Hexamail Documentation

Antispam

GDPR and Regulatory Compliance

Email Routing

POP3/IMAP Downloading

Archiving

Email Server

Authentication and Security

Email Client

Developer tools and Webhooks

General

Product Reference Guides

The pattern matching proves robust to changes to the detail or individual wording of SPAM emails. The use of patterns ensures that SPAM can be caught even though individual words may change or be altered in an attempt to circumvent filtering. Updates are automatically downloaded by the software over the Internet

when required to catch entirely new forms of SPAM or improve the efficiency of other rules and heuristics

Yes - there a relocal filter lists in addition to centrally updated lists managed by Hexamail

Typically this indicates a partial install or upgrade. Often because the admin was not able to be closed on upgrade, or took a long time to exit and the upgrader could not install the new file. To fix this, right click the system tray admin icon and choose Exit and then rerun the upgrade installer.

If problems persist please contact Technical Support

usually this is because the browser has cached an old CSS stylesheet for the web interface. Hexamail version their stylesheets but some browsers still cache old versions. To rectify this press Ctrl-F5 in the browsers affected.



If the web interface still appears badly formatted then check that the Hexamail Admin/Web Interface/Templates have not been customized and if they have revert to the default templates until the recustomization can be performed with the new web interface styles. You will need to press APPLY and stop and start the service to cache the standard web interface templates. Then refresh affected browsers using Ctrl-F5

Perform the following actions in this order:




a)  Stop and exit the Admin GUI on all machines on which it is running (including the server, if necessary) by right-clicking the Hexamail icon in the System Tray/Notification Area at the bottom-right of the screen and choosing Exit


b)  Install Hexamail onto the new server, or onto the new drive/directory on the current server


c)  Stop the new Hexamail service on the server (for example by right-clicking on My Computer, choosing Manage, then Services, then stopping the appropriate service)


d) Exit the admin on the new server by right-clicking the system tray icon and choosing Exit


e) Delete the file 127.0.0.1.*.cfg in the new installed directory


f)  Copy the Hexamail product settings from the original location to the new location, as follows:


- copy all the .cfg files in the Hexamail root directory, e.g. hexamailguard.cfg but not the cfgml files!


- copy the licence file .licml in the Hexamail root directory


- copy the entire data/ directory and subdirectories


- copy the stats/ directory (to retain statistics)


- copy the logs/ directory (to retain your logs)


- copy the archive/ directory if it is present (to retain any archived data)


- copy all the directories beginning email (many of these may be empty)


- copy any feeds subdirectory to the new location 


This will transfer all the Hexamail settings to the new installation. 


g)  You can now start the Hexamail service on the server, and any Admin GUIs.

In Exchange 2000-2003:

Right-click the Default SMTP-Server in Exchange System Manager and choose Properties. Then go to the Delivery tab and choose the Advanced... button. In the Smart Host field enter the fully qualified name of the server where Hexamail runs. If Hexamail Guard is on the same machine, enter [127.0.0.1] (include the brackets). Then Press OK. Now choose the Outbound connections button and enter the port of the Hexamail server if it differs. Normally Hexamail is running on port 25, so you should probably not need to change the default. Then make sure Hexamail Guard is configured to add outbound recipients to white list by enabling the "Auto allow recipients of emails from this domain" option in the SMTP Server/Sender page.

In Exchange 2007 onwards:

Hexamail should have added a SMTP Send Connector called Hexamail Outbound during the initial setup. If not, or if this is not working you need to check the send connectors you have configured in Exchange. It may be that an existing connector is overriding the Hexamail send connector and sending email directly to the Internet or a smarthost. You can check each send connector outbound settings and ensure it is sending email back to Hexamail.

1)Open the Exchange Management Console

2) Select Edge Transport, if you have a single server select Organization Configuration and Hub Transport

3) Click on the Send Connectors Tab.

Now you need to identify which connector is utilized currently for Internet bound email. If you have a simple environment there may only be a single connector configured in which case that is probably the connector you need to modify. If there are multiple connectors we will need to examine the settings on the various connectors to determine which is used for Internet email.

Click properties on each connector and look at the Address Space tab

Specifically look for a connector that is configured with an Address Space of * SMTP which indicates this is responsible for * (ALL) email other than those with internal names space

Usually something has changed or stopped the Microsoft SMTP service 



1) The smtp server you are sending to is not/no longer on the same port (check the receive connector settings in Exchange)

2) The smtp server you are sending to is not/no longer accepting connections from the IP with Hexamail on it

3) The smtp server you are sending to has stopped/has not started after a reboot. If the SMTP service is disabled you need to go to Windows Services and set it to Automatic and then start the service.

4) The hostname can no longer be resolved to the Exchange machine. This can happen if network DNS changes have taken place or you have renamed or reassigned a new IP to the machine. If you are using Hexamail and Exchange on the same machine its best to use 127.0.0.1 as the IP address.

5) The network is no longer available. Check your network connectivity.



You can always test connectivity to the smtp server using the Test Connection button in the Hexamail admin interface or by using command line telnet:



>telnet  



e.g.



telnet 127.0.0.1 25



You should get an SMTP greeting banner.

Type QUIT and press return to exit

Be sure to stop the service before performing any of the following:



Automatic whitelist: It is stored in the file data/xxr.dat which can be backed up or restored from backup to save or restore the whitelist. 



User whitelists: Run the command line 

hexamailguard.exe -exportuserwhitelists whitelistfile.csv 

to export and 

hexamailguard.exe -importuserwhitelists whitelistfile.csv 

to import.



