage)
'
' Unregister IP address from IDS registry
'
Call idsDelIP(oClient.IPAddress)
End Sub
'*
'* ********** Saving EML to DATA
'*
'* Sub OnDeliveryStart(oMessage)
'* End Sub
'*
'* ********** Antivirus check, Global rules
'*
'* Sub OnDeliverMessage(oMessage)
'* End Sub
'*
'* ********** Local rules, Message delivered to recipient(s)
'*
'* Sub OnDeliveryFailed(oMessage, sRecipient, sErrorMessage)
'* End Sub
'* Sub OnExternalAccountDownload(oFetchAccount, oMessage, sRemoteUID)
'* End Sub
'* Sub OnBackupFailed(sReason)
'* End Sub
'* Sub OnBackupCompleted()
'* End Sub
'* Sub OnError(iSeverity, iCode, sSource, sDescription)
'* End Sub
'******************************************************************************************************************************
'********** END **********
'******************************************************************************************************************************And my Handler.vbs:
Code: Select all
Option Explicit
'******************************************************************************************************************************
'********** Settings **********
'******************************************************************************************************************************
'
' COM authentication
'
Private Const ADMIN = "Administrator"
Private Const PASSWORD = "MY-hMailServer-Password"
'
' MySQL
'
Private Const DBNAME = "hmailserverdb"
Private Const DBUID = "MYSQL-USERNAME"
Private Const DBPW = "MYSQL-PASSWORD"
Private Const idsTable = "hm_ids"
Private Const idsHits = 3
Private Const idsMinutes = 180
Dim idsDBDrv : idsDBDrv = "DRIVER={MySQL ODBC 5.3 Unicode Driver};Database="&DBNAME&";Uid="&DBUID&";Pwd="&DBPW&";Option=3;"
'
' DRIVER={MySQL ODBC 5.3 Unicode Driver};Server=localhost;Port=3306;Database=%idsdb%;Uid=%idsuid%;Pwd=%idspwd%;Option=3;
'
' Table: CREATE TABLE %idsTable% (
' timestamp DATETIME,
' ipaddress VARCHAR (192) PRIMARY KEY,
' port INTEGER,
' hits INTEGER);
'
'******************************************************************************************************************************
'********** Classes **********
'******************************************************************************************************************************
Class LogWriter
Private m_oApp, m_LogID, m_LogFile, m_LogType, m_LogDir
Private i, t, temp, strDay, strMonth, strTime, strLogFile, strLogDate
Private Sub Class_Initialize()
Set m_oApp = CreateObject("hMailServer.Application")
Call m_oApp.Authenticate(ADMIN, PASSWORD)
m_LogFile = "LogWriter"
m_LogType = "M"
m_LogDir = m_oApp.Settings.Directories.LogDirectory
m_LogID = CStr(m_oApp.Status.ProcessedMessages)
End Sub
Private Sub Class_Terminate()
'
' Termination code goes here.
'
End Sub
Public Property Let LogFile(strFile)
m_LogFile = Trim(strFile)
End Property
Public Property Let LogDir(strDir)
If (Right(strDir, 1) = "\") Then
m_LogDir = Trim(Left(strDir, Len(strDir) - 1))
Else
m_LogDir = Trim(strDir)
End If
End Property
Public Property Let LogType(strType)
m_LogType = Trim(strType)
End Property
Public Function Wait(sec)
With CreateObject("WScript.Shell")
.Run "timeout /T " & Int(sec), 0, True ' Windows 7/2003/2008 or later
' .Run "sleep -m " & Int(sec * 1000), 0, True ' Windows 2003 Resource Kit
' .Run "powershell Start-Sleep -Milliseconds " & Int(sec * 1000), 0, True
End With
End Function
Public Function OpenFile(strPath)
Const Append = 8
Const Unicode = -1
With CreateObject("Scripting.FileSystemObject")
Dim oFile
For i = 0 To 30
On Error Resume Next
Set oFile = .OpenTextFile(strPath, Append, True, Unicode)
If Not (Err.Number = 70) Then
Set OpenFile = oFile
On Error Goto 0
Exit For
End If
On Error Goto 0
Wait(1)
Next
End With
If (Err.Number = 70) Then
EventLog.Write( "ERROR: VBScript Class LogWriter" )
EventLog.Write( "File " & strPath & " is locked and timeout was exceeded." )
Err.Clear
ElseIf (Err.Number <> 0) Then
EventLog.Write( "ERROR: VBScript Class LogWriter : Function OpenFile" )
EventLog.Write( "Error : " & Err.Number )
EventLog.Write( "Error (hex) : 0x" & Hex(Err.Number) )
EventLog.Write( "Source : " & Err.Source )
EventLog.Write( "Description : " & Err.Description )
Err.Clear
End If
End Function
Public Function Write(strText)
t = Timer
temp = Int(t)
strMonth = DatePart("yyyy",Date) & "-" & Right("0" & DatePart("m",Date), 2)
strDay = strMonth & "-" & Right("0" & DatePart("d",Date), 2)
