Auto ban issues

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
alexwhite68
New user
New user
Posts: 4
Joined: 2020-07-19 10:32

Auto ban issues

Post by alexwhite68 » 2020-08-02 12:51

Hi,

I am having a lot of issues with auto ban, what is going on is my own computers are being banned repeatedly.

Both accounts are on the same server and devices (happening on both iPhones and mac's), what seems to be happening is the authentication fails it retries then works, so it looks (correct me if I am wrong it is failing on one method and retrying on a different type of authentication which then works.

So I recognise 86.131.243.233 that is the public ip address of the broadband that the mac is connected to, the 192.168.1.69 is the dhcp address of the mac.

I have retyped the user name and password of the accounts and they do work e.g. mail does send but eventually the ip range gets banned almost certainly due to the authentication failed messages.

I need the auto ban on as I am having issues with people trying to relay through my server.


"SMTPD" 2608 2981 "2020-08-02 12:38:50.795" "86.131.243.233" "SENT: 220 mail.t**** ESMTP"
"SMTPD" 22872 2981 "2020-08-02 12:38:50.852" "86.131.243.233" "RECEIVED: EHLO [192.168.1.69]"
"SMTPD" 22872 2981 "2020-08-02 12:38:50.856" "86.131.243.233" "SENT: 250-mail.t****[nl]250-SIZE 102400000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD" 22872 2981 "2020-08-02 12:38:50.903" "86.131.243.233" "RECEIVED: STARTTLS"
"SMTPD" 22872 2981 "2020-08-02 12:38:50.907" "86.131.243.233" "SENT: 220 Ready to start TLS"
"SMTPD" 22872 2981 "2020-08-02 12:38:51.215" "86.131.243.233" "RECEIVED: EHLO [192.168.1.69]"
"SMTPD" 22872 2981 "2020-08-02 12:38:51.219" "86.131.243.233" "SENT: 250-mail.t****[nl]250-SIZE 102400000[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD" 2608 2981 "2020-08-02 12:38:51.268" "86.131.243.233" "RECEIVED: AUTH PLAIN YWRtaW5AMmRvLWdpYi5naQBhZG1pbkAyZG8tZ2liLmdpAEJhbGw4cmRzR3IzZW42Nw=="
"SMTPD" 2608 2981 "2020-08-02 12:38:51.288" "86.131.243.233" "SENT: 535 Authentication failed. Restarting authentication process."
"SMTPD" 12448 2981 "2020-08-02 12:38:51.334" "86.131.243.233" "RECEIVED: AUTH PLAIN AGFkbWluQDJkby1naWIuZ2kAQmFsbDhyZHNHcjNlbjY3"
"SMTPD" 12448 2981 "2020-08-02 12:38:51.342" "86.131.243.233" "SENT: 235 authenticated."
"SMTPD" 22872 2981 "2020-08-02 12:38:51.390" "86.131.243.233" "RECEIVED: MAIL FROM:<a********>"
"SMTPD" 22872 2981 "2020-08-02 12:38:51.399" "86.131.243.233" "SENT: 250 OK"
"SMTPD" 22872 2981 "2020-08-02 12:38:51.447" "86.131.243.233" "RECEIVED: RCPT TO:<***@ta***>"
"SMTPD" 22872 2981 "2020-08-02 12:38:51.452" "86.131.243.233" "SENT: 250 OK"
"SMTPD" 2608 2981 "2020-08-02 12:38:51.513" "86.131.243.233" "RECEIVED: DATA"
"SMTPD" 2608 2981 "2020-08-02 12:38:51.519" "86.131.243.233" "SENT: 354 OK, send."
"SMTPD" 10956 2981 "2020-08-02 12:38:51.598" "86.131.243.233" "SENT: 250 Queued (0.064 seconds)"

Code: Select all

2020-08-02   Hmailserver: 5.6.8-B2494

DOMAINS

   "Domain1.com" - 2dxxxxx.gi                     Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: False   Max size:                0   Enabled: False     Catchall: admin@Domain1.com
                   Max message size:        0                      Plus addressing: False
                   Max size of accounts:    0                    
                                                                   Greylisting:     False

   "Domain2.com" - alxxxxxxxx.uk                  Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: False   Max size:                0   Enabled: False     Catchall: email@Domain2.com
                   Max message size:        0                      Plus addressing:  True
                   Max size of accounts:    0                      Character:           
                                                                   Greylisting:     False

   "Domain3.com" - taxxxxxx.co.uk                 Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: False   Max size:                0   Enabled: False     Catchall: alex.white@Domain3.com
                   Max message size:        0                      Plus addressing: False
                   Max size of accounts:    0                    
                                                                   Greylisting:      True
-----------------------------------------------------------------------------------------------

IP RANGES

IP: 127.0.0.1 - 127.0.0.1     Priority: 15     Name: My computer

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True !! ANTIVIRUS NOT CONFIGURED !!
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       - False
     Local To External    -  True              Local To External    - False
     External To Local    -  True              External To Local    - False
     External To External - False           


IP: 0.0.0.0 - 255.255.255.255     Priority: 10     Name: Internet

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True !! ANTIVIRUS NOT CONFIGURED !!
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       - False
     Local To External    -  True              Local To External    - False
     External To Local    -  True              External To Local    - False
     External To External - False           


   !!  Warning:  DEFAULT DOMAIN is SET  !! - "Domain3.com"
------------------------------------------------------
AUTOBANNED Local Addresses:
    No entries

-----------------------------------------------------------------------------------------------

AUTOBAN
  Autoban Enabled: True       Max invalid logon attempts:      5
                              Minutes Before Reset:           20  (0.33 hours, 0.01 days)
                              Minutes to Autoban:             60  (1.00 hours, 0.04 days)

There is a total of 21 auto-ban IP ranges.
-----------------------------------------------------------------------------------------------

INCOMING RELAYS
   No entries
-----------------------------------------------------------------------------------------------

MIRRORING         Disabled
-----------------------------------------------------------------------------------------------

PROTOCOLS

SMTP
GENERAL             DELIVERY                  RFC COMPLIANCE            ADVANCED
No. Connections:  0  No Retries:  3 Mins: 60   Plain Text:         True  Bind: 
                     Host: EXTERNAL.TLD        Empty sender:      False  Batch recipients:   100
Max Msg Size:102400  Relay:-                   Incorrect endings:  True  Use STARTTLS:      True
                     (none entered)            Disc. on invalid:  False  Delivered-To hdr: False
                                                                         Loop limit:           5
                                                                         Recipient hosts:     15
  Routes:
     No routes defined.

POP3
  No. Connections: 0

IMAP
 GENERAL                   PUBLIC FOLDERS                    ADVANCED
  No. Connections:   0      Public folder name: #Public       IMAP sort:  True
                                                              IMAP Quota: True
                                                              IMAP Idle:  True
                                                              IMAP ACL:   True
                                                              Delim: "."
-----------------------------------------------------------------------------------------------

ANTISPAM

GENERAL                              SPAM TESTS              Score   SPAMASSASSIN
  Spam Mark:                  5       Use SPF:            True - 3    Use Spamassassin:   False
  Add X-HmailServer-Spam:    False    Check HELO host:    True - 2
  Add X-HmailServer-Reason:  False    Check MX records:   True - 2
  Add X-HmailServer-Subject: False    Verify DKIM:       False    

  Spam delete threshold: 20         Maximum message size: 1024

DNSBL ENTRIES:
                  zen.spamhaus.org      Score: 3     Result: 127.0.0.2-8|127.0.0.10-11
                    bl.spamcop.net      Score: 3     Result: 127.0.0.2

SURBL ENTRIES:
   No 'enabled' entries

GREYLISTING:
  Greylisting:   True       Defer mins: 30       Days Unused: 1      Days Used: 36
                            Bypass SPF: True     Bypass A/MX: False

Greylist WHITELIST ENTRIES:
   No entries

Greylist DOMAINS enabled:
           Domain3.com

WHITELISTING
              86.131.243.233     to    86.131.243.233               
-----------------------------------------------------------------------------------------------

ANTIVIRUS:  No application configured.

