Browse

Blog

Halon 4.6 “funny” supporting our SMTP LANG extension

The 4.6 release, entitled “funny” will be one of our most exciting ones yet! Remember when everything was ASCII and English? Since then, we’ve seen Unicode (international character sets) and IDN (international domains names) become widely adopted. Last year we implemented SMTPUTF8 that enables international mailboxes.

So why not support other languages in text-based protocols? We give to you “The SMTP Service Extension for Protocol Internationalization” RFC draft, introducing the EHLO keyword LANG. It will be the first SMTP software to support our to-be submitted RFC draft. Initially it will support Swedish, Spanish and Australian, and will default to Swedish when talking to supported systems.

EHLO example.com
250-LANG SE ES AU
LANG SE
250 Ok
BREV FRÅN:<>
250 Tack
BREV TILL:<hå[email protected]än.se>
250 Tack
INNEHÅLL
Subject: asdf

Hej!
.
250 Togs emot
HEJDÅ
250 Vi ses!

If you made it this far, April fool! We will publish information on the upcoming 4.6 release some time after the 1st of April.

Happy easter!

Halon Security receive $ 1.8 million in venture capital and appoints new CEO

Swedish email security and infrastructure company Halon Security has received $ 1.8 million in venture capital. The main investors are K-Svets Venture and the existing owners, and the money will be put towards a heavy expansion in the coming years. In connection to this, the company also appoints Martin Fabiansson as new CEO.

Halon, that is based in Gothenburg, Sweden, has grown steadily since the first investment from Chalmers Innovation Seed Fund and Almi Invest in 2013. The company has twelve employees, but are planning to hire plenty of more people in the next three years.

In connection to the investment, co-founder Peter Falck steps down as CEO. New CEO is Martin Fabiansson, who has a solid management background from both security and software development in companies such as AT&T, Oracle and THALES in both Sweden and USA.

Halon customers are mainly email service providers. The software Halon Platform is used to build the infrastructure that is needed to handle large amounts of in-transit email, including both security and operational features. Dutch telco KPN and Danish web hosting company One.com are examples of Halon customers.

2017 was a very good year for Halon, as we landed several important new customers. Based on this we could secure the financing round and scale up on both tech and sales, says Håkan Krook, Fund Manager at Chalmers Ventures.

Halon is an exciting company with a product that is highly appreciated in the industry, and I look forward to the challenge of taking Halon to the next level, says CEO Martin Fabiansson.

Contact:

Håkan Krook, Fund Manager, Chalmers Ventures
[email protected], +46 708 990 461

Martin Fabiansson, CEO, Halon Security AB
[email protected], +46 738 200 199

Cloudfest 2018 attendees – win an iPad Pro!

Attending Cloudfest 2018 in Rust? Here’s your chance to win an iPad Pro. Just embrace your inner Halon and show it in a photo on Twitter. You can start now! These are the rules:

1. Take a photo with something Halon blue or Halon pink.
2. Tweet your photo to @halon_io with hashtag #cloudfest

Winner will be notified with a DM on Thursday 15th at 3pm.

Terms and conditions: The Halon jury will select the best photo. Jurys decision is final. You have to be a a registered Cloudfest 2018 attendee. You can enter as many photos as you like.

 

Inventing HSL – the birth of Halon Scripting Language

April 28th marks the date for Halons 10th anniversary and I would like to share with you the story about HSL, Halon Scripting Language. In order to understand why we created our own scripting language you have to look back at what it was intended to do, and the landscape of embeddable languages in 2007.

HSL started out as an idea of having a dynamic configuration. We wanted people to easily be able to weight the results of different anti-spam engines (CYREN RPD and SpamAssassin). Hence, we came up with the idea of having a simple language with functions, ScanRPD returning the spam score from the CYREN engine, and ScanSA returning the result of SpamAssassin. The configuration could look like:

if (ScanSA() > 5 and ScanRPD() > 0) Reject();
if (ScanSA() > 3 and ScanRPD() >= 50) Reject();

In order to facilitate this, we needed a simple scripting language. At the time, the intent was not to allow any general purpose programming features. We didn’t even want loops, in order to prevent runaway programs.

Creating a domain-specific scripting language

If you’re not into programming languages, I should explain that creating a simple domain-specific scripting language is easy. There are tons of guides and it doesn’t take more than a few lines until you get simple arithmetic to work (5 + 6). The hardest and most important part of creating a language is the design, also called the syntax. You want to make it as easy as possible to read and write.

Domain-specific languages are no a new phenomena, as they have existed in a lot of different applications. I believe that custom application scripting DSLs are getting less common today, as a few selected embeddable scripting language engines are getting more traction. A few years ago you would probably pick Lua to be the embedded language of choice, while nowadays JavaScript (v8) is the language everyone knows.

