hMailServer forum

RvdH

https://www.hmailserver.com/documentati ... figuration

Lame ass questions get lames ass answers

RvdH

@Darksand

SorenR wrote: ↑
2021-01-22 00:15
You will need the latest 5.6.8 B2534 from RvdH for hMailServer to interpret SPF macros like %{i}.

The above referenced 5.6.8 B2534 adds, besides the ability to interpret SPF macros like %{i}. the ability to output the actual SPF check result to the debug log as well (if enabled)

RvdH

SorenR wrote: ↑
2021-01-23 13:07
Am I the only one syncing your fork?

Yup, seems so

RvdH

Git ?? A bit harsh. 😂 Not you, silly... :mrgreen: RvdH's github repository. :idea: Oh well, should have quoted @RvdH and not you. Basically it is this commit (never released) and this one discussed here , which you both have merged inside your fork and compiled against OpenSSL 1.1.1i making it matc...

RvdH

Oops, totally forgot to update this topic :oops: Latest is 5.6.8-B2534.28 Just install the latest production and/or beta artifact from the URL below, then copy and overwrite files in this archive in hmailserver '/bin' directory https://build.hmailserver.com/viewLog.html?buildId=1115&buildTypeId=HMai...

RvdH

You can manually set hostname under SMTP settings, that already does the trick or am i missing something?

RvdH

v342.pre # This is the right place to customize your installation of SpamAssassin. # # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be # tweaked. # # This file was installed during the installation of SpamAssassin 3.4.2, # and contains plugin loading commands for the new plugins ad...

RvdH

For debugging, you do not need that

RvdH

gotspatel wrote: ↑
2020-12-24 09:17

mattg wrote: ↑
2020-12-24 08:38
You must use the same base version...
Sir can you please explain more. I am not an expert but can read and follow instructions.

It is in the readme

RvdH

gotspatel wrote: ↑
2020-12-24 09:17

mattg wrote: ↑
2020-12-24 08:38
You must use the same base version...
Sir can you please explain more. I am not an expert but can read and follow instructions.

It is the readme

RvdH

OTOH if using Palinka's edition the IP address is blocked in firewall... Should be pretty terminal for the bot ;-) Even then simultaneous connections are possible before they get banned on firewall level :?: :!: @DrmCa Be warned, disconnect.exe or CPorts, will kill all instances of that ip...also t...

RvdH

This spammer is essentially DDOSing my server. I only noticed because I tried to load this log file into a database and it failed due to the primary key violation. Good thing it did because otherwise I would not have known. "DEBUG" 7332 "2020-12-21 13:46:17.037" "Client connection from 216.118.251....

RvdH

Thanks for thinking about it. I don't want to know their passwords or tell them which ones to use. They do have access to the hMailServer WebAdmin to change their passwords. I disallow access to WebAdmin , but i do allow access to roundcube (webmail) where they can change their password....benefit ...

RvdH

No, but there it simply tells to log to awstats as rejected.... the "normal" reject message for virus found is elsewhere, you are clearly mixing things up

RvdH

It ONLY has use for Awstats as i see it, this simply prevents your awstast statistics to go haywire when using global rules to delete mail That's BS! I had a look at the rest of the code. There are two other procedures built the same way calling "Events::FireOnDeliveryFailed", but they actually wor...

RvdH

It ONLY has use for Awstats as i see it, this simply prevents your awstast statistics to go haywire when using global rules to delete mail

RvdH

You do not get my point, there is NO reason to pass the HELO/EHLO greeting as a string....you ALREADY HAVE IT in oClient.HELO

[edit]
Ah, i see what you mean now... you don't pass the EHLO/HELO FCDN but only HELO/EHLO

RvdH

The addition to OnHELO(oClient, sTxt) is to capture "HELO" or "EHLO". I can use this to shortcircuit my IDS code if a spammer first tries a EHLO and a second later a HELO. I'm not quite done with that as I need to add an indicator for STARTTLS active. What shortcut? it is triggered only on OnHelo, ...

