Hardening hMailServer - The ongoing saga!

This section contains user-submitted tutorials.
CraigT
New user
New user
Posts: 16
Joined: 2010-08-12 10:06
Location: Adelaide, Australia

Re: Hardening hMailServer - The ongoing saga!

Post by CraigT » 2020-05-02 08:37

SorenR(or other guru) are there any rules around the ODBC driver that has to be installed for either the 64/32-bit driver in Part 3 or doesn't it matter. If everything is 64-bit obviously use the 64-bit driver, but if hMail is 32-bit using 32-bit mysql.dll and MySQL is V8.x(64-bit) should I stick with the 32-bit driver or we don't care.

User avatar
SorenR
Senior user
Senior user
Posts: 5303
Joined: 2006-08-21 15:38
Location: Denmark

Re: Hardening hMailServer - The ongoing saga!

Post by SorenR » 2020-05-02 12:33

CraigT wrote:
2020-05-02 08:37
SorenR(or other guru) are there any rules around the ODBC driver that has to be installed for either the 64/32-bit driver in Part 3 or doesn't it matter. If everything is 64-bit obviously use the 64-bit driver, but if hMail is 32-bit using 32-bit mysql.dll and MySQL is V8.x(64-bit) should I stick with the 32-bit driver or we don't care.
I'm still running 32-bit on my old server but as far as I can read, your driver need to follow your database, however there are other issues with the latest versions of MySQL. Perhaps MariaDB is worth looking into :wink:
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2020-05-03 17:58

SorenR wrote:
2020-05-02 12:33
Perhaps MariaDB is worth looking into :wink:
+1

32bit ODBC required for 32bit hmailserver. Its a pain in the rear to sort out. MariaDB has (I think) only one connector (32/64).

CraigT
New user
New user
Posts: 16
Joined: 2010-08-12 10:06
Location: Adelaide, Australia

Re: Hardening hMailServer - The ongoing saga!

Post by CraigT » 2020-05-04 08:09

Got it. Thanks guys. Waiting on the 64-bit hMailserver for a production server to do the update so everything is 64-bit, but Soren's scripts are too good to pass up, as the server seems to have an attraction to "sheskyhigh" and "blueskyhotel" plus a few others just connecting and dropping out. Plus it will make the log file much shorter. :D

User avatar
RvdH
Senior user
Senior user
Posts: 2026
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Hardening hMailServer - The ongoing saga!

Post by RvdH » 2020-05-10 15:38

Just an idea, might prevent genuine user to be listed in IDS which experience unexpected timeouts or the alike

Code: Select all

Sub OnClientLogon(oClient)
	If oClient.Authenticated then
		REM Unregister IP address from IDS registry
		Call idsDelIP(oClient.IPAddress)
	End if
End Sub
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 5303
Joined: 2006-08-21 15:38
Location: Denmark

Re: Hardening hMailServer - The ongoing saga!

Post by SorenR » 2020-05-10 17:33

RvdH wrote:
2020-05-10 15:38
Just an idea, might prevent genuine user to be listed in IDS which experience unexpected timeouts or the alike

Code: Select all

Sub OnClientLogon(oClient)
	If oClient.Authenticated then
		REM Unregister IP address from IDS registry
		Call idsDelIP(oClient.IPAddress)
	End if
End Sub
Have you checked how many times IMAP authenticate during a session ?

The idea is to check SMTP traffic only and the IP is registered in OnClientConnect and unregistered in OnAcceptMessage. I have not had one false positive since I introduced it in my script over 1 years ago.
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

User avatar
RvdH
Senior user
Senior user
Posts: 2026
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Hardening hMailServer - The ongoing saga!

Post by RvdH » 2020-05-10 17:37

SorenR wrote:
2020-05-10 17:33
RvdH wrote:
2020-05-10 15:38
Just an idea, might prevent genuine user to be listed in IDS which experience unexpected timeouts or the alike

Code: Select all

Sub OnClientLogon(oClient)
	If oClient.Authenticated then
		REM Unregister IP address from IDS registry
		Call idsDelIP(oClient.IPAddress)
	End if
End Sub
Have you checked how many times IMAP authenticate during a session ?

The idea is to check SMTP traffic only and the IP is registered in OnClientConnect and unregistered in OnAcceptMessage. I have not had one false positive since I introduced it in my script over 1 years ago.
Quite often, but that check will take maybe 000.1 second, especially when it doesn't exist....but you also could specify ports or just ignore the suggestion
I know i will utilize it ;)
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2021-04-05 19:40

Heyho,
i'm running a hMailServer on a Window-Server and i want to use this scripts:

#2 How to only allow client access from specific GEO locations. --> viewtopic.php?p=209543#p209543

#3 How to stop the annoying half-connections from BOT's and misconfigured spammers. --> viewtopic.php?p=209545#p209545

I found the "Scripts"-Button in "Advanced"-Settings, but i'm new in hMailServer and i don't know how to implement the scripts to my Server :(
I hope you can help me or show me a tutorial for that.

Thanks in advance.

Greetings
Colin

User avatar
mattg
Moderator
Moderator
Posts: 21858
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Hardening hMailServer - The ongoing saga!

Post by mattg » 2021-04-06 01:31

Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2021-04-06 21:11

Thanks for your reply!

So if i want to implement this Script "#2 How to only allow client access from specific GEO locations." my "EventHandlers.vbs" should look like this?

Code: Select all

Option Explicit

'******************************************************************************************************************************
'********** Settings                                                                                                 **********
'******************************************************************************************************************************

'
'   COM authentication
'
Private Const ADMIN = "Administrator"
Private Const PASSWORD = "########"

'******************************************************************************************************************************
'********** Functions                                                                                                **********
'******************************************************************************************************************************


Function GeoLookup(strIP) : GeoLookup = "zz"
   Dim a, element, group, strLookup
   a = Split(strIP, ".")
   With CreateObject("DNSLibrary.DNSResolver")
      strLookup = .TXT(a(3) & "." & a(2) & "." & a(1) & "." & a(0) & ".zz.countries.nerd.dk")
   End With
   If Trim(strLookup) = "" Then
      EventLog.Write( "- GeoLookup(" & strIP & ") = " & GeoLookup )
      Exit Function
   End If
   group = Split(strLookup, vbCrLf)
   If UBound(group) > 0 Then
      For Each element In group
         If (Trim(element) <> "") Then EventLog.Write( "- GeoLookup(" & strIP & ") = " & element )
      Next
   Else
      GeoLookup = group(0)
   End If
End Function

'******************************************************************************************************************************
'********** hMailServer Triggers                                                                                     **********
'******************************************************************************************************************************
Sub OnClientConnect(oClient)
 '
   '   Exclude local LAN from test
   '
   If (Left(oClient.IPAddress, 10) = "192.168.0.") Then Exit Sub
   '
   '   Only allow non-SMTP connect from "Rigsfællesskabet"/"Naalagaaffeqatigiit"/"Ríkisfelagsskapurin" = The Danish Realm.
   '   zz = N/A, dk = Denmark, gl = Greenland, fo = Faroe Islands
   '
   If (oClient.Port <> 25) Then
      If (InStr("|dk|gl|fo|", GeoLookup(oClient.IPAddress)) = 0) Then
         Result.Value = 1
         Exit Sub
      End If
   End If
End Sub

'   Sub OnSMTPData(oClient, oMessage)
'   End Sub

'   Sub OnAcceptMessage(oClient, oMessage)
'   End Sub

'   Sub OnDeliveryStart(oMessage)
'   End Sub

'   Sub OnDeliverMessage(oMessage)
'   End Sub

'   Sub OnBackupFailed(sReason)
'   End Sub

'   Sub OnBackupCompleted()
'   End Sub

'   Sub OnError(iSeverity, iCode, sSource, sDescription)
'   End Sub

'   Sub OnDeliveryFailed(oMessage, sRecipient, sErrorMessage)
'   End Sub

'   Sub OnExternalAccountDownload(oFetchAccount, oMessage, sRemoteUID)
'   End Sub
Which data must i enter here?

Code: Select all

Private Const ADMIN = "Administrator"
Private Const PASSWORD = "########"
And where can i get the "codes" for germany, so that i can only connect from german country / ip?


Thanks in advance! :)


Greetings

User avatar
mattg
Moderator
Moderator
Posts: 21858
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Hardening hMailServer - The ongoing saga!

Post by mattg » 2021-04-07 00:33

udgesbou wrote:
2021-04-06 21:11
Which data must i enter here?

Code: Select all

Private Const ADMIN = "Administrator"
Private Const PASSWORD = "########"
The admin user MUST be = 'Administrator"
The PASSWORD is your hMailserver admin GUI password


udgesbou wrote:
2021-04-06 21:11
And where can i get the "codes" for germany, so that i can only connect from german country / ip?
Germany is 127.0.1.20
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2021-04-07 13:23

mattg wrote:
2021-04-07 00:33
udgesbou wrote:
2021-04-06 21:11
And where can i get the "codes" for germany, so that i can only connect from german country / ip?
Germany is 127.0.1.20
Okay, and where do I have to put that into the script? :(

Greetings

User avatar
RvdH
Senior user
Senior user
Posts: 2026
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Hardening hMailServer - The ongoing saga!

Post by RvdH » 2021-04-07 15:32

udgesbou wrote:
2021-04-07 13:23
Okay, and where do I have to put that into the script? :(

Greetings
Maybe simply look at the examples given/quoted?
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

ashtec014
Normal user
Normal user
Posts: 208
Joined: 2019-09-05 11:56

Re: Hardening hMailServer - The ongoing saga!

Post by ashtec014 » 2021-06-06 09:32

palinka wrote:
2019-10-31 10:58
nitro wrote:
2019-10-31 10:28
You have to be careful with the lords of Microsoft.
It can be a false positive in, FQDN as HELO.

Code: Select all

AM5EUR02FT035.mail.protection.outlook.com
EUR04-DB3-obe.outbound.protection.outlook.com
EUR03-VE1-obe.outbound.protection.outlook.com
I discovered that yesterday too. I added outbound.protection.outlook.com$ to the list of "known false positives" so they skip the test.
Hello,

I've notice that emails from "protection.outlook.com" mark as spam or "known false positives" though it isn't, which list do I add these so it could skip the test?

palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2021-06-06 16:23

ashtec014 wrote:
2021-06-06 09:32
palinka wrote:
2019-10-31 10:58
nitro wrote:
2019-10-31 10:28
You have to be careful with the lords of Microsoft.
It can be a false positive in, FQDN as HELO.

Code: Select all

AM5EUR02FT035.mail.protection.outlook.com
EUR04-DB3-obe.outbound.protection.outlook.com
EUR03-VE1-obe.outbound.protection.outlook.com
I discovered that yesterday too. I added outbound.protection.outlook.com$ to the list of "known false positives" so they skip the test.
Hello,

I've notice that emails from "protection.outlook.com" mark as spam or "known false positives" though it isn't, which list do I add these so it could skip the test?
viewtopic.php?f=20&t=33602

Have a look at this thread.

gotspatel
Normal user
Normal user
Posts: 188
Joined: 2013-10-08 05:42
Location: INDIA

Re: Hardening hMailServer - The ongoing saga!

Post by gotspatel » 2021-11-27 06:25

Hello All, Hope everyone fine.

I am trying to extend the functionality of IDS to make a threatfeed (text file) for my Hardware firewall to block the IP from Firewall itself.

- take the IP which the IDS is blocking
- Check if threatfeed text file exists if not create it
- check if IP is already listed in file and if not write it to new line in the test file.

IS the below code perfect? as I am not able to get IP's blocked by IDS in the file.


the FULL IDSADDIP Function

Code: Select all

Function idsAddIP(sIPAddress, iPort)
	Dim oApp : Set oApp = CreateObject("hMailServer.Application")
    Call oApp.Authenticate(ADMIN, PASSWORD)
    Include(oApp.Settings.Directories.EventDirectory & "\VbsJson.vbs") '<---- It Points to Event Directory   
	Dim ReturnCode, Json, oGeoip, oXML
	Set Json = New VbsJson
	
	'new GEOIPLOOKUP
    Dim m_CountryCode, m_CountryName
    Call GeoIPLookup(sIPAddress, m_CountryCode, m_CountryName)
	On Error Resume Next

	Dim idsTable
	idsTable = DBIDSTBL
	Dim strSQL, oDB : Set oDB = GetDatabaseObject
	If IsMySQL Then
		strSQL = "INSERT INTO hm_ids (timestamp,ipaddress,port,hits,country) VALUES (" & DBGetCurrentDateTime() & ",'" & sIPAddress & "','" & iPort & "',1,'" & m_CountryName & "') ON DUPLICATE KEY UPDATE hits=(hits+1),TIMESTAMP=" & DBGetCurrentDateTime() & ";"	
	ElseIf IsMSSQL Then
		strSQL = "IF NOT EXISTS (SELECT 1 FROM " & idsTable & " WHERE ipaddress = '" & sIPAddress & "') INSERT INTO " & idsTable & " (timestamp,ipaddress,port,hits,country) VALUES (" & DBGetCurrentDateTime() & ",'" & sIPAddress & "'," & iPort &",'1','" & m_CountryName & "') ELSE UPDATE " & idsTable & " SET hits=(hits+1), timestamp=" & DBGetCurrentDateTime() & " WHERE ipaddress= '" & sIPAddress & "';"
	End If
	
		Set objFSO = Wscript.CreateObject("Scripting.FileSystemObject")
		Set objShell = Wscript.CreateObject("Wscript.Shell")
		Const FORREADING = 1
		Const FORWRITING = 2
		Const FORAPPENDING = 8
		Dim sToSearch: sToSearch = "sIPAddress"
		Dim sFileName: sFileName = "C:\inetpub\wwwroot\Threatfeed\ids_iplist.txt"
		Dim sContent, Found
		If Not objFSO.FileExists(sFileName) Then
			EventLog.Write( "Function IDSADDIP - ERROR: ids_iplist.txt doesnot exist" )
			Set TxtFile = objFSO.OpenTextFile(sFileName, ForWriting, True)
			TxtFile.WriteLine sToSearch
			WScript.Quit 0
		End If
		Set TxtFile = objFSO.OpenTextFile(sFileName,FORREADING)
		sContent = TxtFile.ReadAll
		If InStr(sContent,sToSearch) Then Found = True End If
		Set TxtFile = Nothing
		If Not Found Then
			Set TxtFile = objFSO.OpenTextFile(sFileName,FORAPPENDING)
			TxtFile.WriteLine sToSearch
		End If
	Set sFileName = Nothing
	Call oDB.ExecuteSQL(strSQL)
	Set oDB = Nothing
End Function


palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2021-11-27 15:22

First, are you using MySQL or MSSQL? You don't need both.

Secondly, you're probably better off running a handler script that adds ips from the database to the text file. In that case, you may want to add a new column that let's you know if the ip has been picked up by the handler script already, so you don't have any duplication. Then nothing would change from the original script in your eventhandlers.vbs and you would run the handler from task scheduler every hour or whatever.

gotspatel
Normal user
Normal user
Posts: 188
Joined: 2013-10-08 05:42
Location: INDIA

Re: Hardening hMailServer - The ongoing saga!

Post by gotspatel » 2021-11-28 06:46

Hi,

I am using MYSQL (MSSQL I just kept don't know why?) :D

2nd, I want to use the code to write/delete the ip for both function IDSAPPIP and IDSDELIP in eventhandlers so as if the ip is removed by IDS then it is also removed from the text file.
very bad at coding just use the snippets from the internet and transform them to my use.

palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2021-11-28 14:20

There's a flaw in your logic / sequence of events. There's a reason there is a 3 strike rule. Some connections that get added to ids are false positives caused by network errors and such. You don't want to firewall ban those IPs until you're sure that they're actually malicious. Therefore, you don't want to add them to the text file every time IDSADD is called. You will only want to add them when they reach the strike limit, at which point you're more sure that the IP is malicious and not the result of a temporary error.

Try this. Revert the code back to the original. Then run this powershell from task scheduler every 5 minutes. I pulled this out of my firewall ban code. Its not tested!

Code: Select all

###   MYSQL VARIABLES   ###
$DatabaseType     = 'MYSQL'
$SQLAdminUserName = 'hmailserver'
$SQLAdminPassword = 'supersecretpassword'
$SQLDatabase      = 'hmailserver'
$SQLHost          = '127.0.0.1'
$SQLPort          = 3306
$SQLSSL           = 'none'

###   SQL SSL OPTIONS   ###

#   Set to 'none' if Powershell and MySQL on same machine
#
#	None       - Do not use SSL.
#	Preferred  - Use SSL if the server supports it, but allow connection in all cases.
#	Required   - Always use SSL. Deny connection if server does not support SSL.
#	VerifyCA   - Always use SSL. Validate the CA but tolerate name mismatch.
#	VerifyFull - Always use SSL. Fail if the host name is not correct.

###   IDS OPTIONS   ###
$IDSIPList       = 'C:\inetpub\wwwroot\Threatfeed\IDSIPList.txt'
$IDSNew          = 5 # New Entries interval in minutes
$IDSExpire       = 3 # Interval in days


Function MySQLQuery($Query) {
	$Today = (Get-Date).ToString("yyyyMMdd")
	$DBErrorLog = "$PSScriptRoot\$Today-DBError.log"
	$ConnectionString = "server=" + $SQLHost + ";port=" + $SQLPort + ";uid=" + $SQLAdminUserName + ";pwd=" + $SQLAdminPassword + ";database=" + $SQLDatabase + ";SslMode=" + $SQLSSL + ";"
	Try {
		[void][System.Reflection.Assembly]::LoadWithPartialName("MySql.Data")
		$Connection = New-Object MySql.Data.MySqlClient.MySqlConnection
		$Connection.ConnectionString = $ConnectionString
		$Connection.Open()
		$Command = New-Object MySql.Data.MySqlClient.MySqlCommand($Query, $Connection)
		$DataAdapter = New-Object MySql.Data.MySqlClient.MySqlDataAdapter($Command)
		$DataSet = New-Object System.Data.DataSet
		$RecordCount = $dataAdapter.Fill($dataSet, "data")
		$DataSet.Tables[0]
	}
	Catch {
		Write-Output "$(Get-Date -f G) : ERROR : Unable to run query : $query `n$($Error[0])" | Out-File $DBErrorLog -Append -Encoding ASCII
	}
	Finally {
		$Connection.Close()
	}
}


<#######################################>
<#                                     #>
<#                IDS                  #>
<#    (Intrusion Detection System)     #>
<#                                     #>
<#######################################>

<#	Pickup entries from IDS  #>
$Query = "SELECT ipaddress FROM hm_ids WHERE hits > 2 AND timestamp > (NOW() - INTERVAL $IDSNew MINUTE);"
MySQLQuery $Query | foreach {

	<#  Add to IDSIPList  #>
	$_ | Out-File $IDSIPList -Append -Encoding ASCII

}

<#	Expire old IDS entries  #>
$Query = "SELECT ipaddress FROM hm_ids WHERE timestamp < (NOW() - INTERVAL $IDSExpire DAY);"
MySQLQuery $Query | ForEach {
	Set-Content -Path $IDSIPList -Value (Get-Content -Path $IDSIPList | Select-String -Pattern '$($_)' -NotMatch)
}

$Query = "DELETE FROM hm_ids WHERE timestamp < (NOW() - INTERVAL $IDSExpire DAY);"
MySQLQuery $Query

gotspatel
Normal user
Normal user
Posts: 188
Joined: 2013-10-08 05:42
Location: INDIA

Re: Hardening hMailServer - The ongoing saga!

Post by gotspatel » 2021-12-10 14:47

Atlast Got some hits :D

Any help how to remove the column headers

OUTPUT OF "IDSIPList.txt"

Code: Select all


ipaddress   <<<< REMOVE THIS
---------   <<<< AND THIS
51.81.155.71



ipaddress    
---------    
103.150.8.116



ipaddress    
---------    
185.167.97.31



ipaddress     
---------     
185.180.143.77



ipaddress      
---------      
112.132.123.233


palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2021-12-10 16:17

gotspatel wrote:
2021-12-10 14:47
Atlast Got some hits :D

Any help how to remove the column headers

OUTPUT OF "IDSIPList.txt"

Code: Select all


ipaddress   <<<< REMOVE THIS
---------   <<<< AND THIS
51.81.155.71



ipaddress    
---------    
103.150.8.116



ipaddress    
---------    
185.167.97.31



ipaddress     
---------     
185.180.143.77



ipaddress      
---------      
112.132.123.233

Change this line:

Code: Select all

	$_ | Out-File $IDSIPList -Append -Encoding ASCII
To this:

Code: Select all

	$_.ipaddress | Out-File $IDSIPList -Append -Encoding ASCII

gotspatel
Normal user
Normal user
Posts: 188
Joined: 2013-10-08 05:42
Location: INDIA

Re: Hardening hMailServer - The ongoing saga!

Post by gotspatel » 2021-12-13 11:41

palinka wrote:
2021-12-10 16:17

Code: Select all

	$_.ipaddress | Out-File $IDSIPList -Append -Encoding ASCII
This Worked and Also I have integrated it in your Firewall ban Script

palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2022-04-03 13:52

SorenR wrote:
2019-01-28 17:57
#3 How to stop the annoying half-connections from BOT's and misconfigured spammers

This is an attempt to create some form of IDS (Intrusion Detection System) into hMailServer. It works by using the system database of hMailServer - in this case MySQL.