Why not choose an established scripting language?

Over the years, people have asked me why we developed our own language and not used e.g. Sieve, Lua or JavaScript. Here’ why:

  • Sieve (rfc3028), could technically have been an alternative, but in 2007 we hadn’t heard about Sieve. It crossed our paths a few years later. Speaking against it; Sieve was created by Mirapoint, an email gateway competitor at the time. Looking back, it was probably good that we didn’t end up using Sieve. Having our own language made our own platform evolve way beyond Sieve, and what you would expect of a traditional email gateway.
  • Lua, it just didn’t happen and I suspect that if we would have considered Lua it would had been too large and unfamiliar as a language for our initial goal. Despite the fact that arrays starts at one 😃.
  • JavaScript wasn’t just that common as an embeddable language and v8 wasn’t released at the time. And to be honest, in 2007 no one expected JavaScript to be where it is today.
Easy to learn and easy to build upon

Today we try to make HSL as familiar and easy to learn as possible, which is really important when you have a custom language. Everything we add or change is by the principle of least surprise. The language has copied a lot of syntax and good ideas from different languages. It may look a lot like PHP, it may even be mistaken for PHP, while other major concepts are from JavaScript and Python. Development of new language features are in many cases intentionally slow, as they needs to be well thought through. From a language designer perspective I would say that there isn’t much syntax in HSL that I don’t like. However we continuously add modern features. In the recent year or two, a lot of time has been put in to the language and it has gained features such as closures, classes and modules. They allow our language to be easily extendable so that you can build reusable modules on top of it. Our entire examples collection on GitHub can be imported as modules and a lot of them are written as classes.

One of the most innovating features of HSL is the cache statement as it allows you to cache the result of any function call based on the input arguments. Sure, the same functionality can be built in other ways, but having such a powerful tool so easy at hand in HSL makes it stand out. It gets really neat when you do network lookup queries, such as API lookups using http() or ldap_search().

cache [] http("http://api.example.com/v1/?param=$1", [], ["foo"]);

I personally really like the concept of custom languages, I think it’s important to try to evolve and challenge the concept of established languages, and by doing so we progress and learn from each other. I think every new language brings something new to the table; it can be a specific feature or the entire concept of why it was created in the first place.

Haven’t tried scripting in HSL yet? Download Halon and give it a go!

Halon to sponsor M3AAWG 42nd General Meeting in San Francisco

M3AAWG is the Messaging, Malware and Mobile Anti-Abuse Working Group, a trusted global forum that focuses on operational issues of internet abuse, including technology, industry collaboration and public policy. They host three general meetings per year, two in the US and one in Europe, and Halon will be one of the sponsors at this years first General Meeting in San Francisco in late February.

With over 200 members worldwide, including giants such as Apple, Google and Microsoft as well as many smaller companies, M3AAWG  is the largest global association of the industry. Companies can apply for different levels of membership, Sponsor, Full Member and Supporter. Halon became a supporter one year ago today and is represented by CTO Erik Lax and CPO Anders Berggren:

I’m very proud that we got accepted into M3AAWG. Halon is committed to help driving email transport encryption adoption, and we participate in the Special Interest Group for pervasive monitoring.

Halon 4.5 – gettin’ certy with it

The main focus in Halon 4.5 release is TLS, hence the name “certy”. Check out the the new features and functions and try them out. Also, the knowledge base is growing with a lot of good how-to’s to help you around.

TLS information has been made accessible in the Halon Platform scripting language, both on the receiving and sending side. Support for X.509 client certificates has been added, allowing you to both verify the sender identity in the SMTP server, as well as identify yourself when sending email through an SMTP client.

Experiment: we configured a busy email system to ask for a client certificate for all inbound connections, and found that approximate 5% of all traffic provides a client identity. Most of the traffic is from Gmail and Office356. We did not collect the percentage of domains, which we leave as an exercise for you.

$peercert = GetTLS();
$haspeercert = isset($peercert["peer_cert"]);
stat("peer-cert", ["yes" => $haspeercert, "no" => !$haspeercert]);

How to enable this feature and start authenticating clients was documented as KB article.

Implementation and facilitation of TLS reporting (tlsrpt) has begun. It is a new standard for reporting TLS failures, mainly focused on MTA-STS and DANE.

The TLSSocket() class now have a getpeercert() function and the ability to specify a client certificate. Now you see why we called it” certy”?

Support for custom SASL authentication mechanism has been added. This allows you to build authentication schemes such as OTP, OAUTHBEARER or CRAM-MD5, but also EXTERNAL to facilitate the client certificate features. The procedure is documented in our knowledge base along with two sample implementations.