strTime = Right("0" & Hour(Now), 2) & ":" &_
Right("0" & Minute(Now), 2) & ":" &_
Right("0" & Second(Now), 2) & "." &_
Right("00" & (Int((t-temp) * 1000)), 3)
strLogDate = strDay & " " & strTime
If (m_LogType = "M") Then
strLogFile = m_LogDir & "\" & m_LogFile & "_" & strMonth & ".log"
Else
strLogFile = m_LogDir & "\" & m_LogFile & "_" & strDay & ".log"
End If
With OpenFile(strLogFile)
.WriteLine(m_LogID & vbTab & Chr(34) & strLogDate & Chr(34) & vbTab & Chr(34) & strText & Chr(34))
.Close
End With
Write = Err.Number
End Function
End Class
'******************************************************************************************************************************
'********** Functions **********
'******************************************************************************************************************************
Function AutoBan(sIPAddress, sReason, iDuration, sType) : AutoBan = False
'
' sType can be one of the following;
' "yyyy" Year, "m" Month, "d" Day, "h" Hour, "n" Minute, "s" Second
'
On Error Resume Next
If (oApp.Settings.SecurityRanges.ItemByName("(" & sReason & ") " & sIPAddress) Is Nothing) Then
With oApp.Settings.SecurityRanges.Add
.Name = "(" & sReason & ") " & sIPAddress
.LowerIP = sIPAddress
.UpperIP = sIPAddress
.Priority = 20
.Expires = True
.ExpiresTime = DateAdd(sType, iDuration, Now())
.Save
End With
AutoBan = True
End If
oApp.Settings.SecurityRanges.Refresh
On Error Goto 0
End Function
'******************************************************************************************************************************
'********** CODE **********
'******************************************************************************************************************************
Dim oApp : Set oApp = CreateObject("hMailServer.Application")
Call oApp.Authenticate(ADMIN, PASSWORD)
Dim EventLog : Set EventLog = CreateObject("hMailServer.EventLog")
Dim EventLogX : Set EventLogX = New LogWriter
'
' Name of the logfile.
' Default is monthly logs, for daily logs add: EventLogX.LogType = "D"
'
EventLogX.LogFile = "handler"
Dim strPort
Dim oRecord, oConn : Set oConn = CreateObject("ADODB.Connection")
oConn.Open idsDBDrv
If oConn.State <> 1 Then
EventLog.Write( "Handler - ERROR: Could not connect to database" )
WScript.Quit 1
End If
Set oRecord = oConn.Execute("SELECT * FROM " & idsTable & " WHERE hits > " & idsHits & " AND port = 0;")
If Err.Number <> 0 Then
EventLog.Write( "Handler - ERROR: Table " & idsTable & " does not exist!" )
WScript.Quit 1
End If
If Not oRecord.BOF And Not oRecord.EOF Then
While Not oRecord.EOF
EventLogX.Write( "Wohoo... IPAddress: " & oRecord("ipaddress") & " Port: " & oRecord("port") & " Hits: " & oRecord("hits") )
If (DateDiff("n", oRecord("timestamp"), Now()) < idsMinutes) Then
If AutoBan(oRecord("ipaddress"), "IDS", 7, "d") Then _
EventLogX.Write( "AutoBan(" & oRecord("ipaddress") & ", IDS, 7, d)" )
End If
oConn.Execute "DELETE FROM " & idsTable & " WHERE ipaddress = '" & oRecord("ipaddress") & "';"
oRecord.MoveNext
Wend
End If
Set oRecord = oConn.Execute("SELECT * FROM " & idsTable & " WHERE hits > " & idsHits & " AND port > 0;")
If Not oRecord.BOF And Not oRecord.EOF Then
While Not oRecord.EOF
EventLogX.Write( "Wohoo... IPAddress: " & oRecord("ipaddress") & " Port: " & oRecord("port") & " Hits: " & oRecord("hits") )
If (DateDiff("n", oRecord("timestamp"), Now()) < idsMinutes) Then
strPort = Trim(Mid("SMTP IMAP SMTPSSUBM IMAPS", InStr("25 143 465 587 993 ", oRecord("port")), 5))
If AutoBan(oRecord("ipaddress"), "GEOBLOCK - " & strPort, 7, "d") Then _
EventLogX.Write( "AutoBan(" & oRecord("ipaddress") & ", GEOBLOCK - " & strPort & ", 7, d)" )
End If
oConn.Execute "DELETE FROM " & idsTable & " WHERE ipaddress = '" & oRecord("ipaddress") & "';"
oRecord.MoveNext
Wend
End If
oConn.Execute "DELETE FROM " & idsTable & " WHERE DATE_ADD(timestamp, INTERVAL 1 DAY) < NOW();"
oConn.Close
'******************************************************************************************************************************
'********** END **********
'******************************************************************************************************************************
Can you help me, please?!
Re: Hardening hMailServer - The ongoing saga!
Do you have ODBC connector installed?
Re: Hardening hMailServer - The ongoing saga!
I don't think so
Is this what I have to do?
https://blog.devart.com/installing-odbc ... ndows.html
Thanks!
