Browse

Blog

Halon 5.5 with DSN extension support

Winter is here, and so is our next quarterly Halon MTA release: 5.5 codename “mappy”. It’s slang for happy on a Monday, which is quite fitting! It comes packed with new features, functions and improvements which opens up even greater possibilities for building differentiated, efficient services.

Our large-scale senders will appreciate additional tools for IP warmup, ensuring deliverability by complying with receiver guidelines. You can now choose the order by which source IPs in a pool are chosen, as opposed to load balancing between all IPs. It allows you to use one IP primarily until it exceeds the threshold for daily warmup for a certain destination. Another feature which is especially useful for senders looking at migrating their email infrastructure to cloud environments (such as AWS) is outbound PROXY support. It enables you to use the powerful HAProxy load balancer rather than NAT, when sharing IPs between MTA instances.

Do you want to leverage the DSN extension to better track email delivery? If so, you’ll appreciate our fully-scriptable RFC 3461 implementation. It allows you to quickly and easily tailor the DSN behaviour exactly to your liking.

The Halon scripting language has been extended with new data storage classes, generator functions with yield, and several new functions for encoding. The strongly-typed Map() and Set() storage classes are performance-optimised alternatives to the more generic array type. Take our revamped DMARC implementation‘s public suffix list lookup for example. It parses a data file, then storing and caching the results in a Set() for efficient lookup of the slightly complex rules:

$rules = memory_fetch("public_suffix_list.dat", function ($k) {
		$rules = Set("string");
		$file = File("file://public_suffix_list.dat");
		if (!$file)
			return false;
		while (is_string($line = $file->readline()))
		{
			$line = str_strip($line);
			if ($line[0] == "/" or $line == "")
				continue;
			$rules->add($line);
		}
		memory_store("public_suffix_list.dat", $rules);
			return $rules;
	});

The integrated (VM) package has received several requested features. First of all, the built-in web server which hosts the web administration and JSON API can now be used to also host custom PHP scripts. It allows you to create additional API endpoints, which can write files used by the Halon script during email processing. One possible use case for this is to receive requests from legal interception systems. Secondly, it is now possible to add local DNS records to the built-in Unbound DNS resolver from the web administration. It can be useful when split-horizon DNS is unavailable, and you need to override some specific DNS record. Finally, it allows you to sort the built-in history on both finished and received time. As usual, the package is based on the latest version of FreeBSD (12.2, which was released a few weeks ago) and comes with updated third-party components.

We hope that you will enjoy this new quarterly release. Please see the release notes for more information, and don’t hesitate to reach out if you have any questions!

Would you like to “like” an email?

Social media and instant messaging (such as Slack) has made reactions like “thumbs up” 👍 and other emojis popular additions to everyday communication. Wouldn’t it be nice if you could quickly press like to confirm or endorse something proposed in an email, rather than having to write a reply?

Dave Crocker, well known for his work on email standards and a senior advisor for M3AAWG, recently submitted the draft “React: Indicating Summary Reaction to a Message”. It introduces email to the world of reaction emojis using an additional email header. It could be implemented in the email clients or webmail (MUAs), and doesn’t require any changes to the transport layer. It’s however an early draft with several considerations yet to be discussed, so I wouldn’t hold my breath just yet.

So, what could it look like? I don’t know, but it didn’t stop me from creating the mockup below!

Halon appoints Anders Långsved new CEO

Halon, the Swedish provider of email security and management solutions, has appointed Anders Långsved as new CEO. With a long background in leading roles in several IT startups and large companies, such as Argogroup (acquired by Ascom), Tele2, Irisity and Wrebit, Anders is now chartered to take Halon to the next levels, on a internationalised market.

Halon now enters a very exciting phase for further expansion where solid product development over the last couple of years has laid a foundation for international success. Anders now has the task to build a team that will enable Halon to realise this potential. Also, in the current environment, we see professional, secure and predictable email becoming even more important than ever before

Richard Berkling, Chairman

Knowing this team for some time now, as a previous board member, it’s great to now be able to work with them every day. Halon has a superb product offering and we are now ready to grow internationally!

Anders Långsved, CEO

Halon offers its secure Mail Transfer Agent to large email providers and senders, world wide. Based in Gothenburg with local development, sales takes to customers such as KPN, One.com and Telia Cygate.

Halon 5.4 with tailored bounces

Image by Dean Hochman

Sometimes you want to customise the bounce generation. It could be anything from translating bounces into another language or making them more user-friendly, to implementing standards such as SRS. In order to do so, you’ve had to override Halon’s default bounce generation. In our new release Halon 5.4 “bouncy”, we’ve added many options to the built-in bounce generator. This enables you to quickly tailor the way bounces look and work, without having to reimplement the default generator.

Queue([
  "delay" => 3600,
  "dsn_delayed" => true,
  "dsn" => [
    "readable_mimepart" => MIME()
      ->setType("text/html")
      ->setBody("<em>choo choo train is delayed</em>")
      ->toString(),
    "original_headers" => false,
    "subject_prepend" => "Not making it in time: ",
    "headers" => [
      "Foo: Bar"
    ]
  ]
]);

As usual, the release comes with many other improvements. The foreign function interface (FFI), which is used for loading external libraries into the MTA executable, can now export File classes as a C++ std::istream and X.509 resources as OpenSSL pointers. This powerful feature enables you to access the (potentially modified) email body as a virtual file. We’ve also added chunking (BDAT) for both sending and receiving, a zero-fill right shift bitwise operator, a data callback to the http() function, FFI function callbacks, and much more. Please see the release notes for a complete list of changes. We hope that you will enjoy this release. If you are new to Halon, don’t hesitate to contact us if you have any questions.

Why concurrency is important for large senders

Photo by Giuseppe Milo

Senders of large email volumes rely on the concept of multiple virtual queues for efficient delivery; separating email from different customers, to different destinations. This guarantees that for example one customer with a gigantic queue, or a destination which is tarpitting, doesn’t affect delivery of other traffic. Email transactions can take some time to complete, often as a result of content filtering at the destination. It is therefore necessary to support many simultaneous (concurrent) connections in each virtual queue, to support the throughput required for timely delivery. If each message takes an average of 1 second to deliver, 50 concurrent connections are needed to deliver 50 email per second.

The total maximum concurrency needed is the number of virtual queues multiplied with the desired concurrency for each queue. Traditional MTAs uses a process- or thread-based connection model. Those models scales poorly, and consequentially struggles to support more than a few thousand concurrent connections per server. This limitation becomes a problem as the system is scaled up, leading to bottlenecks or low customer density per MTA instance.

The Halon MTA uses a modern event-based connection model, sometimes called asynchronous or non-blocking. It scales exceptionally well; supporting tens of thousands of concurrent connections. Multiple worker threads are used to leverage all available CPU cores. This eliminates bottlenecks and can reduce the number of instances needed, which translates to lowered costs and simplified management.

Being asynchronous have benefits for receiving and processing inbound traffic as well. Consider the scenario where thousands of slow, or even idle, clients are connected to an MTA. Traditional MTAs would have to defer new connections from potentially legitimate senders, disturbing the service. Asynchronous MTAs like Halon are on the other hand be able to cope with a significantly large number of concurrent connections, and would handle the scenario above without breaking a sweat.

If you’re interested in learning more, don’t hesitate to reach out.

Halon 5.3 with new powerful queue API

Soap drop by Breic

Since the first Halon MTA release in 2008, we’ve had a text-based queue query syntax called HQL (a play on SQL) as part of our SOAP API. While it has served us well during all those years, it was time to move on to something more modern. The new 5.3 release (codename “buffy”) comes with a Protocol Buffers and JSON API which introduces a programmatic approach to queue operations.

The request and response body schemas are available on our Github page. For your convenience, the QueueList, QueueGroupByQueueUnload and QueueUpdate requests all have the same Condition argument. Those API calls can operate on both the active and defer queues, as well as messages on hold. That is why the condition argument both contains things like retry count, as well as resolved remote MX and IP. You can specify as many conditions as you like, and create logic-or expressions by specifying multiple conditions of the same type. There are exact matching, regular expressions, and intervals for integers and date/time. Needless to say; incredibly powerful.

The QueueGroupBy call returns the distribution based on the grouping parameters and intervals you choose; such as number of messages in various age buckets, grouped by recipient domain. This is useful for getting an overview of a large queue. Queries are blazingly fast, even with very large queues. All queue metadata (essentially the fields available as conditions) is loaded into memory, in order for the virtual sub-queues to work.

Halon 5.3 also comes with a new CLI called halonctl. It happens to be very useful when working with our API, as it can output the API request and response bodies for the command you run in JSON format. As you can se in the example below, the request body is printed first: 

$ halonctl queue update --bounce --state DEFER --jobid foobar --json-request --json
{
    "conditions": {
        "queues": [
            {
                "queue": "DEFER"
                ...

The CLI covers all the functionality of the product, and is a great complement to the web administration. Its configuration management sub-commands are useful for integrating Halon MTA instances into provisioning, deployment and CI/CD toolchains such as Puppet or Chef, where running commands is easier than making API calls.

Halon 5.3 comes with many other great improvements; such as connection pooling, a more efficient queue quota function, a new on-disk queue format and an Iconv() class for internationalisation conversion. Please see the release notes for a complete list of changes. We hope that you will enjoy this release as much as we do! If you are new to Halon, don’t hesitate to contact us, or dig into all our documentation that is available publicly on our website.

Just as cool as building it from scratch – why an email platform is your new best friend

For those of you working with larger amounts of traffic, which solution is better; building an email platform from scratch, or using an email security and delivery platform (ESDP) service? In this blog post, we describe both solutions so you can determine which one suits your company best.

Read more.

Why implementing an email platform will go much quicker than you think

Thinking about implementing a new email platform, but keep postponing the process since it seems way too time-consuming? Here we describe the whole process to show you know how fast it can be done!

Read more.

Halon 5.2 with ultra-flexible queuing

Photo by Karen Roe

We’re very proud to announce the upcoming 5.2 release “polly” which introduces a powerful queue policy engine. First and foremost, the queue and SMTP client’s network layer is now asynchronous. This allows an instance to handle tens of thousands of parallel connections. In combination with the reworked connection concurrency limits, this allows dynamic creation of a virtually unlimited number of independent sub-queues. This is useful for senders that need to separate email streams so that those that move slowly or get stuck don’t block others.

As usual, we made it flexible enough to fit any email service provider’s needs. Rather than having a fixed set of parameters and rollup/grouping options for establishing the sub-queues (with their respective thresholds), we allow you to define what constitutes a unique entry. You can choose any combination of fields, and group/rollup entries using regular expressions or wildcard. In the example below, we limit the concurrent per source IP and remote MX, and also rollup all Google’s MX entries into the same entry. The default concurrency is 5, except Google that gets 10.

- fields:
  - localip
  - remotemx:
      gsuite:
        - '*.google.com'
        - '*.googlemail.com'
        - '*.smtp.goog'
  conditions:
  - if:
      remotemx: '#gsuite'
    then:
      concurrency: 10
      rate: 50
  default:
    concurrency: 5
    rate: 10


Sometimes rollup per MX doesn’t cut it. There are several Microsoft Office365 locations (clusters), but the customer MX doesn’t reveal which they are on. To set a certain threshold for Office365 locations, we can rollup and match per MX, but limit per IP, as per the example below. Note that there’s no default threshold; it only affects Office365.

- fields:
  - localip
  - remotemx:
      o365:
       - '*.protection.outlook.com'
  - remoteip
  conditions:
  - if:
      remotemx: '#o365'
    then:
      concurrency: 10
      rate: 30

Thresholds and suspensions can be modified on the fly without reloading the configuration via
API, CLI, web administration or the MTA itself through this Halon script:

// If we have more than 10 failures per minute, lower rate for 5 minutes
$mx = $arguments["attempt"]["connection"]["remotemx"];
$code = $arguments["attempt"]["result"]["code"];
if ($mx and $code >= 400 and !rate("mx-fail", $mx, 10, 60, ["sync" => false]))
    cache ["ttl" => 300]
        PickupPolicy(
            ["localip", "remotemx"],
            ["remotemx" => $mx],
            ["rate" => [10, 60]], 300);

The reworked queue naturally comes with many new tools and APIs for interacting with the new functionality. This includes more subtle improvements, like the ability to view the queue’s shape by message age. By pressing an interval, you can dig into the specific messages, which are grouped by fields of your choice.

The new shared memory script functions and API opens up several possibilities. You can script statistic counters, which can then be read periodically over the API. Another use case is pre-loading data into the MTA over the API, rather than fetching and caching from within the script.

Finally, we now offer the ability to call methods in external shared libraries using our foreign function interface (FFI) class.

Check out the full changelog on GitHub for more information, and familiarise yourself with the important changes outlined in the release notes document before upgrading.

Reduce risk by switching email delivery platform

If you’re operating an email delivery platform that’s growing in traffic but isn’t operating at its full potential, you might want to look for other options. There are of course challenges associated with switching platforms, but in the end, it can prove to be the best solution for your company.

Read more.