Search found 843 matches

by RvdH
2020-02-09 17:11
Forum: Scripting
Topic: Problem with AutoBan
Replies: 18
Views: 720

Re: Problem with AutoBan

👍
by RvdH
2020-02-08 12:29
Forum: Scripting
Topic: Problem with AutoBan
Replies: 18
Views: 720

Re: Problem with AutoBan

SorenR wrote: You have a problem with the "disconnect.exe"...
Windows smartscreen filter? Tried to see if it's blocked?

the source of disconnect is pasted here, it doesn't take any other parameters as IP1 [IP2 [IP3 [IPn]]]
by RvdH
2020-01-30 19:12
Forum: General discussions
Topic: URL send to SURBL
Replies: 23
Views: 3082

Re: URL send to SURBL

palinka wrote: ↑
2020-01-30 18:21
RvdH wrote: ↑
2020-01-30 17:02
Can you pm the source to me so i could have a look?

I am a bit surprised to see 16 matches and lookups, especially because a hardcoded limit of 15 is defined in the code

Code: Select all

const int maxURLsToProcess = 15;
:o
0-15 = 16 iterations. :D
:oops:
by RvdH
2020-01-30 17:02
Forum: General discussions
Topic: URL send to SURBL
Replies: 23
Views: 3082

Re: URL send to SURBL

Can you pm the source to me so i could have a look?

I am a bit surprised to see 16 matches and lookups, especially because a hardcoded limit of 15 is defined in the code

Code: Select all

const int maxURLsToProcess = 15;
:o
by RvdH
2020-01-30 16:39
Forum: General discussions
Topic: URL send to SURBL
Replies: 23
Views: 3082

Re: URL send to SURBL

@RvdH I updated hmailServer almost the same email came again without ")". "DEBUG" 1116 "2020-01-30 13:22:53.636" "SURBL: Execute" "DEBUG" 1116 "2020-01-30 13:22:53.636" "SURBL: Found URL: webbdagarna.se" "DEBUG" 1116 "2020-01-30 13:22:53.636" "SURBL: Found URL: trippus.se" "DEBUG" 1116 "2020-01-30 ...
by RvdH
2020-01-30 12:45
Forum: General discussions
Topic: URL send to SURBL
Replies: 23
Views: 3082

Re: URL send to SURBL

@tunis

If your signature is right you are still using 5.6.x, right?
I have a 5.6.8-B2494.24 build (at the usual place) using the above regex if you like to give it a test run
by RvdH
2020-01-30 10:41
Forum: General discussions
Topic: URL send to SURBL
Replies: 23
Views: 3082

Re: URL send to SURBL

Please stay on topic, this post is about SURBL url detection I think the 'best' regex i have come up and tested is: (?:(?>https?)?(?>:\/\/|\%3A\%2F\%2F))(?:www\.)?([a-z0-9\-\.\=\r\n]+) To have a perfect regex seems impossible, as the are so many possibilities with formatting, encoding, line-breaks i...
by RvdH
2020-01-29 15:51
Forum: General discussions
Topic: URL send to SURBL
Replies: 23
Views: 3082

Re: URL send to SURBL

Base64 Encoded maybe?


This regex ain't never gonna be 100% i think, to much quirks
by RvdH
2020-01-29 04:44
Forum: General discussions
Topic: URL send to SURBL
Replies: 23
Views: 3082

Re: URL send to SURBL

This regex thingy is keeping me awake :) Instead of defining every character that is NOT allowed, like: (?:https?:\/\/)(?:[^@\s]+@)?(?:www\.)?([^\?:#<>\s{}[\]()\/\\'\"]+) https://regexr.com/4t4u3 Wouldn't it be easier to specify what characters are allowed? (eg: alphanumeric, dot and dash) (?:https?...
by RvdH
2020-01-29 02:42
Forum: General discussions
Topic: URL send to SURBL
Replies: 23
Views: 3082

