Additional SpamAssassin DNSBL's

Thursday, May 14, 2015 Posted by RvdH under hMailserver 

Below you find additional DNSBL's I use to work with SpamAssassin and my hMailServer installations, both @home as @work.

Additionally i posted a rule that causes extra spam scoring if amessage is listed in multiple DNSBL's
 

# VIRBL (virus sender blacklist) http://virbl.bit.nl
header      RCVD_IN_VIRBL   eval:check_rbl_txt('virbl', 'virbl.dnsbl.bit.nl')
describe    RCVD_IN_VIRBL   Listed in virbl.dnsbl.bit.nl
tflags      RCVD_IN_VIRBL   net
score       RCVD_IN_VIRBL   2.0 # adjust the score value as desired

# dnsbl.justspam.org
header		RCVD_IN_JUSTSPAM	eval:check_rbl('justspam.org','dnsbl.justspam.org.') 
describe	RCVD_IN_JUSTSPAM	Listed in dnsbl.justspam.org.
tflags		RCVD_IN_JUSTSPAM	net 
score		RCVD_IN_JUSTSPAM	0.5 # adjust the score value as desired 

# dnsbl.inps.de
header 		RCVD_IN_DNSBL_INPS_DE	eval:check_rbl('inps-de','dnsbl.inps.de.') 
describe 	RCVD_IN_DNSBL_INPS_DE	Received via a relay in inps.de DNSBL 
tflags 		RCVD_IN_DNSBL_INPS_DE	net 
score 		RCVD_IN_DNSBL_INPS_DE	3.0 # adjust the score value as desired

# spam.dnsbl.anonmails.de
header 		RCVD_IN_ANONMAILS	eval:check_rbl('anonmails-lastexternal', 'spam.dnsbl.anonmails.de.')
describe 	RCVD_IN_ANONMAILS	Relay is listed in spam.dnsbl.anonmails.de
tflags 		RCVD_IN_ANONMAILS	net
score 		RCVD_IN_ANONMAILS	2.0 # adjust the score value as desired

# UCEPROTECT1 (open relays/proxys/dialups) http://uceprotect.net
header          RCVD_IN_UCEPROTECT1	eval:check_rbl_txt('uceprotect1-lastexternal', 'dnsbl-1.uceprotect.net.')
describe        RCVD_IN_UCEPROTECT1	Listed in dnsbl-1.uceprotect.net
tflags          RCVD_IN_UCEPROTECT1	net
score           RCVD_IN_UCEPROTECT1	2.0 # adjust the score value as desired

# UCEPROTECT2 (open relays/proxys/dialups networks) http://uceprotect.net
header          RCVD_IN_UCEPROTECT2	eval:check_rbl_txt('uceprotect2-lastexternal', 'dnsbl-2.uceprotect.net.')
describe        RCVD_IN_UCEPROTECT2	Network listed in dnsbl-2.uceprotect.net
tflags          RCVD_IN_UCEPROTECT2	net
score           RCVD_IN_UCEPROTECT2	1.0 # adjust the score value as desired

# UCEPROTECT3 (bad networks) http://uceprotect.net
header          RCVD_IN_UCEPROTECT3	eval:check_rbl_txt('uceprotect3-lastexternal', 'dnsbl-3.uceprotect.net.')
describe        RCVD_IN_UCEPROTECT3	Network listed in dnsbl-3.uceprotect.net
tflags          RCVD_IN_UCEPROTECT3	net
score           RCVD_IN_UCEPROTECT3	0.5 # adjust the score value as desired

# SEM-BACKSCATTER
header RCVD_IN_SEMBACKSCATTER eval:check_rbl('sembackscatter-lastexternal', 'backscatter.spameatingmonkey.net')
tflags RCVD_IN_SEMBACKSCATTER net
describe RCVD_IN_SEMBACKSCATTER Received from an IP listed by SEM-BACKSCATTER
score RCVD_IN_SEMBACKSCATTER 0.5

# SEM-BLACK
header RCVD_IN_SEMBLACK eval:check_rbl('semblack-lastexternal', 'bl.spameatingmonkey.net')
tflags RCVD_IN_SEMBLACK net
describe RCVD_IN_SEMBLACK Received from an IP listed by SEM-BLACK
score RCVD_IN_SEMBLACK 2.0 # adjust the score value as desired

