I was experimenting with MercuryE. I run Mercury on a dual-homed Windows PC with two ISPs and two external IPs, IP1/ISP1 and IP2/ISP2. Both IPs are nominally dynamic. The ROUTE command on the PC is set up so IP1 is the preferred interface for initiating outgoing to the Internet. As it turns out, IP1 is on the Spamhaus PBL but IP2 is not. I want to test IP2 for outgoing email but still use IP1 for general outgoing Internet. (IP1/ISP1 cannot be made static; IP2/ISP2 can be made static.) I see no way to set the interface parameter for MercuryE. I want to listen on both interfaces, so I don't want to use the SMTP server's "IP Interface to use" configuration parameter. If I make IP2/ISP2 static and exclusively send with it, I should be able to send my own email without worrying about both the PBL and using a third-party sender. Is what I want to do currently possible and I'm missing something? (In case you're curious, yes, I require auth to send.)
If you have suggestions or special wishes for Mercury here is where you make your voice heard.
Hi David,
just got a error message "Message delivery status" and thought, it would be nice to have that little bug corrected with upcoming Mercury:
Message details:<br>------------------------------------------------------------------<br>Originally submitted: 3 Dec 18, 9:22:57<br>Originator address: <O.Erkens@wiwi.tu-dortmund.de> <br>Message's subject: =?iso-8859-1?Q?=DCbungsblatt_4?=<br>Message's ID: <72BF0.5C04F5F3.03E8@wiso.tu-dortmund.de><br>The subject should be decoded (generally in all error messages) - doesn't look good :-)
Bye Olaf
Some time ago I downloaded a daemon from you that fixed this very issue for me. Hope you don't mind me sharing this. I'm surprised really that David doesn't build this into the software..
At 17:09 2017-11-24, Jim Banks
wrote:
I had been seeing these connections
constantly and when I looked in my log noticed that the same ip has been
connecting to me for weeks trying to hack in (presumably trying different
passwords each time. Is there any way mercury can be configured to block the ip
after so many failed attempts. I have them locked out now, but it would be
better if mercury automatically took care of this for
me.
Mercury should block repeated
failed AUTH attempts if they happen within the same SMTP session. This is
usually not the case though. Multiple AUTH failures from the same IP address but
in separate sessions can however, if frequent enough, be caught by my SMTP Event
Daemon. If you would like to have a look at it you can download it here: / Rolf
Ooo!! Do we have a release date yet - because the developer blog is quite a bit out of date...?
I use many filtering rules for a presorting of all incoming mails. Sometimes i want to know, which rule was activated. The message "job killed by filtering rule" does not really help.
That's great news, Rolf. Thanks for the update :)
You're welcome. Nice to hear it is working now.
Jyrki
It appears to me that DKIM can simply be implemented by writing a Mercury daemon, with the daemon parsing all the necessary fields, and adding the required headers to the outgoing message.
Unfortunately, all the are rather abstract, and do not show any example code, or pseudo-code at all, of a simple message, with an example public key, private key, and a verified message with all the required headers.
Hello David,
Thank you for your very detailed response. As far as I understand, it should primarily support PFS and choose that kind of ciphers with higher priority. Ciphers with a higher encryption should in general always be priorized. Older ciphers don't have to be banned, unless they are considered insecure (because of outdated/depricated) or flawed.
I did some online testing with a online smtp ssl checker: it showed PFS were not supported, but after enabling mercurys session logging I've seen that:
ECDHE-RSA-AES256-SHA, SSLv3, Kx=ECDH, Au=RSA, Enc=AES(256), Mac=SHA1
DHE-RSA-AES256-GCM-SHA384, TLSv1.2, Kx=DH, Au=RSA, Enc=AESGCM(256), Mac=AEAD
ECDHE-RSA-AES256-SHA384, TLSv1.2, Kx=ECDH, Au=RSA, Enc=AES(256), Mac=SHA384
are often negotiated for encrypted communication. These are PFS ciphers. So the online testing doesn't seem to be reliable.
The person of the Data Protection Authority we are in contact with is an IT-Professional. I've heard from him that he had already contact with other mail server developers to help them out with all these issues. I've heard also that they have their own software for testing purposes. My suggestion: I will get in touch with him, show him this thread and ask him to get in direct contact with you. I think that would make more sense.
Thanky you very much in advance.
Claudio
Just wanted to say thank you for adding SSL support to the MercuryE (Client SMTP) module. Since Gmail started displaying the notification about non-encrypted mail I was really happy to see version 4.80 added that feature, and made it simple to start encrypting. Keep up the good work.
P.S. I tried to send this by your contact form at: http://community.pmail.com/pmail/Feedback.aspx but it kept saying "Wrong code" despite me being pretty sure I was typing in the correct codes. I tried like 5 times, and the codes are pretty clear, so it seems like that form is broken.
Hi !
