Outlook calendar invites broken

Questions and answers about how to do stuff
Post Reply
mailfuntimes
Posts: 4
Joined: 03 Feb 2020 14:23

Outlook calendar invites broken

Post by mailfuntimes » 03 Feb 2020 14:55

Hi guys,

I'm pretty stumped with this one, we've gone up to EFA 4.0 (new install on a fresh VM) and everything looks to be working correctly (all spam/virus filtering, opendkim, opedmarc ect) however the last thing I can't get working is calendar invites. The mail is delivered but everything is stripped so it looks like a load of jumbled HTML with the headers visible:

I've tried changing the TNEF to the internal one, tried disabling TNEF scanning completely but it still breaks invites.

I then tried sending an invite with a document attached. For some strange strange reason this comes through fine and with the outlook response buttons as you would expect.

Mailscanner.conf below:

Code: Select all

%etc-dir% = /etc/MailScanner
%report-dir% = /usr/share/MailScanner/reports/en
%rules-dir% = /etc/MailScanner/rules
%mcp-dir% = /etc/MailScanner/mcp
Max Children = 4
Milter Max Children = 10
Milter Dispatcher = postfork
Run As User = postfix
Run As Group = postfix
Queue Scan Interval = 6
Incoming Queue Dir = /var/spool/MailScanner/milterin
Outgoing Queue Dir = /var/spool/MailScanner/milterout
Incoming Work Dir = /var/spool/MailScanner/incoming
Quarantine Dir = /var/spool/MailScanner/quarantine
PID file = /var/run/MailScanner.pid
Milter PID File = /var/run/MSMilter.pid
Restart Every = 7200
MTA = msmail
MSMail Queue Type = long
MSMail Delivery Method = QMQP
MSMail Socket Type = unix
MSMail Socket Dir = /var/spool/postfix/public/qmqp
MSMail Relay Port = 25
MSMail Relay Address = 127.0.0.1
Milter Ignore Loopback = no
Milter Scanner = yes
Milter Port = 33333
Milter Bind = 127.0.0.1
Sendmail = /usr/lib/sendmail
Sendmail2 = /usr/lib/sendmail
Incoming Work User =
Incoming Work Group = mtagroup
Incoming Work Permissions = 0660
Quarantine User = postfix
Quarantine Group = mtagroup
Quarantine Permissions = 0660
Max Unscanned Bytes Per Scan = 100m
Max Unsafe Bytes Per Scan = 50m
Max Unscanned Messages Per Scan = 30
Max Unsafe Messages Per Scan = 30
Max Normal Queue Size = 800
Scan Messages = yes
Reject Message = no
Maximum Processing Attempts = 2
Processing Attempts Database = /var/spool/MailScanner/incoming/Processing.db
Maximum Attachments Per Message = 200
Expand TNEF = yes
Use TNEF Contents = replace
Deliver Unparsable TNEF = yes
TNEF Expander = /usr/bin/tnef --maxsize=100000000
TNEF Timeout = 120
File Command = /usr/bin/file
File Timeout = 20
Gunzip Command = /bin/gunzip
Gunzip Timeout = 50
Unrar Command = /usr/bin/unrar
Unrar Timeout = 50
Un7zip Command = /usr/bin/7z
Un7zip Timeout = 50
Find UU-Encoded Files = no
Maximum Message Size = %rules-dir%/max.message.size.rules
Maximum Attachment Size = -1
Minimum Attachment Size = -1
Maximum Archive Depth = 3
Find Archives By Content = yes
Unpack Microsoft Documents = yes
Zip Attachments = no
Attachments Zip Filename = MessageAttachments.zip
Attachments Min Total Size To Zip = 100k
Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg .mpe .mpeg .mp3 .rpm .htm .html .eml
Add Text Of Doc = no
Antiword = /usr/bin/antiword -f
Antiword Timeout = 50
Unzip Maximum Files Per Archive = 0
Unzip Maximum File Size = 50k
Unzip Filenames = *.txt *.ini *.log *.csv
Unzip MimeType = text/plain
Virus Scanning = yes
Virus Scanners = clamd
Virus Scanner Timeout = 300
Deliver Disinfected Files = no
Silent Viruses = HTML-IFrame All-Viruses
Still Deliver Silent Viruses = no
Still Scan Silent Viruses = no
Still Deliver Silent Viruses Unmodified = no
Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Zip-Password
Spam-Virus Header = X-%org-name%-MailScanner-eFa-SpamVirus-Report:
Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* *Phish*
Block Encrypted Messages = no
Block Unencrypted Messages = no