Re: Hardening hMailServer - The ongoing saga!
Yes. What db are you using?udgesbou wrote: ↑2022-04-04 23:54I don't think so
Is this what I have to do?
https://blog.devart.com/installing-odbc ... ndows.html
Thanks!
Re: Hardening hMailServer - The ongoing saga!
You can install mysqls odbc driver for free.udgesbou wrote: ↑2022-04-04 23:54I don't think so
Is this what I have to do?
https://blog.devart.com/installing-odbc ... ndows.html
Thanks!
https://dev.mysql.com/downloads/connector/odbc/
HMS 5.6.8 B2534.28 on Windows Server 2019 Core VM.
HMS 5.6.9 B2641.62 on Windows Server 2016 Core VM.
HMS 5.6.9 B2641.62 on Windows Server 2016 Core VM.
Re: Hardening hMailServer - The ongoing saga!
Hey tunis,tunis wrote: ↑2022-04-05 09:55You can install mysqls odbc driver for free.
https://dev.mysql.com/downloads/connector/odbc/
i installed this, but i get the same Error from Windows Script Host.
Do i have to do some settings in the installed ODBC-Connector?
Greetings
Re: Hardening hMailServer - The ongoing saga!
Open ODBC in Windows and the driver tab.udgesbou wrote: ↑2022-04-06 14:06Hey tunis,tunis wrote: ↑2022-04-05 09:55You can install mysqls odbc driver for free.
https://dev.mysql.com/downloads/connector/odbc/
i installed this, but i get the same Error from Windows Script Host.
Do i have to do some settings in the installed ODBC-Connector?
Greetings
In that list you should have the name of the driver. ex "MySQL ODBC 8.0 Driver"
That is what you use in the script
Code: Select all
Dim idsDBDrv : idsDBDrv = "DRIVER={MySQL ODBC 8.0 Driver};Database="&DBNAME&";Uid="&DBUID&";Pwd="&DBPW&";Option=3;"HMS 5.6.8 B2534.28 on Windows Server 2019 Core VM.
HMS 5.6.9 B2641.62 on Windows Server 2016 Core VM.
HMS 5.6.9 B2641.62 on Windows Server 2016 Core VM.
Re: Hardening hMailServer - The ongoing saga!
This is what my Driver Tab look like:tunis wrote: ↑2022-04-06 15:41Open ODBC in Windows and the driver tab.
In that list you should have the name of the driver. ex "MySQL ODBC 8.0 Driver"
That is what you use in the scriptCode: Select all
Dim idsDBDrv : idsDBDrv = "DRIVER={MySQL ODBC 8.0 Driver};Database="&DBNAME&";Uid="&DBUID&";Pwd="&DBPW&";Option=3;"
Re: Hardening hMailServer - The ongoing saga!
You need to set up the database. Under tab "System DSN" click add and follow the instructions to add hmailserver database.udgesbou wrote: ↑2022-04-06 21:22This is what my Driver Tab look like:tunis wrote: ↑2022-04-06 15:41Open ODBC in Windows and the driver tab.
In that list you should have the name of the driver. ex "MySQL ODBC 8.0 Driver"
That is what you use in the scriptCode: Select all
Dim idsDBDrv : idsDBDrv = "DRIVER={MySQL ODBC 8.0 Driver};Database="&DBNAME&";Uid="&DBUID&";Pwd="&DBPW&";Option=3;"
Also - I'm not sure about this - you may need 32 bit instead of 64 bit. It depends on the connector and I'm not an expert. I use the MariaDB and the odbc connector is 32/64 combined.
Re: Hardening hMailServer - The ongoing saga!
Yeah, i do this in 32 bit too, but same Errorpalinka wrote: ↑2022-04-06 21:51You need to set up the database. Under tab "System DSN" click add and follow the instructions to add hmailserver database.
Also - I'm not sure about this - you may need 32 bit instead of 64 bit. It depends on the connector and I'm not an expert. I use the MariaDB and the odbc connector is 32/64 combined.
Connectiontest in Connectionsetup was successful
Greetings
Re: Hardening hMailServer - The ongoing saga!
What is the error?udgesbou wrote: ↑2022-04-06 22:28Yeah, i do this in 32 bit too, but same Errorpalinka wrote: ↑2022-04-06 21:51You need to set up the database. Under tab "System DSN" click add and follow the instructions to add hmailserver database.
Also - I'm not sure about this - you may need 32 bit instead of 64 bit. It depends on the connector and I'm not an expert. I use the MariaDB and the odbc connector is 32/64 combined.
Connectiontest in Connectionsetup was successful
Greetings
Look for error log in your log folder and post the errors for today.
Re: Hardening hMailServer - The ongoing saga!
I looked at your script above. move line 21 ("Dim idsDBDrv : idsDBDrv = ...") to line 175, meaning right before this line: "oConn.Open idsDBDrv".
For what its worth, I prefer to do all this in event handlers, I don't even expire them. I just let them sit and reject connections after 3 tries. They sit there forever. However, I exclude localhost and LAN connections.