If you haven’t found our knowledge base before, the KB is a place to find how-to’s. The dev team is expanding it as fast as we can, adding topics that customers have asked about.

Finally, I want to highlight the big effort we’ve done to simplify, modernize and overall improve the web administration. This is an ongoing project, and something that we’re paying a lot of attention to. We want to thank, and congratulate, the Bootstrap team for providing such a awesome framework. We managed to get the Bootstrap 4.0 release in, with just a few days of work.

You can read the full changelog on our GitHub of all the other features big and small.

Get your free CloudFest ticket and join us in Rust

It’s that time of the year, when we start looking forward to another amazing week in Europa Park. What used to be WHD.global is now CloudFest, March 10-16 in Rust, Germany. We’ll be there, and we have a code if you want a free ticket worth €349!

Use the code CF18P6T when you register, or just click here: direct link: http://www.cloudfest.com/sign-up/?code=CF18P6T . The standard ticket covers all conference sessions, the trade show, catering and networking events such as the Come2Gather Party, legendary ConneXion Party and the BierFest. Standard ticket regular price is worth €349.

But we’re not just going for the parties, of course we want to meet you there. If you are hosting a large-scale email service and perhaps looking to replace a home-brew solution och getting more efficiency by cutting maintenance hours, please let us know. Book a meeting or just stop by our booth which is right by the main entrance. Welcome to CloudFest 2018 – everything you loved about WHD.global only bigger, bolder, and reflecting the entire cloud ecosystem!

Invitation to Email Security Roundtable in Stockholm in February

We kindly invite you who represent a telco, hosting or email company in Scandinavia to an exclusive Email Security Roundtable, to introduce you to the Trusted Email Services (TES) initiative.

TES was launched as an industry effort to raise awareness around email security threats and promote the deployment of innovative technologies to address them, including encryption and DNS-based mechanisms such as DNSSEC, DANE and DNS filtering. The discussion will deliver an insight into how internet service providers and software companies adopting TES guidelines and best practices can secure and qualify their services, comply with recent legal requirements (GDPR) and establish enduring customer relationships.

DATE:
Thursday, February 15, 2018

AGENDA:
15:30 Welcome & Coffee
16:00 Email Security Roundtable
19:00 Dinner at Hotel at Six sponsored by Scality

LOCATION:
Hotel at Six
Brunkebergstorg 6, Stockholm

To allow for a meaningful and useful discussion, seating for this event will be limited to 15 participants. Request your participation via email to [email protected] .

Halon elects a former Tele2 executive and 
an American serial entrepreneur for company board

Anders Långsved
Halon has elected former Tele2 executive Anders Långsved and American IT entrepreneur David Chartier for the company board of directors. Halon is facing growth plan for the coming year, and thereby sees the need to strengthen the board with experiences from international sales.

Anders Långsved has 20 years experience from various commercial roles in the ICT industries, always with focus on building high performance teams to achieve rapid growth. He has held various executive positions within Tele2 in Sweden and Austria.

I discovered Halon and saw a fast and competent company on a growing market, with a lot of potential. Now I want to contribute with my experiences around growing from a small to a large company, as well as my international point of view

says Anders Långsved.

American serial entrepreneur David Chartier became an advisor for Halon during the spring of 2017 but will now proceed to the board. He has been in the cyber security industry for 20 years, made several successful exits, and been the CEO of technology based companies. David Chartier resides in San Francisco but a frequent visitor to the Nordics.

Anders and David will help us to elevate Halon, since they both have made this journey many times before

says Per Stenman, COO at Halon.

With their entrance, Halons CEO and co-founder Peter Falck and Björn Westman of Almi Invest, will be leaving the board as members, to become substitutes.

The other members of the board are; chairman Ulf Börjel, Halon co-founder Jonas Falck and Håkan Krook of Chalmers Ventures.

Halon has during 2017 acquired many new customers from both the web hosting and telecom industry, for example Dutch operator KPN. The aim for 2018 is heavy growth, and there are several open positions for technical pre-sales and technical support to apply for at the Gothenburg office in Sweden.

Anders Berggren speaker at Driving IT in Copenhagen

Driving IT, on November 3rd in Copenhagen, is a conference that gives a unique insight into the world’s constant changes in IT and development. The host IDA is The Danish Society of Engineers.

IDA Universe wants to strengthen knowledge exchange and personal and development for professionals who engage in technical and science subjects at a high academic level.

One way of doing this is the Driving IT conference, where Halon CTO Anders Berggren will be speaking. His topic is ”The state of email encryption”, addressing the fact that standards such as DANE and MTA-STS are becoming competitive differentiators.

Are you in the Copenhagen area? Get your ticket!