  Block Attachments: False
-----------------------------------------------------------------------------------------------

SSL CERTIFICATES
   certs
       Certificate: D:\Certificates\SAN\mail.Domain3.com-chain.pem
       Private key: D:\Certificates\SAN\mail.Domain3.com-key.pem
-----------------------------------------------------------------------------------------------

SSL/TLS
             TLS 1.0 :   True
             TLS 1.1 :   True
             TLS 1.2 :   True
             TLS 1.3 :   True                Verify Remote SSL/TLS Certs:   True
SslCipherList  :

ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256   - ECDHE-RSA-AES256-GCM-SHA384     
ECDHE-ECDSA-AES256-GCM-SHA384   - DHE-RSA-AES128-GCM-SHA256       - DHE-DSS-AES128-GCM-SHA256       
kEDH+AESGCM                     - ECDHE-RSA-AES128-SHA256         - ECDHE-ECDSA-AES128-SHA256       
ECDHE-RSA-AES128-SHA            - ECDHE-ECDSA-AES128-SHA          - ECDHE-RSA-AES256-SHA384         
ECDHE-ECDSA-AES256-SHA384       - ECDHE-RSA-AES256-SHA            - ECDHE-ECDSA-AES256-SHA          
DHE-RSA-AES128-SHA256           - DHE-RSA-AES128-SHA              - DHE-DSS-AES128-SHA256           
DHE-RSA-AES256-SHA256           - DHE-DSS-AES256-SHA              - DHE-RSA-AES256-SHA              
AES128-GCM-SHA256               - AES256-GCM-SHA384               - ECDHE-RSA-RC4-SHA               
ECDHE-ECDSA-RC4-SHA             - AES128                          - AES256                          
RC4-SHA                         - HIGH                            - !aNULL                          
!eNULL                          - !EXPORT                         - !DES                            
!3DES                           - !MD5                            - !PSK;                           
-----------------------------------------------------------------------------------------------

TCPIP PORTS                                         Connection Sec
               192.168.1.2     / 25    / SMTP   -   StartTLS Optional   Cert: certs
               192.168.1.2     / 110   / POP3   -   StartTLS Optional   Cert: certs
               192.168.1.2     / 143   / IMAP   -   StartTLS Optional   Cert: certs
               192.168.1.2     / 465   / SMTP   -   SSL/TLS             Cert: certs
               192.168.1.2     / 587   / SMTP   -   StartTLS Optional   Cert: certs
               192.168.1.2     / 993   / IMAP   -   SSL/TLS             Cert: certs
               192.168.1.2     / 995   / POP3   -   SSL/TLS             Cert: certs
-----------------------------------------------------------------------------------------------

LOGGING      Logging Enabled: True

  Paths:-
    Current:  C:\Program Files (x86)\hMailServer\Logs\hmailserver_2020-08-02.log
    Error:    C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2020-08-02.log
    Event:    C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Not present
    Awstats:  C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
                        APPLICATION -      .
                        SMTP        -    True
                        POP3        -      .
                        IMAP        -      .
                        TCPIP       -      .
                        DEBUG       -      .
                        AWSTATS     -      .
-----------------------------------------------------------------------------------------------

SYSTEM TESTS

Database type: MSSQL

IPv6 support is available in operating system.

Backup directory D:\SQLBackup is writable.

Relative message paths are stored in the database for all messages.