Configured whitelists: Whitelists that appear in the admin/cfg file can be backed up and restored by either saving and restoring the entire .cfg file or by locating the entries in the file using wordpad such as AllowedSenders=

Hexamail lists the certificates using the MS SSL certificate API.



In some cases your new certificate or the one you wish to use wont be listed for the Hexamail service account. I  such cases it may be necessary to disable the ones you dont want in the Hexamail service account and copy over the one you do want to the Hexamail service account. To do this use the Microsoft MMC Certificates management snap-in:

http://msdn.microsoft.com/en-us/library/ms788967.aspx



Then add a snapin for the Service Account/Hexamail. Disable the certificates that you do not want to use, and copy in (from e.g. a Computer account) the certificate you do require.

Hexamail automatically sets the  greeting using this script to detect the hostname:

http://www.hexamail.com/gethostname.php



That should show your hostname correctly if your RDNS is setup correctly.



If not you can change your greeting thus:



1) STOP the service

2) EXIT the admin

3) Edit hexamailguard.cfg (or other product .cfg) with WORDPAD

4) Add the line to the [Server] section:

SpecialSMTPGreeting=mail.mydomain.com

5) Save the file

6) Delete the file 127.0.0.1.23000.cfg

7) reopen the admin/restart the service



WHERE mail.mydomain.com should be your external mailserver fully qualified hostname

First you need to ensure outbound email is actually being processed. To do this set the Legitimizer LogLevel to Debug and press apply. Send another outbound email and refresh the log to see if it was processed. If it is not your mailserver is not sending outbound email thru Hexamail. Check that Hexamail is being used as the smarthost in your mailserver. If its on the same machine as your mailserver, this typically means setting the smart host to 127.0.0.1 (or localhost) and port 25. BE SURE TO CHECK you don't have Hexamail using your mailserver as its smarthost as well, as that could create a mail loop! (in Hexamail/SMTP Relay/Outbound)



For Exchange things can be a little more fiddly.



In Exchange system manager: Right-click the Default SMTP-Server and choose Properties. Then go to the Delivery tab and choose the Advanced... button. In the Smart Host field enter the fully qualified name of the server where Hexamail runs. If Hexamail Guard is on the same machine, enter [127.0.0.1] (include the square brackets). Then Press OK. 

If you are not running Hexamail on the standard default port 25 (SMTP) then also choose the Outbound connections button and enter the port of the Hexamail server.

Next look for any "SMTP connectors" in Exchange System manager and set all of these to also use Hexamail ([127.0.0.1], port 25) as their smarthosts too. Retry the test email and check the log is reporting processing the email.

This is typically caused by one of two things:

1) Setting the smarthost or mailserver settings to be the the server Hexamail is running on (e.g. 127.0.0.1, localhost, or its explicit IP or name), on port 25. In this case Hexamail may send on outbound email (email to addresses not in your domains list)  or email for your emailserver back to itself. The email is then processed and sent round again. 

2) Not setting up your SMTP Server/Domains list correctly. Hexamail uses this list to work out which email to send to your emailserver and which to send on to the Internet/Smarhost. If email is delivered to someone@a.com and a.com is a mailbox on your mailserver, but a.com is not listed as a domain in Hexamail, Hexamail will (correctly) send it back on to the Internet/smarthost for delivery to the server for a.com. This can result in the email returning to Hexamail and the process starting again. A loop occurs.



In both cases Hexamail automatically detects this and prevents too many hops taking place (default 100)



To prevent looping be sure that EVERY SINGLE domain your emailserver accepts email for is listed in Hexamail/SMTP Server/Domains and also that your mailserver and smarthost settings are not pointing back to Hexamail (typically on port 25 of the machine Hexamail is running on!)

Yes - A separate installation and configuration online manual is available. Full documentation is also supplied with the product.

Typically this means that Hexamail Guard (Basic/Pro) is running correctly. It usually indicates that the SMTP Relay settings in Hexamail are not correct. You must tell Hexamail in the SMTP Relay pages where your existing email server is, and where emails for external domains should be sent (Smart Host/Direct delivery). Use the Test Connection buttons to check the settings are correct and that the Hexamail Service can connect to your email server/smarthost.



Any emails that could not be delivered will be stored in the emailerror/ directory and can be resent by right-clicking the emails in the SMTP Relay/Error tab and selecting 'Resend'

Changes are minimal. You can run on the same machine as your email server and merely change the ports your email server uses to receive email, or you can change your MX entry, or you can change settings in your firewall to ensure incoming email is directed first to Hexamail Guard and then forwarded to your email server.



Hexamail Guard for Exchange plugs directly into Exchange 2000/2003 so no changes are required whatsoever. (Use Hexamail Basic/Pro with Exchange 5.5)

Often spammers will pick a random domain/address to send spam from. Sometimes these addresses will be addresses at your domain and hence you will get any non delivery reports sent by the remote servers back to your server. There is nothing you can do to stop anyone spoofing an email from an address at your domain, an unfortunate limitation of SMTP.

However there are a couple of things you can do to help prevent this and also to stop the flood of non delivery reports to users that do not exist.

To help pervent spammers spoofing email from your domain, set up an spf record as described here:

http://www.openspf.org/

This allows remote servers to check that email from your domain is actually originating from one of your specified servers.

