Community Discussions and Support

The perfect forum for general discussions or technical questions about Mercury Mail Server.

Brian Fluet posted Feb 1 '18 at 2:06 pm

Hi Joerg,

I have been using ClamAV for many years, probably since ClamWall was introduced in Mercury.  Detections are very common, diverting these messages to a quarantine directory.  I enhance it by including some third party definition files from Sanesecurity.  Def updates are timed based on a setting of your choice in a configuration file.  The default setting is every 10 minutes which I thought was too often so I set it to update hourly.

One shortcoming of ClamWall/ClamAV is that there isn't a built-in detection notification mechanism.  The workaround is a utility called CWscan written by Paul Whelan.  When executed, it scans the quarantine directory for new files, creates a .cnm file for each one containing relevant info about the detection, and writes it to a directory (mounted as an added mailbox), then moves the scanned messages to an archive directory.  As for overhead, I don't have a sense that it is of significance although I believe my mail volume is a good bit lower than yours.  I don't know whether higher volume=noticeable overhead.

Is ClamAV necessary?  Probably not, but I think the Sanesecurity defs help keep suspicious messages out of the user mailboxes.  False detections occur but are very rare.

You're welcome to email me directly if you care to discuss in more detail.

FJR posted Jan 19 '18 at 9:15 am

Hmm ... in the not so far future Mercury should be able to handle IPv6. This means i.e. filtering on IP should be upgraded to V6.

Bye    Olaf


jbanks posted Dec 15 '17 at 5:37 am

I have the same setup outlook 2010 and mercury.  It works fine for me.  Just did a session log which I provided below in case you can see something in it that helps.

It doesn't look like yours is logging in?  The peer certificate thing popped up for me as well.

I wonder if you try providing the username and password instead of saying use same as pop will fix it.  That is how mine is set. under More settings | Outgoing server i have "my server requires authentication" but I am providing the username and password.

00:26:25.244: --- 15 Dec 2017, 0:26:25.244 ---
00:26:25.244: Accepted connection from '', timeout 900 seconds.
00:26:25.307: Connection from, Fri Dec 15 00:26:25 2017<lf>
00:26:25.307: << 220 ESMTP server ready.<cr><lf>
00:26:25.322: >> EHLO JimmyB<cr><lf>
00:26:25.322: << Hello JimmyB; ESMTPs are:<cr><lf>250-TIME<cr><lf>
00:26:25.322: << 250-SIZE 107286400<cr><lf>
00:26:25.322: << 250-8BITMIME<cr><lf>
00:26:25.322: << 250-AUTH CRAM-MD5 LOGIN<cr><lf>
00:26:25.322: << 250-AUTH=LOGIN<cr><lf>
00:26:25.322: << 250-STARTTLS<cr><lf>
00:26:25.322: << 250 HELP<cr><lf>
00:26:25.400: >> STARTTLS<cr><lf>
00:26:25.416: << 220 OK, begin SSL/TLS negotiation now.<cr><lf>
00:26:25.588: [*] SSL/TLS session established
00:26:25.588: [*] AES256-GCM-SHA384, TLSv1.2, Kx=RSA, Au=RSA, Enc=AESGCM(256), Mac=AEAD<lf>
00:26:25.588: [*] No peer certificate presented.
00:26:25.588: >> EHLO JimmyB<cr><lf>
00:26:25.588: << Hello JimmyB; ESMTPs are:<cr><lf>250-TIME<cr><lf>
00:26:25.588: << 250-SIZE 107286400<cr><lf>
00:26:25.588: << 250-8BITMIME<cr><lf>
00:26:25.604: << 250-AUTH CRAM-MD5 LOGIN<cr><lf>
00:26:25.604: << 250-AUTH=LOGIN<cr><lf>
00:26:25.604: << 250 HELP<cr><lf>
00:26:25.666: >> AUTH LOGIN<cr><lf>
00:26:25.666: << 334 HDFSLKjdfskchnge<cr><lf>
00:26:25.682: >> sdflkjfchangea;<cr><lf>
00:26:25.682: << 334 dfsalkjYUYsdlkjchange<cr><lf>
00:26:25.682: >> dfsalkjdfschange<cr><lf>
00:26:25.697: << 235 Authentication successful.<cr><lf>
00:26:25.697: >> MAIL FROM: <><cr><lf>
00:26:25.713: << 250 Sender OK - send RCPTs.<cr><lf>
00:26:25.713: >> RCPT TO: <><cr><lf>
00:26:25.713: << 250 Recipient OK - send RCPT or DATA.<cr><lf>
00:26:25.729: >> DATA<cr><lf>
00:26:25.729: << 354 OK, send data, end with CRLF.CRLF<cr><lf>
00:26:25.760: >> From: "Jim Banks" <><cr><lf>
00:26:25.760: >> To: <><cr><lf>
00:26:25.760: >> Subject: test 2<cr><lf>

