Browse

Blog

Halon 4.4 “lofty” packed with small improvements

The 4.4 release “lofty” is all about fixing bugs, boost existing features, and improve performance and memory management in the Halon script engine. And like macOS “High Sierra”, it’s fully baked.

The unusually long changelog contains many small improvements. We’ve given the pre/post-delivery script a slight overhaul. It’s now possible to tailor the bounce behaviour via the the SetDNS() function. Additionally, we’ve added $action and $context, as well as functions to set MAIL/RCPT parameters. Finally, the SetSouceIP() enables you to choose an IPv4 and IPv6 address pair, which is a great when you want to provide customers with a private IPv4 and IPv6 or if you want to use diverse address pools.

The improved “Listen on” directive on the Server > SMTP listener page enables more fine-grained control over listen ports and IPs; such as listening on different ports for different IPs.

Quirks and fun trivia
  • We recently revised our LDAP implementation, and realised that our own syntax and mechanism for failover between hosts is rather superfluous, since OpenLDAP supports that natively. Consequently, we adopted the standard LDAP URI’s in our configuration, and existing configurations will be automatically migrated.
  • While we support the PROXY protocol (v1) that passes client source IP information from load balancers, we thought it was mostly as HAProxy thing. Apparently, it’s used by many other load balancers such as Amazon ELB, Citrix Netscaler, and F5 BIG-IP. Most of them implements the version 1 (which is human readable), but there is a second version of the protocol that’s binary-packed, and have a quite smart feature: its magic string (protocol identification) is \x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A which translates into literal "\r\n\r\nQUIT\r\n", a string chosen specifically to case an error and disconnect against servers not supporting this protocol. Clever!
  • If you have a IPv6 only datacenter, but still want to process IPv4 clients, you can do so with a SIIT-DC gateway which uses IPv4-mapped-IPv6 addresses. In Halon, you can use SIIT-DC while still performing IPv4 reputation (such as DNSBL), by extracting and setting the IPv4 address in the CONNECT script. If that doesn’t make the point that we’re very scriptable, then what does?

Image from Tore Anderson’s SIIT-DC presentation

If you ever had problems signing in to a Halon using Firefox, it can be because a recent change in how “secure cookies” are handled. When signing in over HTTPS, we set the secure cookie flag, which forbids the cookie to be send over a unencrypted HTTP connection to the same host. That is all great, but if you then try to sign in over HTTP (for whatever reason) Firefox will not be able to login because there is already a cookie for that domain with the secure flag and it cannot be replaced, nor accessed. We addressed this by using different cookie names for HTTP and HTTPS. Regardless of this fix, you should not use HTTP when administering your Halon hosts.

Better spam protection in Mölndal – thanks to Halon

Mölndals Stad (Mölndal municipality) has approximately 5000 employees and 10 000 students. In 2010 the IT department decided that 15 000 inboxes needed a new spam protection.

Anders Westerberg, now Head of IT Security in Mölndal, had built an open-source based solution that worked well. But for Annika Samuelsson, Head of IT development and maintenance, it was clear that they could not go on using a solution that only one person knew how to operate. Together with Anders she investigated possible replacements that could fulfill their wishes, and Halon caught their eye. The Halon software was then newly introduced to the market, and they saw an advantage in the company being open to a dialogue around how the product could be tailored to fit their needs.

The focus was of course on abiding by laws and regulations. Email sent to Mölndal municipality becomes public record and must be archived, even if it’s just spam. Stopping the email before it enters their system saves them that burden, and it’s also the procedure recommended by the organisation SKL (Municipalities and Country Councils of Sweden). Before implementing Halon, Annika and her team handled all spam quarantine, something that is now in the past. With the ”bulk” feature, an email manager will get a report on all blocked unsolicited email.
– The result is very satisfying, says Annika Samuelsson

Introducing Halon was a quick process, and even though most of the work was done in-house they received some help from Halon support staff to do the fine tuning. Since becoming a customer, they have reached out a few times to address spam issues.
– There have been incidents where we get spam that passes through the filter. But it’s always been very easy to get in touch with Halon and resolving the issues. Once it was actually as easy as a misunderstanding on which users that could report spam.

Mölndal municipality are subject to public procurement, and regularly has to compare their system to market competitors. But they have yet to find a product that solves their problems as effectively and smooth as Halon.
– We feel very comfortable with what Halon provides us, and we would definitively 
recommend it to other governmental businesses.

Download Mölndals Stad Case Study as pdf document.

Hang with Halon at Nordic Domain Days on November 20-21

Nordic Domain Days will be part of the long-running and very popular Internet Days (Internetdagarna) organised by IIS, the registry for .se and .nu, smack in the middle of beautiful Stockholm, Sweden. Join more than 2500 people all passionate about the internet, sharing their knowledge and expanding their network.

Enter the code “NDD17” and get 20% off the registration fee >


Meet and network with your peers in the domain name industry, with a focus on the interaction between registries, registrars, resellers and service providers. Representatives from both local country code and international registries will be present. Add to that some of the largest registrars in northern Europe (and the world) and you have the Nordic domain industry event!