Functionality:

Case A.
1 - When server connect on port 25, the IP address is added to the IDS registry.
2 - When this connection produces an email, the IP address is removed from IDS registry.
3 - A handler will load data from the database and determine if a BAN on the IP address is needed.

Case B.
1 - A connection from outside the defined Realm is detected, the IP address is added to the IDS registry
2 - A handler will load data from the database and BAN the IP address.

The code is split into two in order to put as little stress on hMailServer mail functionality as possible.

The file Handler.vbs is executed by Windows Scheduler every 1 minute and will do the banning and housekeeping of the IDS registry.

Banning criteria:
1: Violation of Realm = immediate BAN
2: 3 "half-connections" within 180 minutes.

File: EventHandlers.vbs

Code: Select all

Option Explicit

'******************************************************************************************************************************
'********** Settings                                                                                                 **********
'******************************************************************************************************************************

'
'   COM authentication
'
Private Const ADMIN = "Administrator"
Private Const PASSWORD = "########"

'******************************************************************************************************************************
'********** hMailServer IDS Client Code (MySQL)                                                                      **********
'******************************************************************************************************************************

Private Const idsTable = "hm_ids"

'
'   DRIVER={MySQL ODBC 5.3 Unicode Driver};Server=localhost;Port=3306;Database=%idsdb%;Uid=%idsuid%;Pwd=%idspwd%;Option=3;
'
'   Table:   CREATE TABLE %idsTable% (
'                   timestamp DATETIME,
'                   ipaddress VARCHAR (192) PRIMARY KEY,
'                   port      INTEGER,
'                   hits      INTEGER);
'

Function idsAddIP(sIPAddress, iPort)
   Dim strSQL, oDB : Set oDB = GetDatabaseObject
   strSQL = "INSERT INTO " & idsTable & " (timestamp,ipaddress,port,hits) VALUES (NOW(),'" & sIPAddress & "'," & iPort & ",1) ON DUPLICATE KEY UPDATE hits=(hits+1),timestamp=NOW();"
   Call oDB.ExecuteSQL(strSQL)
End Function

Function idsDelIP(sIPAddress)
   Dim strSQL, oDB : Set oDB = GetDatabaseObject
   strSQL = "DELETE FROM " & idsTable & " WHERE ipaddress = '" & sIPAddress & "';"
   Call oDB.ExecuteSQL(strSQL)
End Function

'******************************************************************************************************************************
'********** Functions                                                                                                **********
'******************************************************************************************************************************

Function GetDatabaseObject()
   Dim oApp : Set oApp = CreateObject("hMailServer.Application")
   Call oApp.Authenticate(ADMIN, PASSWORD)
   Set GetDatabaseObject = oApp.Database
End Function

Function GeoLookup(strIP) : GeoLookup = "zz"
   Dim a, element, group, strLookup
   a = Split(strIP, ".")
   With CreateObject("DNSLibrary.DNSResolver")
      strLookup = .TXT(a(3) & "." & a(2) & "." & a(1) & "." & a(0) & ".zz.countries.nerd.dk")
   End With
   If Trim(strLookup) = "" Then
      EventLog.Write( "- GeoLookup(" & strIP & ") = " & GeoLookup )
      Exit Function
   End If
   group = Split(strLookup, vbCrLf)
   If UBound(group) > 0 Then
      For Each element In group
         If (Trim(element) <> "") Then EventLog.Write( "- GeoLookup(" & strIP & ") = " & element )
      Next
   Else
      GeoLookup = group(0)
   End If
End Function

'******************************************************************************************************************************
'********** hMailServer Triggers                                                                                     **********
'******************************************************************************************************************************

Sub OnClientConnect(oClient)
   '
   '   Exclude local LAN from test
   '
   If (Left(oClient.IPAddress, 10) = "192.168.0.") Then Exit Sub
   '
   '   Only allow non-SMTP connect from "Rigsfællesskabet"/"Naalagaaffeqatigiit"/"Ríkisfelagsskapurin" = The Danish Realm.
   '   zz = N/A, dk = Denmark, gl = Greenland, fo = Faroe Islands
   '
   If (oClient.Port <> 25) Then
      If (InStr("|dk|gl|fo|", GeoLookup(oClient.IPAddress)) = 0) Then
         '
         '   Add unauthorized access to IDS registry
         '
         Call idsAddIP(oClient.IPAddress, oClient.Port)
         Result.Value = 1
         Exit Sub
      End If
   End If
   '
   '   Only test SMTP traffic on defined ports 25, 587 and 465.
   '   Register IP address in IDS registry.
   '
   If (InStr("|25|587|465|", oClient.Port) > 0) Then Call idsAddIP(oClient.IPAddress, 0)
End Sub

'* Sub OnHELO(oClient)
'* End Sub

'*
'*  ********** SPAM test: DNSBlackLists, HeloHost, MXRecords, SPF
'*

'* Sub OnSMTPData(oClient, oMessage)
'* End Sub

'*
'*  ********** SPAM test: SURBL, DKIM, SpamAssassin
'*

Sub OnAcceptMessage(oClient, oMessage)
   '
   '   Unregister IP address from IDS registry
   '
   Call idsDelIP(oClient.IPAddress)
End Sub

'*
'*  ********** Saving EML to DATA
'*

'* Sub OnDeliveryStart(oMessage)
'* End Sub

'*
'*  ********** Antivirus check, Global rules
'*

'* Sub OnDeliverMessage(oMessage)
'* End Sub

'*
'*  ********** Local rules, Message delivered to recipient(s)
'*

'* Sub OnDeliveryFailed(oMessage, sRecipient, sErrorMessage)
'* End Sub

'* Sub OnExternalAccountDownload(oFetchAccount, oMessage, sRemoteUID)
'* End Sub

'* Sub OnBackupFailed(sReason)
'* End Sub

'* Sub OnBackupCompleted()
'* End Sub

'* Sub OnError(iSeverity, iCode, sSource, sDescription)
'* End Sub

'******************************************************************************************************************************
'********** END                                                                                                      **********
'******************************************************************************************************************************
File: Handler.vbs

Code: Select all

Option Explicit

'******************************************************************************************************************************
'********** Settings                                                                                                 **********
'******************************************************************************************************************************

'
'   COM authentication
'
Private Const ADMIN = "Administrator"
Private Const PASSWORD = "########"
'
'   MySQL
'
Private Const DBNAME = "hmailserver"
Private Const DBUID = "hmsuser"
Private Const DBPW = "########"
Private Const idsTable = "hm_ids"
Private Const idsHits = 3
Private Const idsMinutes = 180
Dim idsDBDrv : idsDBDrv = "DRIVER={MySQL ODBC 5.3 Unicode Driver};Database="&DBNAME&";Uid="&DBUID&";Pwd="&DBPW&";Option=3;"

'
'   DRIVER={MySQL ODBC 5.3 Unicode Driver};Server=localhost;Port=3306;Database=%idsdb%;Uid=%idsuid%;Pwd=%idspwd%;Option=3;
'
'   Table:   CREATE TABLE %idsTable% (
'                   timestamp DATETIME,
'                   ipaddress VARCHAR (192) PRIMARY KEY,
'                   port      INTEGER,
'                   hits      INTEGER);
'

'******************************************************************************************************************************
'********** Classes                                                                                                  **********
'******************************************************************************************************************************

Class LogWriter
   Private m_oApp, m_LogID, m_LogFile, m_LogType, m_LogDir
   Private i, t, temp, strDay, strMonth, strTime, strLogFile, strLogDate

   Private Sub Class_Initialize()
      Set m_oApp = CreateObject("hMailServer.Application")
      Call m_oApp.Authenticate(ADMIN, PASSWORD)
      m_LogFile = "LogWriter"
      m_LogType = "M"
      m_LogDir = m_oApp.Settings.Directories.LogDirectory
      m_LogID = CStr(m_oApp.Status.ProcessedMessages)
   End Sub

   Private Sub Class_Terminate()
      '
      '   Termination code goes here.
      '
   End Sub

   Public Property Let LogFile(strFile)
      m_LogFile = Trim(strFile)
   End Property

   Public Property Let LogDir(strDir)
      If (Right(strDir, 1) = "\") Then
         m_LogDir = Trim(Left(strDir, Len(strDir) - 1))
      Else
         m_LogDir = Trim(strDir)
      End If
   End Property

   Public Property Let LogType(strType)
      m_LogType = Trim(strType)
   End Property

   Public Function Wait(sec)
      With CreateObject("WScript.Shell")
         .Run "timeout /T " & Int(sec), 0, True       ' Windows 7/2003/2008 or later
'        .Run "sleep -m " & Int(sec * 1000), 0, True  ' Windows 2003 Resource Kit
'        .Run "powershell Start-Sleep -Milliseconds " & Int(sec * 1000), 0, True
      End With
   End Function

   Public Function OpenFile(strPath)
      Const Append = 8
      Const Unicode = -1
      With CreateObject("Scripting.FileSystemObject")
         Dim oFile
         For i = 0 To 30
            On Error Resume Next
            Set oFile = .OpenTextFile(strPath, Append, True, Unicode)
            If Not (Err.Number = 70) Then
               Set OpenFile = oFile
               On Error Goto 0
               Exit For
            End If
            On Error Goto 0
            Wait(1)
         Next
      End With
      If (Err.Number = 70) Then
         EventLog.Write( "ERROR: VBScript Class LogWriter" )
         EventLog.Write( "File " & strPath & " is locked and timeout was exceeded." )
         Err.Clear
      ElseIf (Err.Number <> 0) Then
         EventLog.Write( "ERROR: VBScript Class LogWriter : Function OpenFile" )
         EventLog.Write( "Error       : " & Err.Number )
         EventLog.Write( "Error (hex) : 0x" & Hex(Err.Number) )
         EventLog.Write( "Source      : " & Err.Source )
         EventLog.Write( "Description : " & Err.Description )
         Err.Clear
      End If
   End Function

   Public Function Write(strText)
      t = Timer
      temp = Int(t)
      strMonth = DatePart("yyyy",Date) & "-" & Right("0" & DatePart("m",Date), 2)
      strDay = strMonth & "-" & Right("0" & DatePart("d",Date), 2)
      strTime = Right("0"  & Hour(Now),   2) & ":" &_
                Right("0"  & Minute(Now), 2) & ":" &_
                Right("0"  & Second(Now), 2) & "." &_
                Right("00" & (Int((t-temp) * 1000)), 3)
      strLogDate = strDay & " " & strTime
      If (m_LogType = "M") Then
         strLogFile = m_LogDir & "\" & m_LogFile & "_" & strMonth & ".log"
      Else
         strLogFile = m_LogDir & "\" & m_LogFile & "_" & strDay & ".log"
      End If
      With OpenFile(strLogFile)
         .WriteLine(m_LogID & vbTab & Chr(34) & strLogDate & Chr(34) & vbTab & Chr(34) & strText & Chr(34))
         .Close
      End With
      Write = Err.Number
   End Function