Allow Password-Protected Archives = no
Check Filenames In Password-Protected Archives = yes
Allowed Sophos Error Messages =
Sophos IDE Dir = /opt/sophos-av/lib/sav
Sophos Lib Dir = /opt/sophos-av/lib
Monitors For Sophos Updates = /opt/sophos-av/lib/sav/*.ide
Monitors for ClamAV Updates = /usr/local/share/clamav/*.cld /usr/local/share/clamav/*.cvd /var/lib/clamav/*.inc/* /var/lib/clamav/*.?db /var/lib/clamav/*.cvd
ClamAVmodule Maximum Recursion Level = 8
ClamAVmodule Maximum Files = 1000
ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes)
ClamAVmodule Maximum Compression Ratio = 250
Clamd Port = 3310
Clamd Socket = /var/run/clamd.socket/clamd.sock
Clamd Lock File = # /var/lock/subsys/clamd
Clamd Use Threads = yes
ClamAV Full Message Scan = yes
Fpscand Port = 10200
Dangerous Content Scanning = %rules-dir%/toexternal_contentscanning.rules
Allow Partial Messages = no
Allow External Message Bodies = %rules-dir%/toexternal_bodies.rules
Find Phishing Fraud = yes
Also Find Numeric Phishing = %etc-dir%/numeric.phishing.rules
Use Stricter Phishing Net = yes
Highlight Phishing Fraud = yes
Highlight Hidden URLs = no
Highlight Mailto Phishing = yes
Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf
Country Sub-Domains List = %etc-dir%/country.domains.conf
Allow IFrame Tags = disarm
Allow Form Tags = disarm
Allow Script Tags = disarm
Allow WebBugs = disarm
Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap shim
Known Web Bug Servers = msgtag.com
Web Bug Replacement = http://dl.efa-project.org/static/1x1spacer.gif
Allow Object Codebase Tags = disarm
Convert Dangerous HTML To Text = no
Convert HTML To Text = no
Archives Are = zip rar ole
Allow Filenames =
Deny Filenames =
Filename Rules = %etc-dir%/filename.rules
Allow Filetypes = opendocument
Allow File MIME Types = application/vnd.oasis.opendocument.spreadsheet application/vnd.oasis.opendocument.text application/vnd.oasis.opendocument.presentation
Deny Filetypes = executable
Deny File MIME Types = dosexec
Filetype Rules = %etc-dir%/filetype.rules
Archives: Allow Filenames =
Archives: Deny Filenames =
Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf
Archives: Allow Filetypes =
Archives: Allow File MIME Types =
Archives: Deny Filetypes =
Archives: Deny File MIME Types =
Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf
Default Rename Pattern = __FILENAME__.disarmed
Quarantine Infections = yes
Quarantine Silent Viruses = no
Quarantine Denial Of Service = yes
Ignore Denial Of Service = no
Quarantine Modified Body = no
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = no
Keep Spam And MCP Archive Clean = yes
Language Strings = %report-dir%/languages.conf
Rejection Report = %report-dir%/rejection.report.txt
Deleted Bad Content Message Report  = %report-dir%/deleted.content.message.txt
Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt
Deleted Virus Message Report        = %report-dir%/deleted.virus.message.txt
Deleted Size Message Report         = %report-dir%/deleted.size.message.txt
Stored Bad Content Message Report  = %report-dir%/stored.content.message.txt
Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt
Stored Virus Message Report        = %report-dir%/stored.virus.message.txt
Stored Size Message Report         = %report-dir%/stored.size.message.txt
Disinfected Report = %report-dir%/disinfected.report.txt
Inline HTML Signature = %rules-dir%/sig.html.rules
Inline Text Signature = %rules-dir%/sig.text.rules
Signature Image Filename = %report-dir%/sig.jpg
Signature Image <img> Filename = signature.jpg
Inline HTML Warning = %report-dir%/inline.warning.html
Inline Text Warning = %report-dir%/inline.warning.txt
Sender Content Report      = %report-dir%/sender.content.report.txt
Sender Error Report        = %report-dir%/sender.error.report.txt
Sender Bad Filename Report = %report-dir%/sender.filename.report.txt
