In case of multiple mails the events are ignored

Use this forum if you have problems with a hMailServer script, such as hMailServer WebAdmin or code in an event handler.
Post Reply
BeeTee
New user
New user
Posts: 14
Joined: 2011-06-14 11:00

In case of multiple mails the events are ignored

Post by BeeTee » 2020-08-17 09:40

In my OnAcceptMessage event in my vbs script file I do some spam filtering, i.e. setting Result.Value = 1 in case of spam.
But if the sender makes two simultaneous connections, only the first connection/mail will be blocked, the second will not be handled by the event.

Example from the log, getting SPAM connections from 74.6.133.125

Code: Select all

"TCPIP"	5528	"2020-08-17 09:17:30.224"	"TCP - 74.6.133.125 connected to 10.x.x.x:25."
"SMTPD"	5528	20653	"2020-08-17 09:17:30.224"	"74.6.133.125"	"SENT: 220 Welcome to 84-238-109-18.ptr.bnaa.dk"
"TCPIP"	4392	"2020-08-17 09:17:30.224"	"TCP - 74.6.133.125 connected to 10.x.x.x:25."
"SMTPD"	4392	20655	"2020-08-17 09:17:30.224"	"74.6.133.125"	"SENT: 220 Welcome to 84-238-109-18.ptr.bnaa.dk"
"SMTPD"	4392	20653	"2020-08-17 09:17:30.318"	"74.6.133.125"	"RECEIVED: EHLO sonic313-15.consmr.mail.bf2.yahoo.com"
"SMTPD"	4392	20653	"2020-08-17 09:17:30.318"	"74.6.133.125"	"SENT: 250-84-238-109-18.ptr.bnaa.dk[nl]250-SIZE 40960000[nl]250-STARTTLS[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD"	4756	20655	"2020-08-17 09:17:30.334"	"74.6.133.125"	"RECEIVED: EHLO sonic313-15.consmr.mail.bf2.yahoo.com"
"SMTPD"	4756	20655	"2020-08-17 09:17:30.334"	"74.6.133.125"	"SENT: 250-84-238-109-18.ptr.bnaa.dk[nl]250-SIZE 40960000[nl]250-STARTTLS[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD"	4392	20653	"2020-08-17 09:17:30.427"	"74.6.133.125"	"RECEIVED: STARTTLS"
"SMTPD"	4392	20653	"2020-08-17 09:17:30.427"	"74.6.133.125"	"SENT: 220 Ready to start TLS"
"SMTPD"	4756	20655	"2020-08-17 09:17:30.427"	"74.6.133.125"	"RECEIVED: STARTTLS"
"SMTPD"	4756	20655	"2020-08-17 09:17:30.427"	"74.6.133.125"	"SENT: 220 Ready to start TLS"
"TCPIP"	4392	"2020-08-17 09:17:30.662"	"TCPConnection - TLS/SSL handshake completed. Session Id: 20653, Remote IP: 74.6.133.125, Version: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256, Bits: 128"
"TCPIP"	4392	"2020-08-17 09:17:30.677"	"TCPConnection - TLS/SSL handshake completed. Session Id: 20655, Remote IP: 74.6.133.125, Version: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256, Bits: 128"
"SMTPD"	4392	20653	"2020-08-17 09:17:30.756"	"74.6.133.125"	"RECEIVED: EHLO sonic313-15.consmr.mail.bf2.yahoo.com"
"SMTPD"	4392	20653	"2020-08-17 09:17:30.756"	"74.6.133.125"	"SENT: 250-84-238-109-18.ptr.bnaa.dk[nl]250-SIZE 40960000[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD"	5528	20655	"2020-08-17 09:17:30.787"	"74.6.133.125"	"RECEIVED: EHLO sonic313-15.consmr.mail.bf2.yahoo.com"
"SMTPD"	5528	20655	"2020-08-17 09:17:30.787"	"74.6.133.125"	"SENT: 250-84-238-109-18.ptr.bnaa.dk[nl]250-SIZE 40960000[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD"	4392	20653	"2020-08-17 09:17:30.865"	"74.6.133.125"	"RECEIVED: MAIL FROM:<ovie_mike2001@yahoo.com>"