Re: Hardening hMailServer - The ongoing saga!
Now my Handler.vbs looks like this:palinka wrote: ↑2022-04-07 00:08
I looked at your script above. move line 21 ("Dim idsDBDrv : idsDBDrv = ...") to line 175, meaning right before this line: "oConn.Open idsDBDrv".
For what its worth, I prefer to do all this in event handlers, I don't even expire them. I just let them sit and reject connections after 3 tries. They sit there forever. However, I exclude localhost and LAN connections.
Code: Select all
Option Explicit
'******************************************************************************************************************************
'********** Settings **********
'******************************************************************************************************************************
'
' COM authentication
'
Private Const ADMIN = "Administrator"
Private Const PASSWORD = "MyhMailServer-Password"
'
' MySQL
'
Private Const DBNAME = "hmailserverdb"
Private Const DBUID = "root"
Private Const DBPW = "MyMySQL-Password"
Private Const idsTable = "hm_ids"
Private Const idsHits = 3
Private Const idsMinutes = 180
'
' DRIVER={MySQL ODBC 5.3 Unicode Driver};Server=localhost;Port=3306;Database=%idsdb%;Uid=%idsuid%;Pwd=%idspwd%;Option=3;
'
' Table: CREATE TABLE %idsTable% (
' timestamp DATETIME,
' ipaddress VARCHAR (192) PRIMARY KEY,
' port INTEGER,
' hits INTEGER);
'
'******************************************************************************************************************************
'********** Classes **********
'******************************************************************************************************************************
Class LogWriter
Private m_oApp, m_LogID, m_LogFile, m_LogType, m_LogDir
Private i, t, temp, strDay, strMonth, strTime, strLogFile, strLogDate
Private Sub Class_Initialize()
Set m_oApp = CreateObject("hMailServer.Application")
Call m_oApp.Authenticate(ADMIN, PASSWORD)
m_LogFile = "LogWriter"
m_LogType = "M"
m_LogDir = m_oApp.Settings.Directories.LogDirectory
m_LogID = CStr(m_oApp.Status.ProcessedMessages)
End Sub
Private Sub Class_Terminate()
'
' Termination code goes here.
'
End Sub
Public Property Let LogFile(strFile)
m_LogFile = Trim(strFile)
End Property
Public Property Let LogDir(strDir)
If (Right(strDir, 1) = "\") Then
m_LogDir = Trim(Left(strDir, Len(strDir) - 1))
Else
m_LogDir = Trim(strDir)
End If
End Property
Public Property Let LogType(strType)
m_LogType = Trim(strType)
End Property
Public Function Wait(sec)
With CreateObject("WScript.Shell")
.Run "timeout /T " & Int(sec), 0, True ' Windows 7/2003/2008 or later
' .Run "sleep -m " & Int(sec * 1000), 0, True ' Windows 2003 Resource Kit
' .Run "powershell Start-Sleep -Milliseconds " & Int(sec * 1000), 0, True
End With
End Function
Public Function OpenFile(strPath)
Const Append = 8
Const Unicode = -1
With CreateObject("Scripting.FileSystemObject")
Dim oFile
For i = 0 To 30
On Error Resume Next
Set oFile = .OpenTextFile(strPath, Append, True, Unicode)
If Not (Err.Number = 70) Then
Set OpenFile = oFile
On Error Goto 0
Exit For
End If
On Error Goto 0
Wait(1)
Next
End With
If (Err.Number = 70) Then
EventLog.Write( "ERROR: VBScript Class LogWriter" )
EventLog.Write( "File " & strPath & " is locked and timeout was exceeded." )
Err.Clear
ElseIf (Err.Number <> 0) Then
EventLog.Write( "ERROR: VBScript Class LogWriter : Function OpenFile" )
EventLog.Write( "Error : " & Err.Number )
EventLog.Write( "Error (hex) : 0x" & Hex(Err.Number) )
EventLog.Write( "Source : " & Err.Source )
EventLog.Write( "Description : " & Err.Description )
Err.Clear
End If
End Function
Public Function Write(strText)
t = Timer
temp = Int(t)
strMonth = DatePart("yyyy",Date) & "-" & Right("0" & DatePart("m",Date), 2)
strDay = strMonth & "-" & Right("0" & DatePart("d",Date), 2)
strTime = Right("0" & Hour(Now), 2) & ":" &_
Right("0" & Minute(Now), 2) & ":" &_
Right("0" & Second(Now), 2) & "." &_
Right("00" & (Int((t-temp) * 1000)), 3)
strLogDate = strDay & " " & strTime
If (m_LogType = "M") Then
strLogFile = m_LogDir & "\" & m_LogFile & "_" & strMonth & ".log"
Else
strLogFile = m_LogDir & "\" & m_LogFile & "_" & strDay & ".log"
End If
With OpenFile(strLogFile)
.WriteLine(m_LogID & vbTab & Chr(34) & strLogDate & Chr(34) & vbTab & Chr(34) & strText & Chr(34))
.Close
End With
Write = Err.Number
End Function
End Class
'******************************************************************************************************************************
'********** Functions **********
'******************************************************************************************************************************
Function AutoBan(sIPAddress, sReason, iDuration, sType) : AutoBan = False
'
' sType can be one of the following;
' "yyyy" Year, "m" Month, "d" Day, "h" Hour, "n" Minute, "s" Second
'
On Error Resume Next
If (oApp.Settings.SecurityRanges.ItemByName("(" & sReason & ") " & sIPAddress) Is Nothing) Then
With oApp.Settings.SecurityRanges.Add
.Name = "(" & sReason & ") " & sIPAddress
.LowerIP = sIPAddress
.UpperIP = sIPAddress
.Priority = 20
.Expires = True
.ExpiresTime = DateAdd(sType, iDuration, Now())
.Save
End With
AutoBan = True
End If
oApp.Settings.SecurityRanges.Refresh
On Error Goto 0
End Function
'******************************************************************************************************************************
'********** CODE **********
'******************************************************************************************************************************
Dim oApp : Set oApp = CreateObject("hMailServer.Application")
Call oApp.Authenticate(ADMIN, PASSWORD)
Dim EventLog : Set EventLog = CreateObject("hMailServer.EventLog")
Dim EventLogX : Set EventLogX = New LogWriter
'
' Name of the logfile.