-----------------------------------------------------------------------------------------------

HMAILSERVER.INI

[Directories]
Program folder:  C:\Program Files (x86)\hMailServer\
Database folder: 
Data folder:     C:\Program Files (x86)\hMailServer\Data
Log folder:      C:\Program Files (x86)\hMailServer\Logs
Temp folder:     C:\Program Files (x86)\hMailServer\Temp
Event folder:    C:\Program Files (x86)\hMailServer\Events

[Database]
Type=              MSSQL
Username=          sa
PasswordEncryption=1
Port=              0
Server=            mail
Internal=          0
-----------------------------------------------------------------------------------------------

Generated by HMSSettingsDiagnostics v2.01, Hmailserver Forum.



thank you.

User avatar
johang
Senior user
Senior user
Posts: 291
Joined: 2008-09-01 09:20

Re: Auto ban issues

Post by johang » 2020-08-02 19:33

i think your problem is that you do not "Require SMTP authentication"

you should change in your Internet IP range to Require SMTP authentication for
Local to local e-mail addresses
Local to external e-mail addresses
External to External e-mail addresses

and you can add an ip range for the IP of your mac and give it special priviligies if you want ( like setting priority 25 on it so even though it gets listed as banned it will ignore it ) ..
___________________________________________________________end of the line
spam filter appliance gateway: www.mailcleaner.org

User avatar
johang
Senior user
Senior user
Posts: 291
Joined: 2008-09-01 09:20

Re: Auto ban issues

Post by johang » 2020-08-02 20:45

and it is always intereasting whats inside
Error: C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2020-08-02.log
___________________________________________________________end of the line
spam filter appliance gateway: www.mailcleaner.org

User avatar
jim.bus
Senior user
Senior user
Posts: 425
Joined: 2011-05-28 11:49
Location: US

Re: Auto ban issues

Post by jim.bus » 2020-08-03 01:52

You should also try upgrading to B2501.

Personally I only use the latest stable build 5.6.7-B2425 and have not upgraded to 5.6.8. However, from posts I have read 5.6.8-B2501 is in Beta now and apparently has little problems. You are using presumably a less reliable Build, 5.6.8-B2494 when B2501 is the current released Beta on the Download tab of hMailServer.com.

I, also, don't understand why you are listening on only a specific IP Address 182.168.2.1 in your TCP/IP Ports settings. I would have thought hMailServer wouldn't even have registered a connection from your MAC with these TCP/IP Ports settings. Your TCP/IP Ports should show IP Address 0.0.0.0 which will allow hMailServer to listen on all ports.

You should also for TCP/IP Ports to require Encryption on Ports, 465, 587, 993, and 995. Ports 110 and 995 if you are going to use Encryption, probably SSL/TLS would be better as some Clients like Outlook don't support StartTLS for these Ports. My experience so far is that StarTLS might be better for the other Ports you would want to Encrypt.

You also have specified a Default Domain which is not thought to be wise as it allows a hacker to try to guess your email ID without having to worry about also guessing the Domain. You should just not specify any Default Domain. You don't need it is my experience.

User avatar
mattg
Moderator
Moderator
Posts: 20965
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Auto ban issues

Post by mattg » 2020-08-03 05:04

johang wrote:
2020-08-02 20:45
and it is always intereasting whats inside
Error: C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2020-08-02.log
The way that this diagnostics works, that file doesn't exist, unless it says 'contains errors' after the file name
jim.bus wrote:
2020-08-03 01:52
n your TCP/IP Ports settings
Yes, these should be 0.0.0.0 in most cases
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8680
Joined: 2011-09-08 17:48

Re: Auto ban issues

Post by jimimaseye » 2020-08-03 09:30

alexwhite68 wrote:
2020-08-02 12:51
I need the auto ban on as I am having issues with people trying to relay through my server.
You don't help with your settings. You have 'local to local' and 'local to external' deliveries not requiring authentication. And also a default domain set.

Thats an invite for spambots.