# SEM-URI
urirhssub SEM_URI uribl.spameatingmonkey.net. A 2
body SEM_URI eval:check_uridnsbl('SEM_URI')
describe SEM_URI Contains a URI listed by SEM-URI
tflags SEM_URI net
score SEM_URI 0.5 # adjust the score value as desired

# SEM-URIRED
urirhssub SEM_URIRED urired.spameatingmonkey.net. A 2
body SEM_URIRED eval:check_uridnsbl('SEM_URIRED')
describe SEM_URIRED Contains a URI listed by SEM-URIRED
tflags SEM_URIRED net
score SEM_URIRED 0.5 # adjust the score value as desired

# SEM-FRESH
urirhssub SEM_FRESH fresh.spameatingmonkey.net. A 2
body SEM_FRESH eval:check_uridnsbl('SEM_FRESH')
describe SEM_FRESH Contains a domain registered less than 5 days ago
tflags SEM_FRESH net
score SEM_FRESH 0.5 # adjust the score value as desired

# HOSTKARMA
header __RCVD_IN_HOSTKARMA eval:check_rbl('HOSTKARMA-lastexternal','hostkarma.junkemailfilter.com.')
describe __RCVD_IN_HOSTKARMA Sender listed in JunkEmailFilter
tflags __RCVD_IN_HOSTKARMA net
 
header RCVD_IN_HOSTKARMA_W eval:check_rbl_sub('HOSTKARMA-lastexternal', '127.0.0.1')
describe RCVD_IN_HOSTKARMA_W Sender listed in HOSTKARMA-WHITE
tflags RCVD_IN_HOSTKARMA_W net nice
score RCVD_IN_HOSTKARMA_W -5 # adjust the score value as desired
 
header RCVD_IN_HOSTKARMA_BL eval:check_rbl_sub('HOSTKARMA-lastexternal', '127.0.0.2')
describe RCVD_IN_HOSTKARMA_BL Sender listed in HOSTKARMA-BLACK
tflags RCVD_IN_HOSTKARMA_BL net
score RCVD_IN_HOSTKARMA_BL 3.0 # adjust the score value as desired
 
header RCVD_IN_HOSTKARMA_BR eval:check_rbl_sub('HOSTKARMA-lastexternal', '127.0.0.4')
describe RCVD_IN_HOSTKARMA_BR Sender listed in HOSTKARMA-BROWN
tflags RCVD_IN_HOSTKARMA_BR net
score RCVD_IN_HOSTKARMA_BR 1.0 # adjust the score value as desired

# blockedservers.com
header   RCVD_IN_BLKSRV	eval:check_rbl('blockedservers-lastexternal', 'rbl.blockedservers.com.')
describe RCVD_IN_BLKSRV	Listed in rbl.blockedservers.com
tflags   RCVD_IN_BLKSRV	net
score    RCVD_IN_BLKSRV	2.0 # adjust the score value as desired

# Weighted Private Block List
header    RCVD_IN_WPBL  eval:check_rbl('wpbl-lastexternal','db.wpbl.info.','127.0.0.2')
describe  RCVD_IN_WPBL  Listed in db.wpbl.info
tflags    RCVD_IN_WPBL  net
score     RCVD_IN_WPBL  2.0 # adjust the score value as desired

# sorbs-spam
header RCVD_IN_SORBS_SPAM	eval:check_rbl_sub('sorbs', '127.0.0.6')
describe RCVD_IN_SORBS_SPAM	SORBS: sender is a spam source
tflags RCVD_IN_SORBS_SPAM	net
score RCVD_IN_SORBS_SPAM	0 2.0 0 2.0 # adjust the score value as desired

# NIX-SPAM
header		RCVD_IN_NIX_SPAM  eval:check_rbl('nix-spam-lastexternal','ix.dnsbl.manitu.net.')
describe	RCVD_IN_NIX_SPAM  Listed in NIX-SPAM DNSBL
tflags		RCVD_IN_NIX_SPAM  net
score		RCVD_IN_NIX_SPAM  2.0 # adjust the score value as desired
Extra scoring rules if a sender ip is listed in more than 2 configured DNSBL's
# Do a summary to give more weight to blacklists
meta       CUSTOM_MANY_BL (RCVD_IN_BL_SPAMCOP_NET + RCVD_IN_SBL + RCVD_IN_XBL + RCVD_IN_PBL + RCVD_IN_VIRBL + RCVD_IN_UCEPROTECT1 + RCVD_IN_WPBL + RCVD_IN_BLKSRV + RCVD_IN_ANONMAILS + RCVD_IN_DNSBL_INPS_DE + RCVD_IN_NIX_SPAM + RCVD_IN_SEMBLACK + RCVD_IN_HOSTKARMA_BL + RCVD_IN_JUSTSPAM + RCVD_IN_PSBL + RCVD_IN_SORBS_SPAM + RCVD_IN_SORBS_DUL + RCVD_IN_SORBS_HTTP) > 2
describe   CUSTOM_MANY_BL Message received in more than 2 RBLs
score      CUSTOM_MANY_BL 6.0