Re: URL send to SURBL

I checked the email and all links are like this one. href="https://dmd.idg.se/x/c/?LU.RbsMgDPyVvtCnqQ0hbMokq2q3L1gf9jgRQAldDJEDivb1DLLJtnQn_3w6DbLNCB3vmz7PILnseSbgont_EXmCKcZlfT2ft207kR3srLwZHJmTDnhJEb90WmNAJm.bwuT7v.BJtsd9qXBRbvTwaYfBqFGRV6xt7jHo7ynMWHAtVlvcH6kA.1Mv1vhgb4JdO.KBCndlFgojKUQb999rSKQt...
by RvdH
2020-01-28 21:44
Forum: General discussions
Topic: URL send to SURBL
Replies: 23
Views: 3082

Re: URL send to SURBL

OK, as it seems BOOST needs some weird extra escaping But i would say, using a regex like: (?:https?:\\/\\/)([^\\?&><\\[\\(#\\\\ \\\"'\\/\\)\\]]*) would solve the issues, see example here: https://regexr.com/4t4ap Could the X-Spam-Report (bad) formatting also be caused by a malformed regex? It appe...
by RvdH
2020-01-28 20:58
Forum: General discussions
Topic: URL send to SURBL
Replies: 23
Views: 3082

Re: URL send to SURBL

OK, as it seems BOOST needs some weird extra escaping

But i would say, using a regex like: (?:https?:\\/\\/)([^\\?&><\\[\\(#\\\\ \\\"'\\/\\)\\]]*) would solve the issues, see example here: https://regexr.com/4t4ap
by RvdH
2020-01-28 13:47
Forum: General discussions
Topic: URL send to SURBL
Replies: 23
Views: 3082

Re: URL send to SURBL

What HMS version?

I think te regex used to detect URL's for SURBL checking is faulty,
https://github.com/hmailserver/hmailser ... BL.cpp#L43

Or does BOOST use some weird/custom regex?
by RvdH
2020-01-18 23:18
Forum: General discussions
Topic: Adding rejected IP's by DNS Blacklists to IpRanges or Firewall
Replies: 5
Views: 990

Re: Adding rejected IP's by DNS Blacklists to IpRanges or Firewall

adrianmihai83, are you sure your mailserver isn't acting as an open relay? Or maybe a single account is hijacked?
Normally the Internet range should require 'Require SMTP authentication' for 'local to local'
by RvdH
2020-01-17 10:45
Forum: Development & alpha discussions
Topic: hMailServer-5.7.0-B2495-x64 User build
Replies: 42
Views: 3503

Re: hMailServer-5.7.0-B2495-x64 User build

Dravion wrote: ↑
2020-01-16 23:07
TLSv1.3 was added in hMailServer 5.7 x64 which made serveral code changes necessary. This means OpenSSL
series 1.1.x is required.
Also available in 5.6.8 - Build 2494 (latest official beta)
by RvdH
2020-01-15 12:25
Forum: Off-topic discussions
Topic: RvdH DNSResolver + Powershell
Replies: 4
Views: 453

Re: RvdH DNSResolver + Powershell

Do not reverse the IP, you are trying to make a PTR lookup :!:

Code: Select all

$IP = '221.120.216.98'
$DNS = New-Object -ComObject DNSLibrary.DNSResolver
$PTR = $DNS.PTR("$IP")
Write-Host $PTR

Code: Select all

lhr63.pie.net.pk
by RvdH
2020-01-13 11:54
Forum: Off-topic discussions
Topic: Avast corporate IP SPAMMER
Replies: 2
Views: 333

Re: Avast corporate IP SPAMMER

Or maybe it is just a isolated test box in their corporate network to monitor, study and learn malware/virus behavior
by RvdH
2020-01-12 13:23
Forum: Off-topic discussions
Topic: Roundcube 1.4.x markasjunk
Replies: 16
Views: 997

Re: Roundcube 1.4.x markasjunk

:oops: :oops: :oops: Sorry guys, seems my original command worked just fine once i added access & read/write permission for IUSR on 'C:\Windows\system32\config\systemprofile\.spamassassin' the complete commands are: $config['markasjunk_spam_cmd'] = '"C:\Program Files\JAM Software\SpamAssassin for Wi...
by RvdH
2020-01-10 10:50
Forum: General discussions
Topic: Removing specified x-headers from all outgoing SMTP mails?
Replies: 4
Views: 416

Re: Removing specified x-headers from all outgoing SMTP mails?

