EFA breaks message content

Report bugs and workarounds
Post Reply
Bladman
Posts: 4
Joined: 26 Apr 2018 13:14

EFA breaks message content

Post by Bladman » 26 Apr 2018 13:35

Hello,

Currently I receive complaints from users that receive e-mail from an order system that sends order confirmations towards the users get displayed incorrectly in their e-mail client.

This only happens when I put EFA in front of the Exchange server as inbound spamfilter.

The issue is that the e-mail is sent by the system with (hidden) JSON data.
As soon as the e-mail has been through EFA, the JSON data is added to the top of the e-mail as text.

According to the developer of the order system the JSON data should be hidden and thus not be shown by the e-mail client. I can confirm this working correctly when I let the e-mails be delivered directly to the Exchange server.

How can I fix this? The MailWatch Web interface shows the same behaviour. On the text/plain section the e-mail is show correctly, but on the text/html section you see that the JSON data is before the "real" e-mail.

Please see the attached screenshot (I needed to anonymize the data, so sorry for the black boxes).

Anyone has any idea about how to prevent this from happening? We have seen it with other e-mails (containing UBL code for invoicing) as well and is only happening when EFA is used as the spamfilter.
Attachments
Knipsel.PNG
Knipsel.PNG (54.95 KiB) Viewed 517 times

User avatar
pdwalker
Posts: 1076
Joined: 18 Mar 2015 09:16

Re: EFA breaks message content

Post by pdwalker » 28 Apr 2018 08:38

efa/mailscanner won't diddle messages unless you have configured your system to change the body of the messages.

Have you configured your efa to add signatures? disarm html? There may be more, but I don't remember what they are off the top of my head as I've configured my efa to leave the messages alone.

I've just had a quick look and some of the settings that might be contributing to your problem are:
Sign Clean Messages =
Mark Infected Messages =
Mark Unscanned Messages =

There are others.

Maybe you could show an entire test html message sent to your system and we can see what options are turned on.

Bladman
Posts: 4
Joined: 26 Apr 2018 13:14

Re: EFA breaks message content

Post by Bladman » 03 May 2018 08:50

Hi,

The problem is that the HTML is untouched, the rest of the e-mail below the screenshot shows just fine.
Sign Clean Messages = No
Mark Infected Messages = Yes
Mark Unscanned Messages = Yes

User avatar
pdwalker
Posts: 1076
Joined: 18 Mar 2015 09:16

Re: EFA breaks message content

Post by pdwalker » 03 May 2018 16:18

Is it possible to mail me one of those messages, or an example of one of those messages to see if my system mangles it?

Bladman
Posts: 4
Joined: 26 Apr 2018 13:14

Re: EFA breaks message content

Post by Bladman » 04 May 2018 20:30

I can I guess but I think i’ll only be able to forward an already mangled e-mail. Haven’t changed the settings you mentioned before by the way but I think it has something to do with the HTML disarming.

What e-mail to send the e-mail to?
I will see if I can generate an test e-mail from the ordering system so it gets processed as an original Message instead of an forwarded one.

henk
Posts: 171
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: EFA breaks message content

Post by henk » 04 May 2018 22:56

You could try to Allow Script Tags. (only for mail from trusted domains)

( create ruleset like:
From host:*.trusted domain.com yes
FromorTo default disarm)

Question: can you trust any domain :?: ;)

The MailScanner Tags defaults:

Code: Select all

# Do you want to allow <IFrame> tags in email messages? This is not a good
# idea as it allows various Microsoft Outlook security vulnerabilities to
# remain unprotected, but if you have a load of mailing lists sending them,
# then you will want to allow them to keep your users happy.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
# This can also be the filename of a ruleset, so you can allow them from
# known mailing lists but ban them from everywhere else.
Allow IFrame Tags = disarm

# Do you want to allow <Form> tags in email messages? This is a bad idea
# as these are used as scams to pursuade people to part with credit card
# information and other personal data.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
#                   Note: Disarming can be defeated, it is not 100% safe!
# This can also be the filename of a ruleset.
Allow Form Tags = disarm

# Do you want to allow <Script> tags in email messages? This is a bad idea
# as these are used to exploit vulnerabilities in email applications and
# web browsers.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
#                   Note: Disarming can be defeated, it is not 100% safe!
# This can also be the filename of a ruleset.
Allow Script Tags = disarm

Bladman
Posts: 4
Joined: 26 Apr 2018 13:14

Re: EFA breaks message content

Post by Bladman » 17 May 2018 10:04

Hi Henk,

Yes, that was it, it has been fixed!

Thanks.

Post Reply