meta       CUSTOM_MANY_URIBL (URIBL_BLACK + URIBL_JP_SURBL + URIBL_WS_SURBL + URIBL_PH_SURBL + URIBL_MW_SURBL + URIBL_AB_SURBL + URIBL_DBL_SPAM + URIBL_DBL_PHISH + URIBL_DBL_MALWARE + URIBL_DBL_BOTNETCC + URIBL_SBL + URIBL_SBL_A + SEM_URI + SEM_FRESH + SEM_URIRED) > 2
describe   CUSTOM_MANY_URIBL Message received in more than 2 URIBL
score      CUSTOM_MANY_URIBL 6.0

Tagged SpamAssassin  Hmailserver  Spam  DNSBL  0 Comments


hMailServer Automatic Client Account Configuration

Saturday, April 25, 2015 Posted by RvdH under hMailserver 

I have been looking for ways to automatically configure Outlook/Thunderbird for my hMailserver accounts and ended up to writing a solution (that suits me) myself.
This topic assumes you have basic knowledge of IIS, C# and Asp.Net & MySQL. This tutorial also assumes you host both hMailserver (using MySQL as database) and your websites on the same server.

The basics of this tutorial lies within the fact both email clients support some sort of autoconfiguation options, Outlook by using Microsofts Exchange Server's autodiscover.xml and Thunderbird by it's own config-v1.1.xml. Now i could have written a simple XML file with required properties, but hey I would like to bind it to hMailserver to see if such account exists in the mailserver, if that account is active, if one tries to login using a domain alias and so on...

OK lets get started, first I we're gonna add a StoredProcedure to the hMailServer database, this StoredProcedure is used later to verify a specific account exists, if it's active or if a alias is used to logon. Excecute the MySQL query below on your hMailServers database:
 

CREATE PROCEDURE `hmailAccounts`(IN domain VARCHAR(80),
 IN email VARCHAR(255))
BEGIN
 SELECT hm_domains.domainname, hm_accounts.accountaddress FROM hm_domains 
 INNER JOIN hm_accounts ON hm_domains.domainid = hm_accounts.accountdomainid 
 LEFT JOIN hm_domain_aliases ON hm_domains.domainid = hm_domain_aliases.dadomainid 
 WHERE (LCASE(hm_domains.domainname)=domain OR hm_domain_aliases.daalias=domain) 
 AND hm_domains.domainactive<>False AND LCASE(hm_accounts.accountaddress)=Concat( SUBSTRING_INDEX(email, '@', 1), '@', domainname ) AND hm_accounts.accountactive<>False;
END
Next thing is creating a asp.net handler for Outlook that queries our hMailServer database, if you have enough knowledge of MySQL you see the StoredProcedure above, verifies if submitted emailaddress is a valid and active account and if you tried to logon using a domain alias. Outlook submits (POST method) a xml file to our handler, the handler reads out the emailaddress submitted and queries the `hmailAccounts` StoredProcedure.

autodiscover.ashx (NOTE: you can alter the order of the xml elements, lets say you prefer SSL connection above Non-SSL connection move all SSL related parts above the Non-SSL parts
<%@ WebHandler Language="C#" Class="autodiscover" %>

using System;
using System.Web;
using System.Xml;
using System.Net.Mail;
using MySql.Data.MySqlClient;
using System.Configuration;

public class autodiscover : IHttpHandler {
    
    public void ProcessRequest (HttpContext context) {
        
        string email = null;
        string defaultdomain = "mail.something.com"; // default domain for SSL & TLS connections
        string domainsuffix = null;
        MailAddress emailaddress = null;
        
        if (HttpContext.Current.Request.ServerVariables["REQUEST_METHOD"].ToLower() == "post")
        {
            XmlDocument dom = new XmlDocument();
            dom.Load(HttpContext.Current.Request.InputStream);
            XmlNamespaceManager ns = new XmlNamespaceManager(dom.NameTable);
            ns.AddNamespace("ad", "http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006");
            XmlNodeList nodeList = dom.SelectNodes("/ad:Autodiscover/ad:Request/ad:EMailAddress", ns);
            try
            {
                if (nodeList != null)
                {
                    foreach (XmlNode node in nodeList)
                    {
                        email = node.InnerText.ToLower();
                    }   
                }
            }
            catch (Exception Ex)
            {
                context.Response.ContentType = "text/html";
                context.Response.Write(Ex.Message);
            }
            finally { }
        }
        
        if (!String.IsNullOrEmpty(email))
        {
            try
            {
                emailaddress = new MailAddress(email.ToLower());
                domainsuffix = emailaddress.Host;