Hang out with some of the brightest minds from around the domain and hosting industry including registries, registrars, resellers and service providers. Enjoy a fantastic social event at a great location with a perfect opportunity to build and renew your network. Halon is one of the sponsors for the social event, so come and party with us!

Enter the code “NDD17” and get 20% off the registration fee >

Halon invited as speaker to ETIS Community Gathering 2017


Each year the ETIS Community Gathering brings together European telecommunication professionals to share knowledge and best practices in a trusted environment. The theme of the ETIS Community Gathering 2017 is ‘Shaping the Digital Ecosystem of the Future’.

Halon co-founder Jonas Falck will be speaking about DANE, SMTP STS and more, together with senior software engineer Erik Lax.

Erik Lax

The meeting is this year held on October 5-6 in Tallinn, Estonia. ETIS believes that Estonia, the first country to allow online voting in a general election, is a perfect place for a debate on the ‘Digital Ecosystem of the Future’, and we agree. It has the world’s fastest broadband speeds and holds the record for start-ups per person.

Its 1.3 Million citizens pay with their mobile phones, have their health records stored in the digital cloud, and file their annual tax return online in 5 min. Moreover Estonia will be holding the presidency of the EU council in the second half of 2017. Therefore ETIS invites relevant parties and start-ups to discuss lessons learned in e-Estonia.

One week with Scale Global in San Francisco

Last week brought Per Stenman and Anders Berggren of Halon to San Francisco and Palo Alto, as a part of the Scale Global program. Sunny California offered meetings with VC’s, entrepreneurs, coaches, and even a celebrity that we can not disclose.

Hello SF

Hello San Francisco, we’ve missed you!

Tech art and Andreesen Horowitz
Entering AndreesenHorowitz

start-with-the-customer
Sharon Chang, Partner at AndreesenHorowitz

California eating
Food is necessary, so is instagramming.

Professor Huggy Rao
Huggy Rao, Atholl McBean Professor of Organizational Behavior at Stanford Graduate School of Business.

SC Moatti
SC Moatti, Managing Partner at Mighty Capital.

Tristan Kromer
Tristan Kromer, Lean Startup Coach.

Cindy Alvarez and Anders Berggren
Cindy Alvarez, Principal design researcher at Microsoft. Halon co-founder Anders Berggren visiting 500 Startups.

Meat
No trip to the US without getting a decent steak.

Maxime Prades and Gustaf Alströmer
Maxime Prades, VP of Product Management at Algolia and Gustaf Alströmer, Partner at Y Combinator.

Rohit Sharma
Rohit Sharma, Partner at True Ventures.

Welcome to TES in Mexico City

We are glad to welcome Mexico into the circle of countries that have been visited by TES, and if you work in the email industry/cloud/telco in Mexico, please join us on September 28th.

Trusted Email Services, TES, was launched as an industry effort to raise awareness around email security threats and promote the deployment of innovative technologies to address them, including encryption and DNS-based mechanisms such as DNSSEC, DANE and DNS filtering.

The discussion will deliver an insight into how internet service providers and software companies adopting TES guidelines and best practices can secure and qualify their services, comply with recent legal requirements (GDPR) and establish enduring customer relationships.

Thanks to the sponsorship of Open-Xchange and to the efforts of the local partner CITI, this will be the first TES event ever in Central America, trying to build awareness among Mexican telcos and ISPs on email transport issues, current attacks and possible solutions based on open standards.

International speakers will address the audience, prompting the usual discussion and exchange of experiences, which will be followed by a friendly networking event with drinks and food. To allow for a meaningful and useful discussion, seating for this event will be limited to 20 participants. Want to join? Please send an email to [email protected] as soon as possible.

Halon chosen for growth acceleration program Scale Global

Halon has been chosen to participate in the growth acceleration program Scale Global. During the period of September 2017 to January 2018, Halon and seven other companies will get help with the transition from nailing the product to scaling their business. The program rests on three pillars; workshops, coaches and Silicon Valley.

Each company is paired with a coach, and Halon will be working together with Stefan Lindeberg, CEO of ZeroPoint Technologies and former CEO of Netnod. Other coaches include Mengmeng Du (Spotify, Acast), Alfred Ruth (Vidoplaza, Angel investor), Alexander Hars (Let’s Deal), Louise Grandinson (MAG Interactive, Disney) and Johan Sköld (Qamcom, Chalmers Ventures).

The program is organized by Chalmers University of Technology, with support from Vinnova. The companies have been chosen according to several criteria, such as having global potential, having annual sales of at least 10 MSEK and/or manage at least 10 employees. Out of 70 nominees, Halon was chosen along with Adfenix, Parakey, Wint, Greenbyte, Minatjänster.se, Senion and Kitab Sawti.

The companies will be working together on a number of workshops, one of them being a one-week stay in Silicon Valley, having meetings with partners at AndreessenHorowitz and True Ventures, Gustaf Alströmer (partner at Y Combinator), Cindy Alvarez from Microsoft and Maxime Prades of Algolia, to mention a few.