Hello, sorry, outgoing emails are NOT anonymized by this filtering! :?: FROM:, TO:, AUTHENTICATED: and so on are still present, but some useless and often non standard header informations are removed. And, main reason, removing hints about mailer, security proxies aso. reduce helpful informations f...
by RvdH
2020-01-10 09:17
Forum: Off-topic discussions
Topic: Roundcube 1.4.x markasjunk
Replies: 16
Views: 997

Re: Roundcube 1.4.x markasjunk

1: Create a symbolic link... mklink /D "C:\Program Files\JAM Software\SpamAssassin for Windows" "C:\SpamAssassin" 2: Edit the config.php $config['markasjunk_spam_cmd'] = 'C:\SpamAssassin\sa-learn.exe --spam %f -D 2>&1'; $config['markasjunk_ham_cmd'] = 'C:\SpamAssassin\sa-learn.exe --ham %f -D 2>&1'...
by RvdH
2020-01-09 22:03
Forum: Off-topic discussions
Topic: Roundcube 1.4.x markasjunk
Replies: 16
Views: 997

Re: Roundcube 1.4.x markasjunk

$config['markasjunk_spam_cmd'] = 'C:\Program Files\JAM Software\SpamAssassin for Windows\sa-learn.exe --spam %f -D 2>&1'; $config['markasjunk_ham_cmd'] = 'C:\Program Files\JAM Software\SpamAssassin for Windows\sa-learn.exe --ham %f -D 2>&1'; Yeah, i found that debug info elsewhere as well....but it...
by RvdH
2020-01-09 14:27
Forum: Off-topic discussions
Topic: Roundcube 1.4.x markasjunk
Replies: 16
Views: 997

Roundcube 1.4.x markasjunk

The old markasjunk2 plugin is now part off the new Roundcube 1.4.x distribution (named markasjunk) I was trying to get this plugin working, with sa-learn (using cmd_learn driver) $config['markasjunk_learning_driver'] = 'cmd_learn'; $config['markasjunk_debug'] = true; (this makes a \logs\markasjunk.l...
by RvdH
2020-01-04 03:23
Forum: Development & alpha discussions
Topic: hMailServer-5.7.0-B2495-x64 User build
Replies: 42
Views: 3503

Re: hMailServer-5.7.0-B2495-x64 User build

I really wonder why anyone would try to use this release? ....there is absolutely nothing in it that isn't the latest beta build except for the updated boost libraries...there is absolutely no added functionalities....please explain, why bother? https://build.hmailserver.com/viewLog.html?buildId=802...
by RvdH
2019-12-19 22:24
Forum: Development & alpha discussions
Topic: Latest version of BOOST.
Replies: 3
Views: 570

Re: Latest version of BOOST.

Anyone got an idea why BOOST 1.70.0 is preferred over the latest version? Who says BOOST 1.70.0 is preferred over the latest version? Maybe simply because those newer releases are released after the latest commits done by martin? (he merged some pull request since, and upgraded openssl but nothing ...
by RvdH
2019-11-21 02:18
Forum: General discussions
Topic: SMTPD timeouts, one particular server farm
Replies: 11
Views: 871

Re: SMTPD timeouts, one particular server farm

Are SURBL queries blocking? Could they introduce a delay of 30 seconds, enough to trigger a TCP receive timeout? Nah, SURBL check are done by SpamAssassin, none enabled in hmailserver itself.... and btw, it's a 30 minutes delay until the timeout, not 30 seconds PS: If possible, run Wireshark in cas...
by RvdH
2019-11-20 18:28
Forum: General discussions
Topic: Export list of blocked attachments
Replies: 3
Views: 511

Re: Export list of blocked attachments

Option Explicit Public Const ADMIN = "Administrator" Public Const PASSWORD = "PUT_YOUR_PASSWORD_HERE" 'Password for hMailServer Administrator Dim fso, file Const ForWriting = 2 Set fso = CreateObject("Scripting.FileSystemObject") set file = fso.OpenTextFile("C:\BlockedAttachments.tmp", ForWriting, ...
by RvdH
2019-11-20 16:54
Forum: General discussions
Topic: SMTPD timeouts, one particular server farm
Replies: 11
Views: 871