Sender Virus Report        = %report-dir%/sender.virus.report.txt
Sender Size Report         = %report-dir%/sender.size.report.txt
Hide Incoming Work Dir = yes
Include Scanner Name In Reports = yes
External Message Warning = %rules-dir%/external.message.rules
Inline HTML External Warning = %report-dir%/inline.external.warning.html
Inline Text External Warning = %report-dir%/inline.external.warning.txt
Mail Header = X-%org-name%-MailScanner-eFa:
Spam Header = X-%org-name%-MailScanner-eFa-SpamCheck:
Spam Score Header = X-%org-name%-MailScanner-eFa-SpamScore:
Information Header = X-%org-name%-MailScanner-eFa-Information:
Add Envelope From Header = yes
Add Envelope To Header = no
Envelope From Header = X-%org-name%-MailScanner-eFa-From:
Envelope To Header = X-%org-name%-MailScanner-eFa-To:
ID Header = X-%org-name%-MailScanner-eFa-ID:
IP Protocol Version Header = # X-%org-name%-MailScanner-eFa-IP-Protocol:
Spam Score Character = s
SpamScore Number Instead Of Stars = no
Minimum Stars If On Spam List = 0
Clean Header Value       = Found to be clean
Infected Header Value    = Found to be infected
Disinfected Header Value = Disinfected
Information Header Value = Please contact sysadmins@email.co.uk for more information
Detailed Spam Report = yes
Include Scores In SpamAssassin Report = yes
Always Include SpamAssassin Report = no
Multiple Headers = append
Place New Headers At Top Of Message = yes
Hostname = crp-efa-03.corp.email.net
Sign Messages Already Processed = no
Sign Clean Messages = Yes
Attach Image To Signature = no
Attach Image To HTML Message Only = yes
Allow Multiple HTML Signatures = no
Dont Sign HTML If Headers Exist = In-Reply-To: References:
Mark Infected Messages = yes
Mark Unscanned Messages = yes
Unscanned Header Value = Please contact sysadmins@email.co.uk for details
Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Disposition-Notification-To: Return-Receipt-To:
Deliver Cleaned Messages = No
Notify Senders = no
Notify Senders Of Viruses = no
Notify Senders Of Blocked Filenames Or Filetypes = yes
Notify Senders Of Blocked Size Attachments = no
Notify Senders Of Other Blocked Content = yes
Never Notify Senders Of Precedence = list bulk
Scanned Modify Subject = no # end
Scanned Subject Text = {Scanned}
Virus Modify Subject = start
Virus Subject Text = {Virus?}
Filename Modify Subject = start
Filename Subject Text = {Filename?}
Content Modify Subject = start
Content Subject Text = {Dangerous Content?}
Size Modify Subject = start
Size Subject Text = {Size}
Disarmed Modify Subject = no
Disarmed Subject Text = {Disarmed}
Phishing Modify Subject = no
Phishing Subject Text = {Fraud?}
Spam Modify Subject = start
Spam Subject Text = {Spam?}
High Scoring Spam Modify Subject = start
High Scoring Spam Subject Text = {Spam?}
Warning Is Attachment = yes
Attachment Warning Filename = %org-name%-Attachment-Warning.txt
Attachment Encoding Charset = ISO-8859-1
Archive Mail =
Missing Mail Archive Is = directory
Send Notices = no
Notices Include Full Headers = yes
Hide Incoming Work Dir in Notices = no
Notice Signature = -- \neFa\nemail Filter appliance\nwww.efa-project.org
Notices From = eFa
Notices To = postmaster
Local Postmaster = postmaster
Spam List Definitions = %etc-dir%/spam.lists.conf
Virus Scanner Definitions = %etc-dir%/virus.scanners.conf
Spam Checks = yes
Spam List =
Spam Domain List =
Spam Lists To Be Spam = 1
Spam Lists To Reach High Score = 3
Spam List Timeout = 10
Spam List Skip If Authenticated = no
Max Spam List Timeouts = 7
Spam List Timeouts History = 10
Is Definitely Not Spam = &SQLWhitelist
Is Definitely Spam = &SQLBlacklist
Definite Spam Is High Scoring = yes
Ignore Spam Whitelist If Recipients Exceed = 20
Max Spam Check Size = 2048k
Use Watermarking = yes
Add Watermark = yes
Check Watermarks With No Sender = yes
Treat Invalid Watermarks With No Sender as Spam = 2
Check Watermarks To Skip Spam Checks = yes