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jim.bus
Senior user
Senior user
Posts: 425
Joined: 2011-05-28 11:49
Location: US

Re: Auto ban issues

Post by jim.bus » 2020-08-03 10:42

You might want to specify in your IP Ranges 'Require SSL/TLS for authentication'. This is the Default setting and will require Logins to use SSL/TLS for authentication. It looked like your Diagnostics Report was indicating you don't have this option specified.

alexwhite68
New user
New user
Posts: 4
Joined: 2020-07-19 10:32

Re: Auto ban issues

Post by alexwhite68 » 2020-08-04 15:40

Thanks for all the replies I will reply in one message rather than lots of little messages.

johang
after posting I made a couple those changes you suggested I also switched off external to external, that looks like trouble leaving that on.

jim.bus
The specific ip of 192.168.1.2 was a hangover from old config where I had several ip addresses because I had different stuff listening to different things on those ports, that config was changed a while back so not needed anymore so now changed 0.0.0.0

jimimaseye
removed the default domain

got it all working again, hotmail banned me for a while but it's back on now, interesting they only put me back on once my reverse dns for my static ip matched FQDN for my mail server.

Thanks again :D

User avatar
jimimaseye
Moderator
Moderator
Posts: 8680
Joined: 2011-09-08 17:48

Re: Auto ban issues

Post by jimimaseye » 2020-08-04 16:56

alexwhite68 wrote:
2020-08-04 15:40
jimimaseye
removed the default domain
did you sort the 'local to local' and 'local to external' deliveries not requiring authentication as well?
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jim.bus
Senior user
Senior user
Posts: 425
Joined: 2011-05-28 11:49
Location: US

Re: Auto ban issues

Post by jim.bus » 2020-08-04 21:24

alexwhite68 wrote:
2020-08-04 15:40

it all working again, hotmail banned me for a while but it's back on now, interesting they only put me back on once my reverse dns for my static ip matched FQDN for my mail server.

Thanks again :D
That's what reverse DNS is used for. Not matching is a sign of an unauthorized access.

User avatar
SorenR
Senior user
Senior user
Posts: 3702
Joined: 2006-08-21 15:38
Location: Denmark

Re: Auto ban issues

Post by SorenR » 2020-08-04 22:13

jim.bus wrote:
2020-08-04 21:24
alexwhite68 wrote:
2020-08-04 15:40

it all working again, hotmail banned me for a while but it's back on now, interesting they only put me back on once my reverse dns for my static ip matched FQDN for my mail server.

Thanks again :D
That's what reverse DNS is used for. Not matching is a sign of an unauthorized access.
It's a sign of a potential problem, RFC does NOT say REJECT if not FcrDNS.

Anyways, I'm thinking of changing my DNS MX records as my server lost FcrDNS when I switched ISP... This way I can regain FcrDNS

Code: Select all

hMailServer: Protocol SMTP Local host name: 123.123.123.123.broadband.isp.tld (NO Welcome message!)

DNS: mydomain.tld
mydomain.tld   A      123.123.123.123
mydomain.tld   MX  10 123.123.123.123.broadband.isp.tld  <== PTR exists and is a match.
Problem is that some admins like @Palinka have rules to reject HELO/EHLO greetings containing IP addresses. It IS a valid greeting re. RFC but can be identified as a generic SPAM source
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

palinka
Senior user
Senior user
Posts: 2012
Joined: 2017-09-12 17:57

Re: Auto ban issues

Post by palinka » 2020-08-05 01:32

SorenR wrote:
2020-08-04 22:13
Problem is that some admins like @Palinka have rules to reject HELO/EHLO greetings containing IP addresses. It IS a valid greeting re. RFC but can be identified as a generic SPAM source
I'd never firewall ban you, my man!

But yeah, greetings containing IPs are generally bots using rdns hostname for the greeting.

I had a few false positives, like stoopid facebook. But by few, I mean VERY FEW. Therefore, the miniscule number of false positives tells me that its working and also that using an ISP supplied rdns hostname is probably not a good idea.

Post Reply