' Default is monthly logs, for daily logs add: EventLogX.LogType = "D"
'
EventLogX.LogFile = "handler"
Dim strPort
Dim oRecord, oConn : Set oConn = CreateObject("ADODB.Connection")
Dim idsDBDrv : idsDBDrv = "DRIVER={MySQL ODBC 5.3 Unicode Driver};Database="&DBNAME&";Uid="&DBUID&";Pwd="&DBPW&";Option=3;"
oConn.Open idsDBDrv
If oConn.State <> 1 Then
EventLog.Write( "Handler - ERROR: Could not connect to database" )
WScript.Quit 1
End If
Set oRecord = oConn.Execute("SELECT * FROM " & idsTable & " WHERE hits > " & idsHits & " AND port = 0;")
If Err.Number <> 0 Then
EventLog.Write( "Handler - ERROR: Table " & idsTable & " does not exist!" )
WScript.Quit 1
End If
If Not oRecord.BOF And Not oRecord.EOF Then
While Not oRecord.EOF
EventLogX.Write( "Wohoo... IPAddress: " & oRecord("ipaddress") & " Port: " & oRecord("port") & " Hits: " & oRecord("hits") )
If (DateDiff("n", oRecord("timestamp"), Now()) < idsMinutes) Then
If AutoBan(oRecord("ipaddress"), "IDS", 7, "d") Then _
EventLogX.Write( "AutoBan(" & oRecord("ipaddress") & ", IDS, 7, d)" )
End If
oConn.Execute "DELETE FROM " & idsTable & " WHERE ipaddress = '" & oRecord("ipaddress") & "';"
oRecord.MoveNext
Wend
End If
Set oRecord = oConn.Execute("SELECT * FROM " & idsTable & " WHERE hits > " & idsHits & " AND port > 0;")
If Not oRecord.BOF And Not oRecord.EOF Then
While Not oRecord.EOF
EventLogX.Write( "Wohoo... IPAddress: " & oRecord("ipaddress") & " Port: " & oRecord("port") & " Hits: " & oRecord("hits") )
If (DateDiff("n", oRecord("timestamp"), Now()) < idsMinutes) Then
strPort = Trim(Mid("SMTP IMAP SMTPSSUBM IMAPS", InStr("25 143 465 587 993 ", oRecord("port")), 5))
If AutoBan(oRecord("ipaddress"), "GEOBLOCK - " & strPort, 7, "d") Then _
EventLogX.Write( "AutoBan(" & oRecord("ipaddress") & ", GEOBLOCK - " & strPort & ", 7, d)" )
End If
oConn.Execute "DELETE FROM " & idsTable & " WHERE ipaddress = '" & oRecord("ipaddress") & "';"
oRecord.MoveNext
Wend
End If
oConn.Execute "DELETE FROM " & idsTable & " WHERE DATE_ADD(timestamp, INTERVAL 1 DAY) < NOW();"
oConn.Close
'******************************************************************************************************************************
'********** END **********
'******************************************************************************************************************************My ODBC-Connector looks like this:
Re: Hardening hMailServer - The ongoing saga!
Code: Select all
DRIVER={MySQL ODBC 5.3 Unicode Driver};Server=localhost;Port=3306;Database=%idsdb%;Uid=%idsuid%;Pwd=%idspwd%;Option=3;- Attachments
-
SørenR.
To understand recursion, you must first understand recursion.
To understand recursion, you must first understand recursion.
Re: Hardening hMailServer - The ongoing saga!
Now i installed the same driver like SorenR, but still the sam ErrorSorenR wrote: ↑2022-04-08 14:47Code: Select all
DRIVER={MySQL ODBC 5.3 Unicode Driver};Server=localhost;Port=3306;Database=%idsdb%;Uid=%idsuid%;Pwd=%idspwd%;Option=3;
Re: Hardening hMailServer - The ongoing saga!
