hMailServer forum

RvdH

The settings and the logs was on the same time. But after i removed the default domainname (all the users must login with name and domainname was that not a problem for me) And after i turned my firewall on, the mailserver is using 'normal' again. Like i said earlier either you're info was incomple...

RvdH

mattg wrote: ↑
2020-10-29 23:40

RvdH wrote: ↑
2020-10-29 14:49
That is very strange as your ip ranges says it can not
Unless the default domain is ALSO one of the whitelist entries

Whitelisting doesn't bypass authentication, does it

Nah, that doesn't sound right...maybe i don't get what you mean as whitelisting only seems to bypass spam checks

RvdH

"SMTPD" 2588 854 "2020-10-27 15:36:04.527" "110.7.128.242" "RECEIVED: MAIL FROM:<jellieskinderkleding.>" "SMTPD" 2588 854 "2020-10-27 15:36:04.527" "110.7.128.242" "SENT: 250 OK" "SMTPD" 5064 854 "2020-10-27 15:36:07.105" "110.7.128.242" "RECEIVED: RCPT TO:<Neale.Caegraphics.>" "SMTPD" 5064 854 "20...

RvdH

Looks like you left out some essential information, can you post the log lines that were right above below snippet of yesterdays logfile? "SMTPC" 4756 896 "2020-10-27 15: 36: 18.236" "194.109.6.51" "RECEIVED: 220 smtp-cloud7.xs4all.net smtp-cloud7.xs4all.net ESMTP server ready" "SMTPC" 4756 896 "202...

RvdH

No the problem still exists after i changed the ISP password Can you please EXPLAIN in very small detail exactly what you did and where, to change this ISP password (Don't tell the password though) I'm just making sure that you are in fact changing the user name password for the compromised account...

RvdH

No the problem still exists after i changed the ISP password That is strange, your logs says it blocks access, eg: 535 Authentication failed, check your logs here: https://log.damnation.org.uk/ "SMTPD" 2228 1758 "2020-10-27 16:26:21.724" "171.242.64.127" "RECEIVED: AUTH LOGIN" "SMTPD" 2228 1758 "20...

RvdH

After you changed the password for the hscomput account the problem went away, right? "SENT: 535 Authentication failed. Restarting authentication process." That script doesn't catch and deny such attempt "RECEIVED: 250 2.1.0 < cole.connell @jellieskinderkleding.nl> sender ok" it still allows *@jelli...

RvdH

I dont aware of it, but i cant imagine that this solved my problem And your reply is directed towards? FYI, TLS 1.3 has nothing , and i mean nothing to do with your problem :!: The problem you have/had is that an account is/was compromised, hijacked or even simply guessed (if it was a weak password...

RvdH

aHNjb21wdXQ = base64 encoded string that represents hscomput Account hscomput seems compromised, i would change the password immediately :!: Both IP's listed are xs4all IP's, mmmm, relay? We need more logs and please post diagnostic report requested in my first reply But you have more issues, one is...

RvdH

please run this and post the results
viewtopic.php?f=20&t=30914

It seems the user sending is authenticated, maybe the account is hijacked or password leaked in a data breach, account is question: hscomput

Do you have a reason to have a default domain enabled?

RvdH

C.I. wrote: ↑
2020-10-27 09:08
Thank you.
The return code was an issue many years ago (or so it seems to me).
Hasn't Microsoft fixed it in the meanwhile?

Try it and let us know

RvdH

Greta wrote: ↑
2020-10-23 07:41
Clearly. Thanks for quickly fixing the software.

The emails now arrive without an SPF error

RvdH

Attacking? Maybe i an guilty of making fun of you a little

Before you edited your initial post there was no mention of e-mail receiving from sendgrid by your hmailserver instance that triggered that message, hence it only looked like sendgrid returned that message when you send mail to it

RvdH

Tell me, how is your question related to hMailServer?

RvdH

Don't spam

RvdH

Ah clearly. I now have version .27 running :-) But if a new version is published on the download page of hmailserver.com, will these bug fixes also be included? Nope, unfortunately not, like i said the author of hmailserver (martin) choose to not backported to 5.6.x and only commit them to 5.7 bran...

RvdH

5.6.8-B2505 or 5.6.8-B2505. 27 ? Where can I find that. HMail admin status give me 5.6.8-B2505. And hMailServer.exe properties give a file version 1.0.0.1 I already have it, i examined the changelog and came to the conclusion it's not worth to upgrade, no functionality related to macro's usage is a...

RvdH

Hmm... RvdH is using the RMSPF library version 1.10. I am using version 1.12 ... Want to try my version of 5.6.8 ? I've attached RMSPF 1.12 for RvdH :mrgreen: I already have it, i examined the changelog and came to the conclusion it's not worth to upgrade, no functionality related to macro's usage ...

RvdH

5.6.8-B2505 or 5.6.8-B2505.27?