To prevent Non Delivery Reports being accepted for users that do not exist you need to import a list of users, or setup a list of Users in the Hexamail Users section. ENSURE you have listed all users and aliases! Then go to

Hexamail/SMTP Server/Recipients

and check the box to "Restrict email to valid users, groups ..."

You will then only accept email to your actual users, and their alias.

If you still get lots of Non Delivery Reports to invalid recipients you can trap the NDRs by setting up a subject match in the SPAM Blocker, then once trapped right click them in the quarantine and choose "Block Recipient". This will add all the spoofed recipient addresses to the blocked recipient list, and your server will no longer accept email to those specific addresses.

No. Hexamail upgrade and setup installers never ovewrite your settings. If you install into the same directory then your settings and other data will be preserved. Remember to stop the service and shutdown the administration interface using the Exit option in the system tray before running any setup installer. The Upgrade installer should stop the services automatically for you.

This is quite common now.



An email has two sender addresses - the MIME From address (the address shown on the email) and the SMTP Sender address (or envelope sender). The two do not have to be the same.



To block email where the two differ you can use the options in SPAM Blocker/Detection/Senders/Options/SMTP vs MIME



Use the Internal options to BLOCK email spoofed from your domain. Remember that some newsgroups and newsletters also address email in this way - so they may also be blocked using this rule.

First you need to ensure outbound email is actually being processed. 



Check that Hexamail is being used as the smarthost in your mailserver. If its on the same machine as your mailserver, this typically means setting the smart host to 127.0.0.1 (or localhost) and port 25. BE SURE TO CHECK you don't have Hexamail using your mailserver as its smarthost as well, as that could create a mail loop! (this is under Hexamail/SMTP Relay/Outbound)



For Exchange things can be a little more fiddly.



In Exchange system manager: Right-click the Default SMTP-Server and choose Properties. Then go to the Delivery tab and choose the Advanced... button. In the Smart Host field enter the fully qualified name of the server where Hexamail runs. If Hexamail Guard is on the same machine, enter [127.0.0.1] (include the square brackets). Then Press OK. 

If you are not running Hexamail on the standard default port 25 (SMTP) then also choose the Outbound connections button and enter the port of the Hexamail server.

Next look for any "SMTP connectors" in Exchange System manager and set all of these to also use Hexamail ([127.0.0.1], port 25) as their smarthosts too. Retry the test email and check the log is reporting processing the email.



If you used automatic Exchange integration this should have been done for you, however, Hexamail does not modify connectors.

Normally not. You can also install Hexamail Guard by making firewall setting changes or changing the port numbers or IP address of your email server.

This could be because your reroute to address does not match any internal recipients configured in Exchange. Ensure that the reroute to address(es) all match some internal recipients in the Exchange server



If the email still does not reach the mailboxes it may be that the Exchange configuration is incorrect. To correct it follow these steps:



1) In Exchange management console edit the Server Configuration/Hub Transport/Receive connectors/Default Receive Connector (right click: 

properties)

2) Go to Permission Groups and check Anonymous Users

3) Go to network and check its on (All available IPv4 addresses)/port 25 or

127.0.0.1 port 25 if you prefer (it will only accept connections from the local machine then)

This is usually caused by a missing or misinstalled shared object (so file), the Linux equivalent of a DLL.



Check the directory:

hexamailguard/antivirus/avast/linux/lib/

for the file libavastengine.so

It should be present.



There should also be a link in /usr/lib to the latest libavast engine so file. Try:

cd /usr/lib

ls -al *avas*



If you don't see a libavastengine.so try the following:

cd /usr/lib

ln -s <pathtohexamail>/antivirus/avast/linux/lib/libavastengine.so libavastengine.so



and then restart the Hexamail service - you should then see no log problems.

Our support desk will ensure you get the product up and running correctly as soon as possible during the trial or after purchase. There is no need to reinstall or reconfigure after a trial if a full purchase is made.

Hexamail products use TCP/IP ports 23000-23030 for communication between the service and the admin. Be sure that those ports are available, and that any secure-Linux products (SELinux, AppArmor, RSBAC, grsecurity) have been configured such that they will allow the Hexamail processes access to these ports. Once you are sure Hexamail has access to the correct ports, be sure to folow the Remote Administration setup instructions

About 10-30 minutes.

The web interface will disable itself if no modules that have web interfaces are enabled. To enable a module go to the modules web interface options and check the box to enable it. e.g. the spam blocker has an option under SPAM Blocker/Review to allow users to review spam using the web interface. Similarly for attachments, archiver, and webmail.

Yes - all of Hexamail Guard settings are centrally configurable with no need to change client or desktop settings, configuration or software.

See this article:

http://www.hexamail.com/helpdesk/help/daemon.html>http://www.hexamail.com/helpdesk/help/daemon.html

If you with to set up your own mail server all you need to do is to download and install Hexamail Server. The installation wizard will guide you through the setup. Once installed be sure to open ports 25 (SMTP, for receiving email), 110 (POP3, for clients to collect email), 143 (IMAP, for clients to collect email) and 80 or 8080 (Web, for webmail) Then configure your DNS entries to have an MX entry that points to your server by FQDN or IP address. This can be done at your DNS or hosting provider web interface for DNS configuration.