I double-click the "Handler.vbs" to test it, then the Error will pop-u, i hope this is what you mean?palinka wrote: ↑2022-04-08 15:55How are you calling the script?
https://stackoverflow.com/questions/202 ... ault-drive
I'm complete new in hMailServer-Scripts, sorry
Re: Hardening hMailServer - The ongoing saga!
Open cmd window. Typeudgesbou wrote: ↑2022-04-08 16:04I double-click the "Handler.vbs" to test it, then the Error will pop-u, i hope this is what you mean?palinka wrote: ↑2022-04-08 15:55How are you calling the script?
https://stackoverflow.com/questions/202 ... ault-drive
I'm complete new in hMailServer-Scripts, sorry
Code: Select all
cscript "C:\path\to\script.vbs"Re: Hardening hMailServer - The ongoing saga!
palinka wrote: ↑2022-04-08 16:17Open cmd window. TypeCode: Select all
cscript "C:\path\to\script.vbs"
Re: Hardening hMailServer - The ongoing saga!
Come on, man! A little self help wouldn't hurt.
Der Befehl "cscript" ist entweder falsch geschrieben oder konnte nicht gefunden werden.
The "cscript" command is either misspelled or could not be found.
First of all, next time, don't make me or anyone else translate your error messages. You should be providing them in English as this is an English language forum.
Secondly, the error message is self explanatory.
Lastly, you didn't bother to read the link I provided above.
Edit - Extra lastly - don't post screenshots of text from a command window that can be easily copied. Copy the contents and past into code blocks!
Der Befehl "cscript" ist entweder falsch geschrieben oder konnte nicht gefunden werden.
The "cscript" command is either misspelled or could not be found.
First of all, next time, don't make me or anyone else translate your error messages. You should be providing them in English as this is an English language forum.
Secondly, the error message is self explanatory.
Lastly, you didn't bother to read the link I provided above.
Edit - Extra lastly - don't post screenshots of text from a command window that can be easily copied. Copy the contents and past into code blocks!
Re: Hardening hMailServer - The ongoing saga!
Sorry, i read it again.
I type this, and got following Error:
Code: Select all
C:\Users\Administrator>C:\Windows\SysWOW64\cscript.exe "C:\Program Files (x86)\hMailServer\Events\Handler.vbs"
Microsoft (R) Windows Script Host, Version 5.812
Copyright (C) Microsoft Corporation. Alle Rechte vorbehalten.
C:\Program Files (x86)\hMailServer\Events\Handler.vbs(181, 1) Microsoft OLE DB Provider for ODBC Drivers: [MySQL][ODBC 5.3(w) Driver][mysqld-8.0.18]Unknown column 'port' in 'where clause'And sorry palinka, i dont want to increase you
Re: Hardening hMailServer - The ongoing saga!
OK now we're getting somewhere.udgesbou wrote: ↑2022-04-08 21:38Sorry, i read it again.
I type this, and got following Error:
Code: Select all
C:\Users\Administrator>C:\Windows\SysWOW64\cscript.exe "C:\Program Files (x86)\hMailServer\Events\Handler.vbs" Microsoft (R) Windows Script Host, Version 5.812 Copyright (C) Microsoft Corporation. Alle Rechte vorbehalten. C:\Program Files (x86)\hMailServer\Events\Handler.vbs(181, 1) Microsoft OLE DB Provider for ODBC Drivers: [MySQL][ODBC 5.3(w) Driver][mysqld-8.0.18]Unknown column 'port' in 'where clause'
And sorry palinka, i dont want to increase you
Now your ODBC connection is finally working. We know that because you have an sql error.
C:\Program Files (x86)\hMailServer\Events\Handler.vbs(181, 1) Mic....
Line 181 from your script above is:
Code: Select all
Set oRecord = oConn.Execute("SELECT * FROM " & idsTable & " WHERE hits > " & idsHits & " AND port = 0;")Code: Select all
CREATE TABLE hm_ids (
timestamp DATETIME,
ipaddress VARCHAR (192) PRIMARY KEY,
port INTEGER,
hits INTEGER
);
Re: Hardening hMailServer - The ongoing saga!
No, i didn't create a table called hm_ids manually. Do i have to create this manually in the hMailServer-DB?palinka wrote: ↑2022-04-08 21:58It says 'port' is an unknown column, but I'll go out on a limb and guess that you haven't created a table structure yet.
Code: Select all
CREATE TABLE hm_ids ( timestamp DATETIME, ipaddress VARCHAR (192) PRIMARY KEY, port INTEGER, hits INTEGER );
Re: Hardening hMailServer - The ongoing saga!
Yes.udgesbou wrote: ↑2022-04-08 22:03No, i didn't create a table called hm_ids manually. Do i have to create this manually in the hMailServer-DB?palinka wrote: ↑2022-04-08 21:58It says 'port' is an unknown column, but I'll go out on a limb and guess that you haven't created a table structure yet.