Watermark Secret = %org-name%-Ifu5mCNZKoBMCiFnOdhxTB+TuZhacg200u8zOi7JNfg=
Watermark Lifetime = 604800
Watermark Header = X-%org-name%-MailScanner-eFa-Watermark:
Use SpamAssassin = yes
Max SpamAssassin Size = 100k continue 150k
Required SpamAssassin Score = 4
High SpamAssassin Score = 7
SpamAssassin Auto Whitelist = yes
SpamAssassin Timeout = 75
Max SpamAssassin Timeouts = 10
SpamAssassin Timeouts History = 30
Check SpamAssassin If On Spam List = yes
Include Binary Attachments In SpamAssassin = no
Spam Score = yes
Cache SpamAssassin Results = yes
SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db
Rebuild Bayes Every = 0
Wait During Bayes Rebuild = no
Use Custom Spam Scanner = no
Max Custom Spam Scanner Size = 20k
Custom Spam Scanner Timeout = 20
Max Custom Spam Scanner Timeouts = 10
Custom Spam Scanner Timeout History = 20
Spam Actions = store
High Scoring Spam Actions = store
Non Spam Actions = store deliver header "X-Spam-Status:No"
SpamAssassin Rule Actions =
Sender Spam Report         = %report-dir%/sender.spam.report.txt
Sender Spam List Report    = %report-dir%/sender.spam.rbl.report.txt
Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
Inline Spam Warning = %report-dir%/inline.spam.warning.txt
Recipient Spam Report = %report-dir%/recipient.spam.report.txt
Enable Spam Bounce = %rules-dir%/bounce.rules
Bounce Spam As Attachment = no
Syslog Facility = mail
Log Speed = no
Log Spam = yes
Log Non Spam = no
Log Delivery And Non-Delivery = no
Log Permitted Filenames = no
Log Permitted Filetypes = no
Log Permitted File MIME Types = no
Log Silent Viruses = yes
Log Dangerous HTML Tags = yes
Log SpamAssassin Rule Actions = no
SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Install Prefix =
SpamAssassin Site Rules Dir = /etc/mail/spamassassin
SpamAssassin Local Rules Dir =
SpamAssassin Local State Dir = /var/lib/spamassassin
SpamAssassin Default Rules Dir =
DB DSN =
DB Username =
DB Password =
SQL Serial Number =
SQL Quick Peek =
SQL Config =
SQL Ruleset =
SQL SpamAssassin Config =
SQL Debug = no
MCP Checks = no
First Check = spam
MCP Required SpamAssassin Score = 1
MCP High SpamAssassin Score = 10
MCP Error Score = 1
MCP Header = X-%org-name%-MailScanner-eFa-MCPCheck:
Non MCP Actions = deliver
MCP Actions = deliver
High Scoring MCP Actions = deliver
Bounce MCP As Attachment = no
MCP Modify Subject = start
MCP Subject Text = {MCP?}
High Scoring MCP Modify Subject = start
High Scoring MCP Subject Text = {MCP?}
Is Definitely MCP = no
Is Definitely Not MCP = no
Definite MCP Is High Scoring = no
Always Include MCP Report = no
Detailed MCP Report = yes
Include Scores In MCP Report = no
Log MCP = no
MCP Max SpamAssassin Timeouts = 20
MCP Max SpamAssassin Size = 100k
MCP SpamAssassin Timeout = 10
MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spamassassin.conf
MCP SpamAssassin User State Dir =
MCP SpamAssassin Local Rules Dir = %mcp-dir%
MCP SpamAssassin Default Rules Dir = %mcp-dir%
MCP SpamAssassin Install Prefix = %mcp-dir%
Recipient MCP Report = %report-dir%/recipient.mcp.report.txt
Sender MCP Report = %report-dir%/sender.mcp.report.txt
Use Default Rules With Multiple Recipients = no
Read IP Address From Received Header = no
Spam Score Number Format = %d
MailScanner Version Number = 5.1.4
SpamAssassin Cache Timings = 1800,300,10800,172800,600
Debug = no
Debug SpamAssassin = no
Run In Foreground = no
Always Looked Up Last = &MailWatchLogging
Always Looked Up Last After Batch = no
Deliver In Background = yes
Delivery Method = batch
Split Exim Spool = no
Lockfile Dir = /var/spool/MailScanner/incoming/Locks
Custom Functions Dir = /usr/share/MailScanner/perl/custom
Lock Type =
Syslog Socket Type =
Automatic Syntax Check = yes
Minimum Code Status = supported
include /etc/MailScanner/conf.d/*
This is the log of an email sent without an attachment, this comes through as just broken HTML (emails and names changed) and does not work:

Code: Select all

postfix/smtpd[9846]: connect from unknown[172.17.10.219]
postfix/smtpd[9846]: 48B80k3ML2zL7tl: client=unknown[172.17.10.219]
postfix/cleanup[8520]: 48B80k3ML2zL7tl: message-id=<004801d5da96$83183910$8948ab30$@email.co.uk>
opendkim[2154]: 48B80k3ML2zL7tl: DKIM-Signature field added (s=mail, d=email.co.uk)
opendmarc[2150]: 48B80k3ML2zL7tl: SPF(mailfrom): user@email.co.uk fail
opendmarc[2150]: 48B80k3ML2zL7tl: email.co.uk fail
opendkim[2154]: 48B80k3ML2zL7tl: DKIM-Signature field added (s=mail, d=email.co.uk)
opendmarc[2150]: 48B80k3ML2zL7tl: SPF(mailfrom): user@email.co.uk fail
opendmarc[2150]: 48B80k3ML2zL7tl: email.co.uk fail
MSMilter[10652]: MailWatch: Whitelist refresh time reached
MSMilter[10652]: MailWatch: Starting up MailWatch SQL Whitelist
MSMilter[10652]: MailWatch: Read 9 whitelist entries
MSMilter[10652]: MailWatch: Blacklist refresh time reached
MSMilter[10652]: MailWatch: Starting up MailWatch SQL Blacklist
MSMilter[10652]: MailWatch: Read 12 blacklist entries
postfix/cleanup[8520]: 48B80k3ML2zL7tl: milter-discard: END-OF-MESSAGE from unknown[172.17.10.219]: milter triggers DISCARD action; from=<user@email.co.uk> to=<user@email.co.uk> proto=ESMTP helo=<dhp400g50058>
postfix/smtpd[9846]: disconnect from unknown[172.17.10.219] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
MailScanner[7943]: New Batch: Scanning 1 messages, 3791 bytes
MailScanner[7943]: Filename Checks: Allowing 48B80k3ML2zL7tl msg-7943-2.txt
MailScanner[7943]: Filetype Checks: Allowing 48B80k3ML2zL7tl msg-7943-2.txt (no match found)
MailScanner[7943]: Filetype Mime Checks: Allowing 48B80k3ML2zL7tl msg-7943-2.txt (no match found)
MailScanner[7943]: Virus and Content Scanning: Starting
MailScanner[7943]: Spam Checks: Starting
MailScanner[7943]: Message 48B80k3ML2zL7tl from 172.17.10.219 (user@email.co.uk) to email.co.uk is not spam, SpamAssassin (not cached, score=-4.276, required 4, ALL_TRUSTED -5.00, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, DKIM_VALID_EF -0.10, SPF_FAIL 0.92, TXREP 0.00, URIBL_BLOCKED 0.00)
MailScanner[7943]: Delivery of nonspam: message 48B80k3ML2zL7tl from user@email.co.uk to user@email.co.uk with subject test no attachment - body
MailScanner[7943]: Requeue: 48B80k3ML2zL7tl to 48B8100dn4zcPhQ
postfix/qmqpd[10217]: connect from localhost[127.0.0.1]
postfix/qmqpd[10217]: 48B8100fMbzL7tl: client=localhost[127.0.0.1]
opendmarc[2150]: ignoring connection from localhost
opendmarc[2150]: ignoring connection from localhost
postfix/cleanup[9852]: 48B8100fMbzL7tl: message-id=<004801d5da96$83183910$8948ab30$@email.co.uk>
opendkim[2154]: ignoring header field 'ATTENDEE;CN=user@email.co.uk;RSVP=TRUE'
opendkim[2154]: ignoring header field 'DTEND;VALUE=DATE'
opendkim[2154]: ignoring header field 'DTSTART;VALUE=DATE'
opendkim[2154]: 48B8100fMbzL7tl: DKIM-Signature field added (s=mail, d=email.co.uk)
opendkim[2154]: ignoring header field 'ATTENDEE;CN=user@email.co.uk;RSVP=TRUE'
opendkim[2154]: ignoring header field 'DTEND;VALUE=DATE'
opendkim[2154]: ignoring header field 'DTSTART;VALUE=DATE'
opendkim[2154]: 48B8100fMbzL7tl: DKIM-Signature field added (s=mail, d=email.co.uk)
postfix/qmqpd[10217]: disconnect from localhost[127.0.0.1]
postfix/qmgr[6499]: 48B8100fMbzL7tl: from=<user@email.co.uk>, size=4178, nrcpt=1 (queue active)
MailScanner[7943]: Uninfected: Delivered 1 messages
MailScanner[7943]: Deleted 1 messages from processing-database
MailScanner[7943]: MailWatch: Logging message 48B80k3ML2zL7tl to SQL
postfix/relay/smtp[10222]: 48B8100fMbzL7tl: to=<user@email.co.uk>, relay=internal.server.net[172.29.29.29]:25, delay=0.12, delays=0.1/0.01/0.01/0, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 78481214E8A)
This is the log of the calendar invite sent out with an attachment. This for some reason comes through successfully

