Forwarded emails rejected by provider smtp relay

Many webspace and email server providers now block emails with the wrong FROM addresses even though your Exchange server authenticates via SMTP AUTH with them. This is not normally a problem since all your regular users will be in the right domain – the one that your login to that provider is associated with.

But there is one special case: You can set Exchange to automatically forward incoming emails to an external “contact” in the configuration options of the Exchange mailbox. It’s a nice feature if you want incoming emails (both from external and domain-internal sources) to be copied to an outside mailbox for sync to a smartphone for example.

But: Exchange uses the original (external!) sender’s email address as the sender address in the forwarded email, not the email of the person forwarding. These messages can then get blocked by your provider because the sender address is outside of your domain.

To solve this problem, at least for all users of MultiSendcon, we introduced a new feature in MultiSendcon that allows sending out these emails using a general admin or postmaster email address in the SMTP FROM envelope instead of the one given by Exchange (the external address that would get rejected). The special feature that we added was an option to only replace the smtp from envelope but not the FROM: email header that shows up in the email when it’s later read.

How to use it in MultiSendcon:

  • In addition to the individual provider relay servers you already have in MultiSendcon you need to add one more account as a “catch-all”
  • Make sure to add this account at then end of the account list so that it only gets used when non of the regular accounts fits the sender address.
  • Make this catch-all account apply to “ALL senders” (and all recipients) and switch on the “sender replacement” feature but with the special option to only replace the smtp envelope.

This is how the account could look like:

catchall-for-forwarded-emails

Any questions? Feel free to ask us any time!

What are Hackbots and Botnets?

When we wrote the first version of BotFence we assumed we’d fight off some lone hacker running a script on his desktop computer that tries to brute-force hack our servers. But we found out that the threat is much worse than that in several dimensions:

  1. These bots are much more common than we thought. As an experiment we set up a brand new virtual server in a different geographic location and a previously unused website with no links from our other websites and after little over a day the first FTP probing attempts came in. After about a week we had daily full-scale attacks to FTP, RDP and SMTP with thousands of individual passwords and accounts. Our original starting point was when we found more than 16.000 hack attempts in one day on our own website hosting Windows 2008 server.
  2. The attacks come from dozens of different countries. The #1 position varies. We’ve had frequent attacks from China, Pakistan, India, Ukraine (thought they’d have different problems right now) and Russia. But of course that doesn’t mean the hackers actually are from those countries. It’s very likely hackers use other previously hacked systems to run their bots.
  3. The hackbots are a lot more sophisticated than just scripts that try out a list of different passwords:
    1. We found that they automatically lower the number of hack attempts per hour to prevent detection.
    2. They incorporate other information in their choice of usernames and passwords. For example they use the domain names hosted on a server to form user names. In our case they automatically used “servolutions”, “servolutions-admin” and “admin@servolutions.com” as a username for our server that hosts the domain “servolutions.com”. They did the same with other domains that we had registered on our server but that we had never even used actively.
  4. And we found at the same time that if a bot from one IP address was caught by BotFence the hack attempts from several other IP addresses suddenly changed. For example when we changed the number of failed FTP logins that caused an address to be banned from 10 to 5, catching several attackers immediately, several other IP addresses suddenly changed tack and only tried 4 attempts before waiting a couple hours and try again. Of course the heuristics in BotFence still caught them but this shows that the attack programs are actually communicating between these systems – they comprise a botnet.

If you want to check your own server for traces of previous bot and botnet attacks you can use our free AttackTracer tool.

Better non-deliverable reports in MultiSendcon

We just published a new version v2.86 of MultiSendcon. The change is only minor: The subject lines of non-deliverable reports now includes the reason why the delivery of the email failed.

You can download the new version here. For existing customers the upgrade to this version is free. All configuration settings including all your accounts and the license will be kept when over-installing the new version.

 

Reveal the recipient addresses in Outlook

Do you have multiple email addresses configured in your Exchange mailbox? Then you’ll know this problem: Outlook only shows your name as recipient for all incoming emails, regardless of the email address that was used.
Even if you check the details of the recipient (Outlook will show your ActiveDirectory entry) there is no sign of the exact email address used anywhere.
AddressView for Outlook solves this problem. It works as an Outlook Add-In and shows the recipient email address in the Outlook email window above the usual From, To, CC etc. fields.

This is how your email form looks with AddressView installed:

You can test AddressView free of charge for 30 days and I personally found it quite interesting what I found out when I installed it myself: Finally I could see how many customers still reach us under our old company name and domain (@christensen-software.com).

Download here        Price       More information

Please email or call any time if you have questions or suggestions!

OpenSSL “Heartbleed” vulnerability in POPcon

A security vulnerability in the OpenSSL libraries was recently discovered and widely reported on. Since our products POPcon, POPcon PRO and POPcon NOTES also use OpenSSL for connections to SSL-encrypted POP3 and IMAP servers these products could be attacked too through the vulnerability called “Heartbleed”.
The risk is comparatively low actually because POPcon works as an SSL client so it can only be attacked by the servers it connects to actively. POPcon is not open to attacks by random systems, only the provider POP3 servers you connect it to could run a Heartbleed attack.

We incorporated the latest OpenSSL library fix into our products POPcon, POPcon PRO and POPcon NOTES and published the new version 3.84 on our website.

Our other products are not affected – they don’t use the OpenSSL libraries.

If you are running an older version of POPcon with POP3-SSL or IMAP-SSL connections to your email servers or plan to use SSL in the future you should upgrade (free of charge) to the new version. Your license code and all configuration settings includeing all accounts, usernames and passwords will automatically be imported in the new version. In most cases you will be able to “over-” install the new version directly but in some cases the InstallShield might not allow that because “there already is a version installed”. In that case you can just uninstall the old version (through the Windows control panel) and then install the new version. Still all configuration settings, license, accounts and so on will stay in the registry when uninstalling and will automatically be imported in the new version.

You can download the new version here:

 

We accept Bitcoins now

We like the concept of Bitcoins, the new crypto-currency at lot. And we like the zero transaction fees even more so we added Bitcoins to the payment options for all Servolutions products, effective immediately.

You can now buy all our products with Bitcoins. To make the process straightforward and secure we are using the excellent BitPay.com service. When you select Bitcoins as payment mode at the end of the ordering process a bitpay.com window will pop up showing the amount in BTC and a handy QR code. You can either scan the code with any mobile wallet or click on a payment button to open a Bitcoin wallet software installed on your computer. The target address and amount will already show up preset to the correct values.

252px-Bitcoin_logo_svg

All our prices are still quoted in regular currencies (until Bitcoin exchange rates stabilize a bit more) and the invoices are in those currencies as well, even when you pay with Bitcoins. That way you won’t have any problems with your business accounting.

 

Switch between *Sender* addresses and signatures in Outlook with one click – ChangeSender v3.00 now online

Do you use different email addresses in your Exchange account? We’ve always been too lazy to manage the amount of administration needed to make different sender addresses in Exchange work. That’s why we developed ChangeSender.

With ChangeSender it’s easy to select the sender address from a dropdown box shown in every new email form in Outlook. And for reply’s ChangeSender automatically uses the correct address – the one the original email was received on.

Version 3.0 of ChangeSender adds individual sent-items folders, keyboard shortcuts (just hit Ctrl-1, Ctrl-2, etc. to select your 1st, 2nd, … email address) and automatically switches your email signature to match the selected address and is fully compatible with Outlook 2013.

You can find out more on our web site.

All current customers of ChangeSender can upgrade to the latest version 3.0 for free.

Any questions? Just email us!

How to force Exchange to use a specific network card or IP for sending emails

We originally built MultiSendcon to allow Exchange to send out Emails via different smart hosts for different domains. But the product also allows sending out emails directly without any SMTP relay and allows you to select the specific local IP from which to originate the email from.

It’s a peculiar application but we now have several customers who only needed the product to have their Exchange outbound email traffic go through a specific network card and IP address instead of originating from the lowest IP address present in the system.

So if you can’t live the Exchange default behaviour of always sending out emails from the lowest IP you could just install MultiSendcon with a single non-SMTP-account configured for that.