RvdH

Back to topic, i don't seem to have the problem you describe above, i do exactly the same, eg: spam forwarding and spam deleting using global rules

RvdH

OnClientLogon(oClient, sPassword)

This is a no go for me, this can be abused to collect a full list of username/passwords if someone/something has gain unauthorized access to the server running hMailServer making it vulnerable

RvdH

You have been tinkering with the code to much? :mrgreen: Anyway...what is the purpose of "Add HELO/EHLO as string to OnHELO(oClient, sTxt)"? As you already have this value available through oClient.HELO this seems completely redundant And X-SA-hMail-Mail-From, is this related/similar as this https:/...

RvdH

https://www.hmailserver.com/documentati ... ermissions

RvdH

Ok, so running the latest version cause the version i was on for a while started allowing a shit ton of spam through, almost like it started ignoring SpamAssassin (or SA wasnt working right). So the past few days ive been editing my rules, adding new one and have been getting progressively pissed. ...

RvdH

You also have a roundcube setting to prevent this, eg; Example // Set identities access level: // 0 - many identities with possibility to edit all params // 1 - many identities with possibility to edit all params but not email address // 2 - one identity with possibility to edit all params // 3 - on...

RvdH

Virinum wrote: ↑
2020-12-02 08:30
No. It’s Microsoft. They have their own blocklist. Problem with Microsoft is that if someone from your subnet sends spam, Microsoft blocks the whole subnet.

Not entirely true, his IP is also on http://www.spamrats.com/bl?81.174.138.141

RvdH

The OP posted on Github that they think they may have downloaded a private x64 build from this forum somewhere, they aren't sure where I'm not sure that bare LFs are the only to trigger that check in hMailserver, but in saying that, I get too much grief when I enforce that switch so I 'allow incorr...

RvdH

I just installed this https://github.com/messagerie-melanie2/Roundcube-Skin-Melanie2-Larry-Mobile to support mobile devices... I thought you had to pay for that one. Rainloop has a mobile interface built in. Its pretty cool. More updated UI than RC. Plus a couple of nice features like hmailserver c...

RvdH

And i would remove the else statement after 'If ($DeleteMessageErrors -gt 0) {}', as you can have both errors AND still purge messages successfully (i got 1 error, on DeleteByDBID on my first successful run) If ($DeleteMessageErrors -gt 0) { ... } If ($TotalDeletedMessages -gt 0) { ... } same proba...

RvdH

"[INFO] No fresh pdates available"

RvdH

I had more files being deleted after i changed the $PruneFolders to be lowercase and change the script like: $PruneFolders = "test 4th level|trash|deleted|junk|spam|(2020-[0-1][0-9]-[0-3][0-9])$|listmail|unsubscribes" If ($SubFolderName .ToLower() -match [regex]$PruneFolders) { If ($hMSIMAPFolder.Na...

RvdH

Got it (for real this time :) ) I had one domain without account (domain holds only a alias), wrap this around Do { $hMSAccount = $hMSDomain.Accounts.Item($IterateAccounts) ... } Until ($IterateAccounts -eq $hMSDomainAccountsCount) If ($hMSDomainAccountsCount -gt 0) { } And while we are on it, you ...

RvdH

Got it (for real this time :) ) I had one domain without account (domain holds only a alias), wrap this around Do { $hMSAccount = $hMSDomain.Accounts.Item($IterateAccounts) ... } Until ($IterateAccounts -eq $hMSDomainAccountsCount) If ($hMSDomainAccountsCount -gt 0) { } And while we are on it, you a...

RvdH

Sure, like i said before, hmailserver 5.6.8 (32-bit) running on a Server 2012 instance. (the vbs cleanup script by jimimaseye works fine on the same box) Looks like a incompatibility with PS version, but who know.... Try this one on the old box. <# .SYNOPSIS Prune Messages .DESCRIPTION Delete messa...

RvdH

If one record includes ~ALL, it will pass hmailserver's spf check i think, eg: SoftFail DNSComLibrary 1.3.0.1 ... Found an anomali today. No "ALL" at end of string due to string being split ... Verified with "nslookup" Is that by design or a potential "bug" ? If "by design" can I count on the first...