End Class

'******************************************************************************************************************************
'********** Functions                                                                                                **********
'******************************************************************************************************************************

Function AutoBan(sIPAddress, sReason, iDuration, sType) : AutoBan = False
   '
   '   sType can be one of the following;
   '   "yyyy" Year, "m" Month, "d" Day, "h" Hour, "n" Minute, "s" Second
   '
   On Error Resume Next
   If (oApp.Settings.SecurityRanges.ItemByName("(" & sReason & ") " & sIPAddress) Is Nothing) Then
      With oApp.Settings.SecurityRanges.Add
         .Name = "(" & sReason & ") " & sIPAddress
         .LowerIP = sIPAddress
         .UpperIP = sIPAddress
         .Priority = 20
         .Expires = True
         .ExpiresTime = DateAdd(sType, iDuration, Now())
         .Save
      End With
      AutoBan = True
   End If
   oApp.Settings.SecurityRanges.Refresh
   On Error Goto 0
End Function

'******************************************************************************************************************************
'********** CODE                                                                                                     **********
'******************************************************************************************************************************

Dim oApp : Set oApp = CreateObject("hMailServer.Application")
Call oApp.Authenticate(ADMIN, PASSWORD)
Dim EventLog : Set EventLog = CreateObject("hMailServer.EventLog")
Dim EventLogX : Set EventLogX = New LogWriter
'
'   Name of the logfile.
'   Default is monthly logs, for daily logs add: EventLogX.LogType = "D"
'
EventLogX.LogFile = "handler"
Dim strPort
Dim oRecord, oConn : Set oConn = CreateObject("ADODB.Connection")
oConn.Open idsDBDrv
If oConn.State <> 1 Then
   EventLog.Write( "Handler - ERROR: Could not connect to database" )
   WScript.Quit 1
End If
Set oRecord = oConn.Execute("SELECT * FROM " & idsTable & " WHERE hits > " & idsHits & " AND port = 0;")
If Err.Number <> 0 Then
   EventLog.Write( "Handler - ERROR: Table " & idsTable & " does not exist!" )
   WScript.Quit 1
End If
If Not oRecord.BOF And Not oRecord.EOF Then
   While Not oRecord.EOF
      EventLogX.Write( "Wohoo... IPAddress: " & oRecord("ipaddress") & " Port: " & oRecord("port") & " Hits: " & oRecord("hits") )
      If (DateDiff("n", oRecord("timestamp"), Now()) < idsMinutes) Then
         If AutoBan(oRecord("ipaddress"), "IDS", 7, "d") Then _
            EventLogX.Write( "AutoBan(" & oRecord("ipaddress") & ", IDS, 7, d)" )
      End If
      oConn.Execute "DELETE FROM " & idsTable & " WHERE ipaddress = '" & oRecord("ipaddress") & "';"
      oRecord.MoveNext
   Wend
End If
Set oRecord = oConn.Execute("SELECT * FROM " & idsTable & " WHERE hits > " & idsHits & " AND port > 0;")
If Not oRecord.BOF And Not oRecord.EOF Then
   While Not oRecord.EOF
      EventLogX.Write( "Wohoo... IPAddress: " & oRecord("ipaddress") & " Port: " & oRecord("port") & " Hits: " & oRecord("hits") )
      If (DateDiff("n", oRecord("timestamp"), Now()) < idsMinutes) Then
         strPort = Trim(Mid("SMTP IMAP SMTPSSUBM IMAPS", InStr("25   143  465  587  993  ", oRecord("port")), 5))
         If AutoBan(oRecord("ipaddress"), "GEOBLOCK - " & strPort, 7, "d") Then _
            EventLogX.Write( "AutoBan(" & oRecord("ipaddress") & ", GEOBLOCK - " & strPort & ", 7, d)" )
      End If
      oConn.Execute "DELETE FROM " & idsTable & " WHERE ipaddress = '" & oRecord("ipaddress") & "';"
      oRecord.MoveNext
   Wend
End If
oConn.Execute "DELETE FROM " & idsTable & " WHERE DATE_ADD(timestamp, INTERVAL 1 DAY) < NOW();"
oConn.Close

'******************************************************************************************************************************
'********** END                                                                                                      **********
'******************************************************************************************************************************
NOTE:

Sub OnHELO(oClient) is NOT available in the original compilation.
If you wish to make use of this added trigger please see https://www.hmailserver.com/forum/viewt ... 39#p206039

ActiveX object DNSLibrary can be obtained from https://d-fault.nl/files/DNSResolverCom ... .3.exe.zip
You said you might make a new post for IDS. Still waiting. :mrgreen:

Anyway, that inspired me to throw together a php viewer/stats app for it. :D

Demo: https://firewallban.dynu.net/ids/

Code: https://github.com/palinkas-jo-reggelt/ ... IDS-Viewer

And I'll be damned... I haven't even promoted it and it already has 72 clones at github. I did post a link to the demo in that other thread, but not to the code.

It doesn't even do much. :lol: :lol: :lol: :mrgreen: But it has dials and charts. :D

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2022-04-04 14:44

Code: Select all

'******************************************************************************************************************************
'********** hMailServer Triggers                                                                                     **********
'******************************************************************************************************************************

Sub OnClientConnect(oClient)
   '
   '   Exclude local LAN from test
   '
   If (Left(oClient.IPAddress, 10) = "192.168.0.") Then Exit Sub
   '
   '   Only allow non-SMTP connect from "Rigsfællesskabet"/"Naalagaaffeqatigiit"/"Ríkisfelagsskapurin" = The Danish Realm.
   '   zz = N/A, dk = Denmark, gl = Greenland, fo = Faroe Islands
   '
   If (oClient.Port <> 25) Then
      If (InStr("|dk|gl|fo|", GeoLookup(oClient.IPAddress)) = 0) Then
         '
         '   Add unauthorized access to IDS registry
         '
         Call idsAddIP(oClient.IPAddress, oClient.Port)
         Result.Value = 1
         Exit Sub
      End If
   End If
Hey,
how can i change this that only german connections are allowed?

Thank you very much! :D

palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2022-04-04 15:06

udgesbou wrote:
2022-04-04 14:44

Code: Select all

'******************************************************************************************************************************
'********** hMailServer Triggers                                                                                     **********
'******************************************************************************************************************************

Sub OnClientConnect(oClient)
   '
   '   Exclude local LAN from test
   '
   If (Left(oClient.IPAddress, 10) = "192.168.0.") Then Exit Sub
   '
   '   Only allow non-SMTP connect from "Rigsfællesskabet"/"Naalagaaffeqatigiit"/"Ríkisfelagsskapurin" = The Danish Realm.
   '   zz = N/A, dk = Denmark, gl = Greenland, fo = Faroe Islands
   '
   If (oClient.Port <> 25) Then
      If (InStr("|dk|gl|fo|", GeoLookup(oClient.IPAddress)) = 0) Then
         '
         '   Add unauthorized access to IDS registry
         '
         Call idsAddIP(oClient.IPAddress, oClient.Port)
         Result.Value = 1
         Exit Sub
      End If
   End If
Hey,
how can i change this that only german connections are allowed?

Thank you very much! :D
Maybe If (InStr("de" etc. ???

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2022-04-04 22:05

palinka wrote:
2022-04-04 15:06
Maybe If (InStr("de" etc. ???
Ok, i tried this :idea:

Here is my Eventhandlers.vbs:

Code: Select all

Option Explicit

'******************************************************************************************************************************
'********** Settings                                                                                                 **********
'******************************************************************************************************************************

'
'   COM authentication
'
Private Const ADMIN = "Administrator"
Private Const PASSWORD = "MY-hMailServer-Password"

'******************************************************************************************************************************
'********** hMailServer IDS Client Code (MySQL)                                                                      **********
'******************************************************************************************************************************

Private Const idsTable = "hm_ids"

'
'   DRIVER={MySQL ODBC 5.3 Unicode Driver};Server=localhost;Port=3306;Database=%idsdb%;Uid=%idsuid%;Pwd=%idspwd%;Option=3;
'
'   Table:   CREATE TABLE %idsTable% (
'                   timestamp DATETIME,
'                   ipaddress VARCHAR (192) PRIMARY KEY,
'                   port      INTEGER,
'                   hits      INTEGER);
'

Function idsAddIP(sIPAddress, iPort)
   Dim strSQL, oDB : Set oDB = GetDatabaseObject
   strSQL = "INSERT INTO " & idsTable & " (timestamp,ipaddress,port,hits) VALUES (NOW(),'" & sIPAddress & "'," & iPort & ",1) ON DUPLICATE KEY UPDATE hits=(hits+1),timestamp=NOW();"
   Call oDB.ExecuteSQL(strSQL)
End Function

Function idsDelIP(sIPAddress)
   Dim strSQL, oDB : Set oDB = GetDatabaseObject
   strSQL = "DELETE FROM " & idsTable & " WHERE ipaddress = '" & sIPAddress & "';"
   Call oDB.ExecuteSQL(strSQL)
End Function

'******************************************************************************************************************************
'********** Functions                                                                                                **********
'******************************************************************************************************************************

Function GetDatabaseObject()
   Dim oApp : Set oApp = CreateObject("hMailServer.Application")
   Call oApp.Authenticate(ADMIN, PASSWORD)
   Set GetDatabaseObject = oApp.Database
End Function

Function GeoLookup(strIP) : GeoLookup = "zz"
   Dim a, element, group, strLookup
   a = Split(strIP, ".")
   With CreateObject("DNSLibrary.DNSResolver")
      strLookup = .TXT(a(3) & "." & a(2) & "." & a(1) & "." & a(0) & ".zz.countries.nerd.dk")
   End With
   If Trim(strLookup) = "" Then
      EventLog.Write( "- GeoLookup(" & strIP & ") = " & GeoLookup )
      Exit Function
   End If
   group = Split(strLookup, vbCrLf)
   If UBound(group) > 0 Then
      For Each element In group
         If (Trim(element) <> "") Then EventLog.Write( "- GeoLookup(" & strIP & ") = " & element )
      Next
   Else
      GeoLookup = group(0)
   End If
End Function

'******************************************************************************************************************************
'********** hMailServer Triggers                                                                                     **********
'******************************************************************************************************************************

Sub OnClientConnect(oClient)
   '
   '   Exclude local LAN from test
   '
   If (Left(oClient.IPAddress, 10) = "192.168.0.") Then Exit Sub
   '
   '   Only allow non-SMTP connect from "Rigsfællesskabet"/"Naalagaaffeqatigiit"/"Ríkisfelagsskapurin" = The Danish Realm.
   '   zz = N/A, dk = Denmark, gl = Greenland, fo = Faroe Islands
   '
   If (oClient.Port <> 25) Then
      If (InStr("de", GeoLookup(oClient.IPAddress)) = 0) Then
         '
         '   Add unauthorized access to IDS registry
         '
         Call idsAddIP(oClient.IPAddress, oClient.Port)
         Result.Value = 1
         Exit Sub
      End If
   End If
   '
   '   Only test SMTP traffic on defined ports 25, 587 and 465.
   '   Register IP address in IDS registry.
   '
   If (InStr("|25|587|465|", oClient.Port) > 0) Then Call idsAddIP(oClient.IPAddress, 0)
End Sub

