Stopping SPAM using local addresses with hMailServer
Over the last few weeks I've noticed that some spam has been managing to make it into my inbox of several email accounts. The one thing all these spam emails had apart from their origin was they all used the same address for the sender and recipient, i.e mine. In this guide we'll look at how we can use the powerful scripting interface of hMailServer to force authentication when using a local email address as the sender, and stop this spam dead in its tracks.
Give SPF a look first
Before I go on I should mention that the more "correct" way of rectifying this issue is by using SPF. As you might know SPF is method using DNS records which specifies which servers are permitted to send email on the behalf of your domains. Preventing spam which I am discussing in this article is exactly what SPF was made for. If you don't have access to update your DNS records for SPF, or have dozens of domains making it unsuitable for a quick fix scenario then the following script is ideal for you.
The extensibility of hMailServer
Straight out of the box hMailServer is already a very functional and powerful mail server for Windows. One of the best things about it though is functionality is hugely extensible using either the easy to use rules wizard interface, or for the advanced user Jscript or VBScript. In this guide we'll be using VBScript.
Below is the VBScript which you'll need to place inside hMailServer event handler script. Simply copy the code below and paste it as instructed below.
Sub OnAcceptMessage(oClient, oMessage)
Dim myDomains, EachDomain
myDomains = Array("@example1.com", "@example2.com")
For Each EachDomain In myDomains
if (InStr(1, oMessage.FromAddress, EachDomain, 1) > 0) Then ' Local user.
If (oClient.Username = "") Then
Result.Message = "You must be authenticated to send from local domain."
Result.Value = 2
Paste, save, reload & check
Hmailserver comes with a script called EventHandlers.vbs which contains the framework for all the event handling functions you can use with hMailServer using VBScript. This script is located in the Events directory inside your hMailServer install directory. Simply open the EventHandlers.vbs script by right clicking on it and selecting edit, then paste above code under where you can see the OnAcceptMessage subroutine.
Once you have done this make sure you change @example1.com and @example2.com to reflect you own domain names. You can add additional domains using the same format. Save the file and open up your hMailServer administration console. In the left hand menu select settings, then advanced and click on scripts. From here ensure the active tickbox is selected, then click the reload scripts button. You may also want to click on the check syntax button to ensure there are no coding errors.
Now any unauthenticated mail being sent using any of the domains you added to the script should be presented with a message saying You must be authenticated to send from local domain.. If you have any feedback or suggestions, please feel free to post a comment below. If you require further support for implementing this script, or any other technical issue please post a new thread in the forum and I will do my best to help.