"SMTPD"	4756	20655	"2020-08-17 09:17:30.881"	"74.6.133.125"	"RECEIVED: MAIL FROM:<ovie_mike2001@yahoo.com>"
"TCPIP"	4392	"2020-08-17 09:17:30.896"	"DNS lookup: 125.133.6.74.zen.spamhaus.org, 0 addresses found: (none), Match: False"
"TCPIP"	4756	"2020-08-17 09:17:30.896"	"DNS lookup: 125.133.6.74.zen.spamhaus.org, 0 addresses found: (none), Match: False"
"TCPIP"	4392	"2020-08-17 09:17:30.927"	"DNS lookup: 125.133.6.74.bl.spamcop.net, 0 addresses found: (none), Match: False"
"TCPIP"	4756	"2020-08-17 09:17:30.927"	"DNS lookup: 125.133.6.74.bl.spamcop.net, 0 addresses found: (none), Match: False"
"TCPIP"	4392	"2020-08-17 09:17:31.068"	"DNS lookup: 125.133.6.74.bb.barracudacentral.org, 0 addresses found: (none), Match: False"
"TCPIP"	4756	"2020-08-17 09:17:31.068"	"DNS lookup: 125.133.6.74.bb.barracudacentral.org, 0 addresses found: (none), Match: False"
"TCPIP"	4392	"2020-08-17 09:17:31.193"	"DNS lookup: 125.133.6.74.psbl.surriel.com, 0 addresses found: (none), Match: False"
"TCPIP"	4756	"2020-08-17 09:17:31.193"	"DNS lookup: 125.133.6.74.psbl.surriel.com, 0 addresses found: (none), Match: False"
"TCPIP"	4392	"2020-08-17 09:17:31.256"	"DNS lookup: 125.133.6.74.ix.dnsbl.manitu.net, 0 addresses found: (none), Match: False"
"TCPIP"	4756	"2020-08-17 09:17:31.256"	"DNS lookup: 125.133.6.74.ix.dnsbl.manitu.net, 0 addresses found: (none), Match: False"
"SMTPD"	4392	20653	"2020-08-17 09:17:31.412"	"74.6.133.125"	"SENT: 250 OK"
"SMTPD"	4756	20655	"2020-08-17 09:17:31.412"	"74.6.133.125"	"SENT: 250 OK"
"SMTPD"	5528	20653	"2020-08-17 09:17:31.506"	"74.6.133.125"	"RECEIVED: RCPT TO:<xx@xx.com>"
"SMTPD"	4756	20655	"2020-08-17 09:17:31.506"	"74.6.133.125"	"RECEIVED: RCPT TO:<xx@xx.dk>"
"SMTPD"	5528	20653	"2020-08-17 09:17:31.537"	"74.6.133.125"	"SENT: 250 OK"
"SMTPD"	4756	20655	"2020-08-17 09:17:31.537"	"74.6.133.125"	"SENT: 250 OK"
"SMTPD"	4392	20653	"2020-08-17 09:17:31.631"	"74.6.133.125"	"RECEIVED: DATA"
"SMTPD"	4392	20653	"2020-08-17 09:17:31.631"	"74.6.133.125"	"SENT: 354 OK, send."
"SMTPD"	4756	20655	"2020-08-17 09:17:31.646"	"74.6.133.125"	"RECEIVED: DATA"
"SMTPD"	4756	20655	"2020-08-17 09:17:31.646"	"74.6.133.125"	"SENT: 354 OK, send."
"SMTPD"	2888	20653	"2020-08-17 09:17:31.880"	"74.6.133.125"	"SENT: 554 Rejected"
"SMTPD"	4640	20655	"2020-08-17 09:17:31.880"	"74.6.133.125"	"SENT: 250 Queued (0.192 seconds)"
"APPLICATION"	6040	"2020-08-17 09:17:31.880"	"SMTPDeliverer - Message 180667: Delivering message from ovie_mike2001@yahoo.com to xx@xx.dk. File: D:\HMailserver\Mail_Data\{16BAFFE0-1F18-42E0-A03B-63B6DC9C38AD}.eml"
"APPLICATION"	6040	"2020-08-17 09:17:31.896"	"SMTPDeliverer - Message 180667: Message delivery thread completed."
"SMTPD"	4756	20653	"2020-08-17 09:17:31.974"	"74.6.133.125"	"RECEIVED: QUIT"
"SMTPD"	4756	20653	"2020-08-17 09:17:31.974"	"74.6.133.125"	"SENT: 221 goodbye"
"SMTPD"	5528	20655	"2020-08-17 09:17:31.974"	"74.6.133.125"	"RECEIVED: QUIT"
"SMTPD"	5528	20655	"2020-08-17 09:17:31.974"	"74.6.133.125"	"SENT: 221 goodbye"
I admittedly don't run the newest version, running 5.6.7-B2425

