accept mail for invalid local addresses was already unticked. so far everything looks good now, lots of connection refusals from the same IPs :) genuine register requests are working properly and mail is being sent perfectly. the mail server is under far less stress now. CPU usage is next to nothing and memory usage is very low too. I will keep an eye on it over the next couple of days. I really need to understand more about how this mercury mail server works.

thanks for your support guys, I am very grateful for your help. thanks

Hi, i am not sure what is going on but if i disable or even remove my

registration script from my site, people are still able to register, how

is this possible? i can see in the admin panel of mercury all the bots

trying to register with many being successful. how can they register if

ive removed the registration script? thanks

Are you referring to MercuryB?

No MercuryB is disabled. I totally removed my php registration script from my www folder and people were still registering accounts when i look in my phpmyadmin.

I host mercury mail on my home computer and when i open mercury mail admin i can see lots of bots trying to register with lots of emails being sent and lots being failed. I thought I had everything working nicely until I see all the email activity, just thought it was strange since i removed the registration script. you can tell they are bots because they use email addresses like 3333.viagra@blabla.com ect... I only want people to be able to receive emails after they register or if they forget a password. i had no idea this was so complicated

Apart from verifying the web server setup, make sure that Mercury is set to refuse relaying non-local mail (Mercury S configuration / Connection control / Relaying control / Use strict local relaying restrictions). Check Mercury help for more info if needed.

those settings make no difference. it shows over 500 jobs waiting to be processed with the number going up

If relaying is switched off it's presumably not a Mercury issue, so not much we can do to help. Maybe there is some online forum for the webserver software?

i'm not so sure it is a wenserver issue because i can stop MySQL and Apache and they still come flooding in to on my mercury mail admin panel.

it is like they are not going though the website at all and they are going directly to mercury mail. I was trying to find a way to allow only connections from my own host address but not sure how or where to look. the most annoying thing about it is that it uses cpu and memory not to mention bandwidth.

If you have Mercury on your network it will accept port 25 traffic whatever its source in its default configuration. You can, as you say, restrict access by defining the IP of your webserver as the only IP that Mercury will accept mail from. You can do this by: Configuration > MercuryS SMTP Server > Connection control.

You need to add two entries using 'Add restriction'. The first will block mail from all IP addresses: 1.1.1.1 - 254.254.254.254. The second will comprise just the IP address of your webserver e.g. 192.168.2.16 - 192.168.2.16 and will only allow SMTP traffic from your webserver. The Allow entry will override the Block entry.

shouldn't that be 0.0.0.0 to 255.255.255.255?

I setup on mercuryS   >  Connection Control these restrictions..

IP Range from 1.1.1.1 - 254.254.254.254 and checked Refuse Connections

2nnd restriction is setup as follows...

IP Range from  192.168.1.65 - 192.168.1.65 and checked Allow connections

Under relaying controls i have the 2 top boxes checked e.i.

Do not permit SMTP relaying on non-local mail

and

Use strict local relaying restrictions

0.0.0.0 is a non-routable address and 255.255.255.255 is a broadcast address which refers to 'this network'.

The relaying controls prevent anyone attempting to relay mail via your network i.e. send mail onto other addresses using your mail server as a go-between. For extra confidence you should also check the option to only allow authenticated connections to relay mail. Mail sent to your domain will be accepted. Connection attempts from any IP address other than 192.168.1.65 will be blocked.

i tried testing it out by going to my site and clicking forgot password. in the connection history it shows my IP external IP as blocked along with many others.

in the status and processing area there is still shed loads of activity with hundreds of out going jobs pending and rising fast. lots of jobs complete and incoming jobs complete. not sure how but they still seem to be getting through and it will not send me my forgotten password email. 

It is making me wish i could have it remotely looked at

That means that your local web site is not generating the mail requests, but that they are coming in from outside. The only way you can enforce the restriction is to move Mercury to another computer. Presumably your router is using port redirection to make sure that SMTP traffic is delivered to the web server machine (unless the web server host is acting as the gateway). Your web server software can then use Mercury to handle mail. As Mercury will be on another PC, and will not be accepting SMTP traffic from outside your network, only mail delivered via the webserver will be accepted.