RvdH

Mocking about my script and it got me thinking... If v=spf1 include:spf-a.rabobank.nl include:spf-b.rabobank.nl include:spf-c.rabobank.nl include:spf.protection.outlook.com ip4:145.72.121.0/26 ip4:74.118.216.0/21 ip4:85.119.16.0/21 -all resolve to: v=spf1 ip4:212.159.211.48/28 ip4:54.194.248.80 ip4...

RvdH

Hmm... Mail sent from this IP address: 216.198.73.40 Mail from (Sender): klantinfo@rabobank.nl Mail checked using this SPF policy: v=spf1 include:spf-a.rabobank.nl include:spf-b.rabobank.nl include:spf-c.rabobank.nl include:spf.protection.outlook.com ip4:145.72.121.0/26 ip4:74.118.216.0/21 ip4:85.1...

RvdH

To be clear: can you run this and post the results: https://www.hmailserver.com/forum/viewtopic.php?f=20&t=30914 [Entered by mobile. Excuse my spelling.] What is your full name, Greta Trump? :mrgreen: :lol: Please do as told and stop claiming things and posting disinformation that are simply not tr...

RvdH

Greta wrote: ↑
2020-11-11 11:32

SorenR wrote: ↑
2020-11-11 10:54
You mean no "Blocked by SPF" since you got the 5.6.8 version from RvdH?
Thank you, yes that's what I mean.

This is going the wrong way...

What is your Spam mark threshold?
What is your SPF spam test score?

Does that give you a hint?

RvdH

Hmm... Mail sent from this IP address: 216.198.73.40 Mail from (Sender): klantinfo@rabobank.nl Mail checked using this SPF policy: v=spf1 include:spf-a.rabobank.nl include:spf-b.rabobank.nl include:spf-c.rabobank.nl include:spf.protection.outlook.com ip4:145.72.121.0/26 ip4:74.118.216.0/21 ip4:85.1...

RvdH

I am not using SpamAssassin but other software. News flash! Your "other software" is using spamassassin. X-Ui-Message-Type: mail X-Spam-Status: No, score=0.1 required=4.0 tests=DKIM_SIGNED,DKIM_VALID, FREEMAIL_FROM,HTML_MESSAGE,MIME_HTML_ONLY,SPF_HELO_NONE, SPF_PASS , T_KAM_HTML_FONT_INVALID,T_REMO...

RvdH

Yea seems like it....can't get this to work (to bad) I just looked at your error a little closer. Line 186 is at the beginning - not even part of a recursive function. Do ANY com scripts work on the affected server? Are you running the script on the same machine? If that was the very first error, i...

RvdH

palinka wrote: ↑
2020-11-09 16:34
All powershell are not created equal... That's why you try before you buy...

Can you try on your server again, but change the number of days to 1?

Yea seems like it....can't get this to work (to bad)

RvdH

The poster said in name of a bank, not from the (official) domain of that bank... so sure, it can pass the SPF check as long as that (fake)domain has a valid SPF But SPF checking takes the 'claimed' domain name of the bank, checks the banks official dns spf records to see what ip addresses can send...

RvdH

Sorry for kicking up this thread again. It now seems that nothing is rejected on SPF anymore. There are now spam emails in the name of a bank come through where the SPF should be give a failure :-( You sure the bank has their spf records set up correctly (ie, to reject)? [Entered by mobile. Excuse ...

RvdH

for DMARC to work, it is required to have both , SPF and DKIM records in conjunction with the DMARC policy you have defined Domain for DKIM, SPF and DMARC would typically be tvornicapoklona.hr (or you should have valid reason to require subdomain mail.*) SPF is missing in your DNS, so that is the re...

RvdH

On (Work production) Server 2012, HMS 5.6.8 (PowerShell 3.0) I get a massive amount of errors like this when running a test run: Begin deleting messages older than 30 days Delete disabled - Test Run ONLY Exception getting "Item": "Invalid index. (Exception from HRESULT: 0x8002000B (DISP_E_BADINDEX))...