Re: SMTPD timeouts, one particular server farm

To make it more confusing, this one came thru without a glitch... but then again, apart from similar HELO (i am monitoring troublesome host by their HELO message) this ip doesn't seem designated to Adobe "SMTPD" 6376 124993 "2019-11-20 15:19:30.215" "62.210.194.156" "SENT: 220 mail.domain.com ESMTP"...
by RvdH
2019-11-20 16:34
Forum: General discussions
Topic: SMTPD timeouts, one particular server farm
Replies: 11
Views: 871

Re: SMTPD timeouts, one particular server farm

Nope, no wait()

Or at least not directly within OnSMTPData, I use that lockfile function in OnHELO for AddGreyList(oClient.IPAddress, oClient.HELO) for my dynamic greywhitelisting function, but even that function is not triggered on those domains
by RvdH
2019-11-20 15:27
Forum: General discussions
Topic: SMTPD timeouts, one particular server farm
Replies: 11
Views: 871

Re: SMTPD timeouts, one particular server farm

Some MTAs are configured for sending only while other MTAs are configured for inbound only mail. I talking about our own hmailserver instance that is allowed to send and receive I have dozens of log entries like the above designating from Adobe owned servers trying to send to our hmailserver instan...
by RvdH
2019-11-20 12:46
Forum: General discussions
Topic: SMTPD timeouts, one particular server farm
Replies: 11
Views: 871

Re: SMTPD timeouts, one particular server farm

These are just 2 examples i see regularly....but this is going on for a few months. I assume these are simply marketing e-mails In OnSMTPData i have no more then the check(s) that block mail when the message is not sent from the authenticated account/domain (eg: only checks are for authenticated use...
by RvdH
2019-11-20 12:21
Forum: General discussions
Topic: SMTPD timeouts, one particular server farm
Replies: 11
Views: 871

SMTPD timeouts, one particular server farm

I have been busy monitoring SMTPD connections that seem to have trouble receiving mail right our hmailserver instance sends the DATA command to the external (sending) server, below an example: "SMTPD" 6376 119919 "2019-11-20 09:34:08.238" "66.117.17.55" "SENT: 220 mail.domain.com ESMTP" "SMTPD" 1064...
by RvdH
2019-11-19 14:55
Forum: General discussions
Topic: Fake SURBL DNSBL from local network
Replies: 16
Views: 1129

Re: Fake SURBL DNSBL from local network

Ruser wrote: ↑
2019-11-15 15:01
RvdH wrote: ↑
2019-11-15 13:11
cached DNS lookup result maybe?
i set google DNS in computer settings:
Ruser wrote: ↑
2019-11-15 10:28
static ip=192.168.0.172, dns=8.8.8.8
where cache? my router "mikrotik", ISP?
i try router off/on...

Code: Select all

ipconfig /flushdns
by RvdH
2019-11-19 09:46
Forum: General discussions
Topic: Fake SURBL DNSBL from local network
Replies: 16
Views: 1129

Re: Fake SURBL DNSBL from local network

Could it be because of 'SURBL detection properly fails to detect url's ending with a query string issue #108' in < 5.7.0 builds?

Perhaps you could try my custom build, that should fix above issue
5.6.8-B2494.22.7z
(969.3 KiB) Downloaded 34 times
by RvdH
2019-11-15 13:11
Forum: General discussions
Topic: Fake SURBL DNSBL from local network
Replies: 16
Views: 1129

Re: Fake SURBL DNSBL from local network

multi.surbl.org lists domain cb-killer.ru as a spammer, not hmailserver
hmailserver only checks the domain against multi.surbl.org

[EDIT]
I see your point... doing the lookup with http://www.surbl.org/surbl-analysis the result is: cb-killer.ru is NOT listed

Weird...cached DNS lookup result maybe?
by RvdH
2019-11-15 10:44
Forum: General discussions
Topic: Fake SURBL DNSBL from local network
Replies: 16
Views: 1129

