Browse

Blog

Halon 4.5 – gettin’ certy with it

The main focus in Halon 4.5 release is TLS, hence the name “certy”. Check out the the new features and functions and try them out. Also, the knowledge base is growing with a lot of good how-to’s to help you around.

TLS information has been made accessible in the Halon Platform scripting language, both on the receiving and sending side. Support for X.509 client certificates has been added, allowing you to both verify the sender identity in the SMTP server, as well as identify yourself when sending email through an SMTP client.

Experiment: we configured a busy email system to ask for a client certificate for all inbound connections, and found that approximate 5% of all traffic provides a client identity. Most of the traffic is from Gmail and Office356. We did not collect the percentage of domains, which we leave as an exercise for you.

$peercert = GetTLS();
$haspeercert = isset($peercert["peer_cert"]);
stat("peer-cert", ["yes" => $haspeercert, "no" => !$haspeercert]);

How to enable this feature and start authenticating clients was documented as KB article.

Implementation and facilitation of TLS reporting (tlsrpt) has begun. It is a new standard for reporting TLS failures, mainly focused on MTA-STS and DANE.

The TLSSocket() class now have a getpeercert() function and the ability to specify a client certificate. Now you see why we called it” certy”?

Support for custom SASL authentication mechanism has been added. This allows you to build authentication schemes such as OTP, OAUTHBEARER or CRAM-MD5, but also EXTERNAL to facilitate the client certificate features. The procedure is documented in our knowledge base along with two sample implementations.

If you haven’t found our knowledge base before, the KB is a place to find how-to’s. The dev team is expanding it as fast as we can, adding topics that customers have asked about.

Finally, I want to highlight the big effort we’ve done to simplify, modernize and overall improve the web administration. This is an ongoing project, and something that we’re paying a lot of attention to. We want to thank, and congratulate, the Bootstrap team for providing such a awesome framework. We managed to get the Bootstrap 4.0 release in, with just a few days of work.

You can read the full changelog on our GitHub of all the other features big and small.

Get your free CloudFest ticket and join us in Rust

It’s that time of the year, when we start looking forward to another amazing week in Europa Park. What used to be WHD.global is now CloudFest, March 10-16 in Rust, Germany. We’ll be there, and we have a code if you want a free ticket worth €349!

Use the code CF18P6T when you register, or just click here: direct link: http://www.cloudfest.com/sign-up/?code=CF18P6T . The standard ticket covers all conference sessions, the trade show, catering and networking events such as the Come2Gather Party, legendary ConneXion Party and the BierFest. Standard ticket regular price is worth €349.

But we’re not just going for the parties, of course we want to meet you there. If you are hosting a large-scale email service and perhaps looking to replace a home-brew solution och getting more efficiency by cutting maintenance hours, please let us know. Book a meeting or just stop by our booth which is right by the main entrance. Welcome to CloudFest 2018 – everything you loved about WHD.global only bigger, bolder, and reflecting the entire cloud ecosystem!

Invitation to Email Security Roundtable in Stockholm in February

We kindly invite you who represent a telco, hosting or email company in Scandinavia to an exclusive Email Security Roundtable, to introduce you to the Trusted Email Services (TES) initiative.

TES was launched as an industry effort to raise awareness around email security threats and promote the deployment of innovative technologies to address them, including encryption and DNS-based mechanisms such as DNSSEC, DANE and DNS filtering. The discussion will deliver an insight into how internet service providers and software companies adopting TES guidelines and best practices can secure and qualify their services, comply with recent legal requirements (GDPR) and establish enduring customer relationships.

Thursday, February 15, 2018

15:30 Welcome & Coffee
16:00 Email Security Roundtable
19:00 Dinner at Hotel at Six sponsored by Scality

Hotel at Six
Brunkebergstorg 6, Stockholm

To allow for a meaningful and useful discussion, seating for this event will be limited to 15 participants.

Halon elects a former Tele2 executive and 
an American serial entrepreneur for company board

Anders Långsved
Halon has elected former Tele2 executive Anders Långsved and American IT entrepreneur David Chartier for the company board of directors. Halon is facing growth plan for the coming year, and thereby sees the need to strengthen the board with experiences from international sales.

Anders Långsved has 20 years experience from various commercial roles in the ICT industries, always with focus on building high performance teams to achieve rapid growth. He has held various executive positions within Tele2 in Sweden and Austria.

I discovered Halon and saw a fast and competent company on a growing market, with a lot of potential. Now I want to contribute with my experiences around growing from a small to a large company, as well as my international point of view

says Anders Långsved.