1) Select Other mailserver on this machine and specify  127.0.0.1 port 25

2) In Exchange management console edit the Server Configuration/Hub Transport/Receive connectors/Default Receive Connector (right click: 

properties)

3) Go to Permission Groups and check Anonymous Users

4) Go to network and check its on (All available IPv4 addresses)/port 25 or

127.0.0.1 port 25 if you prefer (it will only accept connections from the local machine then)

Hexamail currently requires openssl version 0.9.7. Please install the openssl.0.9.7 version and then make the following links in your /usr/lib directory



cd /usr/lib

ln -s libcrypto.so.0.9.7 libcrypto.so.4

ln -s libssl.so.0.9.7 libssl.so.4



Hexamail should then startup and run successfully

Stop the Hexamail service using 



./stop.sh



Then run 

./hexamailguard -install



That should install the av engine correctly - you can check the install.log

and antivirus.log in the logs/ folder for the status



Then run



./start.sh

to restart Hexamail

Yes, we have kept version 4.x.x backwards compatible with all version 3.x.x data and configuration files. 



Just use the upgrade installer in the normal way, and be sure to install into the same directory that your existing installation is in.



It will generate a new database of any stored email on first start-up so may use slightly more CPU than usual on restart, but thereafter it should consume less resources than version 3.x.x

You may edit the configuration file directly  using a text editor as follows:

1) EXIT the admin by right clicking the  system tray icon and choosing EXIT

2) edit the file .cfg using WORDPAD or TEXTPAD (Do not use NOTEPAD!)

3) Locate the settings you wish to change and make changes. You can also add settings to the correct settings as described in the help file under the Configuration section

4) Save the file

5) You can now either stop and start the service to have changes picked up immediately or wait 1-2 minutes for them to be detected automatically when the service is ready to do so

6) You should delete the file 127.0.0.1.NNNNN.cfg if you wish to use the admin immediately as that holds a cache of the config and may overwrite your new changes if they havent yet been picked up.

We have found on some installs of SBS 2003 you need to open the service manager in windows, and edit the service properties for Hexamail and check the Box "Allow service to interact with desktop" under the Log On tab

You need to install the 32bit glibc libraries if they are not already installed. This can be done using 

yum install glibc.i686 

or 

yum install glibc.i386

32bit: Hexamail requires only openssl, expat to be installed:



yum install openssl

yum install expat



64bit: If you are running on a 64 bit platform it may also require some 32bit libraries:



yum install openssl

yum install expat

yum install glibc.i686

yum install libgcc_s.so.1

yum install libgcc_s.so.1



(or yum install glibc.i386 if glibc.i686 does not work)

In Exchange this can refer to the HELO line you have configured to use when talking to your mailserver.



Be sure that the HELO line configured is just 

HELO domain.com

or

EHLO domain.com

or the default

HELO <domain>

(which replaces <domain> with your domain name automatically)



Do not use any special characters in the HELO line or it will be rejected. For example this is INCORRECT:

HELO <mydomain.com>

1) Check that the Exchange SMTP service is still running



2) Check that there is a receive connector enabled in Exchange and it is

accepting connections from the Hexamail machine IP address.



You can use telnet to connect to Exchange SMTP Service to verify it is up

telnet 127.0.0.1 25

(or the port you have it configured on)



3) Check the Hexamail/Forward/Mailserver settings still correspond to your

Exchange server SMTP server settings

To move from 32 to 64bit please be sure to use the SETUP installer and not the UPGRADE installer.

In this example we will use Hexamail Nexus, just change the Nexus part to your product name in the below examples.



e.g.

http://www.hexamail.com/download/hexamailnexussetupX.Y.Z.00N_64.exe



PLEASE follow these instructions to upgrade as you are moving from 32 to 64bit it is not completely automatic!



If you have space please backup the existing Hexamail folder (e.g. c:program files (x86)Hexamail Nexus)



Then:

1) STOP the existing service by pressing stop

2) EXIT the existing admin (right click the system tray icon and choose exit)

3) UNINSTALL the existing Hexamail product - don not worry, your data is preserved!

3) Install the new 64 bit installer into the correct location (e.g. c:program filesHexamail Nexus), NOT program files (x86)

4) Press cancel in the setup wizard once it has installed (we will copy the old configuration!)

5) STOP the new service by pressing stop

6) EXIT the new admin (right click the system tray icon and choose exit)

7) MOVE the folder(s) from the old location (e.g.c:program files (x86)Hexamail Nexus) to the new location (e.g.c:program filesHexamail Nexus) 

 data/

 email*/

 logs/

 stats/

 archive/

 hexamailnexus.cfg (or appropriate cfg for your product)

 hexamailnexus.licml/xml (or appropriate license for your product)



9) Open the 64bit admin and start the new service...

Xifte.exe is a highly scalable email and xml indexing service. It runs as a separate process to ensure maximum throughput of email when indexing and processing email. This architecture also allows the archive to be run on a separate machine if required.

Since version 5.9.9.004 you can edit the configuration file for antivirus updates and add in further signature database sources.



To do this:



1)COPY the file C:\Program Files\Hexamail POP3 Downloader\antivirus\clamav\installed\freshclam.conf to the desktop

2) EDIT the desktop file freshclam.conf  and locate the lines starting DatabaseCustomURL and add your own database URL lines:

DatabaseCustomURL http://my.url.com/av/database.ndb

(The URLs you use should point to valid Clam AV database files.)

3)SAVE the file

4) COPY the desktop file freshclam.conf back to C:\Program Files\Hexamail POP3 Downloader\antivirus\clamav\installed\freshclam.conf 

5) Stop and start the Hexamail service



You can get database files from various sources, one such source is:

https://www.securiteinfo.com/clients/customers/signup

They do a free sign up for a single IP address, and subscription for larger installations



Once you have signed up go to the Setup page and copy the list of DatabaseCustomURLs into your config file as above.