RvdH

Looking at your log the mail is delivered successfully to recipient @afip.gob.ar

RvdH

I came across a thing called 'USER_IN_WELCOMELIST', previously know as 'USER_IN_WHITELIST' in spamassassin....we are kind of going crazy with blm, aren't we?

Allthough, blacklist_from seems unchanged (yet)

RvdH

FYI: v=spf1 exists:_i.%{i}._h.%{h}._o.%{o}._spf.testdomain.com -all 1. with existing A-record that matches _i.xxx.xxx.xxx.xxx ._h.mail.testdomain.nl._o.testdomain.com._spf.testdomain.com "DEBUG" 8220 "2020-10-19 22:47:57.177" "Spam test: SpamTestSPF xxx.xxx.xxx.xxx ruud@testdomain.com mail.testdomai...

RvdH

I need to dust off some old 'C' skills ;-) Unfortunately, I cannot help you with that. If I could, I would have solved it myself :wink: Thanks for looking at it! @Greta SorenRR and myself have done some test with such SPF record and SorenRR made a fix for it, included in this build Nu komt mail van...

RvdH

Latest is 5.6.8-B2505.27 Just install the latest production and/or beta artifact from the URL below, then copy and overwrite files in this archive in hmailserver '/bin' directory https://build.hmailserver.com/viewLog.html?buildId=810&buildTypeId=HMailServer_BuildHMailServer56&tab=artifacts (login as...

RvdH

You, or maybe the previous owner of that ip(block) have been spamming as i noticed your ipaddress is listen on the b.barracudacentral.org blacklist

https://mxtoolbox.com/SuperTool.aspx?ac ... n=toolpage

RvdH

Technically I believe you would still be able to send email out to the Internet but you wouldn't be able to Receive Email. Off topic, fyi: If no MX exists the fallback is A-record, so in theory you can still receive mail from the internet without MX. Although using MX is the standard globally, some...

RvdH

https://www.hmailserver.com/forum/viewtopic.php?t=18467 ' Strips out private IP addresses from Received header ' if the client's IP address is in 172.16.0.0/16 Sub OnAcceptMessage(oClient, oMessage) ' Check client's IP address if Left(oClient.IPAddress, 7) = "172.16." Then Dim oHeaders set oHeaders ...

RvdH

It seems like I cannot. Neither SpamAssassin nor ClamAV+SaneSecurity can block *.GZ.txt attachments and I got tons of spams everyday. Spamassassin for sure can score it. try this: full GZ_TXT_CRAP /\bcontent\-[^\r\n]+?(|file)name\=(\"|).+?(|[\r\n]).+?\.gz\.txt\b/i score GZ_TXT_CRAP 10.00 # ifplugin...

RvdH

mattg wrote: ↑
2020-09-01 08:19
but you didn't try to AUTH

what are the SSL and TCP-IP settings for port 587 @palinka

no wonder it doesn't work

You have to send the AUTH LOGIN command to login like mattg said

RvdH

I looked in my custom db log for all failed logins NOT with my domains and there are only 14 hits in the past year and all of them are on IMAP ports. Its been working the entire time, its just that these logins are extremely rare. That's not the case for SMTP, however. There are tons of those every...

RvdH

I only log invalid logins, both port and ip address are logged correctly, and in my logs i really do see some non-existent usernames from time to time Example code snippet: Sub OnClientLogon(oClient) If Not oClient.Authenticated then EventLog.Write("WARN: Failed login for " & oClient.Username & " fr...

RvdH

I think i might have a copy of this program, interested? Back in the day i used this to migrate from imail to hmail

RvdH

Thanks, useful

RvdH

Or = ||

RvdH

i don't know what you are doing, all steps explained above work fine here As of your last remark, that simply looks like a setting of the password plugin, \plugins\password\config.inc.php // Password Plugin options // ----------------------- // A driver to use for password change. Default: "sql". //...

RvdH

Q1) Rule looks fine and should be captured when in local.cf

Q2) meta PHISH_SUBJECT (PHISH_SUBJECT_1 && PHISH_SUBJECT_2 && PHISH_SUBJECT_3) would work if you specify PHISH_SUBJECT_3 regex

Q3) I haven't heard/seen limits of spamassassin regex's

RvdH

Nowadays my auto-ban entries are no longer then 24h....don't get me wrong i also used to ban them way longer in the past, but in the end of the day it doesn't matter, as the abusive IP addresses are simply automatically banned again if they visit again after the previous auto-ban is expired It is a ...

RvdH

Hello, I have Auto-ban set up on the hMailServer. It is working great. :) My server detected and blocked over 25 different fraudulent attempts from various IP addresses in almost 30 days period. Fraudsters were trying to use my mail server to send emails :evil: with domain accounts that do NOT exis...

RvdH

autoban

RvdH

I restart server at Your sugestion but situation are the same. Error on server log: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} i identyfikato...

RvdH

Mmm, that is strange, that should be sufficient (it does here)
Have you tried restarting IIS after changing DCOM permissions?