This is a spam issue that you will need to deal with. As Rolf suggested, you may need to instigate spam control elsewhere, unless you are prepared to use a professional mail filtering service. Your problem is that even though the mail is spam, it is still legitimately addressed and thus will be delivered to your network. Do you use any filtering services?

i dont use any filtering services, i am very much a novice with mail servers although i am very experienced with computers in general. I think i have it working now, it seemed i needed my external IP added to the restrictions list and not the local IP. I tested it and got the email sent without problems and to test it properly i used another web browser with proxy and connected using a different IP, the email was sent fine and was received. all other connections appear blocked and the mail servers activity has almost ceased with just IPs connecting and being refused.

I will keep it running for an hour or so and see how it goes, with a bit of luck it may well be all sorted out. so far it is finally looking good. those IP restrictions seemed to be the key to stopping all the unwanted connections. thanks for the help guys i am very grateful. will post back and let you know if everything is working to plan :)

ok its been about 5 hours now and thought i'd post back. with the IP restrictions in place there are a lot of refused connections now and much less stress on the mail server. there are still people or bots that seem to be able to get past the IP restrictions and i can not understand why. there are a lot of emails still being processed and sent out. i have noticed quite a few of the same email addresses keep popping up over and over whilst successfully sending emails, i have no idea why they need to keep having emails sent to them.

the site's registration section was disabled so it was unable to pass emails to the mercury server so i am guessing they are connecting directly to mercury mail server some how and at the same time bypassing the IP restrictions. 

I am not sure that it is the same issue as yours but I have also been trying to manage unwanted attempts to connect via Mercury S.  There are basically two issues.

The first is attempted and incomplete (only three lines in Mercury S window in the Mercury "dashboard") connection attempts.  Fortunately, these are coming from a limited number of IP addresses, so I have fairly successfully blocked them by refusing these IP addresses.  I am still seeing many refused connections from these IP addresses.

The second is that I am seeing a fair number of e-mails, coming from never the same address, which are obviously SPAM.  My antivirus reports that they all  carry a Lockie ransomware payload.  These messages were causing automatic replies from Mercury.  I have stopped these by changimng the delivery confirmation and failure confirmation template files (as defined in Mercury core/Files) so that the originating address, to which the reply would be going, is not used (I have replaced the ~T variable with one of my own addresses. This may not be the best way to do it, but it has stopped auto replies being sent.  These "rogue" messages never seem to come from blacklisted IP addresses (as checked with whatismyipaddress.com).

I am not currently using any of Mercury's daemons for SPAM comtrol, i.e. Spamhalter, Clamwall and Graywall.  I have set up blacklist checking, but I have my doubts that it is working.  Once I have done what I want with global filtering, I am forwarding a copy of each message to a GMail account.  GMail's SPAM management seems pretty good and I get a "clean" GMail inbox and almost no false posotives ending up in the SPAM folder.  I am still experimenting with the best configuration for all of this.  Much of what I have said is mentiomed in the previous post that I started concerning a BEX failure.

Fortunately, the magnitude of my problem is nowhere near as bad as yours!

Gordon

What I am trying to use my mail server for is very basic and strait forward, there shouldnt be anything complicated about it.

Everything is hosted here on this PC that I am using and I only have one PC so its not ove a private network or anything. I have installed a basic website template and done some work on the graphical side of it and added a few extra pages. I later added a registration script which offer 2 options of sending conformation emails via phpmailer or pass the email handling to an STMP server (such as mercury). This all works fine but for some reason bots are targeting the mail server directly and bypassing the registration/reset password files. I tried adding IP restrictions by blocking 1.1.1.1 - 254.254.254.254 and allowing ONLY connections from my External IP but still they get through because I can see them in the Status and Proccessing window. I also noticed they come in waves then all of a sudden it goes quiet with no activity at all for 10 minutes or so.

Clicking on any help option doesnt work, It sends me to microsoft's website saying the files cant be opened and that is why I ask here as I cant get any other help.

If the server is sending out delivery failure notifications you have set it to accept mail for invalid local addresses (MercuryS configuration / General). If you uncheck that checkbox such messages will be refused by MercuryS. Messages for valid local addresses will still be received, but unless you have configured an autoreply no response will be sent out.