                MySqlConnection conn;
                MySqlCommand comm;
                MySqlDataReader reader;
                string connectionString = ConfigurationManager.ConnectionStrings["hmailMySqlServer"].ConnectionString;
                conn = new MySqlConnection(connectionString);
                comm = new MySqlCommand("hmailAccounts", conn);
                comm.CommandType = System.Data.CommandType.StoredProcedure;
                comm.Parameters.Add("domain", MySqlDbType.VarChar, 80);
                comm.Parameters["domain"].Value = domainsuffix;
                comm.Parameters.Add("email", MySqlDbType.VarChar, 255);
                comm.Parameters["email"].Value = emailaddress;
                try
                {
                    conn.Open();
                    reader = comm.ExecuteReader();
                    if (reader.HasRows)
                    {
                        // Start XML        
                        context.Response.ContentType = "text/xml";
                        context.Response.Write("");
                        context.Response.Write("");
                        context.Response.Write("");
                        context.Response.Write("");
                        context.Response.Write("email");
                        context.Response.Write("settings");
                        // INCOMING POP3 NON-SSL, Port 110
                        context.Response.Write("");
                        context.Response.Write("POP3");
                        context.Response.Write("mail." + domainsuffix + "");
                        context.Response.Write("110");
                        context.Response.Write("" + emailaddress + "");
                        context.Response.Write("on");
                        context.Response.Write("off");
                        context.Response.Write("off");
                        context.Response.Write("on");
                        context.Response.Write("");
                        // INCOMING POP3 SSL, Port 995
                        context.Response.Write("");
                        context.Response.Write("POP3");
                        context.Response.Write("" + defaultdomain + "");
                        context.Response.Write("995");
                        context.Response.Write("" + emailaddress + "");
                        context.Response.Write("on");
                        context.Response.Write("off");
                        context.Response.Write("on");
                        context.Response.Write("on");
                        context.Response.Write("");
                        // INCOMING IMAP SSL, Port 995
                        context.Response.Write("");
                        context.Response.Write("IMAP");
                        context.Response.Write("" + defaultdomain + "");
                        context.Response.Write("995");
                        context.Response.Write("" + emailaddress + "");
                        context.Response.Write("on");
                        context.Response.Write("off");
                        context.Response.Write("on");
                        context.Response.Write("on");
                        context.Response.Write("");
                        /*
                        // INCOMING IMAP NON-SSL, Port 143
                        context.Response.Write("");
                        context.Response.Write("IMAP");
                        context.Response.Write("mail." + domainsuffix + "");
                        context.Response.Write("143");
                        context.Response.Write("" + emailaddress + "");
                        context.Response.Write("on");
                        context.Response.Write("off");
                        context.Response.Write("off");
                        context.Response.Write("on");
                        context.Response.Write(""); 
                        */
                        // OUTGOING SMTP NON-SSL, Port 587   
                        context.Response.Write("");
                        context.Response.Write("SMTP");
                        context.Response.Write("mail." + domainsuffix + "");
                        context.Response.Write("587");
                        context.Response.Write("" + emailaddress + "");
                        context.Response.Write("on");
                        context.Response.Write("off");
                        context.Response.Write("off");
                        context.Response.Write("on");
                        context.Response.Write("on");
                        context.Response.Write("off");
                        context.Response.Write("");
                        // OUTGOING SMTP NON-SSL, Port 25   
                        context.Response.Write("");
                        context.Response.Write("SMTP");
                        context.Response.Write("mail." + domainsuffix + "");
                        context.Response.Write("25");
                        context.Response.Write("" + emailaddress + "");
                        context.Response.Write("on");
                        context.Response.Write("off");
                        context.Response.Write("off");
                        context.Response.Write("on");
                        context.Response.Write("on");
                        context.Response.Write("off");
                        context.Response.Write("");
                        // OUTGOING SMTP SSL, Port 465   
                        context.Response.Write("");
                        context.Response.Write("SMTP");
                        context.Response.Write("" + defaultdomain + "");
                        context.Response.Write("465");
                        context.Response.Write("" + emailaddress + "");
                        context.Response.Write("on");
                        context.Response.Write("off");
                        context.Response.Write("on");
                        context.Response.Write("on");
                        context.Response.Write("on");
                        context.Response.Write("off");
                        // End XML
                        context.Response.Write("");
                        context.Response.Write("");
                        context.Response.Write("");
                    }
                    else
                    {
                        context.Response.Status = "404 Not Found";
                    }
                    reader.Close();
                }
                catch (Exception Ex)
                {
                    context.Response.ContentType = "text/html";
                    context.Response.Write(Ex.Message);
                }
                finally
                {
                    conn.Close();
                }
            }
            catch (Exception Ex)
            {
                context.Response.ContentType = "text/html";
                context.Response.Write(Ex.Message);
            }
            finally { }
        }
        else
        {
            context.Response.Status = "503 Service Unavailable";
        }
    }
 