Code: Select all

postfix/smtpd[8513]: connect from unknown[172.17.10.219]
postfix/smtpd[8513]: 48B81P6WpDzL7tl: client=unknown[172.17.10.219]
postfix/cleanup[8520]: 48B81P6WpDzL7tl: message-id=<004f01d5da96$9837f010$c8a7d030$@email.co.uk>
opendkim[2154]: 48B81P6WpDzL7tl: DKIM-Signature field added (s=mail, d=email.co.uk)
opendmarc[2150]: 48B81P6WpDzL7tl: SPF(mailfrom): user@email.co.uk fail
opendmarc[2150]: 48B81P6WpDzL7tl: email.co.uk fail
opendkim[2154]: 48B81P6WpDzL7tl: DKIM-Signature field added (s=mail, d=email.co.uk)
opendmarc[2150]: 48B81P6WpDzL7tl: SPF(mailfrom): user@email.co.uk fail
opendmarc[2150]: 48B81P6WpDzL7tl: email.co.uk fail
MSMilter[10801]: MailWatch: Whitelist refresh time reached
MSMilter[10801]: MailWatch: Starting up MailWatch SQL Whitelist
MSMilter[10801]: MailWatch: Read 9 whitelist entries
MSMilter[10801]: MailWatch: Blacklist refresh time reached
MSMilter[10801]: MailWatch: Starting up MailWatch SQL Blacklist
MSMilter[10801]: MailWatch: Read 12 blacklist entries
postfix/cleanup[8520]: 48B81P6WpDzL7tl: milter-discard: END-OF-MESSAGE from unknown[172.17.10.219]: milter triggers DISCARD action; from=<user@email.co.uk> to=<user@email.co.uk> proto=ESMTP helo=<dhp400g50058>
postfix/smtpd[8513]: disconnect from unknown[172.17.10.219] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
MailScanner[7943]: New Batch: Scanning 1 messages, 21496 bytes
MailScanner[7943]: Filename Checks: Allowing 48B81P6WpDzL7tl 11styles.xml (no rule matched)
MailScanner[7943]: Filename Checks: Allowing 48B81P6WpDzL7tl 10core.xml (no rule matched)
MailScanner[7943]: Filename Checks: Allowing 48B81P6WpDzL7tl 9app.xml (no rule matched)
MailScanner[7943]: Filename Checks: Allowing 48B81P6WpDzL7tl 8webSettings.xml (no rule matched)
MailScanner[7943]: Filename Checks: Allowing 48B81P6WpDzL7tl 7fontTable.xml (no rule matched)
MailScanner[7943]: Filename Checks: Allowing 48B81P6WpDzL7tl 6settings.xml (no rule matched)
MailScanner[7943]: Filename Checks: Allowing 48B81P6WpDzL7tl 5theme1.xml (no rule matched)
MailScanner[7943]: Filename Checks: Allowing 48B81P6WpDzL7tl 4document.xml (no rule matched)
MailScanner[7943]: Filename Checks: Allowing 48B81P6WpDzL7tl 3document.xml.rels (no rule matched)
MailScanner[7943]: Filename Checks: Allowing 48B81P6WpDzL7tl 2.rels (no rule matched)
MailScanner[7943]: Filename Checks: Allowing 48B81P6WpDzL7tl 1Content_Types.xml (no rule matched)
MailScanner[7943]: Filename Checks: Allowing 48B81P6WpDzL7tl test.docx (no rule matched)
MailScanner[7943]: Filename Checks: Allowing 48B81P6WpDzL7tl msg-7943-5.txt
MailScanner[7943]: Filename Checks: Allowing 48B81P6WpDzL7tl msg-7943-4.html (no rule matched)
MailScanner[7943]: Filename Checks: Allowing 48B81P6WpDzL7tl msg-7943-3.txt
MailScanner[7943]: Filetype Checks: Allowing 48B81P6WpDzL7tl msg-7943-3.txt
MailScanner[7943]: Filetype Checks: Allowing 48B81P6WpDzL7tl 6settings.xml (no match found)
MailScanner[7943]: Filetype Checks: Allowing 48B81P6WpDzL7tl 10core.xml (no match found)
MailScanner[7943]: Filetype Checks: Allowing 48B81P6WpDzL7tl test.docx (no match found)
MailScanner[7943]: Filetype Checks: Allowing 48B81P6WpDzL7tl 7fontTable.xml (no match found)
MailScanner[7943]: Filetype Checks: Allowing 48B81P6WpDzL7tl 11styles.xml (no match found)
MailScanner[7943]: Filetype Checks: Allowing 48B81P6WpDzL7tl 8webSettings.xml (no match found)
MailScanner[7943]: Filetype Checks: Allowing 48B81P6WpDzL7tl 3document.xml.rels (no match found)
MailScanner[7943]: Filetype Checks: Allowing 48B81P6WpDzL7tl msg-7943-5.txt (no match found)
MailScanner[7943]: Filetype Checks: Allowing 48B81P6WpDzL7tl msg-7943-4.html (no match found)
MailScanner[7943]: Filetype Checks: Allowing 48B81P6WpDzL7tl 2.rels (no match found)
MailScanner[7943]: Filetype Checks: Allowing 48B81P6WpDzL7tl 4document.xml (no match found)
MailScanner[7943]: Filetype Checks: Allowing 48B81P6WpDzL7tl 5theme1.xml (no match found)
MailScanner[7943]: Filetype Checks: Allowing 48B81P6WpDzL7tl 1Content_Types.xml (no match found)
MailScanner[7943]: Filetype Checks: Allowing 48B81P6WpDzL7tl 9app.xml (no match found)
MailScanner[7943]: Filetype Mime Checks: Allowing 48B81P6WpDzL7tl msg-7943-3.txt (no match found)
MailScanner[7943]: Filetype Mime Checks: Allowing 48B81P6WpDzL7tl 6settings.xml (no match found)
MailScanner[7943]: Filetype Mime Checks: Allowing 48B81P6WpDzL7tl 10core.xml (no match found)
MailScanner[7943]: Filetype Mime Checks: Allowing 48B81P6WpDzL7tl test.docx (no match found)
MailScanner[7943]: Filetype Mime Checks: Allowing 48B81P6WpDzL7tl 7fontTable.xml (no match found)
MailScanner[7943]: Filetype Mime Checks: Allowing 48B81P6WpDzL7tl 11styles.xml (no match found)
MailScanner[7943]: Filetype Mime Checks: Allowing 48B81P6WpDzL7tl 8webSettings.xml (no match found)
MailScanner[7943]: Filetype Mime Checks: Allowing 48B81P6WpDzL7tl 3document.xml.rels (no match found)
MailScanner[7943]: Filetype Mime Checks: Allowing 48B81P6WpDzL7tl msg-7943-5.txt (no match found)
MailScanner[7943]: Filetype Mime Checks: Allowing 48B81P6WpDzL7tl msg-7943-4.html (no match found)
MailScanner[7943]: Filetype Mime Checks: Allowing 48B81P6WpDzL7tl 2.rels (no match found)
MailScanner[7943]: Filetype Mime Checks: Allowing 48B81P6WpDzL7tl 4document.xml (no match found)
MailScanner[7943]: Filetype Mime Checks: Allowing 48B81P6WpDzL7tl 5theme1.xml (no match found)
MailScanner[7943]: Filetype Mime Checks: Allowing 48B81P6WpDzL7tl 1Content_Types.xml (no match found)
MailScanner[7943]: Filetype Mime Checks: Allowing 48B81P6WpDzL7tl 9app.xml (no match found)
MailScanner[7943]: Virus and Content Scanning: Starting
MailScanner[7943]: Spam Checks: Starting
MailScanner[7943]: Message 48B81P6WpDzL7tl from 172.17.10.219 (user@email.co.uk) to email.co.uk is not spam, SpamAssassin (not cached, score=-3.694, required 4, ALL_TRUSTED -5.00, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, DKIM_VALID_EF -0.10, HTML_MESSAGE 0.00, MPART_ALT_DIFF 0.72, SPF_FAIL 0.92, TXREP -0.14, URIBL_BLOCKED 0.00)
MailScanner[7943]: Delivery of nonspam: message 48B81P6WpDzL7tl from user@email.co.uk to user@email.co.uk with subject test attachment
MailScanner[7943]: Requeue: 48B81P6WpDzL7tl to 48B81l5LLVzcPhQ
postfix/qmqpd[10217]: connect from localhost[127.0.0.1]
postfix/qmqpd[10217]: 48B81l5MFHzL7tl: client=localhost[127.0.0.1]
opendmarc[2150]: ignoring connection from localhost
opendmarc[2150]: ignoring connection from localhost
postfix/cleanup[9852]: 48B81l5MFHzL7tl: message-id=<004f01d5da96$9837f010$c8a7d030$@email.co.uk>
opendkim[2154]: 48B81l5MFHzL7tl: DKIM-Signature field added (s=mail, d=email.co.uk)
opendkim[2154]: 48B81l5MFHzL7tl: DKIM-Signature field added (s=mail, d=email.co.uk)
postfix/qmqpd[10217]: disconnect from localhost[127.0.0.1]
MailScanner[7943]: Uninfected: Delivered 1 messages
postfix/qmgr[6499]: 48B81l5MFHzL7tl: from=<user@email.co.uk>, size=22141, nrcpt=1 (queue active)
MailScanner[7943]: Deleted 1 messages from processing-database
MailScanner[7943]: MailWatch: Logging message 48B81P6WpDzL7tl to SQL
postfix/relay/smtp[10222]: 48B81l5MFHzL7tl: to=<user@email.co.uk>, relay=internal.server.net[172.29.29.29]:25, delay=0.1, delays=0.09/0/0/0, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 210B1214E87)
------

This part of the log says to me there may be an issue with OpenDKIM, however if I turn this off my mail flow stops as it's expecting it:

Code: Select all

opendkim[2154]: ignoring header field 'ATTENDEE;CN=user@email.co.uk;RSVP=TRUE'
opendkim[2154]: ignoring header field 'DTEND;VALUE=DATE'
opendkim[2154]: ignoring header field 'DTSTART;VALUE=DATE'
opendkim[2154]: 48B8100fMbzL7tl: DKIM-Signature field added (s=mail, d=email.co.uk)
opendkim[2154]: ignoring header field 'ATTENDEE;CN=user@email.co.uk;RSVP=TRUE'
opendkim[2154]: ignoring header field 'DTEND;VALUE=DATE'
opendkim[2154]: ignoring header field 'DTSTART;VALUE=DATE'
opendkim[2154]: 48B8100fMbzL7tl: DKIM-Signature field added (s=mail, d=email.co.uk)
I'm going to keep digging, but this is the last thing that's stopping me rolling this out to production, and I really really want to get this over the line.

Cheers.

User avatar
shawniverson
Posts: 3143
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Outlook calendar invites broken

Post by shawniverson » 03 Feb 2020 15:09

Check the following:

/etc/MailScanner/MailScanner.conf

Code: Select all

# Do you want to allow <IFrame> tags in email messages? This is not a good
# idea as it allows various Microsoft Outlook security vulnerabilities to
# remain unprotected, but if you have a load of mailing lists sending them,
# then you will want to allow them to keep your users happy.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
# This can also be the filename of a ruleset, so you can allow them from
# known mailing lists but ban them from everywhere else.
Allow IFrame Tags = disarm

# Do you want to allow <Form> tags in email messages? This is a bad idea
# as these are used as scams to pursuade people to part with credit card
# information and other personal data.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
#                   Note: Disarming can be defeated, it is not 100% safe!
# This can also be the filename of a ruleset.
Allow Form Tags = disarm

# Do you want to allow <Script> tags in email messages? This is a bad idea
# as these are used to exploit vulnerabilities in email applications and
# web browsers.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
#                   Note: Disarming can be defeated, it is not 100% safe!
# This can also be the filename of a ruleset.
Allow Script Tags = disarm

# Do you want to allow <Img> tags with very small images in email messages?
# This is a bad idea as these are used as 'web bugs' to find out if a message
# has been read. It is not dangerous, it is just used to make you give away
# information.
# Value: yes     => Allow these tags to be in the message
#        disarm  => Allow these tags, but stop these tags from working
#                   Note: Disarming can be defeated, it is not 100% safe!
# Note: You cannot block messages containing web bugs as their detection
#       is very vulnerable to false alarms.
# This can also be the filename of a ruleset.
Allow WebBugs = disarm

Version eFa 4.0.2 now available!

mailfuntimes
Posts: 4
Joined: 03 Feb 2020 14:23

Re: Outlook calendar invites broken

Post by mailfuntimes » 03 Feb 2020 16:36

Hi Shawniverson,

Thanks for the quick reply, it's really appreciated!

I've had a look at this section and they're all set to default value of disarm.

Looking at the config on our older EFA these are also set to 'disarm' so it doesn't look to be this specific section, but just for my own sanity I've set these to yes one by one, restarted the mailscanner service and then sent a test invite through, unfortunately still no luck :(

I disabled the DMARC and DKIM service, made some postfix changes so it didn't try to connect to these and sent a test invite through just in case, unfortunately still no luck so it's definitely the 'mailscanner' section that's breaking it.

I've even gone as far as to disable TNEF and allow IFrame tags in all messages, however it's still getting stripped out.

Is there any other section that might be effecting outlook invites that I've not looked through?

Thanks again.

henk
Posts: 465
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Outlook calendar invites broken

Post by henk » 03 Feb 2020 19:10

take a look at this old post viewtopic.php?t=3069 to try first, with or without an attachment

mailfuntimes
Posts: 4
Joined: 03 Feb 2020 14:23

Re: Outlook calendar invites broken

Post by mailfuntimes » 06 Feb 2020 14:33

Hi Henk,

Thanks so much for the link, the main thing that pointed me in the right direction was:
efa/mailscanner won't diddle messages unless you have configured your system to change the body of the messages.
I had tried to replicate what our old EFA server was doing, this includes adding the signature at the bottom of the email to say it was deemed to be clean. The following was set to 'yes' and that's what was causing my issues:

Code: Select all

# Add the "Inline HTML Signature" or "Inline Text Signature" to the end
# of uninfected messages?
# If you add your own signature in your email application, and include the
# magic token "_SIGNATURE_" in your email message, the signature will be
# inserted just there, rather than at the end of the message.
# This can also be the filename of a ruleset.
Sign Clean Messages = no
I couldn't work out why this was working on the old EFA, well it looks as though this was not configured to add the signature and instead postfix was the one adding this in.

All calendar requests are going through now.

Thanks both!

Post Reply