You can also download database files manually and copy them into the folder

C:\Program Files\Hexamail POP3 Downloader\antivirus\clamav\installed\database

Then restart the service to take advantage of the extended signature databases.



Please be aware this will increase the amount of RAM the Clamd.exe process uses on your system

Simply check the box to block macros on the Scanner page of the Antivirus module admin.

The error is issued by the NEXT server that the SMTP relay is trying to send to, usually Exchange. If it is your Exchange server you can relax the content filtering settings in Exchange to allow the email, or disable the Exchange message filtering.



http://www.eggheadcafe.com/software/aspnet/33244312/550-571-message-rejected-by-content-filtering.aspx

This obscure but typically Microsoft  error relates to the message size limits set on the IMAP server in Exchange. To change the limits you need to not only increase all your message size limits and account quotas within Exchange but also edit the IMAP configuration file within Exchange. 



Exchange 2007/2010



To do this open the file:

 c:/ Program Files / Microsoft / Exchange Server / V14 / Client Access / PopImap / Microsoft.Exchange.Imap4.exe.config



And add or set the following parameters towards the end of the file in the  section:





















Exchange 2013



To do this open the file:

 c:/ Program Files / Microsoft / Exchange Server / V15 / Client Access / PopImap / Microsoft.Exchange.Imap4.exe.config



And add or set the following parameters towards the end of the file in the  section:



















Office 365/Exchange 2016



 Office 365 supports send/receive max message sizes of up to 150MB 

   but you need to make changes in your tenant(s) to support it.



The following PowerShell command will increase the message sizes that 

can be sent/received.  



  Set-mailbox -Identity $UPN -MaxReceiveSize 150mb -MaxSendSize 150mb



e.g. 



  Set-mailbox -Identity "migrationaccount@testtenant.onmicrosoft.com" -MaxReceiveSize 150mb -MaxSendSize 150mb



If we're transferring data between Office 365 tenants so we set these 

values on the migration acounts in the source and target tenants.

This error message is caused by DNS issues of your Exchange 2013 set up. Please check all DNS server entries in the configuration of your network card (check all network adapters) and make sure not to reference server 127.0.0.1 as DNS server but to use the real IP address instead.

This error usually relates to a lack of disk space on the disk holding the Microsoft Exchange mailbox database. The solution is to move the mailbox database to a drive with more space or clear some space on the existing drive.



Useful links:



http://exchangepedia.com/2007/03/exchange-server-2007-transport-452-4-3-1-insufficient-system-resources.html



http://technology.bauzas.com/microsoft/servers/exchange/exchange-2010/how-to-fix-error-452-4-3-1-insufficient-system-resources-on-exchange-server-2007-or-2010/

A bug in Microsoft Exchange results in email being queued indefinitely if something enables journaling for a mailbox and then the mailbox is removed/deleted or disabled, please consult the MS KB article for solutions:



http://support.microsoft.com/default.aspx?scid=kb;EN-US;328339" target=msKB> http://support.microsoft.com/default.aspx?scid=kb;EN-US;328339

There is an article here:



http://social.technet.microsoft.com/Forums/en-US/exchangesvrtransport/thread/ce4d1a14-c8e0-4b1b-a451-27c9e15451ae/



And general instructions here:

http://msexchangeteam.com/archive/2006/12/28/432013.aspx



Sometimes you also need to restart the Microsoft Exchange Transport service for some settings to take effect.

Microsoft decided to break compatibility with Windows 2012 R2 and changed the way the built in account permissions are used. To get round this you can create a new User in your organization called Hexamail and add it as a member of the following groups:



- Enterprise Admins

- Schema Admins

- Administrators

- Domain Admins

- Organization Management

- Domain Users



Set the password to never expire and not need changing.



Then go to the Services list and right click the Hexamail service and change it to logon as the Hexamail user.

Similarly go to the Xifte service and change it to login as the Hexamail user.



Stop both services and restart the Hexamail service.

Impersonation enables a caller, such as a service application, to impersonate a user account. The caller can perform operations by using the permissions that are associated with the impersonated account instead of the permissions associated with the callers account.

To configure impersonation for all users in an organization

Open the Exchange Management Shell. From the Start menu, choose All Programs > Microsoft Exchange Server 2013.

Run the New-ManagementRoleAssignment cmdlet to add the impersonation permission to the specified user. The following example shows how to configure impersonation to enable a service account to impersonate all other users in an organization.

Windows PowerShell

New-ManagementRoleAssignment name:impersonationAssignmentName Role:ApplicationImpersonation User:serviceAccount

To configure impersonation for specific users or groups of users

Open the Exchange Management Shell. From the Start menu, choose All Programs > Microsoft Exchange Server 2013.

Run the New-ManagementScope cmdlet to create a scope to which the impersonation role can be assigned. If an existing scope is available, you can skip this step. The following example shows how to create a management scope for a specific group.

Windows PowerShell

New-ManagementScope Name:scopeName RecipientRestrictionFilter:recipientFilter

The RecipientRestrictionFilter parameter of the New-ManagementScope cmdlet defines the members of the scope. You can use the properties of the Identity object to create the filter. The following example is a filter that restricts the result to a single user with the user name "john."

Name eq "john"

Run the New-ManagementRoleAssignment cmdlet to add the permission to impersonate the members of the specified scope. The following example shows how to configure a service account to impersonate all users in a scope.