    public bool IsReusable {
        get {
            return false;
        }
    }
}
Our next step is creating a asp.net handler for Thunderbird that queries our hMailServer database just like the one above does. Thunderbird submit's the emailaddress as an querystring to our handler, the handler reads out the emailaddress submitted and queries the `hmailAccounts` StoredProcedure.

config-v1.1.ashx (NOTE: you can alter the order of the xml elements, lets say you prefer SSL connection above Non-SSL connection move all SSL related parts above the Non-SSL parts)
<%@ WebHandler Language="C#" Class="config" %>

using System;
using System.Web;
using System.Net.Mail;
using MySql.Data.MySqlClient;
using System.Configuration;

public class config : IHttpHandler {
    
    public void ProcessRequest (HttpContext context) {

        string email = null;
        string defaultdomain = "mail.something.com"; // default domain for SSL & TLS connections
        string domainsuffix = null;
        MailAddress emailaddress = null;
        
        if (!String.IsNullOrEmpty(System.Web.HttpContext.Current.Request.QueryString["emailaddress"]))
        {
            email = System.Web.HttpContext.Current.Request.QueryString["emailaddress"];
            try
            {
                emailaddress = new MailAddress(email.ToLower());
                domainsuffix = emailaddress.Host;
                
                MySqlConnection conn;
                MySqlCommand comm;
                MySqlDataReader reader;
                string connectionString = ConfigurationManager.ConnectionStrings["hmailMySqlServer"].ConnectionString;
                conn = new MySqlConnection(connectionString);
                comm = new MySqlCommand("hmailAccounts", conn);
                comm.CommandType = System.Data.CommandType.StoredProcedure;
                comm.Parameters.Add("domain", MySqlDbType.VarChar,80);
                comm.Parameters["domain"].Value = domainsuffix;
                comm.Parameters.Add("email", MySqlDbType.VarChar,255);
                comm.Parameters["email"].Value = emailaddress;
                try
                {
                    conn.Open();
                    reader = comm.ExecuteReader();
                    if (reader.HasRows)
                    {
                        // Start XML
                        context.Response.ContentType = "text/xml";
                        context.Response.Write("");
                        context.Response.Write("");
                        context.Response.Write("" + domainsuffix + "");
                        context.Response.Write("" + domainsuffix + " Mail");
                        context.Response.Write("" + domainsuffix + "");
                        // INCOMING POP3 NON-SSL, Port 110
                        context.Response.Write("");
                        context.Response.Write("mail." + domainsuffix + "");
                        context.Response.Write("110");
                        context.Response.Write("plain");
                        context.Response.Write("password-cleartext");
                        context.Response.Write("" + emailaddress + "");
                        context.Response.Write("");    
                        // INCOMING POP3 SSL, Port 995
                        context.Response.Write("");
                        context.Response.Write("" + defaultdomain + "");
                        context.Response.Write("995");
                        context.Response.Write("SSL");
                        context.Response.Write("password-cleartext");
                        context.Response.Write("" + emailaddress + "");
                        context.Response.Write("");
                        /*
                        // INCOMING IMAP NON-SSL, Port 143
                        context.Response.Write("");
                        context.Response.Write("mail." + domainsuffix + "");
                        context.Response.Write("143");
                        context.Response.Write("plain");
                        context.Response.Write("password-cleartext");
                        context.Response.Write("" + emailaddress + "");
                        context.Response.Write("");
                        */
                        // INCOMING IMAP NON-SSL, Port 993
                        context.Response.Write("");
                        context.Response.Write("" + defaultdomain + "");
                        context.Response.Write("993");
                        context.Response.Write("SSL");
                        context.Response.Write("password-cleartext");
                        context.Response.Write("" + emailaddress + "");
                        context.Response.Write(""); 
                        // OUTGOING SMTP NON-SSL, Port 587
                        context.Response.Write("");
                        context.Response.Write("mail." + domainsuffix + "");
