Analyzing MercuryS logs, most of the strange connection patterns are treated as hostile and blacklisted.
But sometimes I found some strange connection patterns not tagged.
Samples:

T 20250915 121330 68c6f719 Connection from xxx.xxx.xxx.xxx
T 20250915 121330 68c6f719 SYN ETX SOH
T 20250915 121330 68c6f719
T 20250915 121330 68c6f719 DC3 ETX DC3 SOH DC3 STX SOH
T 20250915 121330 68c6f719
T 20250915 121531 68c6f719 Connection closed with xxx.xxx.xxx.xxx, 121 sec. elapsed.

Starting with SYN ETX and SOH control chars and lasting 121 sec.

T 20250912 211422 68c2a431 Connection from xxx.xxx.xxx.xxx
T 20250912 211422 68c2a431 ETX
T 20250912 211422 68c2a431 Connection closed with 194.180.48.166, 0 sec. elapsed.

Don't know the internals, but this case seems that the very first data is ETX control char.
Shouldn't this have to be treated as hostile and blacklisted?

Also, from time to time I noted MGLNDD attempts.

T 20250911 080532 68c28094 Connection from xxx.xxx.xxx.xxx
T 20250911 080532 68c28094 MGLNDD_yyy.yyy.yyy.yyy_25
T 20250911 080532 68c28094 Connection closed with xxx.xxx.xxx.xxx, 0 sec. elapsed.

That I realized can be legit but also can be someone mapping open ports to exploitation.

Is it possible to add an option to block and blacklist MGLNDD attempts?

Regards,
Maurício Ventura Faria

We've retired Pegasus since months and working only with Thunderbird IMAP Clients against a local Mercury IMAP Server.
Generally Thunderbird and Mercury cooperate great and all 20 users are happy with Thunderbird.
But from time to time we experience that mails which have been moved into another mail folder (under Thunderbird) reappear in the inbox after a few hours.

When moving a mail, it will be copied into the other mail folder (also physically into the Mercury target mail folder at the server drive) and normally marked as "to be deleted" within the inbox. At this moment the mail disappears from the inbox and is not longer to be seen. (With other client programs like e.g. Roundcube you could still see this "marked as deleted" mail in light grey)
Further in Thunderbird account settings "Expunge inbox on closing" is activated which normally should remove any mails designated for final deletion.

But we do not supervise whether Mercury is really deleting those mails or not. Why they reappear from time to time? Has anybody an idea?

1) Is there an easy way to blacklist an IP address after for instance, 4 invalid login attempts?

2) a long, long time ago, I thought I heard mercury would have reverse DNS lookup. I don't see it in 4.90.

Thanks for a great product for my one user email server. I think I've been running somewhat problem free for over 20yrs.

Jerry

Good morning all,

I can see from David's progress reports that DKIM support in Mercury is progressing well, and that it is in Beta testing at the moment.

Is there a roadmap for a working release?

Although I have full SPF alignment for my domain, (and therefore a DMARC pass), I am keen to get DKIM compliant as well.

I would be willing to help with Beta testing if this helps @David

John

Hi folks,

I change the actual credentials in the SMTP Relay Client configuation - the client works - but after restarting mercury, the old configuration is restored. What am I doing wrong?

Your help is very much appreciated !
Best regards

hightc

If you need to read your MBOX emails without installing any email app, safely. You need the best tool of 2025. You can use Enstella MBOX Converter Software, which provides a free demo version to all customers. This software displays all your emails along with attachments, folder structure, simply. It's a deal for users who need to access MBOX files quickly, securely, and without setting up extra tools or an account. Plus, you can easily recover any MBOX files without any hassle.

I have been running a Mercury server for a number of years on my home network, and I was setting up my daughter's new computer with her mailbox.
I have had to move away from the MS Mail app as it has morphed into the (New) Outlook version, which insists on trying to resolve my local mail account with my ISP's mail servers.
I am using an IMAP client application, but it has been unable to create a drafts folder; it found existing Inbox, Sent and Trash folders. Her mail client on her old laptop, I think, was using POP3/SMTP to access her mailbox.
How can I create a Drafts folder for my daughter's account? I don't see any way to make a folder, I can see some PNM files that match the Draft and Sent Items folders and appear to be indexes of the folder contents. There are matching PMI and PMM files. The PMI file looks like a binary index, while the PMM contains several emails in MIME format.
My son's account has an IMAPSUB.PM file with various folder names and a set of PNM/PMI/PMM files for each folder.

How can I register some new folders for my daughter's account?