American serial entrepreneur David Chartier became an advisor for Halon during the spring of 2017 but will now proceed to the board. He has been in the cyber security industry for 20 years, made several successful exits, and been the CEO of technology based companies. David Chartier resides in San Francisco but a frequent visitor to the Nordics.

Anders and David will help us to elevate Halon, since they both have made this journey many times before

says Per Stenman, COO at Halon.

With their entrance, Halons CEO and co-founder Peter Falck and Björn Westman of Almi Invest, will be leaving the board as members, to become substitutes.

The other members of the board are; chairman Ulf Börjel, Halon co-founder Jonas Falck and Håkan Krook of Chalmers Ventures.

Halon has during 2017 acquired many new customers from both the web hosting and telecom industry, for example Dutch operator KPN. The aim for 2018 is heavy growth, and there are several open positions for technical pre-sales and technical support to apply for at the Gothenburg office in Sweden.

Anders Berggren speaker at Driving IT in Copenhagen

Driving IT, on November 3rd in Copenhagen, is a conference that gives a unique insight into the world’s constant changes in IT and development. The host IDA is The Danish Society of Engineers.

IDA Universe wants to strengthen knowledge exchange and personal and development for professionals who engage in technical and science subjects at a high academic level.

One way of doing this is the Driving IT conference, where Halon CTO Anders Berggren will be speaking. His topic is ”The state of email encryption”, addressing the fact that standards such as DANE and MTA-STS are becoming competitive differentiators.

Are you in the Copenhagen area? Get your ticket!

Halon 4.4 “lofty” packed with small improvements

The 4.4 release “lofty” is all about fixing bugs, boost existing features, and improve performance and memory management in the Halon script engine. And like macOS “High Sierra”, it’s fully baked.

The unusually long changelog contains many small improvements. We’ve given the pre/post-delivery script a slight overhaul. It’s now possible to tailor the bounce behaviour via the the SetDNS() function. Additionally, we’ve added $action and $context, as well as functions to set MAIL/RCPT parameters. Finally, the SetSouceIP() enables you to choose an IPv4 and IPv6 address pair, which is a great when you want to provide customers with a private IPv4 and IPv6 or if you want to use diverse address pools.

The improved “Listen on” directive on the Server > SMTP listener page enables more fine-grained control over listen ports and IPs; such as listening on different ports for different IPs.

Quirks and fun trivia
  • We recently revised our LDAP implementation, and realised that our own syntax and mechanism for failover between hosts is rather superfluous, since OpenLDAP supports that natively. Consequently, we adopted the standard LDAP URI’s in our configuration, and existing configurations will be automatically migrated.
  • While we support the PROXY protocol (v1) that passes client source IP information from load balancers, we thought it was mostly as HAProxy thing. Apparently, it’s used by many other load balancers such as Amazon ELB, Citrix Netscaler, and F5 BIG-IP. Most of them implements the version 1 (which is human readable), but there is a second version of the protocol that’s binary-packed, and have a quite smart feature: its magic string (protocol identification) is \x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A which translates into literal "\r\n\r\nQUIT\r\n", a string chosen specifically to case an error and disconnect against servers not supporting this protocol. Clever!
  • If you have a IPv6 only datacenter, but still want to process IPv4 clients, you can do so with a SIIT-DC gateway which uses IPv4-mapped-IPv6 addresses. In Halon, you can use SIIT-DC while still performing IPv4 reputation (such as DNSBL), by extracting and setting the IPv4 address in the CONNECT script. If that doesn’t make the point that we’re very scriptable, then what does?

Image from Tore Anderson’s SIIT-DC presentation

If you ever had problems signing in to a Halon using Firefox, it can be because a recent change in how “secure cookies” are handled. When signing in over HTTPS, we set the secure cookie flag, which forbids the cookie to be send over a unencrypted HTTP connection to the same host. That is all great, but if you then try to sign in over HTTP (for whatever reason) Firefox will not be able to login because there is already a cookie for that domain with the secure flag and it cannot be replaced, nor accessed. We addressed this by using different cookie names for HTTP and HTTPS. Regardless of this fix, you should not use HTTP when administering your Halon hosts.

Better spam protection in Mölndal – thanks to Halon

Mölndals Stad (Mölndal municipality) has approximately 5000 employees and 10 000 students. In 2010 the IT department decided that 15 000 inboxes needed a new spam protection.

Anders Westerberg, now Head of IT Security in Mölndal, had built an open-source based solution that worked well. But for Annika Samuelsson, Head of IT development and maintenance, it was clear that they could not go on using a solution that only one person knew how to operate. Together with Anders she investigated possible replacements that could fulfill their wishes, and Halon caught their eye. The Halon software was then newly introduced to the market, and they saw an advantage in the company being open to a dialogue around how the product could be tailored to fit their needs.