                        context.Response.Write("587");
                        context.Response.Write("plain");
                        context.Response.Write("password-cleartext");
                        context.Response.Write("" + emailaddress + "");
                        context.Response.Write("");
                        // OUTGOING SMTP NON-SSL, Port 25
                        context.Response.Write("");
                        context.Response.Write("mail." + domainsuffix + "");
                        context.Response.Write("25");
                        context.Response.Write("plain");
                        context.Response.Write("password-cleartext");
                        context.Response.Write("" + emailaddress + "");
                        context.Response.Write("");
                        // OUTGOING SMTP SSL, Port 465
                        context.Response.Write("");
                        context.Response.Write("" + defaultdomain + "");
                        context.Response.Write("465");
                        context.Response.Write("SSL");
                        context.Response.Write("password-cleartext");
                        context.Response.Write("" + emailaddress + "");
                        context.Response.Write("");
                        // End XML
                        context.Response.Write("");
                        context.Response.Write("");
                    }
                    else
                    {
                        context.Response.Status = "404 Not Found";
                    }
                    reader.Close();
                }
                catch (Exception Ex)
                {
                    context.Response.ContentType = "text/html";
                    context.Response.Write(Ex.Message);
                }
                finally
                {
                    conn.Close();
                }
            }
            catch (Exception Ex)
            {
                context.Response.ContentType = "text/html";
                context.Response.Write(Ex.Message);
            }
            finally { }
        }
        else
        {
           context.Response.Status = "503 Service Unavailable";
        }
    }
 
    public bool IsReusable {
        get {
            return false;
        }
    }
}

web.config
 


   
      
      
   
   
      
      
         
            
               
               
            
            
               
               
            
         
      
   
   
      
         
         
      
   


The next step is putting it all together...we can do this the easy or the hard way, I'll try to explain the easy way here :-)



In IIS Manager open up the "Default Web Site", the "Default Web Site" listens to anything without hostheaders so as long the A-record of a domain points to this particular server hMailserver is installed as well this example is sufficient for our needs, we just need to add https binding on port 443, also make sure you have Url Rewrite installed. FYI: If you are using https without valid SSL Certiificate outlook willl complain and popup a warning, just ignore and continue.

Make sure your domain(s) DNS records either allow wildcards, eg: *.
something.com or make a-records/cname reference for: autoconfig.something.com and/or autodiscover.something.com to the IP address of the server where both hmailserver and these handlers are hosted.


Thunderbird autoconfiguraton is requesting:

Host: http://autoconfig.something.com/mail/config-v1.1.xml?emailaddress=[EMAILADDRESS]


Outlook autoconfiguraton is requesting, first:

Host: https://something.com/autodiscover/autodiscover.xml

And if that fails:

Host: https://autodiscover.something.com/autodiscover/autodiscover.xml



Download Source

(NOTE: some parts in the code snippets have been updated after the code has been published)
Download all files discussed above: here  


Resources

https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration
https://technet.microsoft.com/en-us/library/cc511507(v=office.14).aspx
http://blogs.technet.com/b/kristinw/archive/2013/04/19/controlling-outlook-autodiscover-behavior.aspx​

Tagged Autodiscover  Outlook  Autoconfiguration  Thunderbird  Hmailserver  0 Comments


hMailServer disallow messages not sent from the authenticated account/domain

Friday, April 24, 2015 Posted by RvdH under hMailserver 

hMailServer by default allows any authenticated user to send email messages from any account, this might be a security risks. Especially if someone's account password is compromised or hijjacked and spammers are abusing your mailserver. Below you'll find three scripts that can be placed in hMailServer's EventHandlers.vbs

The first one allow only messages from the authenticated user domain, eg: in the username is info@domain.com it also is allowed to send messages from postmaster@domain.com

Limitation(s):