RvdH

"APPLICATION" 3904 "2020-11-02 17:34:55.745" "SMTPDeliverer - Message 104: Relaying to host 181.119.18.52." "DEBUG" 3904 "2020-11-02 17:34:55.745" "Starting external delivery process. Server: (181.119.18.52), Port: 25, Security: 0, User name: " "DEBUG" 3904 "2020-11-02 17:34:55.745" "Creating sessi...

RvdH

The settings and the logs was on the same time. But after i removed the default domainname (all the users must login with name and domainname was that not a problem for me) And after i turned my firewall on, the mailserver is using 'normal' again. Like i said earlier either you're info was incomple...

RvdH

mattg wrote: ↑
2020-10-29 23:40

RvdH wrote: ↑
2020-10-29 14:49
That is very strange as your ip ranges says it can not
Unless the default domain is ALSO one of the whitelist entries

Whitelisting doesn't bypass authentication, does it

Nah, that doesn't sound right...maybe i don't get what you mean as whitelisting only seems to bypass spam checks

RvdH

"SMTPD" 2588 854 "2020-10-27 15:36:04.527" "110.7.128.242" "RECEIVED: MAIL FROM:<jellieskinderkleding.>" "SMTPD" 2588 854 "2020-10-27 15:36:04.527" "110.7.128.242" "SENT: 250 OK" "SMTPD" 5064 854 "2020-10-27 15:36:07.105" "110.7.128.242" "RECEIVED: RCPT TO:<Neale.Caegraphics.>" "SMTPD" 5064 854 "20...

RvdH

Looks like you left out some essential information, can you post the log lines that were right above below snippet of yesterdays logfile? "SMTPC" 4756 896 "2020-10-27 15: 36: 18.236" "194.109.6.51" "RECEIVED: 220 smtp-cloud7.xs4all.net smtp-cloud7.xs4all.net ESMTP server ready" "SMTPC" 4756 896 "202...

RvdH

No the problem still exists after i changed the ISP password Can you please EXPLAIN in very small detail exactly what you did and where, to change this ISP password (Don't tell the password though) I'm just making sure that you are in fact changing the user name password for the compromised account...

RvdH

No the problem still exists after i changed the ISP password That is strange, your logs says it blocks access, eg: 535 Authentication failed, check your logs here: https://log.damnation.org.uk/ "SMTPD" 2228 1758 "2020-10-27 16:26:21.724" "171.242.64.127" "RECEIVED: AUTH LOGIN" "SMTPD" 2228 1758 "20...

RvdH

After you changed the password for the hscomput account the problem went away, right? "SENT: 535 Authentication failed. Restarting authentication process." That script doesn't catch and deny such attempt "RECEIVED: 250 2.1.0 < cole.connell @jellieskinderkleding.nl> sender ok" it still allows *@jelli...

RvdH

I dont aware of it, but i cant imagine that this solved my problem And your reply is directed towards? FYI, TLS 1.3 has nothing , and i mean nothing to do with your problem :!: The problem you have/had is that an account is/was compromised, hijacked or even simply guessed (if it was a weak password...

RvdH

aHNjb21wdXQ = base64 encoded string that represents hscomput Account hscomput seems compromised, i would change the password immediately :!: Both IP's listed are xs4all IP's, mmmm, relay? We need more logs and please post diagnostic report requested in my first reply But you have more issues, one is...

RvdH

please run this and post the results
viewtopic.php?f=20&t=30914

It seems the user sending is authenticated, maybe the account is hijacked or password leaked in a data breach, account is question: hscomput

Do you have a reason to have a default domain enabled?

RvdH

C.I. wrote: ↑
2020-10-27 09:08
Thank you.
The return code was an issue many years ago (or so it seems to me).
Hasn't Microsoft fixed it in the meanwhile?

Try it and let us know

RvdH

Greta wrote: ↑
2020-10-23 07:41
Clearly. Thanks for quickly fixing the software.

The emails now arrive without an SPF error

RvdH

Attacking? Maybe i an guilty of making fun of you a little

Before you edited your initial post there was no mention of e-mail receiving from sendgrid by your hmailserver instance that triggered that message, hence it only looked like sendgrid returned that message when you send mail to it

Search found 1163 matches