Quantcast
Channel: Mercury Community Support
Viewing all 272 articles
Browse latest View live

Spamhalter: sorting out of spam, or marking only?

March 14, 2016, 4:37 am
$
0
0

Hi folks,

During last weeks we experienced an increasing amount of spam. This is annoying us. Until now I use Mercury's filtering ability by spambust.dat only. But therefore I have to maintain the spambust.dat regularly - and this means always running behind.

What are your experiences with Spamhalter, when working together with Mercury? How many Spam is nevertheless passing through or how many false positives are being filtered?

Further, I have read that Spamhalter is marking an affecred mail with "X-Spamhalter" only. But when Spamhalter do this, before Mercury's filtering rules will be applied or after? The background is: I would like to filter all the found spam out, and don't want to forward the spam (marked with X-Spamhalter) to my single user's mailboxes. But in case Spamhalter is checking after Mercury's filter rules applied, I have no chance to filter the spam out before it reaches my users.

Cheers

Joerg

Search

The user you are attempting to become does not exist on this system

March 15, 2016, 7:01 am
$
0
0
This message is coming up when I try to login to every user on our system! The last thing we did before being locked out was to add a new user, change a username, and delete a user. In Windows explorer, the file named PMAIL.USR is empty. Not sure if this is related but any help would be appreciated. 

Using Nod32 (ecls.exe) in policy

March 16, 2016, 10:16 pm
$
0
0

We use Mercury/32 as our mail server and have Nod32 on all our computers, including the mail server.

I would like to create a Mercury Core Module policy to run the commandline version of Nod32 (ecls.exe) on all mail.

Does anyone have this set up and working? My initial brief test resulted in false positives.

I don't have a test environment and there is no option in the Policy setup to test it non-destructively.

The exit codes for ecls.exe are:

0     no threat found
1     threat found and cleaned
10     some files could not be scanned (may be threats)
50     threat found
100     error

Do I need to run ecls.exe from a batch file to make sure that only real threats result in deleted emails?

Regards,

Pat Esler

 

Piping to a PHP file for an inbox that doesn't exist

March 22, 2016, 1:05 am
$
0
0

What I'm trying to achieve is the following example:

User A has an account in the system but doesn't have an email address. When an email comes in, I'd like a PHP file to analyze the email & if the user is in the database, then store pieces of the email in the database. I already have the code for the PHP file but how do I get the file to run when an email comes in? Currently Mercury sees that the user doesn't have an inbox and says the email is undelivered. How can I get around this?

I've tried a policy but it doesn't seem to work.  

MercuryD leave mail on server?

March 21, 2016, 2:43 pm
$
0
0

I have a new relationship with a buying group from which I need to POP invoice emails from their hosted mailbox.  They want messages left on the server for 5 days (an Outlook capability).  I don't see any configuration options that indicate this is possible but thought I would ask.

TIA!

 

Remote SMTP unable to send via Mercury - info only

March 23, 2016, 2:32 am
$
0
0

I had an issue a couple of days ago when one of our remote workers said they were unable to send mail. IMAP was working fine, so they could receive, but SMTP was not so they were unable to send mail. When trying to send (via Thunderbird), a message was displayed asking them to re-enter their password.

I opened the SMTP_Auth.pw file under the MercuryS configuration 'Connection control' tab to grab the password but it was empty. I located the file itself in the Mercury folder and saw that all the username/password entries were present.

Restarting Mercury reloaded the file and the remote worker was then able to send mail. Mercury had been up for about a month which is the average time it is running before being restarted as part of the server's Windows Update installation schedule.

Just posting this in case anyone else has the same issue.

Suddenly Cannot Send Mail Via MercuryC SMTP Client to Gmail

April 1, 2016, 3:22 pm
$
0
0

Hello,

 

Midway through the day on 3/29/2016 MercuryC stopped being able to connect to Gmail's SMTP server.

 Since then I only see the following error in MercuryC's log file:

Connection error during handshake with smtp.gmail.com.

 failed.

Error FF servicing queue job.

Any help would be greatly appreciated.

 Thank you,

Harry Fuller 

MercuryE - connection error during handshake with 212.227.15.9

April 11, 2016, 4:17 am
$
0
0

Hello .... 

i am configuring a send mail in a webhost test server of the company were i am making my education  

in this configuration i use the MercuryS and MercuryE and the mail problem is when i try to send a mail to the GMX servers somehow i get :

"connection error during handshake with 212.227.15.9"

"connection error during handshake with 212.227.15.5"

everytime i try to gmx.de.

when i send to GMAIL, HOTMAIL, OUTLOOK etc etc , the mail is sended without errors. so i think that everything is configured correctly. Or am i missing something?

here is a copy of mine .ini from mercury.

 

Search

HowTo dynamically change Mercurys behavior from the command line?

April 18, 2016, 4:27 am
$
0
0

Hi,

how can I dynamically enable MercuryS Session logging for a single IP address (and/or blocking for a single address)? I don't mind to disable it manually later.

Why?
We're under some SMTP AUTH attacks (up to 2.500 per try).
Whereas Mercurys hopefully just blocks these tries the lack of forensic logging (each single attempt only produces a line "T 20160418 130122 570a35ad AUTH LOGIN") makes it easy for abuse depts to "don't believe" a report.
That's why I would like to enable session logging for such addresses as soon as it starts to happen. Manually it can be done using config | MercuryS | connection control.

I can just
echo 8 2.3.4.5 >> C:\Mercury\MERCURYS.ACL
but how do I make Mercury recognize this config change without killing mercury.exe (loader loads it new)?

 

Thanks!

Two hosts for sending mail

April 18, 2016, 8:23 am
$
0
0

Hi

We use the latest version of Mercury/32 on a Windows 2008 64bit Server.

We have recently changed our mail filtering provider to Proofpoint.

I had a global mail filtering rule set up that was configured so that mail received for happy.joe@domain.com is forwarded to happy.joe@gmail.com

Because Proofpoint have accepted and delivered the message for happy.joe to our server, when the rule forwards that same message back out again to gmail.com, Proofpoint regards this as relaying and refuses to accept delivery of the message and gives a 554 5.7.1 relaying denied DSN:

08:18:41.409: --- 18 Apr 2016, 8:18:41.409 ---
08:18:41.411: Connect to 'outbound-eu1.ppe-hosted.com', timeout 60 seconds.
08:18:42.449: >> 220 mx2-eu1.ppe-hosted.com - Welcome to Proofpoint Essentials ESMTP Server<cr><lf>
08:18:42.450: << EHLO domain.com<cr><lf>
08:18:42.493: >> 250-mx2-eu1.ppe-hosted.com<cr><lf>
08:18:42.494: >> 250-PIPELINING<cr><lf>
08:18:42.495: >> 250-SIZE 1024000000<cr><lf>
08:18:42.496: >> 250-ETRN<cr><lf>
08:18:42.497: >> 250-STARTTLS<cr><lf>
08:18:42.498: >> 250-ENHANCEDSTATUSCODES<cr><lf>
08:18:42.499: >> 250-8BITMIME<cr><lf>
08:18:42.500: >> 250 DSN<cr><lf>
08:18:42.503: << MAIL FROM:<smiling.fred@giggles.com> SIZE=34519<cr><lf>
08:18:42.545: >> 250 2.1.0 Ok<cr><lf>
08:18:42.546: << RCPT TO:<happy.joe@gmail.com><cr><lf>
08:18:42.608: >> 554 5.7.1 <happy.joe@gmail.com>: Relay access denied<cr><lf>
08:18:42.612: << QUIT<cr><lf>
08:18:42.654: >> 221 2.0.0 Bye<cr><lf>
08:18:42.655: --- Connection closed normally at 18 Apr 2016, 8:18:42.655. ---
08:18:42.656:

I have asked about this and our support guy has said that the only way around this is to deliver mail destined to the gmail address via a different host. We presently use MercuryC which has Proofpoint's address defined as the smarthost.

This is proving to be a problem. The person concerned can't get their phone to connect via IMAP to our server (everyone else can), and they really need access to these messages when away from the office.

I've not thought this through properly, but a solution may be to set up another instance of Mercury/32 on a different server, configure it with the same account details - happy.joe@domain.com, and set up MercuryE (end to end delivery). The forwarding rule on the original server can forward messages to happy joe on the second server which can then forward the messages to happy joe's gmail account via MercuryE. However, the original server would try to send the messages via the Proofpoint smarthost. Can Mercury/32 be configured to recognise another 'local' server and be configured to deliver selected messages to it?

Anyone done this? Can anyone think of another (better) way to do this, please?

Thanks

Attachment filtering and base64 encoded .zip

April 25, 2016, 11:00 am
$
0
0

I have an attachment filter that is supposed to delete those with a "zip" extension and it has been doing a great job except for two that came through over the weekend.  The filename clearly contains the .zip extension but the file content is base64 encoded.  Would this cause the filter to fail? 

Here is a snippet from the raw view:

--4CA8FCE160E68FB68CD761829765--
--5C7A9510E16D0359420EB3502814
Content-Type: application/zip; name="missing_quickbooks275.zip"
Content-Disposition: attachment;  filename="missing_quickbooks275.zip"
Content-Transfer-Encoding: base64

UEsDBBQAAgAIAJWimUipl2urdBsAAIw4AAAqAAAAcXVpY2tib29rc19leHRyYWN0X21pc3Np

 

Email Max Size Limit

April 29, 2016, 10:35 am
$
0
0

Hi,

 I am having difficulty using the Mercury SMTP mailer. I am sending emails but they seem to be limited to 32KB. How do I increase the max file size?

 

Thanks,

 

James 

Canonical name and EHLO for Mercury receiving mail on dynamic IP

April 30, 2016, 4:26 am
$
0
0

I run Mercury on my home broadband connection and having changed ISP I no longer have a static IP.    I send outgoing mail via a smarthost and MercuryC, no problem.

For receiving mail, I have registered on duckdns.org and have a subdomain there that points to my current dynamic IP. I've set the MX of my domains to this and I receive mail. However, I am a little concerned that I can't set Mercury up to be fully compliant, with a valid PTR record and EHLO. How much does that matter for receiving mail, and is there any recommendation for what I should set the canonicial name and EHLO to in mercury.ini?

Thanks

Email Content Not Downloading on iOS Devices from Mercury IMAP

May 1, 2016, 10:02 am
$
0
0

I have been using Mercury for many years and I have always had a problem with receiving of emails completely in my iOS devices over IMAP. If I use Thunderbird, it will download the complete content of the emails and in the iOS devices it will only retrieve the headers close to half of the time. When you select any of the emails that are not there on the iOS devices, it will sit with the spinning wheel and most of the time not complete the retrieval. On the same iOS devices it will retrieve the emails from our company Office365 server and also from Gmail with all the content. It is only on some from the Mercury connection. I am using SSL on port 993 as the connection method and it does not have a problem connecting. For any of the emails that will not complete, if I connect with Thunderbird or Pegasus, they load without any problem. I wanted to see if anyone else has seen this and how (if) you have resolved it.

I'm not sure if the logs or something would help best to find the root cause to the problem. Looking for some help.

Thank you. 

iPhones and IMAP

May 2, 2016, 8:27 am
$
0
0

iPhone users connecting via IMAP are unable to use Pegasus Mail when in the office because their iPhones maintain an IMAP connection.  We can't figure out how to break that connection.  I was surprise that turning off the phone left the connection in an open state.  Can anyone offer advise on how to deal with this?  My web searching has not turned up anything useful.

TIA

Search

Mercury IMAP problems

May 2, 2016, 4:09 pm
$
0
0

We have been fighting IMAP problems for some time now.  Probably the worst has been users who are trying to connect with more than 1 device at the same time.  If one of the clients is Thunderbird, It will regularly report "Folder in use by other connections".  Others will fail in more subtle ways.  Very commonly a user will delete (move to trash or whatever their deleted messages folder is named) a bunch of messages from the inbox and all will be well for a while and then the user notices that the deleted messages have all come back into their inbox and there is a copy in the trash folder.  We know that this is caused by the remote client being connected when Mercury crashes.  This situation is compounded by the fact that it is difficult at best to shut down the email client on cell phones and tablets, either IOS or Android, and even more difficult to get users to even consider trying to stop the client on whatever device.  I see a few recent threads hinting that others are seeing similar issues.

  It would be very helpful if there were an option to force Mercury to expunge at the very least the inbox either as soon as a message is moved out or very soon after doing so instead of waiting for all of the connected clients to disconnect.  As I mentioned above it is almost impossible to get phone users to disconnect which compounds the problem.  A quick test shows that having a desktop client compact the inbox immediately after deleting a bunch of messages out of the inbox does help, however again a training issue for remote users scattered all over the globe.

  As to the cause of the crashes, the occasional ones that happen sometimes only every several days and other times several times a day.  The situation has improved considerably after the updates that were done just before the release of 4.8, however with increased traffic we are getting back to the point of lots of angry users.  We have identified one source of Mercury crashes that was less than apparent.  Running in Netware mode, if someone sends and email addressed to a Netware user that has no home directory defined, a user that should never receive email but .... Mercury will start to crash repeatedly until the message that caused this situation is removed from the queue.  I would expect it would be fairly easy to implement a simple test in the code to detect and mitigate this issue.  We believe we have a band aid solution, however we probably have a lot more users on the system that have no reason to do email or have a home directory than those that do. 

   One more related question, we have the Windows machine that Mercury is running on configured to reboot every night in the middle of the night.  Can anyone address whether or not Mercury handles dealing with messages in the inbox that may have been marked for deletion properly when it is shut down gracefully?  In other words, should we loose the midnight reboot?  It was added some time ago as it seemed to make things a bit more stable.

Responding to SPAM address

May 5, 2016, 3:32 pm
$
0
0

I have recently been receiving SPAM e-mail to which Mercury seems to be automatically replying.  In the Mercury Core Process Window, the sender is shown as local with username < >.  I am not sure how this has been generated.  I have looked through the Mercury configuration and not found anything that would suggest that such e-mailsare automatically answered.  I am concerned because Avast is reporting that the payload is a locker virus, which I believe is related to ransomwayre.

Thank you

Gordon

 

Filtering: how to COMPARE SENDER against RCPT

May 9, 2016, 8:29 am
$
0
0

Hello Community Support,

 

my name is Michael and I am a newbie, thereforebe kindwith me, please.

I also searched before, but did not find some helping answer to my problem, so I will ask here. 

Is there any possibility with transaction-level expression filtering, or general- or global-filtering for that:

 

seen in Mercury SMTP Server: 

MAIL From:  abc@def.gh

RCPT To:  abc@def.gh

 

seen in Mercury Core Process:

17:02:10: Job MGxxxxxx: from: abc@def.gh [local] To: abc@def.gh [local] -OK

 

I want an expression that leads to a reject or a remark in Header (like X-Blocked) if "from" is EQUAL to "to:"

I know that EVERYBODY could be SENDER (and produce SPAM) if the recipient is local, but most of spam (at me) is produced by that sender=recipient.

 

Do you have an idea for that?

 

Thank you a lot in advance.

Regards, Michael. 

Delivery Failure: Auto-failing primary server marked as bad ??

February 18, 2016, 7:29 am
$
0
0

I am using Mercury 4.8 with SSL enabled on MercuryE.  I had a message fail delivery, and this is the error message: 

-------------------------------------------------------------------
*** service@relaxedheatingandair.com
Auto-failing primary server '50.20.30.21' - marked as bad.
Auto-failing alternate server '50.20.30.21' - marked as bad.
-------------------------------------------------------------------

I looked in the MercuryE log, and it attempted multiple times to deliver this message, and each time it had this same error.  What does this mean?  It looks like MercuryE is failing without trying because it thinks the IP address is bad for some reason?  Does this have anything to do with the SSL option being enabled?

 

UPDATE:  I turned on session logging, and re-sent the email.  This is what is shown in the session log:

08:31:26.674: --- 18 Feb 2016, 8:31:26.674 ---

08:31:26.799: Connect to '50.20.30.21', timeout 60 seconds.

08:31:27.799: >> 220 mx1.cbeyond.com ESMTP<cr><lf>

08:31:27.799: << EHLO mail.handyaddressbook.com<cr><lf>

08:31:28.361: >> 250-mx1.cbeyond.com<cr><lf>

08:31:28.361: >> 250-8BITMIME<cr><lf>

08:31:28.361: >> 250-SIZE 70254592<cr><lf>

08:31:28.361: >> 250 STARTTLS<cr><lf>

08:31:28.361: << STARTTLS<cr><lf>

08:31:28.440: >> 220 Go ahead with TLS<cr><lf>

08:31:28.533: [!] OpenSSL reported errors during handshake - error queue follows:

08:31:28.565: [!] -------------------------------------------------------------------------

08:31:28.580: [!] error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error

08:31:28.580: [!] -------------------------------------------------------------------------

 

So, it seems there is a problem MercuryE is having connecting to this server over a secure connection.  I am able to send email to this email address through my gmail account without issue.  Any ideas/suggestions? 

Thanks,

Mark 

Expression filter question

May 17, 2016, 1:15 pm
$
0
0
I  have seen some mail coming in as replies to messages sent by my users that got tagged as spam ('[SPAM]' added to the subject line) by the recipient but they left the spam tag in the subject line.  My mail host uses spamassassin to do the same thing which I filter on using a header filter that looks for [SPAM] in the subject header.  Obviously these replies are getting filtered so I attempted a workaround that failed and I need help figuring out why.  I replaced the header filter with an expression filter that detected: Subject: [SPAM]*.  It failed to detect any [SPAM] tagged messages.  I double checked for typos and spacing but no joy.  A look at the manual shows the bracket symbols as defining a set of characters so before I load the users mailboxes with spam again I thought I would ask for some help.  I am thinking this should work: Subject: [[]SPAM[]]*.  Thoughts please.
Viewing all 272 articles
Browse latest View live
Search