Is it a missconfiguration or a bug?
It it fixed in the lastest version?

User avatar
mattg
Moderator
Moderator
Posts: 21270
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: In case of multiple mails the events are ignored

Post by mattg » 2020-08-17 10:55

You have a custom script that rejected the mail message addressed to xx@xx.com that didn't trigger for the mail addressed to xx@xx.de

The '554 rejected' is a custom rejection code
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
SorenR
Senior user
Senior user
Posts: 4201
Joined: 2006-08-21 15:38
Location: Denmark

Re: In case of multiple mails the events are ignored

Post by SorenR » 2020-08-17 13:19

BeeTee wrote:
2020-08-17 09:40
In my OnAcceptMessage event in my vbs script file I do some spam filtering, i.e. setting Result.Value = 1 in case of spam.
But if the sender makes two simultaneous connections, only the first connection/mail will be blocked, the second will not be handled by the event.
No bug... Show us your script

The example have two connections to two different recipients and only one is rejected. In my world that means only one rule was satisfied.

I do extensive SPAM handling in my Eventhandlers.vbs and I have never experienced your problem... Developed primarely on 5.4.2 and now running on 5.6.8-custom.

https://www.hmailserver.com/forum/viewt ... 20&t=33602
SørenR.

Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.

palinka
Senior user
Senior user
Posts: 2475
Joined: 2017-09-12 17:57

Re: In case of multiple mails the events are ignored

Post by palinka » 2020-08-17 18:41

SorenR wrote:
2020-08-17 13:19
BeeTee wrote:
2020-08-17 09:40
In my OnAcceptMessage event in my vbs script file I do some spam filtering, i.e. setting Result.Value = 1 in case of spam.
But if the sender makes two simultaneous connections, only the first connection/mail will be blocked, the second will not be handled by the event.
No bug... Show us your script

The example have two connections to two different recipients and only one is rejected. In my world that means only one rule was satisfied.

I do extensive SPAM handling in my Eventhandlers.vbs and I have never experienced your problem... Developed primarely on 5.4.2 and now running on 5.6.8-custom.

https://www.hmailserver.com/forum/viewt ... 20&t=33602
Can confirm, this happened to me once. I even posted about it somewhere here. Two simultaneous connections: one was rejected, the other processed. IIRC, it was an OnHELO event that triggered it, so it had to be IP or HELO based. I'll look for that thread.

Edit- found it: https://www.hmailserver.com/forum/viewt ... 84#p213084
1) disconnect with RvdH's disconnect.exe
2) autoban for 1 hour

I think that will prevent rate limiting under the same circumstances (single ip connecting again and again within a single minute).
This is not perfect. Since putting it place i went several days without a single duplicate hit. Then today i had two IPs make duplicate hits. In both cases the duplicate connections arrived at the same time down to the same millisecond according to hmailserver log. One of those simultaneous connections got killed immediately and the other died several seconds later. However, all subsequent connections from those IPs were blocked by autoban so at least the damage was limited.
I don't remember specifically the circumstances behind "and the other died several seconds later", but I'm guessing it hit another spam filter along the line. Anyway, the point is that autoban did not work because both connections were literally simultaneous - the log file showed the same time to the millisecond. One of them was picked up by autoban, the other made it through. I'm pretty sure I had result value = 2 with a message, since I've been doing that since forever...