'* Sub OnHELO(oClient)
'* End Sub

'*
'*  ********** SPAM test: DNSBlackLists, HeloHost, MXRecords, SPF
'*

'* Sub OnSMTPData(oClient, oMessage)
'* End Sub

'*
'*  ********** SPAM test: SURBL, DKIM, SpamAssassin
'*

Sub OnAcceptMessage(oClient, oMessage)
   '
   '   Unregister IP address from IDS registry
   '
   Call idsDelIP(oClient.IPAddress)
End Sub

'*
'*  ********** Saving EML to DATA
'*

'* Sub OnDeliveryStart(oMessage)
'* End Sub

'*
'*  ********** Antivirus check, Global rules
'*

'* Sub OnDeliverMessage(oMessage)
'* End Sub

'*
'*  ********** Local rules, Message delivered to recipient(s)
'*

'* Sub OnDeliveryFailed(oMessage, sRecipient, sErrorMessage)
'* End Sub

'* Sub OnExternalAccountDownload(oFetchAccount, oMessage, sRemoteUID)
'* End Sub

'* Sub OnBackupFailed(sReason)
'* End Sub

'* Sub OnBackupCompleted()
'* End Sub

'* Sub OnError(iSeverity, iCode, sSource, sDescription)
'* End Sub

'******************************************************************************************************************************
'********** END                                                                                                      **********
'******************************************************************************************************************************

And my Handler.vbs:

Code: Select all

Option Explicit

'******************************************************************************************************************************
'********** Settings                                                                                                 **********
'******************************************************************************************************************************

'
'   COM authentication
'
Private Const ADMIN = "Administrator"
Private Const PASSWORD = "MY-hMailServer-Password"
'
'   MySQL
'
Private Const DBNAME = "hmailserverdb"
Private Const DBUID = "MYSQL-USERNAME"
Private Const DBPW = "MYSQL-PASSWORD"
Private Const idsTable = "hm_ids"
Private Const idsHits = 3
Private Const idsMinutes = 180
Dim idsDBDrv : idsDBDrv = "DRIVER={MySQL ODBC 5.3 Unicode Driver};Database="&DBNAME&";Uid="&DBUID&";Pwd="&DBPW&";Option=3;"

'
'   DRIVER={MySQL ODBC 5.3 Unicode Driver};Server=localhost;Port=3306;Database=%idsdb%;Uid=%idsuid%;Pwd=%idspwd%;Option=3;
'
'   Table:   CREATE TABLE %idsTable% (
'                   timestamp DATETIME,
'                   ipaddress VARCHAR (192) PRIMARY KEY,
'                   port      INTEGER,
'                   hits      INTEGER);
'

'******************************************************************************************************************************
'********** Classes                                                                                                  **********
'******************************************************************************************************************************

Class LogWriter
   Private m_oApp, m_LogID, m_LogFile, m_LogType, m_LogDir
   Private i, t, temp, strDay, strMonth, strTime, strLogFile, strLogDate

   Private Sub Class_Initialize()
      Set m_oApp = CreateObject("hMailServer.Application")
      Call m_oApp.Authenticate(ADMIN, PASSWORD)
      m_LogFile = "LogWriter"
      m_LogType = "M"
      m_LogDir = m_oApp.Settings.Directories.LogDirectory
      m_LogID = CStr(m_oApp.Status.ProcessedMessages)
   End Sub

   Private Sub Class_Terminate()
      '
      '   Termination code goes here.
      '
   End Sub

   Public Property Let LogFile(strFile)
      m_LogFile = Trim(strFile)
   End Property

   Public Property Let LogDir(strDir)
      If (Right(strDir, 1) = "\") Then
         m_LogDir = Trim(Left(strDir, Len(strDir) - 1))
      Else
         m_LogDir = Trim(strDir)
      End If
   End Property

   Public Property Let LogType(strType)
      m_LogType = Trim(strType)
   End Property

   Public Function Wait(sec)
      With CreateObject("WScript.Shell")
         .Run "timeout /T " & Int(sec), 0, True       ' Windows 7/2003/2008 or later
'        .Run "sleep -m " & Int(sec * 1000), 0, True  ' Windows 2003 Resource Kit
'        .Run "powershell Start-Sleep -Milliseconds " & Int(sec * 1000), 0, True
      End With
   End Function

   Public Function OpenFile(strPath)
      Const Append = 8
      Const Unicode = -1
      With CreateObject("Scripting.FileSystemObject")
         Dim oFile
         For i = 0 To 30
            On Error Resume Next
            Set oFile = .OpenTextFile(strPath, Append, True, Unicode)
            If Not (Err.Number = 70) Then
               Set OpenFile = oFile
               On Error Goto 0
               Exit For
            End If
            On Error Goto 0
            Wait(1)
         Next
      End With
      If (Err.Number = 70) Then
         EventLog.Write( "ERROR: VBScript Class LogWriter" )
         EventLog.Write( "File " & strPath & " is locked and timeout was exceeded." )
         Err.Clear
      ElseIf (Err.Number <> 0) Then
         EventLog.Write( "ERROR: VBScript Class LogWriter : Function OpenFile" )
         EventLog.Write( "Error       : " & Err.Number )
         EventLog.Write( "Error (hex) : 0x" & Hex(Err.Number) )
         EventLog.Write( "Source      : " & Err.Source )
         EventLog.Write( "Description : " & Err.Description )
         Err.Clear
      End If
   End Function

   Public Function Write(strText)
      t = Timer
      temp = Int(t)
      strMonth = DatePart("yyyy",Date) & "-" & Right("0" & DatePart("m",Date), 2)
      strDay = strMonth & "-" & Right("0" & DatePart("d",Date), 2)
      strTime = Right("0"  & Hour(Now),   2) & ":" &_
                Right("0"  & Minute(Now), 2) & ":" &_
                Right("0"  & Second(Now), 2) & "." &_
                Right("00" & (Int((t-temp) * 1000)), 3)
      strLogDate = strDay & " " & strTime
      If (m_LogType = "M") Then
         strLogFile = m_LogDir & "\" & m_LogFile & "_" & strMonth & ".log"
      Else
         strLogFile = m_LogDir & "\" & m_LogFile & "_" & strDay & ".log"
      End If
      With OpenFile(strLogFile)
         .WriteLine(m_LogID & vbTab & Chr(34) & strLogDate & Chr(34) & vbTab & Chr(34) & strText & Chr(34))
         .Close
      End With
      Write = Err.Number
   End Function

End Class

'******************************************************************************************************************************
'********** Functions                                                                                                **********
'******************************************************************************************************************************

Function AutoBan(sIPAddress, sReason, iDuration, sType) : AutoBan = False
   '
   '   sType can be one of the following;
   '   "yyyy" Year, "m" Month, "d" Day, "h" Hour, "n" Minute, "s" Second
   '
   On Error Resume Next
   If (oApp.Settings.SecurityRanges.ItemByName("(" & sReason & ") " & sIPAddress) Is Nothing) Then
      With oApp.Settings.SecurityRanges.Add
         .Name = "(" & sReason & ") " & sIPAddress
         .LowerIP = sIPAddress
         .UpperIP = sIPAddress
         .Priority = 20
         .Expires = True
         .ExpiresTime = DateAdd(sType, iDuration, Now())
         .Save
      End With
      AutoBan = True
   End If
   oApp.Settings.SecurityRanges.Refresh
   On Error Goto 0
End Function

'******************************************************************************************************************************
'********** CODE                                                                                                     **********
'******************************************************************************************************************************

Dim oApp : Set oApp = CreateObject("hMailServer.Application")
Call oApp.Authenticate(ADMIN, PASSWORD)
Dim EventLog : Set EventLog = CreateObject("hMailServer.EventLog")
Dim EventLogX : Set EventLogX = New LogWriter
'
'   Name of the logfile.
'   Default is monthly logs, for daily logs add: EventLogX.LogType = "D"
'
EventLogX.LogFile = "handler"
Dim strPort
Dim oRecord, oConn : Set oConn = CreateObject("ADODB.Connection")
oConn.Open idsDBDrv
If oConn.State <> 1 Then
   EventLog.Write( "Handler - ERROR: Could not connect to database" )
   WScript.Quit 1
End If
Set oRecord = oConn.Execute("SELECT * FROM " & idsTable & " WHERE hits > " & idsHits & " AND port = 0;")
If Err.Number <> 0 Then
   EventLog.Write( "Handler - ERROR: Table " & idsTable & " does not exist!" )
   WScript.Quit 1
End If
If Not oRecord.BOF And Not oRecord.EOF Then
   While Not oRecord.EOF
      EventLogX.Write( "Wohoo... IPAddress: " & oRecord("ipaddress") & " Port: " & oRecord("port") & " Hits: " & oRecord("hits") )
      If (DateDiff("n", oRecord("timestamp"), Now()) < idsMinutes) Then
         If AutoBan(oRecord("ipaddress"), "IDS", 7, "d") Then _
            EventLogX.Write( "AutoBan(" & oRecord("ipaddress") & ", IDS, 7, d)" )
      End If
      oConn.Execute "DELETE FROM " & idsTable & " WHERE ipaddress = '" & oRecord("ipaddress") & "';"
      oRecord.MoveNext
   Wend
End If
Set oRecord = oConn.Execute("SELECT * FROM " & idsTable & " WHERE hits > " & idsHits & " AND port > 0;")
If Not oRecord.BOF And Not oRecord.EOF Then
   While Not oRecord.EOF
      EventLogX.Write( "Wohoo... IPAddress: " & oRecord("ipaddress") & " Port: " & oRecord("port") & " Hits: " & oRecord("hits") )
      If (DateDiff("n", oRecord("timestamp"), Now()) < idsMinutes) Then
         strPort = Trim(Mid("SMTP IMAP SMTPSSUBM IMAPS", InStr("25   143  465  587  993  ", oRecord("port")), 5))
         If AutoBan(oRecord("ipaddress"), "GEOBLOCK - " & strPort, 7, "d") Then _
            EventLogX.Write( "AutoBan(" & oRecord("ipaddress") & ", GEOBLOCK - " & strPort & ", 7, d)" )
      End If
      oConn.Execute "DELETE FROM " & idsTable & " WHERE ipaddress = '" & oRecord("ipaddress") & "';"
      oRecord.MoveNext
   Wend
End If
oConn.Execute "DELETE FROM " & idsTable & " WHERE DATE_ADD(timestamp, INTERVAL 1 DAY) < NOW();"
oConn.Close

'******************************************************************************************************************************
'********** END                                                                                                      **********
'******************************************************************************************************************************
Now if i try to start the Eventhandlers.vbs, i get this Error:

Image

Can you help me, please?!

palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2022-04-04 23:13

Do you have ODBC connector installed?