New-ManagementRoleAssignment Name:impersonationAssignmentName Role:ApplicationImpersonation User:serviceAccount CustomRecipient

On your Exchange Hub Transport server, run the powershell:

Get-ReceiveConnector | fl name,messageratelimit



This will show you the maximum rate that a client can send messages through that specific connector.  

Use the Set-ReceiveConnector cmdlet to change this value for the specific Receive Connector. 

Unless you create a custom connector and scope it only to the specific users IP address, I do not think you can configure this on a per-user basis.



Also note, if you have multiple Hub Transport servers, you will need to set this on each server for the designated connector.



Raising the limits may be more complex than just providing a single

value in a set-receiveconnector cmdlet.

 

-MaxInboundConnection

-MaxInboundConnectionPercentagePerSource

-MaxInboundConnectionPerSource

-MaxRecipientsPerMessage

-MessageRateLimit

-MessageRateSource

 

Assuming youre NOT using an Edge server, the -MessageRateSource is

already unlimited. That means youre hitting one of the other

limits, probably the -MaxInboundConnectionPercentagePerSource (default

2%) or -MaxInboundConnectionPerSource (default of 100).

 

If your -MaxInboundConnection is 5000, then 2% of that would be 100 if

there were no other connections in use. If there were 100 connections

in use then it would be 4900*0.02 or 98.

Under Exchange 2007 MS thought it was a good idea to practically disable the SMTP receive connector by default.



In order to re-enable reception of Internet email, please check the articles from Microsoft:



http://technet.microsoft.com/en-us/library/bb232021.aspx



and 



http://msexchangeteam.com/archive/2006/11/17/431555.aspx

Most likely if you are receiving Forward/Log or SMTP Relay/log lines saying Hexamail has delivered the email to Exchange but the email is not appearing in mailboxes then it may be being content-filtered.



Content-Filtering in Exchange can silently drop email with no feedback over SMTP to Hexamail and no evidence in Message-tracking  that it has been dropped other than by manually inspecting the message tracking log files in the obscure location in which Microsoft has seen fit to locate them.



Exchange 2007/2010/2013/2016/2019



Log files:

%ExchangeInstallPath%TransportRoles\Logs\MessageTracking. 

e.g.

C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\MessageTracking



To disable content-filtering:

Set-ContentFilterConfig -Enabled $false



To disable Sender-id filtering:

Set-SenderIDConfig -Enabled $false

he error message "BAD User authenticated but not connected" during an IMAP connection to a Microsoft Azure tenant in Microsoft 365 usually indicates that while the user's credentials have been accepted (hence, authenticated), the IMAP service could not establish a connection to the user's mailbox. This can be due to several reasons, such as:

IMAP is not enabled: IMAP access may not be enabled for the user's mailbox. Microsoft 365 or Exchange Online administrators can enable or disable IMAP access to mailboxes.

Mailbox not initialized: The mailbox you are trying to connect to might not be fully set up or provisioned yet.

Incorrect IMAP settings: The IMAP server settings such as server name, port, and encryption method might be incorrectly configured.

Service disruption: There might be a temporary service disruption or outage on the Microsoft 365 or Exchange Online side.

Throttling policies: Microsoft 365 has throttling policies that can temporarily limit the number of concurrent connections a user can have, which may result in this error if exceeded.

Conditional Access Policies: There might be Azure Active Directory Conditional Access policies in place that are preventing the connection.

To troubleshoot this issue:

Verify that IMAP access is enabled for the mailbox in the Exchange Admin Center.

Check the IMAP settings and make sure they are correct (server name, port, encryption).

Confirm that the mailbox is fully set up and has been accessed at least once through the web interface.

Look into the service health dashboard in the Microsoft 365 Admin Center for any reported issues.

Check if there are any Conditional Access Policies that may affect IMAP connections.

Contact Microsoft support for more in-depth troubleshooting if the issue persists.

If you manage the tenant, you can check these settings in the Microsoft 365 admin center or Exchange admin center. If you do not manage the tenant, you might need to contact the administrator to verify these for you.

For POP3:



Server: pop1.mail.com

Port: 110

SSL: DISABLED



Username: Your full Mail.com email address

Password: Your Mail.com  password

Server: pop.freeserve.com

Port: 110

SSL: DISABLED



Username: Your full Freeserve email address

Password: Your Freeserve password

For POP3:



Server: pop.mail.yahoo.com

Port: 110

SSL: DISABLED



Username: Your full Yahoo email address

Password: Your Yahoo password



For Yahoo Plus POP3:



Server: plus.pop.mail.yahoo.com

Port: 995

SSL: ENABLED



Username: Your full Yahoo email address

Password: Your Yahoo password

For POP3:



Server: pop.gmx.com

Port: 110

SSL: DISABLED



Username: Your full GMX email address

Password: Your GMX password



For Yahoo Plus POP3:



Server: imap.gmx.com

Port: 143

SSL: DISABLED



Username: Your full GMX email address

Password: Your GMX password

Server: pop3.email.msn.com

Port:110

SSL: DISABLED



Username: Your full email address at msn.com

Password: Your Hotmail or Live mail password

For IMAP:



Server: imap.aol.com

Port: 143

SSL: DISABLED



Username: Your full AOL email address

Password: Your AOL password

For POP3:



Server: pop.3.isp.netscape.com

Port: 110

SSL: DISABLED



Username: Your full Netscape email address

Password: Your Netscape password

Server: pop.tiscali.com

Port: 110

SSL: DISABLED



Username: Your full Tiscali email address

Password: Your Tiscali password

Server: pop.mail.lycos.com

Port:110

SSL: DISABLED



Username: Your full email address at Lycos

Password: Your Lycos mail password

Only IMAP is supported:



Server: imap.mail.me.com

Port: 993

SSL: ENABLED



You will need to generate and use an APP PASSWORD by going to appleid.apple.com and then to the security page. Use this password for IMAP access.