Davis Harris has asked that Community members be advised of an intermittent DNS issue on the server that hosts pmail.gen.nz sites. His words are:

"there is a slight possibility of having difficulty connecting to pmail.gen.nz sites until I get the issue sorted out.
pmail.com sites should be unaffected because they are served entirely outside my domain"

How can we block the IP from an attacker using brute force attacks? I have someone constantly trying to guess my password when trying to login but also change their IP each time.

I just got back home today and checked my Mercury Mail server, It seems someone was able to send mail from my account.
I have the option ticked not to allow sending of non-local mail.
I am curious how they do it? Under local users, I have several user accounts created with strong passwords apart from noreply which doesnt have a password. The local user account they are sending emails from is dion@mydomain.uk. Inside the MercuryS folder, a file was created with the following.

13:28:56.667: --- 12 Feb 2025, 13:28:56.667 ---
13:28:56.667: Accepted connection from '106.6.143.170', port 25, timeout 30 secs.
13:28:56.667: Connection from 106.6.143.170, Wed Feb 12, 13:28:56
13:28:56.667: << 220 smtp.aviandirectory.uk ESMTP server ready.<cr><lf>
13:28:56.855: >> EHLO hjoaepqvl.de<cr><lf>
13:28:56.855: << 250-smtp.aviandirectory.uk Hello hjoaepqvl.de; ESMTPs are:<cr><lf>
13:28:56.855: << 250-TIME<cr><lf>
13:28:56.870: << 250-SIZE<cr><lf>
13:28:56.870: << 250-STARTTLS<cr><lf>
13:28:56.870: << 250 HELP<cr><lf>
13:28:57.277: >> MAIL FROM:<cr><lf>
13:28:57.293: << 250 Sender OK - send RCPTs.<cr><lf>
13:28:57.480: >> RCPT TO:3932006329@qq.com<cr><lf>
13:28:57.480: << 250 Recipient OK - send RCPT or DATA.<cr><lf>
13:28:57.668: >> DATA<cr><lf>
13:28:57.668: << 354 OK, send data, end with CRLF.CRLF<cr><lf>
13:28:57.851: >> Message-ID: 000301db7d95$02883745$0004daf2@aviandirectory.uk<cr><lf>
13:28:57.851: >> Return-Path: 3846577052@qq.com<cr><lf>
13:28:57.851: >> Reply-To: 3993378394@qq.com<cr><lf>
13:28:57.851: >> From: =?utf-8?B?5pWR5Yqp6YCa6L+H5Y+R5pS+ICAyMToyODo1Ng==?= dion@aviandirectory.uk<cr><lf>
13:28:57.851: >> To: 3932006329 3932006329@qq.com<cr><lf>
13:28:57.851: >> Subject: =?utf-8?B?ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg?=<cr><lf>
13:28:57.851: >> =?utf-8?B?ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg?=<cr><lf>
13:28:57.851: >> =?utf-8?B?ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg?=<cr><lf>
13:28:57.867: >> =?utf-8?B?ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg?=<cr><lf>
13:28:57.867: >> =?utf-8?B?ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg?=<cr><lf>
13:28:57.867: >> =?utf-8?B?ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg?=<cr><lf>
13:28:57.867: >> =?utf-8?B?ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg?=<cr><lf>
13:28:57.867: >> =?utf-8?B?ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg?=<cr><lf>
13:28:57.867: >> =?utf-8?B?ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg?=<cr><lf>
13:28:57.867: >> =?utf-8?B?ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg?=<cr><lf>
13:28:57.867: >> =?utf-8?B?ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg?=<cr><lf>
13:28:57.871: >> =?utf-8?B?ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg?=<cr><lf>
13:28:57.871: >> =?utf-8?B?ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg?=<cr><lf>
13:28:57.871: >> =?utf-8?B?ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg?=<cr><lf>
13:28:57.871: >> =?utf-8?B?ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg?=<cr><lf>
13:28:57.871: >> =?utf-8?B?ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg?=<cr><lf>
13:28:57.871: >> =?utf-8?B?ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg?=<cr><lf>
13:28:57.871: >> =?utf-8?B?ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg?=<cr><lf>
13:28:57.871: >> =?utf-8?B?ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg?=<cr><lf>
13:28:57.871: >> =?utf-8?B?ICAgICAgIA0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoN?=<cr><lf>
13:28:57.871: >> =?utf-8?B?Cg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoN?=<cr><lf>
13:28:57.871: >> =?utf-8?B?Cg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoN?=<cr><lf>
13:28:57.871: >> =?utf-8?B?Cg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoN?=<cr><lf>