Code: Select all
CREATE TABLE hm_ids ( timestamp DATETIME, ipaddress VARCHAR (192) PRIMARY KEY, port INTEGER, hits INTEGER );
Re: Hardening hMailServer - The ongoing saga!
I think now we can go forward
I create the table manually:
And then i tried to run the Handler.vbs with this command ...
... and no Error comes up 
Now for the next steps, i think i have to create a .bat-File with this content?
And but this into the Windows Scheduler every 1 Minute?
Then i have to enable Scripts in hMailServer, and then it should run right, or did i forget something?
I create the table manually:
Code: Select all
mysql> CREATE TABLE hm_ids (timestamp DATETIME, ipaddress VARCHAR (192) PRIMARY KEY, port INTEGER, hits INTEGER);
Query OK, 0 rows affected (0.19 sec)Code: Select all
C:\Users\Administrator>C:\Windows\SysWoW64\cscript.exe "C:\Program Files (x86)\hMailServer\Events\Handler.vbs"
Microsoft (R) Windows Script Host, Version 5.812
Copyright (C) Microsoft Corporation. Alle Rechte vorbehalten.Now for the next steps, i think i have to create a .bat-File with this content?
Code: Select all
C:\Windows\SysWoW64\cscript.exe "C:\Program Files (x86)\hMailServer\Events\Handler.vbs"Then i have to enable Scripts in hMailServer, and then it should run right, or did i forget something?
Re: Hardening hMailServer - The ongoing saga!
Sounds good. Set up the scripts in eventhandler.vbs and see if you get any errors.udgesbou wrote: ↑2022-04-09 12:20I think now we can go forward
I create the table manually:And then i tried to run the Handler.vbs with this command ...Code: Select all
mysql> CREATE TABLE hm_ids (timestamp DATETIME, ipaddress VARCHAR (192) PRIMARY KEY, port INTEGER, hits INTEGER); Query OK, 0 rows affected (0.19 sec)... and no Error comes upCode: Select all
C:\Users\Administrator>C:\Windows\SysWoW64\cscript.exe "C:\Program Files (x86)\hMailServer\Events\Handler.vbs" Microsoft (R) Windows Script Host, Version 5.812 Copyright (C) Microsoft Corporation. Alle Rechte vorbehalten.
Now for the next steps, i think i have to create a .bat-File with this content?
And but this into the Windows Scheduler every 1 Minute?Code: Select all
C:\Windows\SysWoW64\cscript.exe "C:\Program Files (x86)\hMailServer\Events\Handler.vbs"
Then i have to enable Scripts in hMailServer, and then it should run right, or did i forget something?
Re: Hardening hMailServer - The ongoing saga!
Check for error logs and look at the database for new records. You just have to wait for someone to connect and fail to send a message.
Re: Hardening hMailServer - The ongoing saga!
Hey hey,
after a few days, my table hm_ids looks like this:
In hMailServer it looks like this:
And the handler.log is looking like this:
I think everything is working write, or am i wrong? 
Greetings
after a few days, my table hm_ids looks like this:
In hMailServer it looks like this:
And the handler.log is looking like this:
Code: Select all
347 "2022-04-12 20:50:28.734" "AutoBan(185.239.242.59, IDS, 7, d)"
351 "2022-04-12 21:18:28.937" "Wohoo... IPAddress: 167.248.133.46 Port: 143 Hits: 5"
351 "2022-04-12 21:18:28.984" "AutoBan(167.248.133.46, GEOBLOCK - IMAP, 7, d)"
351 "2022-04-13 00:44:28.812" "Wohoo... IPAddress: 167.94.146.58 Port: 143 Hits: 5"
351 "2022-04-13 00:44:28.882" "AutoBan(167.94.146.58, GEOBLOCK - IMAP, 7, d)"
351 "2022-04-13 01:29:29.161" "Wohoo... IPAddress: 162.142.125.10 Port: 993 Hits: 5"
351 "2022-04-13 01:29:29.223" "AutoBan(162.142.125.10, GEOBLOCK - IMAPS, 7, d)"
351 "2022-04-13 02:24:28.617" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:25:28.625" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:26:28.622" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:27:28.635" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:28:28.648" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:29:28.657" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:30:28.669" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:31:28.703" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:32:28.683" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:33:28.693" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:34:28.730" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:35:28.708" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:36:28.725" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:37:28.736" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:38:28.746" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:39:28.779" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:40:28.761" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:41:28.772" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:42:28.759" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:43:28.799" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:44:28.801" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:45:28.832" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:46:28.806" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:47:28.802" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:48:28.818" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:49:28.839" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351 "2022-04-13 02:50:28.834" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 4"
351 "2022-04-13 02:51:28.850" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 4"
351 "2022-04-13 02:52:28.847" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 4"
351 "2022-04-13 02:53:28.872" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 4"
351 "2022-04-13 02:54:28.867" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 4"
351 "2022-04-13 02:55:28.867" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 02:56:28.875" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 02:57:28.899" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 02:58:28.911" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 02:59:28.893" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:00:28.947" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:01:28.925" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:02:28.899" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:03:28.931" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:04:28.939" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:05:28.952" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:06:28.977" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:07:28.969" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:08:28.958" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:09:29.000" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:10:29.010" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:11:29.018" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:12:29.003" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:13:29.038" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:14:29.028" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:15:29.056" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:16:29.060" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:17:29.061" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:18:29.086" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:19:29.085" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:20:29.081" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:21:29.094" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:22:29.111" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:23:29.106" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:24:29.116" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:25:29.103" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:26:29.156" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:27:29.144" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:28:29.171" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:29:29.173" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:30:29.159" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:31:29.160" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:32:29.149" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:33:29.181" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:34:29.202" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:35:29.183" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:36:29.217" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:37:29.220" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:38:28.217" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:39:28.257" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:40:28.261" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:41:28.253" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:42:28.255" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:43:28.264" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:44:28.267" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:45:28.277" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:46:28.276" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:47:28.288" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:48:28.274" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:49:28.296" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:50:28.319" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:51:28.334" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:52:28.355" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:53:28.328" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:54:28.330" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:55:28.360" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:56:28.368" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:57:28.374" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:58:28.401" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 