Username: Your iCloud Mail email address

Password: Your iCloud password



NOTE: Do include "@me.com"; if your iCloud Mail address is "me@me.com", for instance, use "me@me.com" as your user name.

For IMAP with SSL-security (recommended)



Server: secureimap.t-online.de 

Port: 993 

SSL: ENABLED



For POP3 

Server: securepop.t-online.de 

Port: 995 

SSL: ENABLED

In Hexamail the settings required for IMAP:

Incoming server:

The endpoint matching the AWS Region where your mailbox is located:

us-west-2    imap.mail.us-west-2.awsapps.com

us-east-1    imap.mail.us-east-1.awsapps.com

eu-west-1    imap.mail.eu-west-1.awsapps.com

Port: 993

SSL: ENABLED

Username: Your full Amazon Workmail email address

Password: Your password



CHECK the POP3 Reader/Log file once you have pressed OK and APPLY - it may be that you need to login and confirm access from a web browser the first time you try to connect to AmazonWorkMail

In gmail press the gear icon in the top right and choose Settings

Next click the "Forwarding and POP/IMAP" page

Set the following settings:

1 Enable IMAP

2 Auto Expunge off

3 Archive the message

4 Do not limit the number of messages in an IMAP folder (default)

In Hexamail the settings required for POP3:

Server: pop.gmail.com

Port: 995

SSL: ENABLED

Username: Your full gmail or googlemail email address

Password: Your password

With the username notation recent:myaddress@gmail.com you can collect ALL recent email regardless of whether another pop client or webmail client has accessed it already.

In Hexamail the settings required for IMAP:

Server: imap.gmail.com

Port: 993

SSL: ENABLED

Username: Your full gmail or googlemail email address

Password: Your password

CHECK the POP3 Reader/Log file once you have pressed OK and APPLY - it may be that you need to login and confirm access from a web browser the first time you try to connect to Gmail.

If you do not to wish "Allow legacy App access" then you can use a app-password instead. To do this click on Google Account under your account icon in the top right. Then click on Security on the left hand list. Then turn on 2-step verification. Then click on App-passwords and create an app password for the google account. You can then use that everywhere in Hexamail in place of your account password.

PLEASE BE AWARE THAT GOOGLE IMPOSE DOWNLOAD LIMITS, to read more about this:

https://support.google.com/a/answer/57920

In Hexamail the settings required for POP3:

Server: outlook.office365.com

Port: 995

SSL: ENABLED

Username: Your full Outlook.com email address

Password: Your password





In Hexamail the settings required for IMAP:

Server: outlook.office365.com

Port: 993

SSL: ENABLED



Username: Your full Outlook.com email address

Password: Your password



You can also use the OAUTH Authenticate button for MS 365 accounts and it should work with Exchange online (.onmicrosoft.com) accounts, outlook.com, hotmail.com accounts. For Microsoft 365 family if you encounter issues just use your full email address and password instead or generate an app password (see link below)



You can also find settings here:

https://support.microsoft.com/en-us/office/pop-imap-and-smtp-settings-for-outlook-com-d088b986-291d-42b8-9564-9c414e2aa040



App passwords:

https://support.microsoft.com/en-us/help/12409/microsoft-account-app-passwords-and-two-step-verification

There is a guide for this here:


http://www.hexamail.com/helpdesk/help/remoteadmin.html>http://www.hexamail.com/helpdesk/help/remoteadmin.html

Hexamail Guard is fully remote configurable. A separate installer for the remote administration client is available on request or from the support helpdesk downloads area

It depends on why the email was blocked. If SPAM is blocked no NDR is sent to the sender as this causes unwanted and unnecessary email traffic.

Other blocked emails (blocked due to rules or restrictions) can be configured to send NDRs to the sender.

This is usually symptomatic of one of five things:

1) Hexamail has not started correctly because something else is using an TCP port it requires. Most commonly this is because Hexamail application has been installed on to the same machine as a mail server, e.g. Exchange, but the Exchange port has not been changed. Simply stop the Hexamail service and follow the instructions in the online help to change the port in the mail server to something other than port 25. If this does not solve this issue or is not the case, check the application log file for error reports. You should set the LogLevel in the [Default] setting to Debug and restart the service in this case.

Note that on Linux installations running SMTP products as a user other than root will also cause this issue, as port 25 is a reserved port.

2) The administration interface is trying to connect to a port that the Hexamail Service is not listening on, or that port is being blocked by a firewall program. Ensure that in the Port setting in the [Service] section of the application configuration file matches the Port number in the 'Connect'/'Switch Service' dialog in the Administration interface. The default port settings are given in the help file installed with the application. If these settings are correct check that your firewall is configured to allow connections on this port.

3) The service has been configured to only allow connections from particular IP addresses on the Remote Admin page. If the IP address you are trying to connect from is not in the list you will not be able to connect to the service. By default, Hexamail services are configured only to accept connections from the local host (127.*.*.*) but this can be removed and stop even local host connecting. Check the AllowedIPList settings under the [Service] section of your application configuration file.