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2022-04-04 23:54

palinka wrote:
2022-04-04 23:13
Do you have ODBC connector installed?
I don't think so :(

Is this what I have to do?
https://blog.devart.com/installing-odbc ... ndows.html

Thanks!

palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2022-04-05 01:07

udgesbou wrote:
2022-04-04 23:54
palinka wrote:
2022-04-04 23:13
Do you have ODBC connector installed?
I don't think so :(

Is this what I have to do?
https://blog.devart.com/installing-odbc ... ndows.html

Thanks!
Yes. What db are you using?

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2022-04-05 06:52

palinka wrote:
2022-04-05 01:07
Yes. What db are you using?
I am using MYSQL.

Greetings

tunis
Senior user
Senior user
Posts: 320
Joined: 2015-01-05 20:22
Location: Sweden

Re: Hardening hMailServer - The ongoing saga!

Post by tunis » 2022-04-05 09:55

udgesbou wrote:
2022-04-04 23:54
palinka wrote:
2022-04-04 23:13
Do you have ODBC connector installed?
I don't think so :(

Is this what I have to do?
https://blog.devart.com/installing-odbc ... ndows.html

Thanks!
You can install mysqls odbc driver for free.
https://dev.mysql.com/downloads/connector/odbc/
HMS 5.6.8 B2534.28 on Windows Server 2019 Core VM.
HMS 5.6.8 B2538.30 on Windows Server 2016 Core VM.
HMS 5.6.7 B2425.16 on Windows Server 2012 R2 Core VM.

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2022-04-06 14:06

tunis wrote:
2022-04-05 09:55
You can install mysqls odbc driver for free.
https://dev.mysql.com/downloads/connector/odbc/
Hey tunis,
i installed this, but i get the same Error from Windows Script Host.

Do i have to do some settings in the installed ODBC-Connector?


Greetings

tunis
Senior user
Senior user
Posts: 320
Joined: 2015-01-05 20:22
Location: Sweden

Re: Hardening hMailServer - The ongoing saga!

Post by tunis » 2022-04-06 15:41

udgesbou wrote:
2022-04-06 14:06
tunis wrote:
2022-04-05 09:55
You can install mysqls odbc driver for free.
https://dev.mysql.com/downloads/connector/odbc/
Hey tunis,
i installed this, but i get the same Error from Windows Script Host.

Do i have to do some settings in the installed ODBC-Connector?


Greetings
Open ODBC in Windows and the driver tab.
In that list you should have the name of the driver. ex "MySQL ODBC 8.0 Driver"
That is what you use in the script

Code: Select all

Dim idsDBDrv : idsDBDrv = "DRIVER={MySQL ODBC 8.0 Driver};Database="&DBNAME&";Uid="&DBUID&";Pwd="&DBPW&";Option=3;"
HMS 5.6.8 B2534.28 on Windows Server 2019 Core VM.
HMS 5.6.8 B2538.30 on Windows Server 2016 Core VM.
HMS 5.6.7 B2425.16 on Windows Server 2012 R2 Core VM.

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2022-04-06 21:22

tunis wrote:
2022-04-06 15:41
Open ODBC in Windows and the driver tab.
In that list you should have the name of the driver. ex "MySQL ODBC 8.0 Driver"
That is what you use in the script

Code: Select all

Dim idsDBDrv : idsDBDrv = "DRIVER={MySQL ODBC 8.0 Driver};Database="&DBNAME&";Uid="&DBUID&";Pwd="&DBPW&";Option=3;"
This is what my Driver Tab look like:

Image

palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2022-04-06 21:51

udgesbou wrote:
2022-04-06 21:22
tunis wrote:
2022-04-06 15:41
Open ODBC in Windows and the driver tab.
In that list you should have the name of the driver. ex "MySQL ODBC 8.0 Driver"
That is what you use in the script

Code: Select all

Dim idsDBDrv : idsDBDrv = "DRIVER={MySQL ODBC 8.0 Driver};Database="&DBNAME&";Uid="&DBUID&";Pwd="&DBPW&";Option=3;"
This is what my Driver Tab look like:

Image
You need to set up the database. Under tab "System DSN" click add and follow the instructions to add hmailserver database.

Also - I'm not sure about this - you may need 32 bit instead of 64 bit. It depends on the connector and I'm not an expert. I use the MariaDB and the odbc connector is 32/64 combined.

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2022-04-06 22:28

palinka wrote:
2022-04-06 21:51
You need to set up the database. Under tab "System DSN" click add and follow the instructions to add hmailserver database.

Also - I'm not sure about this - you may need 32 bit instead of 64 bit. It depends on the connector and I'm not an expert. I use the MariaDB and the odbc connector is 32/64 combined.
Yeah, i do this in 32 bit too, but same Error :(

Connectiontest in Connectionsetup was successful :(


Greetings

palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2022-04-06 22:35

udgesbou wrote:
2022-04-06 22:28
palinka wrote:
2022-04-06 21:51
You need to set up the database. Under tab "System DSN" click add and follow the instructions to add hmailserver database.

Also - I'm not sure about this - you may need 32 bit instead of 64 bit. It depends on the connector and I'm not an expert. I use the MariaDB and the odbc connector is 32/64 combined.
Yeah, i do this in 32 bit too, but same Error :(

Connectiontest in Connectionsetup was successful :(


Greetings
What is the error?

Look for error log in your log folder and post the errors for today.

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2022-04-06 23:35

palinka wrote:
2022-04-06 22:35
What is the error?

Look for error log in your log folder and post the errors for today.
I always got this error when I try to start the handler.vbs from the Event-Folder manually:

Image

Same with ODBC-Connector 32 bit or 64 bit :(

palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2022-04-07 00:08

udgesbou wrote:
2022-04-06 23:35
palinka wrote:
2022-04-06 22:35
What is the error?

Look for error log in your log folder and post the errors for today.
I always got this error when I try to start the handler.vbs from the Event-Folder manually:

Image

Same with ODBC-Connector 32 bit or 64 bit :(
I looked at your script above. move line 21 ("Dim idsDBDrv : idsDBDrv = ...") to line 175, meaning right before this line: "oConn.Open idsDBDrv".

For what its worth, I prefer to do all this in event handlers, I don't even expire them. I just let them sit and reject connections after 3 tries. They sit there forever. However, I exclude localhost and LAN connections.

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2022-04-08 13:27

palinka wrote:
2022-04-07 00:08

I looked at your script above. move line 21 ("Dim idsDBDrv : idsDBDrv = ...") to line 175, meaning right before this line: "oConn.Open idsDBDrv".

For what its worth, I prefer to do all this in event handlers, I don't even expire them. I just let them sit and reject connections after 3 tries. They sit there forever. However, I exclude localhost and LAN connections.
Now my Handler.vbs looks like this:

Code: Select all

Option Explicit

'******************************************************************************************************************************
'********** Settings                                                                                                 **********
'******************************************************************************************************************************

'
'   COM authentication
'
Private Const ADMIN = "Administrator"
Private Const PASSWORD = "MyhMailServer-Password"
'
'   MySQL
'
Private Const DBNAME = "hmailserverdb"
Private Const DBUID = "root"
Private Const DBPW = "MyMySQL-Password"
Private Const idsTable = "hm_ids"
Private Const idsHits = 3
Private Const idsMinutes = 180

'
'   DRIVER={MySQL ODBC 5.3 Unicode Driver};Server=localhost;Port=3306;Database=%idsdb%;Uid=%idsuid%;Pwd=%idspwd%;Option=3;
'
'   Table:   CREATE TABLE %idsTable% (
'                   timestamp DATETIME,
'                   ipaddress VARCHAR (192) PRIMARY KEY,
'                   port      INTEGER,
'                   hits      INTEGER);
'

'******************************************************************************************************************************
'********** Classes                                                                                                  **********
'******************************************************************************************************************************

Class LogWriter
   Private m_oApp, m_LogID, m_LogFile, m_LogType, m_LogDir
   Private i, t, temp, strDay, strMonth, strTime, strLogFile, strLogDate

   Private Sub Class_Initialize()
      Set m_oApp = CreateObject("hMailServer.Application")
      Call m_oApp.Authenticate(ADMIN, PASSWORD)
      m_LogFile = "LogWriter"
      m_LogType = "M"
      m_LogDir = m_oApp.Settings.Directories.LogDirectory
      m_LogID = CStr(m_oApp.Status.ProcessedMessages)
   End Sub

   Private Sub Class_Terminate()
      '
      '   Termination code goes here.
      '
   End Sub

   Public Property Let LogFile(strFile)
      m_LogFile = Trim(strFile)
   End Property

   Public Property Let LogDir(strDir)
      If (Right(strDir, 1) = "\") Then
         m_LogDir = Trim(Left(strDir, Len(strDir) - 1))
      Else
         m_LogDir = Trim(strDir)
      End If
   End Property

   Public Property Let LogType(strType)
      m_LogType = Trim(strType)
   End Property

   Public Function Wait(sec)
      With CreateObject("WScript.Shell")
         .Run "timeout /T " & Int(sec), 0, True       ' Windows 7/2003/2008 or later
'        .Run "sleep -m " & Int(sec * 1000), 0, True  ' Windows 2003 Resource Kit
'        .Run "powershell Start-Sleep -Milliseconds " & Int(sec * 1000), 0, True
      End With
   End Function

   Public Function OpenFile(strPath)
      Const Append = 8
      Const Unicode = -1
      With CreateObject("Scripting.FileSystemObject")
         Dim oFile
         For i = 0 To 30
            On Error Resume Next
            Set oFile = .OpenTextFile(strPath, Append, True, Unicode)
            If Not (Err.Number = 70) Then
               Set OpenFile = oFile
               On Error Goto 0
               Exit For
            End If
            On Error Goto 0
            Wait(1)
         Next
      End With
      If (Err.Number = 70) Then
         EventLog.Write( "ERROR: VBScript Class LogWriter" )
         EventLog.Write( "File " & strPath & " is locked and timeout was exceeded." )
         Err.Clear
      ElseIf (Err.Number <> 0) Then
         EventLog.Write( "ERROR: VBScript Class LogWriter : Function OpenFile" )
         EventLog.Write( "Error       : " & Err.Number )
         EventLog.Write( "Error (hex) : 0x" & Hex(Err.Number) )
         EventLog.Write( "Source      : " & Err.Source )
         EventLog.Write( "Description : " & Err.Description )
         Err.Clear
      End If
   End Function

