Articles
Stopping SPAM using local addresses with hMailServer
Over the last few weeks I've noticed that some spam has been managing to make it into my inbox of several email accounts. The one thing all these spam emails had apart from their origin was they all used the same address for the sender and recipient, i.e mine. In this guide we'll look at how we can use the powerful scripting interface of hMailServer to force authentication when using a local email address as the sender, and stop this spam dead in its tracks.
Give SPF a look first
Before I go on I should mention that the more "correct" way of rectifying this issue is by using SPF. As you might know SPF is method using DNS records which specifies which servers are permitted to send email on the behalf of your domains. Preventing spam which I am discussing in this article is exactly what SPF was made for. If you don't have access to update your DNS records for SPF, or have dozens of domains making it unsuitable for a quick fix scenario then the following script is ideal for you.
The extensibility of hMailServer
Straight out of the box hMailServer is already a very functional and powerful mail server for Windows. One of the best things about it though is functionality is hugely extensible using either the easy to use rules wizard interface, or for the advanced user Jscript or VBScript. In this guide we'll be using VBScript.
The Script
Below is the VBScript which you'll need to place inside hMailServer event handler script. Simply copy the code below and paste it as instructed below.
Sub OnAcceptMessage(oClient, oMessage)
Dim myDomains, EachDomain
myDomains = Array("@example1.com", "@example2.com")
For Each EachDomain In myDomains
if (InStr(1, oMessage.FromAddress, EachDomain, 1) > 0) Then ' Local user.
If (oClient.Username = "") Then
Result.Message = "You must be authenticated to send from local domain."
Result.Value = 2
End If
End If
Next
End SubPaste, save, reload & check
Hmailserver comes with a script called EventHandlers.vbs which contains the framework for all the event handling functions you can use with hMailServer using VBScript. This script is located in the Events directory inside your hMailServer install directory. Simply open the EventHandlers.vbs script by right clicking on it and selecting edit, then paste above code under where you can see the OnAcceptMessage subroutine.
Once you have done this make sure you change @example1.com and @example2.com to reflect you own domain names. You can add additional domains using the same format. Save the file and open up your hMailServer administration console. In the left hand menu select settings, then advanced and click on scripts. From here ensure the active tickbox is selected, then click the reload scripts button. You may also want to click on the check syntax button to ensure there are no coding errors.
Now any unauthenticated mail being sent using any of the domains you added to the script should be presented with a message saying You must be authenticated to send from local domain.. If you have any feedback or suggestions, please feel free to post a comment below. If you require further support for implementing this script, or any other technical issue please post a new thread in the forum and I will do my best to help.
- Add new comment
- 9318 reads
Comments
hMailSerever, oclient.username
What is the point for script condition has
if oClent.username="" or oClent.username<>""
value of oClent.username alway blank/empty. (use search on hmailserver with oclient.username
Post subject: Re: oClient.port and oClient.username bug Posted: 2008-08-11 19:59)
JamesC
Updated
Thanks for that. Article updated.
----------------
Dominic Ryan
4 x Microsoft IIS MVP, MCSE, MCSA
IIS Aid owner/webmaster
hMailserver oclient.username
oClient.Username has no value and alway blank.
don't make sense why the hMS developer keep advicing
others for use of if(oclient.username ="" or ,,<>""),, etc, ...
when he has missed to pass the value onto the oclient.username(alway blank), but he did fixed and pass the value of oPort. (check hMailserver, forum, search with oClent.username)
I'm not with hMS forum, could U or any one, please post my last and this feedback onto hMS forum, hopefully the developer decided to fix it and pass the value onto oClient.username.
JamesC
HMailServer Spam
Hi Dominic,
How do I prevent spam from coming through based on the varying messages they have in the body of the email? Are there regular expressions I can use and what would they be?
Michellea
Use SpamAssassin
For the task of general SPAM filtering I would probably look at using SpamAssassin. It is actually integrated into the current version of hMailServer.
----------------
Dominic Ryan
5 x Microsoft IIS MVP, MCSE, MCSA
IIS Aid owner/webmaster
script error
I get the error:
Description: Object required: 'oMessage' - Line 8 Column: 2 - Code: (null)
Do you know what that means?
Another simple (and built-in) solution
I have changed to using authenticated sending, as this prevents any stranger from using my server. This is under the advanced tab, IP ranges, for each range you get to set who can send from and to, with or without authentication. Any local user MUST authenticate or they may not send (legitimate or otherwise).
Error sending messages
Hi Guys,
I`m using hmailserver 5.3.2-B1769
The scrypt works perfectly. The syntax is also correct, but when I try to send a mail from a to (local to local) I have receiving the following error: "SMTP error from remote mail server after end of data: host *.* with 554 you must be authenticated to send from local domain.
What should i do more to prevent this issue.
Gr, Istvan
Error sending messages
Hi Guys,
I`m using hmailserver 5.3.2-B1769
The scrypt works perfectly. The syntax is also correct, but when I try to send a mail from a to (local to local) I have receiving the following error: "SMTP error from remote mail server after end of data: host *.* with 554 you must be authenticated to send from local domain.
What should i do more to prevent this issue.
Gr, Istvan