Is it somehow possible to verify the IP of the sender by a DNS MX Lookup ?
Either by IP of sender or domain of senders address ?
Thanks for a short reply
bitbo
All,
On startup after the from v4.74 to v4.80 MercuryI failed to load throwing a "No such file or directory" error. I tracked the problem down to the path to the certificate in the MercuryI section of mercury.ini file. The previous certificate was named "imapcert" which v4.80 obviously did not like. I run in a second Mercury instance in which I run MercuryS so I copied its newly created certificate, then modified the path in the .ini. My suggestion is to consider whether it would be feasible to allow access to the module GUI after encountering an error like "No such file or directory".
One other suggestion is to provide the ability to create a certificate from outside of the modules so as not to be dependent on a module starting up in order to create a certificate.
Thanks for providing this Nenad. I've had a few instances of dubious messages coming through recently which this should help with. I haven't had experience with Policy Tasks but through some investigation, it looks like you need to escape the double quotes you added around the ~F argument.
So
Task: "ZIP-EXE",17,0,"C:\\MERCURY\\ZIP-EXE\\zip-exe.bat ~X ~R "~F" ~Z","","",0,"Admin"
becomes
Task: "ZIP-EXE",17,0,"C:\\MERCURY\\ZIP-EXE\\zip-exe.bat ~X ~R \"~F\" ~Z","","",0,"Admin"
If this isn't done, some of the fields in the 'Edit policy task' dialog are incorrect, namely:
Commandline: C:\\MERCURY\\ZIP-EXE\\zip-exe.bat ~X ~R
Sentinel file: ~F" ~Z"
Parameter: 0
Thanks again
Hi all,
Is it possible to use the "label" function ( thunderbird) with mercury server and IMAP?
Some mailservers have the option to save the label on the server, when opening the same mail on a other computer the label is showed there too.
This wouled be a great function to use with mercury server!
Rene
Hello,
I have just solved a problem with that parameter.
I am testing version 4.74 and found that e-mails read from one client with the option "leave a copy of the messages in the server" active could not be read by anyone else because the option "offer..." overlaps the option "leave..." and Mercury serves the message only once.
The option should be off by default or, even better, be removed from options available.
Edited: should be in Mercury Suggestions... Sorry.
Yes, this would be a nice option!
Yesterday i wrote a new post about this.
Hope it can be a function in V5 !
Rene
Thank you Rolf.
I installed Mercury yesterday, and have too many other problems right now. I will come back to this option later.
Bernward
Hi All,
I was wondering if v5 and the new mailstore engine will support this. At the moment the "Expunge" command fails with "folder in use by other connection" if there is more than one active IMAP connection for that folder. Since we all use mobile phones, tablets... (especially with the crappy iPhone/iPad which does never close mail connections until you shut down the device), this functionality is mandatory in my opinion.
Any news about that?
Best
Konrad
Good and Bad News!
First, the bad news is that the trailing asterisk in .ru/B* did not help.
In the above two rules, each of the 13 caught by Russia was
also caught by Russia B. Each of the 12 missed was missed by
both.
Good news is, after closely analyzing the hex in what was caught and missed, I think I finally figured it out.
The catch is when there are 2 CRLF adjoining the .ru: www.somewhere.ruCRLFCRLF next line may be blank or may have text CRLF (or sometimes no next line at all)
The miss is when it is followed by only 1 CRLF: www.somewhere.ruCRLF (next line is blank in the ones I looked at) CRLF
So, it appears the bug is not at EOM, but at the end of a line.
Mike
[quote user="jessicarabbit"]The ClamAV world seems in flux. ClamAV now seems to be Immunet.[/quote]
ClamAV is still ClamAV and they produce a Windows version of the product available . Immunet was a separate company who developed a 'cloud-based' Windows anti-virus product with ClamAV. The Immunet version is not suitable for use with Mercury.
[quote]In an effort to get ClamWall running, I ended up downloading ClamWin and pointed ClamWall to the bin directory. The Question then became "Is it working". I have not figured out how to tell.[/quote]
ClamWin from www.clamwin.com is a different product that does not contain the clamD module that Mercury needs.
You can go to http://sourceforge.net/projects/clamav/files/clamav/win32/ and download the latest ClamAV version - *i386* for 32-bit or *x86_64* for 64-bit install.
(There are other Windows versions at http://oss.netfarm.it/clamav/ and http://hideout.ath.cx/ClamAV/, although the last one has not been updated for some time.)
[quote]One of the things I love about Mercury is what I call "Visibility". It is reasonably easy to tell what it is doing or not doing. Please extend this concept for what ever resource we are using to do anti-virus checking and display some form of verification, status, log entry, etc. that the virus checker is alive and processing the mail. This goes for the other add-ons as well.[/quote]
One thing you can do is examine the ClamWall log file regularly and look for error lines. There may be tools out there to automate that task as well.