4) A password has been set but not supplied when connecting to the service - supply the password in the Switch Service pop-up. If the password has been forgotten, raise a ticket

hxmchrome.exe is the Chrome web browser stub we use to sandbox html content when displaying email html or web pages in our products.

There are a number of ways to do this, depening on what you want to acheive and what technologies are available to you. Basically the output is HTML - or a fragment of HTML, or basically plain text.

On our home page at " target="wndLink" title="www.hexamail.com">">www.hexamail.com"> www.hexamail.com we use a PHP include to pull in the HTML fragment written out by News2Web to pull in the latest stories. The HTML Header Template is reduced substantially - the HEAD section etc is totally removed leaving just the news table we wish to include. The PHP include method is transparent to the web browsers and other web crawlers (eg. Google bots) since it is included server side as the page is loaded. We also use this technique to pull in 3 separate News2Web output pages into one page for the http://www.hexamail.com/news2web/examples.html" target="news2webExample"> News2Web Examples page.

You can also acheive the same sort of thing with say ASP on IIS.

You can publish entire pages directly, by changing the HTML Header and Footer templates to be in your site template, with whatever ajustments to the Story templates to pick up font styles etc.

Another technique is to publish the results as a Javascript page and include it that as a javascript include, using further javascript to format the output into your page.

The output of News2Web is, fundamentally, just text, the output of which is controlled by the HTML Header, Story and Footer templates. The HTML Header template is printed once with its tags converted, then the Story template is printed for every output story found, filling in the tags from the story data, then the footer is added to the end, again with the tags replaced. Details of the tags available are in the help file installed with News2Web.

You can change the HTML template to do this via javascript. The following example changes the the day of the week and month to French. Note, you can change the default templates to apply the change to all pages that have not already been changed. 



In the HTML Header template, add the following javascript before the </head> tag:



<script type="text/javascript">

function fnConvertDate(strDate)

{

	var strOut;

	var strArr = strDate.split(" ");



	if(strArr[0]=="Mon,")       strOut = "Lundi";

	else if(strArr[0]=="Tue,")  strOut = "Mardi";

	else if(strArr[0]=="Wed,")  strOut = "Jeudi";

	else if(strArr[0]=="Thu,") strOut = "Mercredi";

	else if(strArr[0]=="Fri,")  strOut = "Venredi";

	else if(strArr[0]=="Sat,")  strOut = "Samedi";

	else if(strArr[0]=="Sun,")  strOut = "Dimanche";



	strOut += ", " + strArr[1] + " ";



	if(strArr[2]=="Jan")       strOut += "Janvier";

	else if(strArr[2]=="Feb")  strOut += "Février";

	else if(strArr[2]=="Mar")  strOut += "Mars";

	else if(strArr[2]=="Apr")  strOut += "Avril";

	else if(strArr[2]=="May")  strOut += "Mai";

	else if(strArr[2]=="Jun")  strOut += "Juin";

	else if(strArr[2]=="Jul")  strOut += "Julliet";

	else if(strArr[2]=="Aug")  strOut += "Août";

	else if(strArr[2]=="Sep")  strOut += "Septembre";

	else if(strArr[2]=="Oct")  strOut += "Octobre";

	else if(strArr[2]=="Nov")  strOut += "Novembre";

	else if(strArr[2]=="Dec")  strOut += "Décembre";



	strOut += " " +strArr[3];



	document.write(strOut);

}

</script>



Then change the Story Template to from:



<tr><td><font size=-2><?HXM_SOURCE?>, <?HXM_DATE?></font></td></tr>



to:



<tr><td><font size=-2><?HXM_SOURCE?>, <script type="text/javascript">fnConvertDate('<?HXM_DATE?>');</script></font></td></tr>



(and make the same change to the Header Template date). This is just an example, there are other ways to acheive the same result may be more efficient - please feel f

This is caused by connectivity issues between the Hexamail product and the POP/IMAP server you are trying to collect email from.



You need to check several things:

1) Under POP3 Reader/Global Settings/Network/Max Connections is not set too high if all the accounts you have configured are on one server. This should be 2-4 if all accounts are on the same server or you may overload the server capacity to handle the requests or get your IP blocked by the server.

2) Some ISPs limit connections to once every 10 minutes per account. If you are connecting on a shorter schedule, contact the ISP to ask their poolicy or set the schedule to higher than 10 minutes.

3) A firewall or router is blocking POP3 connections to that server from the Hexamail machine. This happens surprisingly often especially with Microsoft ISA server. The solution is to reconfigure the firewall or proxy to allow outbound POP3 (TCP port 110) from the Hexamail machine and remove any rate or connection limits.



You can test connectivity to the POP server in question by opening a command line prompt and doing:

telnet  110

e.g.

telnet pop.myisp.com 110

If you see the POP greeting, all is well and you can type QUIT to exit.



If not then Hexamail wont be able to connect either and you need to resolve the connectivity issues before Hexamail can continue to operate in the normal way.

1 minute, though some POP3 servers may not allow schedules shorter than 10

or 15 minutes. Remember also that some ISPs/email providers actually queue

and deliver email to the POP3 mailboxes every 5 or 10 minutes, so setting

this setting very low may not yield reduction in email latency expected in

some situations.

You can simply open the hexamailpop3downloader.cfg configuration file in textpad or wordpad and edit the settings as per the "Configuration" section of the provided help file. The service will automatically pick up changes and reconfigure after a few seconds.

Solutions

Products

Company

Privacy EULA Sitemap