03:59:28.405" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:00:28.435" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:01:28.409" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:02:28.405" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:03:28.415" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:04:28.416" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:05:28.424" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:06:28.419" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:07:28.419" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:08:28.429" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:09:28.447" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:10:28.429" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:11:28.465" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:12:28.481" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:13:28.474" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:14:28.474" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:15:28.487" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:16:28.478" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:17:28.475" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:18:28.512" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:19:28.526" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:20:28.529" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:21:28.533" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:22:28.535" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:23:28.563" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:24:28.565" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:25:28.567" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:26:28.567" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:27:28.579" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:28:28.608" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:29:28.594" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:30:28.600" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:31:28.587" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:32:28.603" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:33:28.607" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:34:28.630" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:35:28.636" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:36:28.644" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:37:28.662" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:38:28.654" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:39:28.660" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:40:28.677" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:41:28.685" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:42:28.683" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:43:28.693" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:44:28.691" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:45:28.701" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:46:28.722" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:47:28.714" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:48:28.718" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:49:28.730" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:50:28.751" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:51:28.755" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:52:28.773" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:53:28.777" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:54:28.781" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:55:28.816" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:56:28.943" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:57:28.841" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:58:28.832" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 04:59:28.835" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:00:28.855" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:01:28.875" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:02:28.853" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:03:28.876" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:04:28.878" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:05:28.882" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:06:28.873" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:07:28.896" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:08:28.892" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:09:28.898" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:10:28.890" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:11:28.923" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:12:28.921" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:13:28.923" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:14:28.914" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:15:28.933" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:16:28.931" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:17:28.945" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:18:28.970" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:19:28.957" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:20:28.972" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:21:28.984" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:22:28.982" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:23:28.994" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:24:29.005" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:25:29.017" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:26:29.033" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:27:29.031" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:28:29.033" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:29:29.039" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:30:29.058" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:31:29.082" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:32:29.083" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:33:29.080" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:34:29.083" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:35:29.097" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:36:29.093" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:37:29.091" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:38:29.121" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:39:29.125" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:40:29.140" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:41:29.142" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:42:29.146" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:43:29.156" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:44:29.164" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:45:29.201" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:46:29.203" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:47:29.216" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:48:29.210" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:49:29.222" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:50:28.228" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:51:28.236" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:52:28.253" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:53:28.240" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:54:28.265" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:55:28.273" "Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351 "2022-04-13 05:55:28.357" "Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
Greetings
Re: Hardening hMailServer - The ongoing saga!
Hey, me again
i think the script runs good and many ip's got banned
Now for a second instance i used MSSQL for Database Server and MSSQL is running on another server as hmailserver, how do i to change the settings in Eventhandler.vbs and Handler.vbs from MySQL to MSSQL?
And for ODBC-Connector i think i have to use the "SQL-Server"-Driver, right?
Thanks in advance!
i think the script runs good and many ip's got banned
Now for a second instance i used MSSQL for Database Server and MSSQL is running on another server as hmailserver, how do i to change the settings in Eventhandler.vbs and Handler.vbs from MySQL to MSSQL?
And for ODBC-Connector i think i have to use the "SQL-Server"-Driver, right?
Thanks in advance!
Re: Hardening hMailServer - The ongoing saga!
Looks good. Someone else will have to help with mssql. All I know about mssql is that its different from mysql. I'm only good with mysql.
The odbc setup should be the same process. Just keep in mind the query syntax is different. If you're good with mssql query syntax then you should be able to get it going.
I'm only good with mysql. The odbc setup should be the same process. Just keep in mind the query syntax is different. If you're good with mssql query syntax then you should be able to get it going.
Re: Hardening hMailServer - The ongoing saga!
Okay palinka, thank you anyway
Please can someone tell me how I can do this with a MSSQL-Database-Server
I would be very grateful
Thanks in advance <3
Please can someone tell me how I can do this with a MSSQL-Database-Server
I would be very grateful
Thanks in advance <3