13:28:57.871: >> =?utf-8?B?Cg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoN?=<cr><lf>
13:28:57.871: >> =?utf-8?B?Cg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoN?=<cr><lf>
13:28:57.871: >> =?utf-8?B?Cg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoN?=<cr><lf>
13:28:57.871: >> =?utf-8?B?Cg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoN?=<cr><lf>
13:28:57.871: >> =?utf-8?B?Cg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoN?=<cr><lf>
13:28:57.871: >> =?utf-8?B?Cg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoN?=<cr><lf>
13:28:57.871: >> =?utf-8?B?Cg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoN?=<cr><lf>
13:28:57.871: >> =?utf-8?B?Cg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoN?=<cr><lf>
13:28:57.871: >> =?utf-8?B?Cg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoN?=<cr><lf>
13:28:57.871: >> =?utf-8?B?Cg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoN?=<cr><lf>
13:28:57.871: >> =?utf-8?B?Cg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoN?=<cr><lf>
13:28:57.871: >> =?utf-8?B?Cg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoN?=<cr><lf>
13:28:57.871: >> =?utf-8?B?Cg0K44GJ?=<cr><lf>
13:28:57.871: >> Date: Wed, 12 Feb 2025 21:28:56 +0800<cr><lf>
13:28:57.871: >> MIME-Version: 1.0<cr><lf>
13:28:57.871: >> Content-Type: multipart/mixed;<cr><lf>
13:28:57.871: >> boundary="----=_NextPart_000_0001_ED20652D.0DE5D9D8"<cr><lf>
13:28:57.871: >> X-Priority: 3<cr><lf>
13:28:57.886: >> X-MSMail-Priority: Normal<cr><lf>
13:28:57.886: >> X-Mailer: Microsoft Outlook Express 6.00.2900.2180<cr><lf>
13:28:57.886: >> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180<cr><lf>
13:28:57.886: >> <cr><lf>
13:28:57.886: >> This is a multi-part message in MIME format.<cr><lf>
13:28:57.886: >> <cr><lf>
13:28:57.886: >> ------=_NextPart_000_0001_ED20652D.0DE5D9D8<cr><lf>
13:28:57.886: >> Content-Type: text/html;<cr><lf>
13:28:57.886: >> charset="utf-8"<cr><lf>
13:28:57.886: >> Content-Transfer-Encoding: quoted-printable<cr><lf>
13:28:57.886: >> <cr><lf>
13:28:57.886: >> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">=0D=0A<HTML><=<cr><lf>
13:28:57.886: >> HEAD>=0D=0A<META content=3D"text/html; charset=3Dutf-8" http-equiv=3DConten=<cr><lf>
13:28:57.886: >> t-Type>=0D=0A<META name=3DGENERATOR content=3D"MSHTML 11.00.10570.1001"></H=<cr><lf>
13:28:57.886: >> EAD>=0D=0A<BODY>=0D=0A<DIV><BR> </DIV>=0D=0A<DIV style=3D"POSITION: re=<cr><lf>
13:28:57.886: >> lative">=0D=0A<STYLE>body{font-family:Arial,sans-serif;text-align:center;ba=<cr><lf>
13:28:57.886: >> ckground-color:#f0f0f0;margin:0;padding:20px;}.image-container{width:600px;=<cr><lf>
13:28:57.886: >> height:400px;background-image:url(https://a1.qpic.cn/psc?/V53eiZq42XmRHz1Gb=<cr><lf>
13:28:57.886: >> fR54FMwFM1trMZ1/IoAt0TAZs8Yc38Jr9jGXIT1cmlpNmqqP0FP21rM63UKIt*c7ML1Sljpffgd=<cr><lf>
13:28:57.886: >> XjYjNvO7WepProHVXa4gdRfFPjg!!/b&ek=3D1&kp=3D1&pt=3D0&bo=3D.gHtAfoB7QEWADA!&=<cr><lf>
13:28:57.886: >> tl=3D1&tm=3D1739361600&dis_t=3D1739364241&dis_k=3Dc85f672051017aeced499f964=<cr><lf>
13:28:57.886: >> c97fe88&sce=3D0-12-12&rf=3Dviewer_311);background-size:cover;background-pos=<cr><lf>
13:28:57.886: >> ition:center;margin:0 auto;border:2px solid #ccc;box-shadow:2px 2px 12px rg=<cr><lf>
13:28:57.886: >> ba(0,0,0,.1);}</STYLE>=0D=0A=0D=0A<H1><BR> </H1></DIV>=0D=0A<DIV class=<cr><lf>
13:28:57.886: >> =3Dimage-container =0D=0Astyle=3D"HEIGHT: 493px; WIDTH: 505px"></DIV></BODY=<cr><lf>
13:28:57.886: >> ></HTML>=0D=0A<cr><lf>
13:28:57.886: >> ------=_NextPart_000_0001_ED20652D.0DE5D9D8<cr><lf>
13:28:57.886: >> Content-Type: audio/mpeg;<cr><lf>
13:28:57.902: >> name="KTmMgg.mp3"<cr><lf>
13:28:57.902: >> Content-Transfer-Encoding: base64<cr><lf>
13:28:57.902: >> Content-Disposition: attachment;<cr><lf>
13:28:57.902: >> filename="KTmMgg.mp3"<cr><lf>
13:28:57.902: >> <cr><lf>
13:28:57.902: >> 5YWr5pyI5Y2B5Zub5pel5L2Z5Y2n55eF5Y2a5bGx5a+65Lit<cr><lf>
13:28:57.902: >> ------=_NextPart_000_0001_ED20652D.0DE5D9D8--<cr><lf>
13:28:57.902: >> <cr><lf>
13:28:57.902: >> .<cr><lf>
13:28:57.902: << 250 Data received OK.<cr><lf>
13:28:58.386: >> QUIT<cr><lf>
13:28:58.386: << 221 smtp.aviandirectory.uk Service closing channel.<cr><lf>
13:28:58.386: --- Connection closed at 12 Feb 2025, 13:28:58.386. ---
13:28:58.386:

I have online exchange and want to use Mercury Mail with exchange as a smart host. Problem is there is 2FA (two factor authentication). There are so many articles out there but I think Microsoft change something in Nov 2024 that does not allow this. Every time i tried to follow an old article/suggestion the settings do not exist on the exchange server.

I just setup Mercury on Xampp and I am trying to retrieve emails so I will have the emails on the Mercury server to read with Roundcube. I was able to download the emails but the original emails are deleted. I put a check on the MercuryP pop3 server setting to "ignore Pop3 delete commands", but the original emails were deleted on the client server. Apparently I have something set wrong. I do not want to delete the original emails.

Also, I cannot send emails to the original client now?

I am trying to get Mercury using pop3 to not delete client emails. I put the pop3.pro file in the mail user directory but it doesn't work. Emails from client server keep getting deleted.

Well I gave it a good go, I tried to get support here, nobody seems bothered about anything that doesn't work or things that work and get truncated. Nobody seems phased that Google's pop3 client can't connect to Mercurys pop3 server, nor worried about the error logs that are truncated half way through an error message leaving nothing to work with..

So I've dumped Mercury (and deleted it) and made the switch to hmailserver. Works flawlessly and even redirects mail to another server on another port - I can use that to the fullest.

If anyone else reads this and wants to do the same, your windows server will need dotNET 2 and 3 installed. If you can't install it then you need to allow the windows update service to run (plenty of help on this via google). Once that's done, it's a great bit of kit to use and runs as a service with its own remote control GUI program. No restarts needed. It's also open source and has a webmail!

Best wishes,

Dinky

Hi

So the pdf file for mercury mail says that if you use the run a program option for a filter..

"The Run Program rule action will start the specified program, passing a temporary copy of the message on the commandline"

Well it's not working! I thought i was imagining it so i used a small test program i have for displaying parameters that are passed via the command line... no parameters are passed to it from mercury mail.

It does indeed start the program but it does not pass any parameters containing the email.

I really need this as i need to run a second mail server on the same machine on a different port (it's custom for another website and sends email via http to a url). If mercury can call another program and pass the email then the second program can simply pass the email via tcp connection to my other mail server.

Without the email being passed though, i'm unable to get this working.

Any ideas?

T 20231106 112910 65480d05 Established ESMTP connection to 67.195.204.73
W 20231106 112910 65480d05 421 4.7.0 [TSS04] Messages from 191.96.209.122 temporarily deferred due to unexp
T 20231106 112910 65480d05 Job MO000013 processing complete.

unexp what exactly?

I've noticed repeatedly that the error logs cut off half way through any meaningful message.

Why is this done? - It is not useful at all.

This is likely an Outlook issue, but wanted to see if folks have any ideas.

When sending maiser commands from Outlook (new outlooks or OWA), setting the client to plain text, the commands are failing as it appears there are some trailing characters (line break?) that maiser is including it the command. What does this look like?

From outlook (plain text) send the following without hitting enter for a new line.

Enumerate all-faculty-l

Get a response back from maiser with the following:

Unable to find list 'all-faculty-l='.

If I hit return at the end of the command, I will get:
maiser@lists.scrippscollege.edu
Unable to find list 'all-faculty-l=0A='.

I'm guessing this is something to do with character set used, but not sure how to fix this. I'm in the process of moving this listserver of netware to the latest windows release of Mercury, but wondering if there is a mercury.ini setting.

My other thought would be to try Thunderbird to eliminate Outlook for the mix.

Jeff