The main focus in Halon 4.5 release is TLS, hence the name “certy”. Check out the the new features and functions and try them out. Also, the knowledge base is growing with a lot of good how-to’s to help you around.
TLS information has been made accessible in the Halon Platform scripting language, both on the receiving and sending side. Support for X.509 client certificates has been added, allowing you to both verify the sender identity in the SMTP server, as well as identify yourself when sending email through an SMTP client.
Experiment: we configured a busy email system to ask for a client certificate for all inbound connections, and found that approximate 5% of all traffic provides a client identity. Most of the traffic is from Gmail and Office356. We did not collect the percentage of domains, which we leave as an exercise for you.
How to enable this feature and start authenticating clients was documented as KB article.
Implementation and facilitation of TLS reporting (tlsrpt) has begun. It is a new standard for reporting TLS failures, mainly focused on MTA-STS and DANE.
The TLSSocket() class now have a getpeercert() function and the ability to specify a client certificate. Now you see why we called it” certy”?
Support for custom SASL authentication mechanism has been added. This allows you to build authentication schemes such as OTP, OAUTHBEARER or CRAM-MD5, but also EXTERNAL to facilitate the client certificate features. The procedure is documented in our knowledge base along with two sample implementations.
If you haven’t found our knowledge base before, the KB is a place to find how-to’s. The dev team is expanding it as fast as we can, adding topics that customers have asked about.
Finally, I want to highlight the big effort we’ve done to simplify, modernize and overall improve the web administration. This is an ongoing project, and something that we’re paying a lot of attention to. We want to thank, and congratulate, the Bootstrap team for providing such a awesome framework. We managed to get the Bootstrap 4.0 release in, with just a few days of work.
We have done two new releases of Halon since last time we updated the blog with release matters. In Halon 4.1 “teamy”, released just before this summer, we introduced modules. A month later we followed up with 4.2 “classy” that added proper object orientation to the language (which works great in combination with modules). It spawned a few rewrites of our script examples (modules) to reflect this awesomeness. We initially added instance and class methods and variables (static), and in 4.3 “cody” we added the private keyword to functions and variables as well.
private $name = "Dr Who?";
$this->name = $name;
return "Hello ".$this->name";
static function ...()
We’ve created a lot of modules and script examples. Some of those, such as the PostgreSQL and MongoDB modules, rely heavily on byte packed data structures. In order to better support those, we’ve added built-in functions such as pack() and unpack(). Upcoming modules and rewrites will also benefit from the new TLSSocket() class.
Here are some new additions to our module collection:
Other notable features from the changelog includes
FreeBSD 11.1 and new quarterly packages
sha2 hash functions
Added status and NDR codes to Reject, Defer and Deliver functions
SetTLS support CA name verification
DLP engine now support file hashes of SHA2-256 and SHA2-512
Added $sourceip variable to post-delivery script to easily determine which IP address that was used to send the mail
Geek out corner
One major change that only we can see and fully appreciate is the (both automated and manual) code migration to C++11 (and forward), using the truly awesome clang-tidy tool.
On another note; while we researched pack and unpack implementations by looking at other languages’ documentation (such as PHP, Perl and Python), we found a bug in PHP, which was fixed in 7.2, and backported to 7.1.9. The overall consensus of syntax and conventions amongst languages regarding how pack and unpack should work seems to reflect and mimic Perl.
“In a language with an automatic garbage collection mechanism, it would be difficult to deterministically ensure the invocation of a destructor, and hence these languages are generally considered unsuitable for RAII [Resource Acquisition Is Initialization]” – Wikipedia on destructors
MongoDB does unlike many other databases use little endian and not big endian (network byte order) in its wire protocol. This will let you send and receive data structures in native machine endian (for most people) since both x86 and amd64 use this convention. I highly recommend reading up on the fun historic trivia about endianness.
Want more in-depth info on the new releases? Get in touch with the support team.
Have you checked out our open-source End-user interface on GitHub yet? It can be used either as is, modified to fit your needs, or only as an inspiration for your own code. Since last time we posted about it, we have updated it with a bunch of new features. Have a look and feel free to give us some feedback if you do decide to try it.