The focus was of course on abiding by laws and regulations. Email sent to Mölndal municipality becomes public record and must be archived, even if it’s just spam. Stopping the email before it enters their system saves them that burden, and it’s also the procedure recommended by the organisation SKL (Municipalities and Country Councils of Sweden). Before implementing Halon, Annika and her team handled all spam quarantine, something that is now in the past. With the ”bulk” feature, an email manager will get a report on all blocked unsolicited email.
– The result is very satisfying, says Annika Samuelsson

Introducing Halon was a quick process, and even though most of the work was done in-house they received some help from Halon support staff to do the fine tuning. Since becoming a customer, they have reached out a few times to address spam issues.
– There have been incidents where we get spam that passes through the filter. But it’s always been very easy to get in touch with Halon and resolving the issues. Once it was actually as easy as a misunderstanding on which users that could report spam.

Mölndal municipality are subject to public procurement, and regularly has to compare their system to market competitors. But they have yet to find a product that solves their problems as effectively and smooth as Halon.
– We feel very comfortable with what Halon provides us, and we would definitively 
recommend it to other governmental businesses.

Download Mölndals Stad Case Study as pdf document.

Hang with Halon at Nordic Domain Days on November 20-21

Nordic Domain Days will be part of the long-running and very popular Internet Days (Internetdagarna) organised by IIS, the registry for .se and .nu, smack in the middle of beautiful Stockholm, Sweden. Join more than 2500 people all passionate about the internet, sharing their knowledge and expanding their network.

Enter the code “NDD17” and get 20% off the registration fee >


Meet and network with your peers in the domain name industry, with a focus on the interaction between registries, registrars, resellers and service providers. Representatives from both local country code and international registries will be present. Add to that some of the largest registrars in northern Europe (and the world) and you have the Nordic domain industry event!

Hang out with some of the brightest minds from around the domain and hosting industry including registries, registrars, resellers and service providers. Enjoy a fantastic social event at a great location with a perfect opportunity to build and renew your network. Halon is one of the sponsors for the social event, so come and party with us!

Enter the code “NDD17” and get 20% off the registration fee >

Halon invited as speaker to ETIS Community Gathering 2017


Each year the ETIS Community Gathering brings together European telecommunication professionals to share knowledge and best practices in a trusted environment. The theme of the ETIS Community Gathering 2017 is ‘Shaping the Digital Ecosystem of the Future’.

Halon co-founder Jonas Falck will be speaking about DANE, SMTP STS and more, together with senior software engineer Erik Lax.

Erik Lax

The meeting is this year held on October 5-6 in Tallinn, Estonia. ETIS believes that Estonia, the first country to allow online voting in a general election, is a perfect place for a debate on the ‘Digital Ecosystem of the Future’, and we agree. It has the world’s fastest broadband speeds and holds the record for start-ups per person.

Its 1.3 Million citizens pay with their mobile phones, have their health records stored in the digital cloud, and file their annual tax return online in 5 min. Moreover Estonia will be holding the presidency of the EU council in the second half of 2017. Therefore ETIS invites relevant parties and start-ups to discuss lessons learned in e-Estonia.

One week with Scale Global in San Francisco

Last week brought Per Stenman and Anders Berggren of Halon to San Francisco and Palo Alto, as a part of the Scale Global program. Sunny California offered meetings with VC’s, entrepreneurs, coaches, and even a celebrity that we can not disclose.

Hello SF

Hello San Francisco, we’ve missed you!

Tech art and Andreesen Horowitz
Entering AndreesenHorowitz

start-with-the-customer
Sharon Chang, Partner at AndreesenHorowitz

California eating
Food is necessary, so is instagramming.

Professor Huggy Rao
Huggy Rao, Atholl McBean Professor of Organizational Behavior at Stanford Graduate School of Business.

SC Moatti
SC Moatti, Managing Partner at Mighty Capital.

Tristan Kromer
Tristan Kromer, Lean Startup Coach.

Cindy Alvarez and Anders Berggren
Cindy Alvarez, Principal design researcher at Microsoft. Halon co-founder Anders Berggren visiting 500 Startups.

Meat
No trip to the US without getting a decent steak.

Maxime Prades and Gustaf Alströmer
Maxime Prades, VP of Product Management at Algolia and Gustaf Alströmer, Partner at Y Combinator.

Rohit Sharma
Rohit Sharma, Partner at True Ventures.