Chris Bolton posted Dec 9 '17 at 9:14 pm

Thanks. Yes, I understood you, and checked there were no connections at all and no .lck file when the problem client tried to log in. Although, for info, I have tested with another remote client and in that case it will connect even if there is a .lck file as result of a local client being connected.

I suspect it is to do with SSL and will try setting that up again from scratch.

Math posted Nov 30 '17 at 8:34 pm

It is solved. The solutions are:

1. Create an admin account for the Mercury Service: Create account 'Mercury Service'. Make this account member of the group 'Administrators'.

2. At the Mercury Service set this account for starting the service.

3. Restart service. 

For Outlook:

When delete the folder use the key 'shift' and click with your right mouse button on the folder for deleting. Select 'Delete Folder'.

If you don't use the key 'shift' Outlook want to move the folder to 'Deleted Items' and that's failing.



GordonM posted Nov 15 '17 at 3:42 pm

Thanks Brian.  What you are doing makes complete sense to me, as you are only running one instance of Mercury D.  I am now rebuilding my server using the new installation of Mercury.



Greenman posted Nov 10 '17 at 12:07 pm

[quote user="Joerg"]

...  They immediately recommend to remove programs like Mercury because it is no real server software and longer not maintained by the developer.


That's the easy way out - does not require thinking on their part. A bit like throwing the baby out with the bath water - they don't consider for a moment why the issue might be occurring, not realising that if you understand the cause you may be able to mitigate it, even if they think software is unsupported.

Mrpush posted Aug 4 '17 at 4:00 pm


Well your suggestion got the gear moving....I tried pausing MercD, then closing Mercury and restarting and pausing it, both no go.  What did do it was a machine restart, pause all services, and then add!  Not sure the pausing all was necessary but that is what I did and it finally stuck.

Got it saved now.




Greenman posted Jul 31 '17 at 5:20 pm

[quote user="ruler"]hi, i seem to have a few problems with someone hacking my mercury mail server and sending thousands of spam emails. Is there a way to limit how many emails can be sent per user or total sent per day? it is not a fix i know but it may help limit the amount of junk sent out. thanks[/quote]

How are you using Mercury/32 on your network? If you have disabled relaying controls and have open SMTP access then your server will be abused (and then blacklisted).


 We've investigated further and actually the killfile was working fine. Our mail client (not Pegasus) writes addresses to the killfile but also sends an automated response telling the mail sender that their address has been blacklisted (just in case they are genuine). It was a bug in the automated response that was causing the crashes. We haven't found out exactly what, but we have definitely pinpointed the root cause. Again, many thanks for everyone's help.


Best Regards




Thanks Rolf.  I have been waiting for more evidence of this problem.

Today, I have received three messages from the same person.  One containing only text and one with images and a subject line were forwarded as expected to the two external accounts for which I have set up entries in Mercury's Global Filtering.  The third message had images but no subject line and wasn't received by the external accounts.   The transactions for all three messages were shown as successful in the SMTPRelay file (in verbose mode).

It occurs to me that my antivirus application might be the culprit.  I am investigating this as well.


FJR posted Jun 13 '17 at 4:29 pm

[quote]ifnot subject has "a,e,i,o,u,1,2,3,4" and body matches "*http://*" weight 51 tag "empty subject link"

but it is catching a lot of messages maybe all that obviously have something in the subject.

Does anyone know where I am going wrong.[/quote]

"has" wants a wordlist. Normaly letters are indicated to be a word by having a blank in front and afterwords: " word " (OK - may be a point or so afterwords and no blank at beginning of subject :-). I think, most subjects will not include these letters and numbers standing more ore less alone. That's gone wrong.

I'm not shure, if one of these is possible, so try it yourself:

ifnot subject matches "" and body matches "*http://*" weight 51 tag "empty subject link"

ifnot subject matches "?*" and body matches "*http://*" weight 51 tag "empty subject link" 

 bye    Olaf

Hide topic messages
Enable infinite scrolling
1 ... 45678910 ... 112
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft