Search found 43 matches

by mattch
29 Dec 2022 14:40
Forum: How-to
Topic: spam missing from domain.
Replies: 1
Views: 797

spam missing from domain.

Hello! Im trying to wrap my head around this one and how to prevent it. Ive never seen this type of spam sneak through. When it was delivered to my mailbox, the from address was my efa domain: It appears that part of the from domain is missing in the header so efa appends its own? But also part of h...
by mattch
18 Dec 2021 00:35
Forum: Discussion
Topic: PDF attachment converting to Base64 plain text
Replies: 35
Views: 9394

Re: PDF attachment converting to Base64 plain text

Im so curious where its getting changed at, if it is being changed at all. For me it come from a trusted sender with always same source so bypassing has been my work around and it fell on the back burner. If the automated messages come from random source then that can be bigger source of head ache. ...
by mattch
17 May 2021 15:31
Forum: Discussion
Topic: PDF attachment converting to Base64 plain text
Replies: 35
Views: 9394

Re: PDF attachment converting to Base64 plain text

In MailScanner.conf you could set a ruleset: # Processing Incoming Mail # ------------------------ ... Scan Messages = %rules-dir%/scan.messages.rules ... The rule itself: From: somebody@domain.com no From: somebody.else@anotherdomain.com no FromOrTo: default yes Capturing an incoming message needs...
by mattch
13 May 2021 03:07
Forum: Discussion
Topic: PDF attachment converting to Base64 plain text
Replies: 35
Views: 9394

Re: PDF attachment converting to Base64 plain text

I have created now a scanMessages.rule were all mails form this particular automated sender account is excluded from incoming processing (mmmhh, what is exactly excluded, Idk). We have in the meantime received a few messages passing eFa successfully towards our MS-Exchange2010 server, showing the c...
by mattch
11 May 2021 01:53
Forum: Discussion
Topic: PDF attachment converting to Base64 plain text
Replies: 35
Views: 9394

Re: PDF attachment converting to Base64 plain text

I've been unable to trigger the problem so far. I'll probably need someone's help. What I need is the MIME part structure. This is basically the raw message before it hits MailScanner, which means intercepting it. The content and headers can be stripped out, I just need the MIME information and bou...
by mattch
10 May 2021 18:26
Forum: Discussion
Topic: PDF attachment converting to Base64 plain text
Replies: 35
Views: 9394

Re: PDF attachment converting to Base64 plain text

I've been unable to trigger the problem so far. I'll probably need someone's help. What I need is the MIME part structure. This is basically the raw message before it hits MailScanner, which means intercepting it. The content and headers can be stripped out, I just need the MIME information and bou...
by mattch
06 May 2021 20:11
Forum: Discussion
Topic: PDF attachment converting to Base64 plain text
Replies: 35
Views: 9394

Re: PDF attachment converting to Base64 plain text

So, besides the weird boundary, is the data consistent in the partial message? Yes. I get two different emails with this pdf attachment being encoded to base64 in msg body. both from same place just generated and sent from different systems. I bring up bc not sure if helps Ive noticed different mim...
by mattch
04 May 2021 15:05
Forum: Discussion
Topic: PDF attachment converting to Base64 plain text
Replies: 35
Views: 9394

Re: PDF attachment converting to Base64 plain text

Update: Maybe I have found a possible root cause of the problem. All received messages from that sender do contain a colon followed by a four digit number. boundary="18446744072854621553-907769865-1620118963 =:6511 " Could this be a reason for theis problem? Mmmhh. same here on not workin...
by mattch
04 May 2021 14:56
Forum: Discussion
Topic: PDF attachment converting to Base64 plain text
Replies: 35
Views: 9394

Re: PDF attachment converting to Base64 plain text

In my case, These come in my inbox as plain text email with the bas64 (not ascii) in the body. i been coping base64 code from email to a decoder to spit out pdf. If I resend the message via MailWatch-UI to another addressee on the same MTA, the file is correctly shown with the PDF attachment. i neve...
by mattch
25 Mar 2021 00:22
Forum: Discussion
Topic: PDF attachment converting to Base64 plain text
Replies: 35
Views: 9394

Re: PDF attachment converting to Base64 plain text

i cant seem to get any "rename to" rules working, even basic one. "rename" works which uses default mailscanner.conf setting (.disarmed)

rename attachment with .test to .new

Code: Select all

rename to  .new \.test$

Code: Select all

rename to  .new \.test$   -   -
by mattch
24 Mar 2021 19:47
Forum: Discussion
Topic: PDF attachment converting to Base64 plain text
Replies: 35
Views: 9394

Re: PDF attachment converting to Base64 plain text

just following up with update and looking for any ideas. i made file with backslash and confirm it doesn't like it. I cant figure out forward slash like in the original attachment but have a theory, maybe the forward slash is unicode \u002f. I tried contacting them but is big company and wont let me...
by mattch
05 Mar 2021 01:55
Forum: Discussion
Topic: PDF attachment converting to Base64 plain text
Replies: 35
Views: 9394

Re: PDF attachment converting to Base64 plain text

Is there any log file i can try to glean some more info on how the attachment is handled? i dont know if this is a bug, or how to even test but i think it has something to do with the file name of the said pdf attachment having a "/" in the actual file name. Not shown above. I dont know ho...
by mattch
02 Mar 2021 21:44
Forum: Discussion
Topic: PDF attachment converting to Base64 plain text
Replies: 35
Views: 9394

PDF attachment converting to Base64 plain text

some PDF attachment received is converted to Base64 plain text in the email body. It happen only from one person, pdf attachment from everywhere else come in fine and attached. Any pointers where to look as to why they coming in plain text? :romance-heartbeating: email body -- This message has been ...
by mattch
24 Apr 2020 20:38
Forum: Discussion
Topic: Whitelist blacklist link
Replies: 2
Views: 1542

Re: Whitelist blacklist link

Well no what i'm looking for is w/b link on the message view page (or more action links listed in the quarantine email report , in addition to the view action). The reason is that when you click "view" from the quarantine E-Mail report, it takes you directly to the message view page. It wo...
by mattch
24 Apr 2020 19:35
Forum: Discussion
Topic: Whitelist blacklist link
Replies: 2
Views: 1542

Whitelist blacklist link

Hello. Has anyone done this or is possible to add links "Add to whitelist | Add to blacklist" to "Actions" row on Message Viewer page, viewmail.php? Viewing a message from the quarantine email report takes me to viewer page and then i have to go recent messages, message details. ...
by mattch
23 Apr 2020 16:23
Forum: How-to
Topic: Interesting email based blacklist
Replies: 20
Views: 11199

Re: Interesting email based blacklist

Yeah me either and I got excited. When no hits on my spammiest users after a day I assumed it wasn't working. i suppose no hits can be considered a good thing.
by mattch
23 Apr 2020 16:08
Forum: How-to
Topic: Interesting email based blacklist
Replies: 20
Views: 11199

Re: Interesting email based blacklist

oh you're right, dcc pyzor and spamcop show disabled in the lint test.

So that means HashBL.pm file doesn't need to be referenced in the loadplugin in sa v3.4.2+, because its built-in right?

Sorry for such basic questions.
by mattch
23 Apr 2020 15:52
Forum: How-to
Topic: EFA & PHI Emails
Replies: 7
Views: 2858

Re: EFA & PHI Emails

I see your perspective now and makes sense i agree with you. US and practices from 1 to 10 providers with very shallow pockets. To them, instead of spending more money on technology (just for "email" when their emr has integrated portal maintained by software company for secure messaging) ...
by mattch
23 Apr 2020 15:04
Forum: How-to
Topic: Interesting email based blacklist
Replies: 20
Views: 11199

Re: Interesting email based blacklist

I did but i also get this:

Apr 23 11:02:14.523 [28636] dbg: plugin: loading Mail::SpamAssassin::Plugin::HashBL from @INC 0.00332
Apr 23 11:02:14.544 [28636] dbg: HashBL: local tests only, disabling HashBL
by mattch
23 Apr 2020 15:03
Forum: How-to
Topic: EFA & PHI Emails
Replies: 7
Views: 2858

Re: EFA & PHI Emails

im not hipaa policy or compliance expert by any means, i do not have any medical credentials either. I should have mentioned this and that not sending PHI externally is only a recommendation that many people seem to follow for obvious reasons. That doesn't mean i know what im talking about, nor that...
by mattch
22 Apr 2020 20:21
Forum: How-to
Topic: Interesting email based blacklist
Replies: 20
Views: 11199

Re: Interesting email based blacklist

Using v4 the HashBL plugin is already loaded in v342.pre but not listing any HashBL.pm file.

I commented out loadplugin for hashbl in v342.pre file, or alternatively add HashBL.pm and then comment loadplugin listed in the hashbl.cf file.
by mattch
22 Apr 2020 19:03
Forum: How-to
Topic: Greylisting Whitelist
Replies: 1
Views: 2440

Re: Greylisting Whitelist

Im having same issue and find this. It appears whitelist protection.outlook.com instead of customer domains.

viewtopic.php?f=5&t=3685
by mattch
22 Apr 2020 18:39
Forum: How-to
Topic: EFA & PHI Emails
Replies: 7
Views: 2858

Re: EFA & PHI Emails

From my understanding any PHI in unencrypted email is a no no. To encrypt the email requires end to end configuration and not possible without controlling the other sides. People i know needing that end up using those encrypted email services you have to sign up for, or built-in to the emr. I also s...
by mattch
22 Apr 2020 18:32
Forum: How-to
Topic: DCC Plugin score
Replies: 3
Views: 2038

Re: DCC Plugin score

Thank you that is very clear and precise. i will be customing some more scores now.
adding dcc_check in local.cf did the trick. thanks guys you rock!
by mattch
22 Apr 2020 18:05
Forum: Discussion
Topic: Greylist vs EFA vs spf.protection.outlook.com
Replies: 5
Views: 7021

Re: Greylist vs EFA vs spf.protection.outlook.com

Beautiful. i just come across this my self. THANK YOU! I swore the user is crazy but nope. cat /var/log/maillog | grep o365@emails.com [code]Apr 22 12:02:41 mx2 sqlgrey: grey: new: 40.107.237(40.107.237.92), o365@emails.com -> my@efaemail.com Apr 22 12:02:41 mx2 postfix/smtpd[15816]: NOQUEUE: reject...