Posted by RvdH under hMailserver on Jul 14 2017

Lately I see lots of failed login attempts on my hMailserver install, and with a lot I mean a lot! With the script below i was able to reduce those login attempt significantly.

Functionality:
Block known authentication hackers with scripting as soon they try to connect to your hMailserver installation against the junkemailfilter.com known authentication hackers blocklist.

Usage:
Enable Scripting in hMailServer, edit OnClientConnect eventhandler in eventhandlers.vbs to include the lines below, also add the function hostkarmaAuthHacker(strIP). Last but not least, install the DNSLibrary.DNSResolver Component (read further below)
 

Sub OnClientConnect(oClient)
	If hostkarmaAuthHacker(oClient.IPAddress) Then
		Result.Value = 1
		REM Debug
		REM EventLog.Write("Message from: " & oClient.IPAddress & " Blocked being a authentication hacker") 
		Exit Sub
	End If	
End Sub


Function hostkarmaAuthHacker(strIP)
	dim found : found = false
	Dim a : a = Split(strIP, ".")
	On Error Resume Next
	With CreateObject("DNSLibrary.DNSResolver")
		strIP = .TXT(a(3) & "." & a(2) & "." & a(1) & "." & a(0) & ".hostkarma.junkemailfilter.com")
	End With
	On Error Goto 0
	a=Split(strIP ,VbCrLf)
	For x = 0 To (UBound(a) - LBound(a))
	  If Len(a(x)) > 0 then
		If InStr(a(x),"(authentication hacker)")>0 then
			found = true
			Exit For
		end if
	  end if
	Next
	hostkarmaAuthHacker = found
End Function
Download:
Download the DNSLibrary.DNSResolver Component in this script here 
(Component works on both 32bit and 64bit Windows OS's)

Requirements:
Component Installer requires Net 2.x to register assemblies

Brief description of this component:
Create object of type DNSLibrary.DNSResolver

This object has 13 public functions:

	-- version() * returns the version number
	-- help() * shows this help
	-- IPv4A(<Domain name>) * query IPv4 A-Record(s)
	-- A(<Domain name>) * same as IPv4A (deprecated)
	-- DNSLookup(<Domain name>) * same as IPv4A (deprecated)
	-- IPv6A(<Domain name>) * query IPv6 A-Record(s)
	-- AAAA(<Domain name>) * same as IPv6A (deprecated)
	-- CNAME(<Domain name>) * query CNAME-Record(s)
	-- MX(<Domain name>) * query MX-Record(s)
	-- NS(<Domain name>) * query NS-Record(s)
	-- PTR(<IP address>) * query PTR-Record(s)
	-- SOA(<Domain name>) * query SOA-Record(s)
	-- TXT(<Domain name>) * query TXT-Record(s)


VBScript example:

Dim ObjDNS
Set ObjDNS = CreateObject("DNSLibrary.DNSResolver")
WScript.Echo("A-Record (IP4): " & ObjDNS.IPv4A("vdhout.nl"))
Set ObjDNS = Nothing