  • No domain alias or account alias checking
Sub OnSMTPData(oClient, oMessage)
' denies any mail not sent from the authenticated domain
	On Error Resume Next
	If oClient.Username <> "" And oMessage.FromAddress <> "" Then
		Dim authemail, fromemail
		authemail = Split(oClient.Username,"@")(1)
		fromemail = Split(oMessage.FromAddress,"@")(1)
		If LCase(authemail) <> LCase(fromemail) Then
			Result.Value = 2
			Result.Message = "BLOCKED: You are only allowed to send from your own domain." 
			EventLog.Write("BLOCKED: Message from authenticated user: " & oClient.Username & " blocked because FROM address: " & oMessage.FromAddress & " not using authenticated user domain, eg: " & authemail)
		End If	
	End If
	Err.Clear
	On error goto 0
End Sub
This second one allow only messages from the authenticated user user, eg: If the username is info@domain.com it only is allowed to send messages from info@domain.com

Limitation(s):
  • No domain alias or account alias checking
Sub OnSMTPData(oClient, oMessage)
' denies any mail not sent from the authenticated account
	On Error Resume Next
	If oClient.Username <> "" Then
		If LCase(oClient.Username) <> LCase(oMessage.FromAddress) Then
			Result.Value = 2
			Result.Message = "BLOCKED: You are only allowed to send from your own account."
			EventLog.Write("BLOCKED: Message from authenticated user: " & oClient.Username & " blocked because FROM address: " & oMessage.FromAddress & " not is authenticated user , eg: " & oClient.Username)
		End If
	End If   
	Err.Clear
	On error goto 0
End Sub
This third script is the most advanced one, it also checks for domain aliases and account aliases

Limitation(s):
  • You cannot send e-mail from an alias of another alias that is linked to your account
Sub OnSMTPData(oClient, oMessage)
' denies any mail not sent from the authenticated account or alias
	On Error Resume Next
	If oClient.Username <> "" Then
		If LCase(oClient.Username) <> LCase(oMessage.FromAddress) Then
			Dim obBaseApp
			Set obBaseApp = CreateObject("hMailServer.Application")
			Call obBaseApp.Authenticate("Administrator","***************") 'PUT YOUR PASSWORD HERE 
			
			Dim StrClientDomain, StrFromDomain, StrFromAddress
			StrClientDomain = Split(oClient.Username,"@")(1) 
			StrFromDomain = Split(oMessage.FromAddress,"@")(1)
			
			Dim obDomain 
			Set obDomain = obBaseApp.Domains.ItemByName(StrClientDomain) 
			
			Dim obAliases
			Dim obAlias
			Dim AliasFound : AliasFound = False
			
			If LCase(StrClientDomain) <> LCase(StrFromDomain) Then
				Set obAliases = obDomain.DomainAliases
				For iAliases = 0 To (obAliases.Count - 1)
					Set obAlias = obAliases.Item(iAliases)
					If LCase(obAlias.AliasName) = LCase(StrFromDomain) Then
						AliasFound = True
						Exit For
					End If
				Next
				If AliasFound Then
					StrFromAddress = Split(oMessage.FromAddress,"@")(0) + "@" + StrClientDomain 
				End If
			Else 
				StrFromAddress = oMessage.FromAddress
				AliasFound = True
			End If
			
			If LCase(oClient.Username) <> LCase(StrFromAddress) Then
				If AliasFound Then
					Set obAliases = obDomain.Aliases
					AliasFound = False
					For iAliases = 0 To (obAliases.Count - 1)
						Set obAlias = obAliases.Item(iAliases)
						If (obAlias.Active) And (LCase(obAlias.Name) = LCase(StrFromAddress)) And (LCase(obAlias.Value) = LCase(oClient.UserName)) Then
							AliasFound = True
							Exit For
						End If 
					Next
				End If
				
				If Not AliasFound Then
					Result.Value = 2
					Result.Message = "BLOCKED: You are only allowed to send from your own account or any of its aliases."
					EventLog.Write("BLOCKED: Message from authenticated user: " & oClient.Username & " blocked because FROM address: " & oMessage.FromAddress & " not is authenticated user or alias , eg: " & oClient.Username)
				End If
			End If
		End If
	End If   
	Err.Clear
	On error goto 0
End Sub

Tagged VbScript  Hmailserver  0 Comments


OEMDump Windows 2012 (R2) Compatible

Saturday, December 13, 2014 Posted by RvdH under Computer & Peripherals 

This utility is an update of the 'OEMDump (Windows 7 Compatible)' I posted back in 2010. OEMDump is designed to make a backup of everything needed to do a clean install of Windows Vista, Windows 7, Windows Server 2008 (W/ or W/O R2) and Windows Server 2010 (W/ or W/O R2) allowing you still be able to use the Windows OEM preactivation mechanism.