   Public Function Write(strText)
      t = Timer
      temp = Int(t)
      strMonth = DatePart("yyyy",Date) & "-" & Right("0" & DatePart("m",Date), 2)
      strDay = strMonth & "-" & Right("0" & DatePart("d",Date), 2)
      strTime = Right("0"  & Hour(Now),   2) & ":" &_
                Right("0"  & Minute(Now), 2) & ":" &_
                Right("0"  & Second(Now), 2) & "." &_
                Right("00" & (Int((t-temp) * 1000)), 3)
      strLogDate = strDay & " " & strTime
      If (m_LogType = "M") Then
         strLogFile = m_LogDir & "\" & m_LogFile & "_" & strMonth & ".log"
      Else
         strLogFile = m_LogDir & "\" & m_LogFile & "_" & strDay & ".log"
      End If
      With OpenFile(strLogFile)
         .WriteLine(m_LogID & vbTab & Chr(34) & strLogDate & Chr(34) & vbTab & Chr(34) & strText & Chr(34))
         .Close
      End With
      Write = Err.Number
   End Function

End Class

'******************************************************************************************************************************
'********** Functions                                                                                                **********
'******************************************************************************************************************************

Function AutoBan(sIPAddress, sReason, iDuration, sType) : AutoBan = False
   '
   '   sType can be one of the following;
   '   "yyyy" Year, "m" Month, "d" Day, "h" Hour, "n" Minute, "s" Second
   '
   On Error Resume Next
   If (oApp.Settings.SecurityRanges.ItemByName("(" & sReason & ") " & sIPAddress) Is Nothing) Then
      With oApp.Settings.SecurityRanges.Add
         .Name = "(" & sReason & ") " & sIPAddress
         .LowerIP = sIPAddress
         .UpperIP = sIPAddress
         .Priority = 20
         .Expires = True
         .ExpiresTime = DateAdd(sType, iDuration, Now())
         .Save
      End With
      AutoBan = True
   End If
   oApp.Settings.SecurityRanges.Refresh
   On Error Goto 0
End Function

'******************************************************************************************************************************
'********** CODE                                                                                                     **********
'******************************************************************************************************************************

Dim oApp : Set oApp = CreateObject("hMailServer.Application")
Call oApp.Authenticate(ADMIN, PASSWORD)
Dim EventLog : Set EventLog = CreateObject("hMailServer.EventLog")
Dim EventLogX : Set EventLogX = New LogWriter
'
'   Name of the logfile.
'   Default is monthly logs, for daily logs add: EventLogX.LogType = "D"
'
EventLogX.LogFile = "handler"
Dim strPort
Dim oRecord, oConn : Set oConn = CreateObject("ADODB.Connection")
Dim idsDBDrv : idsDBDrv = "DRIVER={MySQL ODBC 5.3 Unicode Driver};Database="&DBNAME&";Uid="&DBUID&";Pwd="&DBPW&";Option=3;"
oConn.Open idsDBDrv
If oConn.State <> 1 Then
   EventLog.Write( "Handler - ERROR: Could not connect to database" )
   WScript.Quit 1
End If
Set oRecord = oConn.Execute("SELECT * FROM " & idsTable & " WHERE hits > " & idsHits & " AND port = 0;")
If Err.Number <> 0 Then
   EventLog.Write( "Handler - ERROR: Table " & idsTable & " does not exist!" )
   WScript.Quit 1
End If
If Not oRecord.BOF And Not oRecord.EOF Then
   While Not oRecord.EOF
      EventLogX.Write( "Wohoo... IPAddress: " & oRecord("ipaddress") & " Port: " & oRecord("port") & " Hits: " & oRecord("hits") )
      If (DateDiff("n", oRecord("timestamp"), Now()) < idsMinutes) Then
         If AutoBan(oRecord("ipaddress"), "IDS", 7, "d") Then _
            EventLogX.Write( "AutoBan(" & oRecord("ipaddress") & ", IDS, 7, d)" )
      End If
      oConn.Execute "DELETE FROM " & idsTable & " WHERE ipaddress = '" & oRecord("ipaddress") & "';"
      oRecord.MoveNext
   Wend
End If
Set oRecord = oConn.Execute("SELECT * FROM " & idsTable & " WHERE hits > " & idsHits & " AND port > 0;")
If Not oRecord.BOF And Not oRecord.EOF Then
   While Not oRecord.EOF
      EventLogX.Write( "Wohoo... IPAddress: " & oRecord("ipaddress") & " Port: " & oRecord("port") & " Hits: " & oRecord("hits") )
      If (DateDiff("n", oRecord("timestamp"), Now()) < idsMinutes) Then
         strPort = Trim(Mid("SMTP IMAP SMTPSSUBM IMAPS", InStr("25   143  465  587  993  ", oRecord("port")), 5))
         If AutoBan(oRecord("ipaddress"), "GEOBLOCK - " & strPort, 7, "d") Then _
            EventLogX.Write( "AutoBan(" & oRecord("ipaddress") & ", GEOBLOCK - " & strPort & ", 7, d)" )
      End If
      oConn.Execute "DELETE FROM " & idsTable & " WHERE ipaddress = '" & oRecord("ipaddress") & "';"
      oRecord.MoveNext
   Wend
End If
oConn.Execute "DELETE FROM " & idsTable & " WHERE DATE_ADD(timestamp, INTERVAL 1 DAY) < NOW();"
oConn.Close

'******************************************************************************************************************************
'********** END                                                                                                      **********
'******************************************************************************************************************************
But i still got this Error:

Image


My ODBC-Connector looks like this:

Image

palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2022-04-08 14:02

udgesbou wrote:
2022-04-08 13:27
Dim idsDBDrv : idsDBDrv = "DRIVER={MySQL ODBC 5.3 Unicode Driver};Database="&DBNAME&";Uid="&DBUID&";Pwd="&DBPW&";Option=3;"
This is not the same driver as shown in your screenshot. They must be an exact match!

User avatar
SorenR
Senior user
Senior user
Posts: 5303
Joined: 2006-08-21 15:38
Location: Denmark

Re: Hardening hMailServer - The ongoing saga!

Post by SorenR » 2022-04-08 14:47

Code: Select all

DRIVER={MySQL ODBC 5.3 Unicode Driver};Server=localhost;Port=3306;Database=%idsdb%;Uid=%idsuid%;Pwd=%idspwd%;Option=3;
Attachments
ODBC.png
SørenR.

There are two types of people in this world:
1) Those who can extrapolate from incomplete data

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2022-04-08 15:11

palinka wrote:
2022-04-08 14:02
This is not the same driver as shown in your screenshot. They must be an exact match!
SorenR wrote:
2022-04-08 14:47

Code: Select all

DRIVER={MySQL ODBC 5.3 Unicode Driver};Server=localhost;Port=3306;Database=%idsdb%;Uid=%idsuid%;Pwd=%idspwd%;Option=3;
Now i installed the same driver like SorenR, but still the sam Error :(

Image

palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2022-04-08 15:55


udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2022-04-08 16:04

palinka wrote:
2022-04-08 15:55
How are you calling the script?

https://stackoverflow.com/questions/202 ... ault-drive
I double-click the "Handler.vbs" to test it, then the Error will pop-u, i hope this is what you mean? :(

I'm complete new in hMailServer-Scripts, sorry :(

palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2022-04-08 16:17

udgesbou wrote:
2022-04-08 16:04
palinka wrote:
2022-04-08 15:55
How are you calling the script?

https://stackoverflow.com/questions/202 ... ault-drive
I double-click the "Handler.vbs" to test it, then the Error will pop-u, i hope this is what you mean? :(

I'm complete new in hMailServer-Scripts, sorry :(
Open cmd window. Type

Code: Select all

cscript "C:\path\to\script.vbs"

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2022-04-08 16:26

palinka wrote:
2022-04-08 16:17
Open cmd window. Type

Code: Select all

cscript "C:\path\to\script.vbs"
Image

:( :(

palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2022-04-08 16:34

Come on, man! A little self help wouldn't hurt.

Der Befehl "cscript" ist entweder falsch geschrieben oder konnte nicht gefunden werden.
The "cscript" command is either misspelled or could not be found.

First of all, next time, don't make me or anyone else translate your error messages. You should be providing them in English as this is an English language forum.

Secondly, the error message is self explanatory.

Lastly, you didn't bother to read the link I provided above.

Edit - Extra lastly - don't post screenshots of text from a command window that can be easily copied. Copy the contents and past into code blocks!

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2022-04-08 21:38

palinka wrote:
2022-04-08 16:34
Lastly, you didn't bother to read the link I provided above.
Sorry, i read it again.

I type this, and got following Error:

Code: Select all

C:\Users\Administrator>C:\Windows\SysWOW64\cscript.exe "C:\Program Files (x86)\hMailServer\Events\Handler.vbs"
Microsoft (R) Windows Script Host, Version 5.812
Copyright (C) Microsoft Corporation. Alle Rechte vorbehalten.

C:\Program Files (x86)\hMailServer\Events\Handler.vbs(181, 1) Microsoft OLE DB Provider for ODBC Drivers: [MySQL][ODBC 5.3(w) Driver][mysqld-8.0.18]Unknown column 'port' in 'where clause'

And sorry palinka, i dont want to increase you :(

palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2022-04-08 21:58

udgesbou wrote:
2022-04-08 21:38
palinka wrote:
2022-04-08 16:34
Lastly, you didn't bother to read the link I provided above.
Sorry, i read it again.

I type this, and got following Error:

Code: Select all

C:\Users\Administrator>C:\Windows\SysWOW64\cscript.exe "C:\Program Files (x86)\hMailServer\Events\Handler.vbs"
Microsoft (R) Windows Script Host, Version 5.812
Copyright (C) Microsoft Corporation. Alle Rechte vorbehalten.

C:\Program Files (x86)\hMailServer\Events\Handler.vbs(181, 1) Microsoft OLE DB Provider for ODBC Drivers: [MySQL][ODBC 5.3(w) Driver][mysqld-8.0.18]Unknown column 'port' in 'where clause'

And sorry palinka, i dont want to increase you :(
OK now we're getting somewhere. :D

Now your ODBC connection is finally working. We know that because you have an sql error.

C:\Program Files (x86)\hMailServer\Events\Handler.vbs(181, 1) Mic....

Line 181 from your script above is:

Code: Select all

Set oRecord = oConn.Execute("SELECT * FROM " & idsTable & " WHERE hits > " & idsHits & " AND port = 0;")
It says 'port' is an unknown column, but I'll go out on a limb and guess that you haven't created a table structure yet.

Code: Select all

CREATE TABLE hm_ids (
	timestamp DATETIME,
	ipaddress VARCHAR (192) PRIMARY KEY,
	port      INTEGER,
	hits      INTEGER
);

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2022-04-08 22:03

palinka wrote:
2022-04-08 21:58
It says 'port' is an unknown column, but I'll go out on a limb and guess that you haven't created a table structure yet.