Re: Fake SURBL DNSBL from local network

Mmmm, right :!: :?:
...but what is your actual question?

cb-killer.ru is a existing domain, which actually can be listed in multi.surbl.org (and apparently is)
DNSBL lookups seem fine
by RvdH
2019-11-13 13:52
Forum: General discussions
Topic: Autoban weirdness
Replies: 16
Views: 1238

Re: Autoban weirdness

Has he also changed the default internet and Localhost rages Priority Only the 'My computer' range is higher, eg: 30 instead of the 15 it was before.... 'Internet' range is still 10 Nothing changed for me - meaning I upgraded and my old settings remained the same, but the new autoban = 100 was unkn...
by RvdH
2019-11-13 11:03
Forum: General discussions
Topic: Autoban weirdness
Replies: 16
Views: 1238

Re: Autoban weirdness

The change of the 'My computer' range i kinda could understand, as a default install with previous value (15) would lockout localhost when auto-ban (20) is enabled...but once he also changed the auto-ban priority in 5.7.x the change to the 'My computer' range is redundant again I have also posted th...
by RvdH
2019-11-13 09:57
Forum: General discussions
Topic: Autoban weirdness
Replies: 16
Views: 1238

Re: Autoban weirdness

mattg wrote: ↑
2019-11-13 08:18
Has he also changed the default internet and Localhost rages Priority
Only the 'My computer' range is higher, eg: 30 instead of the 15 it was before.... 'Internet' range is still 10
by RvdH
2019-11-13 00:50
Forum: General discussions
Topic: Autoban weirdness
Replies: 16
Views: 1238

Re: Autoban weirdness

palinka wrote: ↑
2019-11-13 00:47
I guess that's the answer. Problem solved.
I know :)

But i am still a bit curious why martin changed that value in 5.7.x, i really can't see a reason for that and as it shows it breaks running instances...so it is a silly change in my opinion
by RvdH
2019-11-13 00:14
Forum: General discussions
Topic: Autoban weirdness
Replies: 16
Views: 1238

Re: Autoban weirdness

Autoban priority is changed in 5.7.x https://www.hmailserver.com/forum/viewtopic.php?f=7&t=34313 ONLY on the version used by that user ie Dravion's version hMailserver still sets them at 20 No, maybe your used scripts do, but hmailserver 5.7.x internally set them to 100 (eg: a faulty login via webm...
by RvdH
2019-11-12 21:41
Forum: General discussions
Topic: Autoban weirdness
Replies: 16
Views: 1238

Re: Autoban weirdness

Autoban priority is changed in 5.7.x

https://www.hmailserver.com/forum/viewt ... =7&t=34313
by RvdH
2019-11-05 11:03
Forum: General discussions
Topic: Issue to connect
Replies: 15
Views: 1596

Re: Issue to connect

What libmysql.dll do you have? Currently hmailserver is only working with libmysql.dll 5.x and won't work with libmysql.dll 8.x
by RvdH
2019-09-24 10:39
Forum: General discussions
Topic: Urgent help! Why can someone send an email through my mail server without verification?
Replies: 16
Views: 2662

Re: Urgent help! Why can someone send an email through my mail server without verification?

You have a compromised account (username: hnjz), by default hmailserver allows a authenticated user to send from any emailaddress for the domains you own/host Many of us use scripts to only allow authenticated users in same domain or only from the authenticated account, below you find some examples ...
by RvdH
2019-09-21 01:43
Forum: General discussions
Topic: Migration Recommendations - Server 2008 to Server 2019.
Replies: 6
Views: 898

Re: Migration Recommendations - Server 2008 to Server 2019.

Based on your hardware in use, a 3gb backup, should be taken care of within minutes on modern hardware, read SATA/NVME SSD...i would not worry to much about downtime If you are going to have to change DNS records i could be wise to set them TTL levels as low as you can before monday, the shorter the...
by RvdH
2019-09-20 21:49
Forum: General discussions
Topic: Server Messages not signed?
Replies: 36
Views: 3611

Re: Server Messages not signed?