User avatar
SorenR
Senior user
Senior user
Posts: 4201
Joined: 2006-08-21 15:38
Location: Denmark

Re: In case of multiple mails the events are ignored

Post by SorenR » 2020-08-17 20:46

@Palinka ... AutoBan eh?

Why do you think I designed the session locking in AutoBan?

It's not a bug, it's by design. You could argue that the design is flawed but ... I had good look through the code and from what I can see the actual SQL "INSERT INTO..." seems to be handled by BOOST so it's not an easy task to add "ON DUPLICATE KEY UPDATE bla bla" to the "INSERT INTO..." statement to eliminate the SQL error that breaks the script.

I'll try to dissect the code over the next couple of days.
SørenR.

Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.

User avatar
SorenR
Senior user
Senior user
Posts: 4201
Joined: 2006-08-21 15:38
Location: Denmark

Re: In case of multiple mails the events are ignored

Post by SorenR » 2020-08-18 00:17

OK... Playing with this ;-)

Code: Select all

Function AutoBan(sIPAddress, sReason, iDuration, sType) : AutoBan = False
    '
    '   sType can be one of the following;
    '   "yyyy" Year, "m" Month, "d" Day, "h" Hour, "n" Minute, "s" Second
    '
    Dim oApp : Set oApp = CreateObject("hMailServer.Application")
    Call oApp.Authenticate(ADMIN, PASSWD)
    Dim strSQL, strDate, SQLDate, oDB : Set oDB = oApp.Database

    strDate = DateAdd(sType, iDuration, Now())
    SQLDate =             Year(strDate)       & "-" & _
              Right("0" & Month(strDate), 2)  & "-" & _
              Right("0" & Day(strDate), 2)    & " " & _
              Right("0" & Hour(strDate), 2)   & ":" & _
              Right("0" & Minute(strDate), 2) & ":" & _
              Right("0" & Second(strDate), 2)

    strSQL = "INSERT INTO hm_securityranges (rangepriorityid, rangelowerip1, rangeupperip1, rangeoptions, rangename, rangeexpires, rangeexpirestime) " &_
             "VALUES (20, " & INET_NTOA(sIPAddress) & ", " & INET_NTOA(sIPAddress) & ", 0, '" & sReason & "', 1, '" & SQLDate & "') " &_
             "ON DUPLICATE KEY UPDATE rangeexpirestime = '" & SQLDate & "';"

    Call oDB.ExecuteSQL(strSQL)
    AutoBan = True

    oApp.Settings.SecurityRanges.Refresh
    Set oApp = Nothing
End Function
SørenR.

Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.

palinka
Senior user
Senior user
Posts: 2475
Joined: 2017-09-12 17:57

Re: In case of multiple mails the events are ignored

Post by palinka » 2020-08-18 02:41

Seems like simultaneous (within the same millisecond) connections from the same IP are pretty rare, no?

User avatar
SorenR
Senior user
Senior user
Posts: 4201
Joined: 2006-08-21 15:38
Location: Denmark

Re: In case of multiple mails the events are ignored

Post by SorenR » 2020-08-18 12:39

palinka wrote:
2020-08-18 02:41
Seems like simultaneous (within the same millisecond) connections from the same IP are pretty rare, no?
Yes and no. It's an attack strategy since other mailservers could also be prone to the same "problem".

I had a period of frequent occurencies, that's why I initially did the session locking on AutoBan.
As a side note I made some changes to my script about 3 months back where I for some reason :roll: pasted a version of AutoBan WITHOUT the sesion locking and I noticed 2 incidents of SQL errors in that period until I realised why.

The version of AutoBan using raw SQL INSERT I posted yesterday is for MySQL/MariaDB. Miscosoft SQL do not support "ON DUPLICATE KEY" however the same functionality can be made using "MERGE"...