Code: Select all

CREATE TABLE hm_ids (
	timestamp DATETIME,
	ipaddress VARCHAR (192) PRIMARY KEY,
	port      INTEGER,
	hits      INTEGER
);
No, i didn't create a table called hm_ids manually. Do i have to create this manually in the hMailServer-DB?

palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2022-04-08 22:56

udgesbou wrote:
2022-04-08 22:03
palinka wrote:
2022-04-08 21:58
It says 'port' is an unknown column, but I'll go out on a limb and guess that you haven't created a table structure yet.

Code: Select all

CREATE TABLE hm_ids (
	timestamp DATETIME,
	ipaddress VARCHAR (192) PRIMARY KEY,
	port      INTEGER,
	hits      INTEGER
);
No, i didn't create a table called hm_ids manually. Do i have to create this manually in the hMailServer-DB?
Yes.

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2022-04-09 12:20

I think now we can go forward :mrgreen:

I create the table manually:

Code: Select all

mysql> CREATE TABLE hm_ids (timestamp DATETIME, ipaddress VARCHAR (192) PRIMARY KEY, port INTEGER, hits INTEGER);
Query OK, 0 rows affected (0.19 sec)
And then i tried to run the Handler.vbs with this command ...

Code: Select all

C:\Users\Administrator>C:\Windows\SysWoW64\cscript.exe "C:\Program Files (x86)\hMailServer\Events\Handler.vbs"
Microsoft (R) Windows Script Host, Version 5.812
Copyright (C) Microsoft Corporation. Alle Rechte vorbehalten.
... and no Error comes up 8)

Now for the next steps, i think i have to create a .bat-File with this content?

Code: Select all

C:\Windows\SysWoW64\cscript.exe "C:\Program Files (x86)\hMailServer\Events\Handler.vbs"
And but this into the Windows Scheduler every 1 Minute?

Then i have to enable Scripts in hMailServer, and then it should run right, or did i forget something?

palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2022-04-09 13:27

udgesbou wrote:
2022-04-09 12:20
I think now we can go forward :mrgreen:

I create the table manually:

Code: Select all

mysql> CREATE TABLE hm_ids (timestamp DATETIME, ipaddress VARCHAR (192) PRIMARY KEY, port INTEGER, hits INTEGER);
Query OK, 0 rows affected (0.19 sec)
And then i tried to run the Handler.vbs with this command ...

Code: Select all

C:\Users\Administrator>C:\Windows\SysWoW64\cscript.exe "C:\Program Files (x86)\hMailServer\Events\Handler.vbs"
Microsoft (R) Windows Script Host, Version 5.812
Copyright (C) Microsoft Corporation. Alle Rechte vorbehalten.
... and no Error comes up 8)

Now for the next steps, i think i have to create a .bat-File with this content?

Code: Select all

C:\Windows\SysWoW64\cscript.exe "C:\Program Files (x86)\hMailServer\Events\Handler.vbs"
And but this into the Windows Scheduler every 1 Minute?

Then i have to enable Scripts in hMailServer, and then it should run right, or did i forget something?
Sounds good. Set up the scripts in eventhandler.vbs and see if you get any errors.

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2022-04-09 13:47

palinka wrote:
2022-04-09 13:27
Sounds good. Set up the scripts in eventhandler.vbs and see if you get any errors.
Okay, i started everything, Windows Sheduler and activated Scripts in hMailServer and can't see any errors in logs :mrgreen:

How can i check if everything is working right?

palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2022-04-09 14:05

udgesbou wrote:
2022-04-09 13:47
palinka wrote:
2022-04-09 13:27
Sounds good. Set up the scripts in eventhandler.vbs and see if you get any errors.
Okay, i started everything, Windows Sheduler and activated Scripts in hMailServer and can't see any errors in logs :mrgreen:

How can i check if everything is working right?
Check for error logs and look at the database for new records. You just have to wait for someone to connect and fail to send a message.

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2022-04-13 07:57

Hey hey,
after a few days, my table hm_ids looks like this:

Image

In hMailServer it looks like this:

Image

And the handler.log is looking like this:

Code: Select all

347	"2022-04-12 20:50:28.734"	"AutoBan(185.239.242.59, IDS, 7, d)"
351	"2022-04-12 21:18:28.937"	"Wohoo... IPAddress: 167.248.133.46 Port: 143 Hits: 5"
351	"2022-04-12 21:18:28.984"	"AutoBan(167.248.133.46, GEOBLOCK - IMAP, 7, d)"
351	"2022-04-13 00:44:28.812"	"Wohoo... IPAddress: 167.94.146.58 Port: 143 Hits: 5"
351	"2022-04-13 00:44:28.882"	"AutoBan(167.94.146.58, GEOBLOCK - IMAP, 7, d)"
351	"2022-04-13 01:29:29.161"	"Wohoo... IPAddress: 162.142.125.10 Port: 993 Hits: 5"
351	"2022-04-13 01:29:29.223"	"AutoBan(162.142.125.10, GEOBLOCK - IMAPS, 7, d)"
351	"2022-04-13 02:24:28.617"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:25:28.625"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:26:28.622"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:27:28.635"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:28:28.648"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:29:28.657"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:30:28.669"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:31:28.703"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:32:28.683"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:33:28.693"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:34:28.730"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:35:28.708"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:36:28.725"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:37:28.736"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:38:28.746"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:39:28.779"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:40:28.761"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:41:28.772"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:42:28.759"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:43:28.799"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:44:28.801"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:45:28.832"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:46:28.806"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:47:28.802"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:48:28.818"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:49:28.839"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
351	"2022-04-13 02:50:28.834"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 4"
351	"2022-04-13 02:51:28.850"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 4"
351	"2022-04-13 02:52:28.847"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 4"
351	"2022-04-13 02:53:28.872"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 4"
351	"2022-04-13 02:54:28.867"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 4"
351	"2022-04-13 02:55:28.867"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 02:56:28.875"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 02:57:28.899"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 02:58:28.911"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 02:59:28.893"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:00:28.947"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:01:28.925"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:02:28.899"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:03:28.931"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:04:28.939"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:05:28.952"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:06:28.977"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:07:28.969"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:08:28.958"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:09:29.000"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:10:29.010"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:11:29.018"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:12:29.003"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:13:29.038"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:14:29.028"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:15:29.056"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:16:29.060"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:17:29.061"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:18:29.086"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:19:29.085"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:20:29.081"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:21:29.094"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:22:29.111"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:23:29.106"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:24:29.116"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:25:29.103"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:26:29.156"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:27:29.144"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:28:29.171"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:29:29.173"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:30:29.159"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:31:29.160"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:32:29.149"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:33:29.181"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:34:29.202"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:35:29.183"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:36:29.217"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:37:29.220"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:38:28.217"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:39:28.257"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:40:28.261"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:41:28.253"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:42:28.255"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:43:28.264"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:44:28.267"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:45:28.277"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:46:28.276"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:47:28.288"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:48:28.274"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:49:28.296"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:50:28.319"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:51:28.334"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:52:28.355"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:53:28.328"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:54:28.330"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:55:28.360"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:56:28.368"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:57:28.374"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:58:28.401"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 03:59:28.405"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:00:28.435"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:01:28.409"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:02:28.405"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:03:28.415"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:04:28.416"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:05:28.424"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:06:28.419"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:07:28.419"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:08:28.429"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:09:28.447"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:10:28.429"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:11:28.465"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:12:28.481"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:13:28.474"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:14:28.474"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:15:28.487"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:16:28.478"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:17:28.475"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:18:28.512"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:19:28.526"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:20:28.529"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:21:28.533"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:22:28.535"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:23:28.563"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:24:28.565"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:25:28.567"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:26:28.567"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:27:28.579"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:28:28.608"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:29:28.594"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:30:28.600"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:31:28.587"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:32:28.603"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:33:28.607"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:34:28.630"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:35:28.636"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:36:28.644"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:37:28.662"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:38:28.654"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:39:28.660"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:40:28.677"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:41:28.685"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:42:28.683"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:43:28.693"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:44:28.691"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:45:28.701"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:46:28.722"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:47:28.714"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:48:28.718"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:49:28.730"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:50:28.751"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:51:28.755"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:52:28.773"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:53:28.777"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:54:28.781"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:55:28.816"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:56:28.943"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:57:28.841"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:58:28.832"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 04:59:28.835"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:00:28.855"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:01:28.875"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:02:28.853"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:03:28.876"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:04:28.878"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:05:28.882"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:06:28.873"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:07:28.896"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:08:28.892"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:09:28.898"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:10:28.890"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:11:28.923"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:12:28.921"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:13:28.923"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:14:28.914"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:15:28.933"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:16:28.931"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:17:28.945"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:18:28.970"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:19:28.957"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:20:28.972"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:21:28.984"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:22:28.982"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:23:28.994"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:24:29.005"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:25:29.017"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:26:29.033"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:27:29.031"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:28:29.033"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:29:29.039"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:30:29.058"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:31:29.082"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:32:29.083"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:33:29.080"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:34:29.083"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:35:29.097"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:36:29.093"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:37:29.091"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:38:29.121"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:39:29.125"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:40:29.140"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:41:29.142"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:42:29.146"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:43:29.156"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:44:29.164"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:45:29.201"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:46:29.203"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:47:29.216"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:48:29.210"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:49:29.222"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:50:28.228"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:51:28.236"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:52:28.253"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:53:28.240"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:54:28.265"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:55:28.273"	"Wohoo... IPAddress: 45.135.232.161 Port: 110 Hits: 5"
351	"2022-04-13 05:55:28.357"	"Wohoo... IPAddress: 50.31.21.7 Port: 110 Hits: 5"
I think everything is working write, or am i wrong? :cry:


Greetings

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2022-04-21 10:15

Hey, me again :mrgreen:
i think the script runs good and many ip's got banned :mrgreen:

Now for a second instance i used MSSQL for Database Server and MSSQL is running on another server as hmailserver, how do i to change the settings in Eventhandler.vbs and Handler.vbs from MySQL to MSSQL?

And for ODBC-Connector i think i have to use the "SQL-Server"-Driver, right?

Image


Thanks in advance! :wink:

palinka
Senior user
Senior user
Posts: 3480
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2022-04-21 12:26

Looks good. Someone else will have to help with mssql. All I know about mssql is that its different from mysql. :( I'm only good with mysql.

The odbc setup should be the same process. Just keep in mind the query syntax is different. If you're good with mssql query syntax then you should be able to get it going.

udgesbou
Normal user
Normal user
Posts: 30
Joined: 2021-04-05 19:33
Location: Germany

Re: Hardening hMailServer - The ongoing saga!

Post by udgesbou » 2022-04-21 22:28

Okay palinka, thank you anyway :D

Please can someone tell me how I can do this with a MSSQL-Database-Server :?:

I would be very grateful :!:

Thanks in advance <3

Post Reply