Your Halon nodes archives can now be managed directly from the Messages tab in the interface. This feature allows the end-users to browse, preview, resend and download messages from the archives.
This feature makes it possible to monitor HSL rate limits from your Halon nodes in real-time (when logged in as an administrator). This can be very useful to get a quick glance at for example which users are sending large amounts of email (or suspect spam) or to discover other anomalies. It can also be used to reset rate limits for specific users.
This feature improves search performance by splitting the message history into different partitions based on a customisable user ID.
Database based graphs
Before it was only possible to fetch the graphs from the Halon nodes directly but now it’s also possible to create graphs based on the data in the local database.
The datastore is very useful for storing various kind of data that can then be fetched by the Halon nodes. Some examples of use cases for this could be overrides for rate limits, routing information and specific customer settings.
The interface is based on Bootstrap and uses a templating system called Twig which makes it very easy to switch between different themes and also make your own modification to them. We now provide multiple themes to choose from but you could also easily implement your own themes as well.
It’s now possible to create, edit and remove database users directly from the interface (when logged in as an administrator).
In certain situations it can be very helpful to be able to quickly check if a SMTP server is online and reachable, has support for TLS and that it’s working, test user authentication and measure transaction delays and throughput. All of this and more can be done quickly using the command-line. Here’s your guide!
Today’s leading spam filter technologies offer a very high degree of accuracy. In this blog I’ll describe the current state of spam classification, and propose a pretty innovative method that can significantly improve both senders’ and recipients’ satisfaction (as well as reducing the burden on administrators and support staff) by enabling senders to report false positives if they pass a CAPTCHA test. Let’s start by familiarising ourselves with the history of anti-spam.
Although many customers prefer to use the Halon SMTP Platform as-is, most hosting providers want to implement end-user interfaces in order to offer a higher degree of customer self-service. Since the Halon SMTP platform is essentially a scriptable MTA (with many features such as anti-spam, signing, and much more) with an opensource ecosystem, it makes a lot of sense to maintain the end-user interface as a GitHub project. It is designed as a boiler-plate, and our aim is that the code itself should be as simple and straight-forward as possible. It currently offers features such as indexed history, text logs, queue and quarantine management, black/whitelisting, spam settings and statistics.
In the previous weeks, we’ve added translation support using gettext, with English as the default language, and an extra translation in Swedish. If you want to maintain a translation in another language; please let us know! The language is automatically detected based on the browser’s HTTP_ACCEPT_LANGUAGE.
One of Halon’s strengths is seamless integration, something that we discussed in the previous blog entry. The same goes for the end-user interface, and we’ve done numerous integrations with common hosting platforms such as WHMCS, cPanel and Odin. The cPanel plugin is branched out into its own project, and offers session transfer for both admins and users (webmail). We recently went to Barcelona for an APS2 training hosted by Odin, and we’ve published an initial version of our Service Automation plugin. It currently offers session transfer for both admins and users, and we’re looking to extend its functionality in various ways.
We hope that you and your customers will enjoy the updated end-user experience! Do not hesitate to contact us if you want more information or help setting it up.
Thanks to PHP’s flexibility, we could develop a cross-platform solution, without having to rely on a RPC multiplexer. We chose a select()ing method provided by CURL’s “multi” package, by extending the SoapClient class and implementing our own __doRequest.
// Just demonstrating that it works with multiple functions, to multiple servers
$client1 = new SoapClientAsync('some-systems-wsdl', $options);
$client2 = new SoapClientAsync('another-systems-wsdl', $options);
$result1 = $client1->someFunction($arguments);
$result2 = $client1->anotherFunction($arguments);
$result3 = $client2->anotherFunction($arguments);
We hope that our customers appreciate the speed boost that it gives their anti-spam system’s end-user web interfaces.
Halon is a flexible security and operations platform for in-transit email. It enables companies that build and operate large-scale
email services to offer competitive features by rapid implementation, and to lower costs of maintenance through
reliable deployment and reduced complexity.