RvdH

Roundcube makes use of the DefaultAppPool?
Otherwise you have to replace DefaultAppPool with the ApplicationPool it actually runs under (Or visa versa)

RvdH

benio wrote: ↑
2020-07-07 11:42
Welcome i dont have
Code: Select all
 IISAppPool\[Application pool name] and check local activation checkbox
I have only users and built in acounts. Can you send some sreenschot?

Oops, missed a space.... you have to type it, example:

IIS AppPool\DefaultAppPool

RvdH

OK, in IIS Manager note the roundcube website Application pool name it runs under (we use this later) Run 'dcomcnfg', Component Services -> Computer -> My Computer -> DCOM Config Select hMailserver, right click properties -> Security Tab -> Launch and Activation Permissions -> Add -> IIS AppPool\ [A...

RvdH

Roundcube is working and installed correctly on IIS?
Then is should be placed in web.config in roundcube website root

You can also do this with IIS Manager, double click the roundcube site in website list, then select Error pages -> Edit feature settings -> Detailed errors

RvdH

Did you try with customErrors=off in web.config?
you should see a detailed report about the issue that is causing the 500 error (most likely DCOM)

Code: Select all

    <system.web>
        <customErrors mode="Off"/>
    </system.web>

RvdH

What did you insert into $hmail_config['rooturl']? https://www.hmailserver.com/documentation/latest/?page=howto_install_phpwebadmin FYI, i doubt you can run phpwebadmin remotely, as it uses/needs DCOM access, so a Windows box is required its $hmail_config['rooturl']= http://localhost/PhpWebAdmin Wh...

RvdH

What did you insert into $hmail_config['rooturl']?

https://www.hmailserver.com/documentati ... hpwebadmin

FYI, i doubt you can run phpwebadmin remotely, as it uses/needs DCOM access, so a Windows box is required

RvdH

Anyone (still) using these 'new' Spamhaus datafeed services? You will need to renew on an annual basis. A simple email usually suffices — although now you mention it, we should have an auto-renew button on the user portal. I’ll raise that with the web team. I got a reminder the other day that i need...

RvdH

mattg wrote: ↑
2020-06-18 15:58
'Body' is plain text, and may or may not, include the contents of the email

Some emails are 'HTML text'

But yes, that is a good find.
I missed that

U Sure?

Body - The Body of the email message. This includes both the plain text body and the HTML body.

As listed in docs here

RvdH

Check the default Windows 10 Mail app, does this list the account in question?

[EDIT] Don't know what i was thinking, ignore this comment

RvdH

Hello. I guess you meant to change the local host name back to blank. No, I did not mean that. I meant what I wrote I meant that field NEEDS to have the FQDN name placed there EXACTLY what RvdH has been saying all thread You have to change hostname to what it says in the error "cpc123802-trow7-2-0-...

RvdH

Welcome i check logs and i found on error log this information. I create new file but problem still active. My key its ok because work on other services Ok. What i a reason of this error : "ERROR" 5840 "2020-06-11 16:56:39.647" "Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitS...

RvdH

You must be bullshitin me, right? You identify yourself as 'SERVER' to the outside world, it's a bit hard to get working DNS for something that is not a FQDN...still with me so far? Therefor I told you (multiple times now) to change your hostname under SMTP settings, and this time not invent another...

RvdH

Really don't know what you are doing anymore.... you had one simple thing to do In the first post you stated you never use the hmailserver to receive mail and sorely use it to send mail, so why are you damn persistent to get the diagnostic test to work? (The 'Test MX records' Test is to verify you ...

RvdH

Really don't know what you are doing anymore.... you had one simple thing to do In the first post you stated you never use the hmailserver to receive mail and sorely use it to send mail, why are you so damn persistent to get the diagnostic test to work? (The 'Test MX records' Test is to verify you c...

RvdH

Also with the IIS solution, I'm guessing that a drop folder was used, not a SMTP connection +1 @martijng, do you authenticate the user that sends the mails or did you exclude that ip(range) from virus/spamchecks? if not. Unauthenticated mail is always checked for spam if not disabled by ip(range) s...

RvdH

As said, he only uses the hmailserver for sending out (and DKIM sign outgoing) e-mails, what this tells me he can basically use every (or at least plenty more) of the available system resources, I would suggest you increase Delivery threads to 100 or even more, 50000 mail are quite some mails, but y...

RvdH

Yes comparing 1 second to 0, in a single shot it seems little but in an average daily amount of 60 thousand the thing complicates That's just ridiculous...but if you really need to bring this down if i were you i would try to look for the cause on the client pc connecting, maybe a (real time) virus...

RvdH

extremely slow :?: We are talking about 1 second right? Yes comparing 1 second to 0, in a single shot it seems little but in an average daily amount of 60 thousand the thing complicates That's just ridiculous...but if you really need to bring this down if i were you i would try to look for the caus...

Search found 1116 matches