This example should illustrate usage:

Code: Select all

CREATE TABLE #mytable(COL_A VARCHAR(10), COL_B VARCHAR(10), COL_C VARCHAR(10), COL_D VARCHAR(10))
INSERT INTO #mytable VALUES('1','0.1', '0.2', '0.3'); --<These are the values we'll be updating

SELECT * FROM #mytable --< Starting values (1 row)

    MERGE #mytable AS target --< This is the target we want to merge into
    USING ( --< This is the source of your merge. Can me any select statement
        SELECT '1' AS VAL_A,'1.1' AS VAL_B, '1.2' AS VAL_C, '1.3' AS VAL_D --<These are the values we'll use for the update. (Assuming column COL_A = '1' = Primary Key)
        UNION
        SELECT '2' AS VAL_A,'2.1' AS VAL_B, '2.2' AS VAL_C, '2.3' AS VAL_D) --<These values will be inserted (cause no COL_A = '2' exists)
        AS source (VAL_A, VAL_B, VAL_C, VAL_D) --< Column Names of our virtual "Source" table
    ON (target.COL_A = source.VAL_A) --< This is what we'll use to find a match "JOIN source on Target" using the Primary Key
    WHEN MATCHED THEN --< This is what we'll do WHEN we find a match, in your example, UPDATE COL_D = VALUES(COL_D);
        UPDATE SET
            target.COL_B = source.VAL_B,
            target.COL_C = source.VAL_C,
            target.COL_D = source.VAL_D
    WHEN NOT MATCHED THEN --< This is what we'll do when we didn't find a match
    INSERT (COL_A, COL_B, COL_C, COL_D)
    VALUES (source.VAL_A, source.VAL_B, source.VAL_C, source.VAL_D)
    --OUTPUT deleted.*, $action, inserted.* --< Uncomment this if you want a summary of what was inserted on updated.
    --INTO #Output  --< Uncomment this if you want the results to be stored in another table. NOTE* The table must exists
    ;
SELECT * FROM #mytable --< Ending values (2 row, 1 new, 1 updated)
SørenR.

Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.

BeeTee
New user
New user
Posts: 14
Joined: 2011-06-14 11:00

Re: In case of multiple mails the events are ignored

Post by BeeTee » 2020-08-19 06:18

This is my script:

Code: Select all

This is my script:
On Error Resume Next
Sub OnAcceptMessage(oClient, oMessage)
	If InStr(oMessage.From,"[b]Health Tips[/b]") then
		Str = oMessage.Date & " Header From include ""Health Tips"": " & oMessage.From & vbcrlf
		call PrintToLog("c:\temp\SpamMails.txt",Str)
		Result.Value = 1
		exit sub
	End If
	
	'Get all headers, using the function GetAllHeaders:
	HeadersStr = "-----------------------------------------------" & vbcrlf & GetAllHeaders(oMessage)
End Sub

Sub PrintToLog(Path, Str)
	Dim FSO
	'Set WshShell = createObject("WScript.Shell")
	Set FSO = createObject("Scripting.FileSystemObject")
	Set TXTFile = FSO.OpenTextFile(Path,8,True)
	TXTFile.Write Str
	TXTFile.Close
End Sub

'Return a string with all headers:
Function GetAllHeaders(byref oMessage)
	Dim Header
	Dim Str
	Str = ""
	
	for i = 0 to oMessage.Headers.count -1
		Set Header = oMessage.Headers.Item(i)
		Str = Str & Header.Name & ": " & Header.Value & vbcrlf
	Next

	GetAllHeaders = Str
end Function


If I get two connection, both having "Health Tips" in the From header, one will slip through. And it's not rare, I have at least two spammers doing this on purpose as they apparently know about this "hole"

From the HMailserver log:

Code: Select all

"TCPIP"	4756	"2020-08-19 03:33:05.000"	"TCP - 216.24.225.13 connected to 10.0.X.X:25."
"SMTPD"	4756	35591	"2020-08-19 03:33:05.000"	"216.24.225.13"	"SENT: 220 Welcome to 84-238-109-18.ptr.bnaa.dk"
"TCPIP"	4756	"2020-08-19 03:33:05.016"	"TCP - 216.24.225.14 connected to 10.0.X.X:25."
"SMTPD"	4756	35592	"2020-08-19 03:33:05.032"	"216.24.225.14"	"SENT: 220 Welcome to 84-238-109-18.ptr.bnaa.dk"
"SMTPD"	5528	35591	"2020-08-19 03:33:05.110"	"216.24.225.13"	"RECEIVED: EHLO mta13.cp20.com"
"SMTPD"	5528	35591	"2020-08-19 03:33:05.110"	"216.24.225.13"	"SENT: 250-84-238-109-18.ptr.bnaa.dk[nl]250-SIZE 40960000[nl]250-STARTTLS[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD"	5200	35592	"2020-08-19 03:33:05.125"	"216.24.225.14"	"RECEIVED: EHLO mta14.cp20.com"
"SMTPD"	5200	35592	"2020-08-19 03:33:05.125"	"216.24.225.14"	"SENT: 250-84-238-109-18.ptr.bnaa.dk[nl]250-SIZE 40960000[nl]250-STARTTLS[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD"	5528	35591	"2020-08-19 03:33:05.219"	"216.24.225.13"	"RECEIVED: STARTTLS"
"SMTPD"	5528	35591	"2020-08-19 03:33:05.219"	"216.24.225.13"	"SENT: 220 Ready to start TLS"
"SMTPD"	4756	35592	"2020-08-19 03:33:05.235"	"216.24.225.14"	"RECEIVED: STARTTLS"
"SMTPD"	4756	35592	"2020-08-19 03:33:05.235"	"216.24.225.14"	"SENT: 220 Ready to start TLS"
"TCPIP"	4756	"2020-08-19 03:33:05.485"	"TCPConnection - TLS/SSL handshake completed. Session Id: 35591, Remote IP: 216.24.225.13, Version: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384, Bits: 256"
"TCPIP"	5200	"2020-08-19 03:33:05.500"	"TCPConnection - TLS/SSL handshake completed. Session Id: 35592, Remote IP: 216.24.225.14, Version: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384, Bits: 256"
"SMTPD"	5200	35591	"2020-08-19 03:33:05.594"	"216.24.225.13"	"RECEIVED: EHLO mta13.cp20.com"
"SMTPD"	5200	35591	"2020-08-19 03:33:05.594"	"216.24.225.13"	"SENT: 250-84-238-109-18.ptr.bnaa.dk[nl]250-SIZE 40960000[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD"	4756	35592	"2020-08-19 03:33:05.594"	"216.24.225.14"	"RECEIVED: EHLO mta14.cp20.com"
"SMTPD"	4756	35592	"2020-08-19 03:33:05.594"	"216.24.225.14"	"SENT: 250-84-238-109-18.ptr.bnaa.dk[nl]250-SIZE 40960000[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD"	5528	35591	"2020-08-19 03:33:05.688"	"216.24.225.13"	"RECEIVED: MAIL FROM:<bounce_hokcell_o-[MyEmail]@cp20.com>"
