Hardening hMailServer - The ongoing saga!

This section contains user-submitted tutorials.
CraigT
New user
New user
Posts: 8
Joined: 2010-08-12 10:06
Location: Adelaide, Australia

Re: Hardening hMailServer - The ongoing saga!

Post by CraigT » 2020-05-02 08:37

SorenR(or other guru) are there any rules around the ODBC driver that has to be installed for either the 64/32-bit driver in Part 3 or doesn't it matter. If everything is 64-bit obviously use the 64-bit driver, but if hMail is 32-bit using 32-bit mysql.dll and MySQL is V8.x(64-bit) should I stick with the 32-bit driver or we don't care.

User avatar
SorenR
Senior user
Senior user
Posts: 3743
Joined: 2006-08-21 15:38
Location: Denmark

Re: Hardening hMailServer - The ongoing saga!

Post by SorenR » 2020-05-02 12:33

CraigT wrote:
2020-05-02 08:37
SorenR(or other guru) are there any rules around the ODBC driver that has to be installed for either the 64/32-bit driver in Part 3 or doesn't it matter. If everything is 64-bit obviously use the 64-bit driver, but if hMail is 32-bit using 32-bit mysql.dll and MySQL is V8.x(64-bit) should I stick with the 32-bit driver or we don't care.
I'm still running 32-bit on my old server but as far as I can read, your driver need to follow your database, however there are other issues with the latest versions of MySQL. Perhaps MariaDB is worth looking into :wink:
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

palinka
Senior user
Senior user
Posts: 2073
Joined: 2017-09-12 17:57

Re: Hardening hMailServer - The ongoing saga!

Post by palinka » 2020-05-03 17:58

SorenR wrote:
2020-05-02 12:33
Perhaps MariaDB is worth looking into :wink:
+1

32bit ODBC required for 32bit hmailserver. Its a pain in the rear to sort out. MariaDB has (I think) only one connector (32/64).

CraigT
New user
New user
Posts: 8
Joined: 2010-08-12 10:06
Location: Adelaide, Australia

Re: Hardening hMailServer - The ongoing saga!

Post by CraigT » 2020-05-04 08:09

Got it. Thanks guys. Waiting on the 64-bit hMailserver for a production server to do the update so everything is 64-bit, but Soren's scripts are too good to pass up, as the server seems to have an attraction to "sheskyhigh" and "blueskyhotel" plus a few others just connecting and dropping out. Plus it will make the log file much shorter. :D

User avatar
RvdH
Senior user
Senior user
Posts: 1098
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Hardening hMailServer - The ongoing saga!

Post by RvdH » 2020-05-10 15:38

Just an idea, might prevent genuine user to be listed in IDS which experience unexpected timeouts or the alike

Code: Select all

Sub OnClientLogon(oClient)
	If oClient.Authenticated then
		REM Unregister IP address from IDS registry
		Call idsDelIP(oClient.IPAddress)
	End if
End Sub
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
SorenR
Senior user
Senior user
Posts: 3743
Joined: 2006-08-21 15:38
Location: Denmark

Re: Hardening hMailServer - The ongoing saga!

Post by SorenR » 2020-05-10 17:33

RvdH wrote:
2020-05-10 15:38
Just an idea, might prevent genuine user to be listed in IDS which experience unexpected timeouts or the alike

Code: Select all

Sub OnClientLogon(oClient)
	If oClient.Authenticated then
		REM Unregister IP address from IDS registry
		Call idsDelIP(oClient.IPAddress)
	End if
End Sub
Have you checked how many times IMAP authenticate during a session ?

The idea is to check SMTP traffic only and the IP is registered in OnClientConnect and unregistered in OnAcceptMessage. I have not had one false positive since I introduced it in my script over 1 years ago.
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
RvdH
Senior user
Senior user
Posts: 1098
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Hardening hMailServer - The ongoing saga!

Post by RvdH » 2020-05-10 17:37

SorenR wrote:
2020-05-10 17:33
RvdH wrote:
2020-05-10 15:38
Just an idea, might prevent genuine user to be listed in IDS which experience unexpected timeouts or the alike

Code: Select all

Sub OnClientLogon(oClient)
	If oClient.Authenticated then
		REM Unregister IP address from IDS registry
		Call idsDelIP(oClient.IPAddress)
	End if
End Sub
Have you checked how many times IMAP authenticate during a session ?

The idea is to check SMTP traffic only and the IP is registered in OnClientConnect and unregistered in OnAcceptMessage. I have not had one false positive since I introduced it in my script over 1 years ago.
Quite often, but that check will take maybe 000.1 second, especially when it doesn't exist....but you also could specify ports or just ignore the suggestion
I know i will utilize it ;)
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

Post Reply