No, you are out of luck then, mail forwarded to external email addresses through aliases and distribution list are never DKIM signed
by RvdH
2019-09-11 15:06
Forum: General discussions
Topic: Issues After victualing server
Replies: 5
Views: 708

Re: Issues After victualing server

Firewall exceptions added?
by RvdH
2019-09-04 11:32
Forum: General discussions
Topic: Microsoft and Gmail are refusing our emails
Replies: 1
Views: 403

Re: Microsoft and Gmail are refusing our emails

Hard to help you to find the issue without the actual domain name and/or IP address
by RvdH
2019-09-03 22:33
Forum: General discussions
Topic: Autoban problem
Replies: 5
Views: 745

Re: Autoban problem

In 5.6.x the autoban priority is 20 so therefor the documentation is correct

You sure you are not using 5.7.x?
by RvdH
2019-09-03 19:28
Forum: General discussions
Topic: Autoban problem
Replies: 5
Views: 745

Re: Autoban problem

For 5.7.x, simply increase (higher than 100) the priority for webmail address (probably 127.0.0.1 if ran on same server)?

Version 5.7.x is not out yet (officially), so the documentation is up to date
by RvdH
2019-09-02 00:23
Forum: General discussions
Topic: Server Messages not signed?
Replies: 36
Views: 3611

Re: Server Messages not signed?

No, yahoo never send a mail to gmx, so the NDR to yahoo makes no sense...

If you do not understand that, were done talking...back to school for you!
Without SRS (linked to above) we never, ever will be able to do what you want, request.....simple as that!!!
by RvdH
2019-09-01 09:21
Forum: General discussions
Topic: Server Messages not signed?
Replies: 36
Views: 3611

Re: Server Messages not signed?

I still believe the way you test this is all wrong, NDR are sent/should be sent to local accounts only And only NDR received by local account, forwarded to external are DKIM signed as explained on github pull request please run your test the other way around, set a forward to yahoo on test@freeze an...
by RvdH
2019-09-01 01:14
Forum: General discussions
Topic: Server Messages not signed?
Replies: 36
Views: 3611

Re: Server Messages not signed?

What? Why should the NDR be send back to yahoo account? That doesn't make any sense at all as the mail from yahoo -> freeze was successfully delivered...anything after that isn't to any concern to yahoo account It could, with SRS ...but this isn't supported by hmailserver (yet...or ever?) So you a p...
by RvdH
2019-08-31 08:06
Forum: General discussions
Topic: Server Messages not signed?
Replies: 36
Views: 3611

Re: Server Messages not signed?

I only see two external domains in the NDR...whats up with that? bhpclan@ymail.com dsgwemdiwufn@gmx.de From: mailer-daemon@freeze.ws To: bhpclan@ymail.com In the last "To:" address above i would at least expect a local domain and not a yahoo account, really don't know what you are doing, is that a r...
by RvdH
2019-08-30 22:49
Forum: General discussions
Topic: Using honeypots to catch spammers?
Replies: 16
Views: 1745

Re: Using honeypots to catch spammers?

I have some honeypots/spam traps in place that automatically are reported/contributed to blocklist.de DNSBL

A few usage examples
https://www.hmailserver.com/forum/viewt ... 97#p209597

scripts can easily be adapted for the more traditional honeypots (in OnSMTPData) you are referring to
by RvdH
2019-08-30 08:22
Forum: General discussions
Topic: Server Messages not signed?
Replies: 36
Views: 3611

Re: Server Messages not signed?

Ditch the rule, set the (freeze.ws) local host name under SMTP settings , as explained in the github pull request this makes the mailer-daemon@ address used by the mailserver freeze.png By using rule you set the From address before it reaches to code change in *.22, the change i made expects it to b...
by RvdH
2019-08-29 13:45
Forum: General discussions
Topic: Server Messages not signed?
Replies: 36
Views: 3611

Re: Server Messages not signed?

Ah...i think in know why it works for me, sometimes... When the NDR domain EnvelopeFrom and From address use the same domain it works But when you use a second domain, different from EnvelopeFrom it will not work I have proposed a change in the code to martin, this at least give you the ability to g...