"SMTPD"	5200	35592	"2020-08-19 03:33:05.703"	"216.24.225.14"	"RECEIVED: MAIL FROM:<bounce_hokcell_o-[MyEmail]@cp20.com>"
"TCPIP"	5528	"2020-08-19 03:33:05.719"	"DNS lookup: 13.225.24.216.zen.spamhaus.org, 0 addresses found: (none), Match: False"
"TCPIP"	5200	"2020-08-19 03:33:05.735"	"DNS lookup: 14.225.24.216.zen.spamhaus.org, 0 addresses found: (none), Match: False"
"TCPIP"	5200	"2020-08-19 03:33:05.766"	"DNS lookup: 14.225.24.216.bl.spamcop.net, 0 addresses found: (none), Match: False"
"TCPIP"	5528	"2020-08-19 03:33:05.829"	"DNS lookup: 13.225.24.216.bl.spamcop.net, 0 addresses found: (none), Match: False"
"TCPIP"	5200	"2020-08-19 03:33:05.907"	"DNS lookup: 14.225.24.216.bb.barracudacentral.org, 0 addresses found: (none), Match: False"
"TCPIP"	5528	"2020-08-19 03:33:05.953"	"DNS lookup: 13.225.24.216.bb.barracudacentral.org, 0 addresses found: (none), Match: False"
"TCPIP"	5200	"2020-08-19 03:33:06.016"	"DNS lookup: 14.225.24.216.psbl.surriel.com, 0 addresses found: (none), Match: False"
"TCPIP"	5528	"2020-08-19 03:33:06.063"	"DNS lookup: 13.225.24.216.psbl.surriel.com, 0 addresses found: (none), Match: False"
"TCPIP"	5200	"2020-08-19 03:33:06.094"	"DNS lookup: 14.225.24.216.ix.dnsbl.manitu.net, 0 addresses found: (none), Match: False"
"TCPIP"	5528	"2020-08-19 03:33:06.110"	"DNS lookup: 13.225.24.216.ix.dnsbl.manitu.net, 0 addresses found: (none), Match: False"
"SMTPD"	5200	35592	"2020-08-19 03:33:06.141"	"216.24.225.14"	"SENT: 250 OK"
"SMTPD"	5528	35591	"2020-08-19 03:33:06.157"	"216.24.225.13"	"SENT: 250 OK"
"SMTPD"	4756	35592	"2020-08-19 03:33:06.235"	"216.24.225.14"	"RECEIVED: RCPT TO:<[MyEmail]>"
"SMTPD"	4756	35592	"2020-08-19 03:33:06.250"	"216.24.225.14"	"SENT: 250 OK"
"SMTPD"	5528	35591	"2020-08-19 03:33:06.266"	"216.24.225.13"	"RECEIVED: RCPT TO:<[MyEmail]>"
"SMTPD"	5528	35591	"2020-08-19 03:33:06.282"	"216.24.225.13"	"SENT: 250 OK"
"SMTPD"	4392	35592	"2020-08-19 03:33:06.344"	"216.24.225.14"	"RECEIVED: DATA"
"SMTPD"	4392	35592	"2020-08-19 03:33:06.344"	"216.24.225.14"	"SENT: 354 OK, send."
"SMTPD"	5528	35591	"2020-08-19 03:33:06.375"	"216.24.225.13"	"RECEIVED: DATA"
"SMTPD"	5528	35591	"2020-08-19 03:33:06.391"	"216.24.225.13"	"SENT: 354 OK, send."
"SMTPD"	2888	35591	"2020-08-19 03:33:06.875"	"216.24.225.13"	"SENT: 554 Rejected"
"SMTPD"	4640	35592	"2020-08-19 03:33:06.891"	"216.24.225.14"	"SENT: 250 Queued (0.512 seconds)"