The program will backup the following files:

* OEM Certificate
* OEM SLP Product Key
* OEM SLIC

Changelog:
FIX: Windows Server 2012 OEM certificate detection
ADDED: OA SLIC 2.2/2.3 detection
ADDED: Windows Server 2012/Windows Server 2012 R2 OEM certificate detection
ADDED: Windows Server 2012/Windows Server 2012 R2 Product Key detection (N char)
ADDED: CRC32 values to Filename and Edition ID with Product Key

Requirements:
Microsoft Windows
Microsoft .NET Framework 4.x

Download:
oemdump_update.zip


 

Tagged Windows  Activation  OEM  0 Comments


Decrypting oembios.dat

Wednesday, June 26, 2013 Posted by RvdH under Computer & Peripherals 

Allthough the area of Windows XP and Windows Server 2003 is long passed I recently stumbled on some XP recovery discs. Because I had no idea for what systems they where intended for I searched the internet and found something interesting here. By decrypting the oembios.dat file I now can easily see which preactivated systems the recovery discs support, or at least could.

enum KeyType
{
  WindowsXP,
  Windows2003
}

void DecryptOembios(byte[] data, KeyType keyType)
{
  // select keys
  byte[] key0;
  uint[] key1;

  if (keyType == KeyType.WindowsXP)
  {
    key0 = new byte[] { 0x65, 0x48, 0x73, 0xb3, 0x19, 0x81, 0x67, 0xca, 0xbf, 0x02, 0xfd, 0x2e, 0xb7, 0xe3, 0x3d, 0x17 };
    key1 = new uint[] { 0x6bef9812, 0xe4ccc512, 0x08714298, 0x3ed2ee96 };
  }
  else
  {
    key0 = new byte[] { 0x76, 0xd0, 0xe7, 0x70, 0xf6, 0xb4, 0xd1, 0x76, 0x13, 0xcd, 0x6e, 0x06, 0xd7, 0x28, 0x2c, 0xce };
    key1 = new uint[] { 0xf3462a5d, 0xc605e0d6, 0x0e524b90, 0x80649049 };
  }

  // initialize keystream (using key0)
  byte[] keystream = new byte[256];
  for (int i = 0; i < 256; ++i)
    keystream[i] = (byte)i;

  byte swapIndex = 0;
  for (int i = 0; i < 256; ++i)
  {
    swapIndex += (byte)(keystream[i] + key0[i & 0xf]);
    byte swap = keystream[i];
    keystream[i] = keystream[swapIndex];
    keystream[swapIndex] = swap;
  }

  // first step (using keystream)
  byte keystreamIndex0 = 0, keystreamIndex1 = 0;
  for (int offset = 0; offset < data.Length; ++offset)
  {
    keystreamIndex1 += keystream[++keystreamIndex0];
    byte swap = keystream[keystreamIndex1];
    keystream[keystreamIndex1] = keystream[keystreamIndex0];
    keystream[keystreamIndex0] = swap;
    data[offset] ^= keystream[(byte)(keystream[keystreamIndex0] + keystream[keystreamIndex1])];
  }

  // second step (using key1)
  for (int offset = data.Length - 8; offset >= 0; --offset)
  {
    uint data0 = BitConverter.ToUInt32(data, offset);
    uint data1 = BitConverter.ToUInt32(data, offset + 4);
    uint tmp = 0xc6ef3720;
    for (int i = 0; i < 32; ++i)
    {
      data1 -= tmp + key1[tmp >> 11 & 3] ^ data0 + (data0 << 4 ^ data0 >> 5);
      tmp += 0x61c88647;
      data0 -= tmp + key1[tmp & 3] ^ data1 + (data1 << 4 ^ data1 >> 5);
    }
    BitConverter.GetBytes(data0).CopyTo(data, offset);
    BitConverter.GetBytes(data1).CopyTo(data, offset + 4);
  }
}
Using the above code, i crafted up a simple console application that can decrypt Windows XP and Windows Server 2003 oembios.dat files.




Other resources on OEM preactivation:


Requirements:

  • Microsoft Windows
  • Microsoft .NET Framework 2.x

Download:
DecryptOembios.zip


Tagged Activation  BIOS  OEM  0 Comments