Time-of-click protection against ransomware, malware and phishing

Time-of-click protection adds an extra layer of security to protect email users from accessing malicious content. Attacks including malware, ransomware and phishing are becoming more common and more sophisticated with every day, along with users keeping more sensitive information. 

With an additional time-of-click protection, Halon will classify links in email every time it’s clicked, before allowing or denying the user to visit it. This means that if the scammer waits two minutes or two months with infecting the site, the user will still be protected when he or she chooses to click the link. It’s the extra layer of security that won’t allow you to visit infected websites by way of a link in an email protected by Halon.

Features

  • On-premise or hosted cloud
  • Front/backend architecture for high availability
  • Multi-tenant with companies and users
  • Supports branding
  • Multiple detection engines
    • CYREN
    • Sophos
    • Google Safe Browsing
    • ISITPHISHING.org
    • Spamhaus
    • SURBL
    • URIBL
    • PhishTank
  • Optional click history
  • Black/whitelisting

Time-of-click protection is an add-on to Halon SMTP software, and we recommend that you extend your license to include it. Pricing is set per user, with volume-based discount. If you are already a Halon customer, contact your sales representative, or send us an email for your quote.

Meet “classy” and “cody”, Halon 4.2 and 4.3

We have done two new releases of Halon since last time we updated the blog with release matters. In Halon 4.1 “teamy”, released just before this summer, we introduced modules. A month later we followed up with 4.2 “classy” that added proper object orientation to the language (which works great in combination with modules). It spawned a few rewrites of our script examples (modules) to reflect this awesomeness. We initially added instance and class methods and variables (static), and in 4.3 “cody” we added the private keyword to functions and variables as well.

class HelloWorld
{
	private $name = "Dr Who?";
	constructor($name)
	{
		$this->name = $name;
	}
	function sayHello()
	{
		return "Hello ".$this->name";
	}
	static function ...()
	{
		...
	}
}

We’ve created a lot of modules and script examples. Some of those, such as the PostgreSQL and MongoDB modules, rely heavily on byte packed data structures. In order to better support those, we’ve added built-in functions such as pack() and unpack(). Upcoming modules and rewrites will also benefit from the new TLSSocket() class.

Here are some new additions to our module collection:

Other notable features from the changelog includes

  • FreeBSD 11.1 and new quarterly packages
  • sha2 hash functions
  • Added status and NDR codes to Reject, Defer and Deliver functions
  • SetTLS support CA name verification
  • DLP engine now support file hashes of SHA2-256 and SHA2-512
  • Added $sourceip variable to post-delivery script to easily determine which IP address that was used to send the mail
Geek out corner

One major change that only we can see and fully appreciate is the (both automated and manual) code migration to C++11 (and forward), using the truly awesome clang-tidy tool.

On another note; while we researched pack and unpack implementations by looking at other languages’ documentation (such as PHP, Perl and Python), we found a bug in PHP, which was fixed in 7.2, and backported to 7.1.9. The overall consensus of syntax and conventions amongst languages regarding how pack and unpack should work seems to reflect and mimic Perl.

Some scripting languages like JavaScript and HSL has the notion of class constructors but no destructors. The HSL memory model uses references counted automatic garbage collection to determine when objects should be removed.

“In a language with an automatic garbage collection mechanism, it would be difficult to deterministically ensure the invocation of a destructor, and hence these languages are generally considered unsuitable for RAII [Resource Acquisition Is Initialization]” – Wikipedia on destructors

MongoDB does unlike many other databases use little endian and not big endian (network byte order) in its wire protocol. This will let you send and receive data structures in native machine endian (for most people) since both x86 and amd64 use this convention. I highly recommend reading up on the fun historic trivia about endianness.

Want more in-depth info on the new releases? Get in touch with the support team.

Dude, where’s my email?

Ensuring high deliverability in email is no walk in the park. As a high-volume sender of email, there are many things to take in consideration, especially with cybercriminals keeping a fast pace in innovation.

Make no mistake, deliverability is of highest importance to anyone sending email, let alone the high volume senders. When you get the information from your servers that a certain percent of sent emails were accepted by the receiving servers you still have no idea what happened after that. No confirmation of emails actually reaching inbox means they might just as well be laying in the spam folder. The SMTP transaction is logged as ”250 OK” as long as the server didn’t reject the email. To make matters even worse, different ISP’s may treat email differently, putting more responsibility on the sender to do their homework as neat as possible.

Pay attention to encryption, as it no longer is as security measure only for the selected few, but becoming the standard. TLS/SSL and DANE are your friends and will keep your information private.

Be protective of your IP addresses reputation, they can make or break your deliverability. ISP’s acts as proxies for recipients, meaning they will take reputation very seriously. Take in consideration that sending unsolicited email may harm your IP reputation, and authenticating your email with SPF, DKIM, and DMARC will help keep out scammers who are most often ahead of ISP’s and senders technology.