The one mail which got through doesn't seem to be "seen" by the event at all.

This is the header from the spam-mail which came through:

Code: Select all

Return-Path: bounce_hokcell_o-[MyEmail]@cp20.com
Received: from mta14.cp20.com (mta14.cp20.com [216.24.225.14]) by xx.xx.xx.xx.ptr.bnaa.dk
 with ESMTPS (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256) ;
 Wed, 19 Aug 2020 03:33:06 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=key1; d=cp20.com; h=List-Unsubscribe:Message-ID:Date:Subject:To:From:Reply-To:MIME-Version:
 Content-Type; bh=0yJIXw9wLAQuaJ5BnSftycn6nTXuHDBMjWGryHaGhB4=; b=iYKtFzheddeYgnqheUXx7/TNGNEj+seI3sU5caIj22J8ieAbrF9XleENnQaV0D877k3uWrmfPP3M
 3yS/jXO+EbYQHrpeIlHWm6F24veAMNVILWIYcafM7N7ToHLzOk2oWk2tRmibtSGPquXAwPLMSSE0
 s5OvWRO0EuG4SH5wveY=
Received: by mta14.cp20.com id h7i0jk2kcoop for <[MyEmail]>; Tue, 18 Aug 2020 21:32:36
 -0400 (envelope-from <bounce_hokcell_o-[MyEmail]@cp20.com>)
List-Unsubscribe: <mailto:unsub_savjwn_gqgjtsod_o@cp20.com?subject=unsubscribe>
X-Campaign-Shard: 1
Bounces-To: bounce_savjwn_gqgjtsod_o@cp20.com
Message-ID: <1597800727537.45643175.135646788.30436393851@backend.cp20.com>
X-Campaign: 45643175/135646788/30436393851
Errors-To: bounce_savjwn_gqgjtsod_o@cp20.com
Date: Tue, 18 Aug 2020 21:32:36 -0400
Subject: The Power of Healing
To: <[MyEmail]>
From: "Health Tips" <contact@premierehealthtips.com>
Reply-To: "Health Tips" <reply_savjwn_gqgjtsod_o@cp20.com>
MIME-Version: 1.0
Content-Type: text/html;charset=UTF-8
X-hMailServer-LoopCount: 1

User avatar
SorenR
Senior user
Senior user
Posts: 4201
Joined: 2006-08-21 15:38
Location: Denmark

Re: In case of multiple mails the events are ignored

Post by SorenR » 2020-08-19 09:07

You may want to change

Code: Select all

If InStr(oMessage.From,"[b]Health Tips[/b]") then
to

Code: Select all

If InStr(oMessage.From,"Health Tips") then
if you want to catch this

Code: Select all

From: "Health Tips" <contact@premierehealthtips.com>
Also...

Using "On Error Resume Next" in the root of the script is asking for trouble. Why do you even have it there?
Remove it and change this code ...

Code: Select all

Sub PrintToLog(Path, Str)
	Dim FSO
	'Set WshShell = createObject("WScript.Shell")
	Set FSO = createObject("Scripting.FileSystemObject")
	Set TXTFile = FSO.OpenTextFile(Path,8,True)
	TXTFile.Write Str
	TXTFile.Close
End Sub
to

Code: Select all

Sub PrintToLog(Path, Str)
	Dim FSO
	'Set WshShell = createObject("WScript.Shell")
	Set FSO = createObject("Scripting.FileSystemObject")
	On Error Resume Next
	Set TXTFile = FSO.OpenTextFile(Path,8,True)
	If (Err.Number <> 0) Then
		EventLog.Write( "ERROR: EventHandlers.vbs : Sub PrintToLog" )
		EventLog.Write( "Error       : " & Err.Number )
		EventLog.Write( "Error (hex) : 0x" & Hex(Err.Number) )
		EventLog.Write( "Source      : " & Err.Source )
		EventLog.Write( "Description : " & Err.Description )
		Err.Clear
	End If
	TXTFile.Write Str
	TXTFile.Close
	On Error GoTo 0
End Sub
SørenR.

Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.

BeeTee
New user
New user
Posts: 14
Joined: 2011-06-14 11:00

Re: In case of multiple mails the events are ignored

Post by BeeTee » 2020-08-22 14:32

Thanks for your improvements :-)
(The bold tags "[ b ]" are not in my real script, can not explain how they ended up in the copy here)

So, I'll still claim the issue exist, that one or more of multiple/simultaneous connections are not being handled by the Event, right.
(I awaits the next slip-through if any)

User avatar
SorenR
Senior user
Senior user
Posts: 4201
Joined: 2006-08-21 15:38
Location: Denmark

Re: In case of multiple mails the events are ignored

Post by SorenR » 2020-08-22 17:12

BeeTee wrote:
2020-08-22 14:32
Thanks for your improvements :-)
(The bold tags "[ b ]" are not in my real script, can not explain how they ended up in the copy here)

So, I'll still claim the issue exist, that one or more of multiple/simultaneous connections are not being handled by the Event, right.
(I awaits the next slip-through if any)
No problem, du skriver bare igen hvis det sker igen.
SørenR.

Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.

Post Reply