mkuron
commented
4 years ago Are you sure you're on the latest version? We actually fixed that in #3273 a few days ago.
Closed MarkusP closed 4 years ago
mkuron
commented
4 years ago Are you sure you're on the latest version? We actually fixed that in #3273 a few days ago.
MarkusP
commented
4 years ago Here the actual versions...
root@mailserver:/opt/mailcow-dockerized# docker-compose images
WARNING: The WATCHDOG_NOTIFY_EMAIL variable is not set. Defaulting to a blank string.
Container Repository Tag Image Id Size
-----------------------------------------------------------------------------------------------------
mailcowdockerized_acme-mailcow_1 mailcow/acme 1.63 8878902820a0 116.5 MB
mailcowdockerized_clamd-mailcow_1 mailcow/clamd 1.35 d4b6c6f2c344 213.9 MB
mailcowdockerized_dockerapi-mailcow_1 mailcow/dockerapi 1.36 037253cd4815 74.27 MB
mailcowdockerized_dovecot-mailcow_1 mailcow/dovecot 1.108 dec8e7f18607 401.8 MB
mailcowdockerized_ipv6nat-mailcow_1 robbertkl/ipv6nat latest f46f4d37caac 21.47 MB
mailcowdockerized_memcached-mailcow_1 memcached alpine 319607c5f2b0 9.084 MB
mailcowdockerized_mysql-mailcow_1 mariadb 10.3 b2445052feca 342.9 MB
mailcowdockerized_netfilter-mailcow_1 mailcow/netfilter 1.31 2dcc9faf2749 82.36 MB
mailcowdockerized_nginx-mailcow_1 nginx mainline-alpine 36189e6707f4 21.46 MB
mailcowdockerized_olefy-mailcow_1 mailcow/olefy 1.2 961926f178c1 89.67 MB
mailcowdockerized_php-fpm-mailcow_1 mailcow/phpfpm 1.55 766f3ca7155c 339.1 MB
mailcowdockerized_postfix-mailcow_1 mailcow/postfix 1.44 5a97b4f937a4 269.4 MB
mailcowdockerized_redis-mailcow_1 redis 5-alpine 8af6a13284bf 32.98 MB
mailcowdockerized_rspamd-mailcow_1 mailcow/rspamd 1.59 b7c165384522 158.6 MB
mailcowdockerized_sogo-mailcow_1 mailcow/sogo 1.65 a3fe21bd23d6 478.1 MB
mailcowdockerized_solr-mailcow_1 mailcow/solr 1.7 df537896e541 619.9 MB
mailcowdockerized_unbound-mailcow_1 mailcow/unbound 1.10 421ae97b1278 20.85 MB
mailcowdockerized_watchdog-mailcow_1 mailcow/watchdog 1.67 76adb2d8768b 103.2 MB
This is after the update
```bash
root@mailserver:/opt/mailcow-dockerized# docker-compose images
WARNING: The WATCHDOG_NOTIFY_EMAIL variable is not set. Defaulting to a blank string.
Container Repository Tag Image Id Size
-----------------------------------------------------------------------------------------------------
mailcowdockerized_acme-mailcow_1 mailcow/acme 1.64 e54800828a5b 116.5 MB
mailcowdockerized_clamd-mailcow_1 mailcow/clamd 1.35 d4b6c6f2c344 213.9 MB
mailcowdockerized_dockerapi-mailcow_1 mailcow/dockerapi 1.36 037253cd4815 74.27 MB
mailcowdockerized_dovecot-mailcow_1 mailcow/dovecot 1.108 dec8e7f18607 401.8 MB
mailcowdockerized_ipv6nat-mailcow_1 robbertkl/ipv6nat latest f46f4d37caac 21.47 MB
mailcowdockerized_memcached-mailcow_1 memcached alpine 319607c5f2b0 9.084 MB
mailcowdockerized_mysql-mailcow_1 mariadb 10.3 1632679210bd 342.9 MB
mailcowdockerized_netfilter-mailcow_1 mailcow/netfilter 1.31 2dcc9faf2749 82.36 MB
mailcowdockerized_nginx-mailcow_1 nginx mainline-alpine 764297b381cc 21.78 MB
mailcowdockerized_olefy-mailcow_1 mailcow/olefy 1.2 961926f178c1 89.67 MB
mailcowdockerized_php-fpm-mailcow_1 mailcow/phpfpm 1.55 766f3ca7155c 339.1 MB
mailcowdockerized_postfix-mailcow_1 mailcow/postfix 1.44 5a97b4f937a4 269.4 MB
mailcowdockerized_redis-mailcow_1 redis 5-alpine b68707e68547 29.78 MB
mailcowdockerized_rspamd-mailcow_1 mailcow/rspamd 1.59 b7c165384522 158.6 MB
mailcowdockerized_sogo-mailcow_1 mailcow/sogo 1.70 63f74bc43045 477.6 MB
mailcowdockerized_solr-mailcow_1 mailcow/solr 1.7 df537896e541 619.9 MB
mailcowdockerized_unbound-mailcow_1 mailcow/unbound 1.10 421ae97b1278 20.85 MB
mailcowdockerized_watchdog-mailcow_1 mailcow/watchdog 1.67 76adb2d8768b 103.2 MB
Ok, did some tests and now **it seems correct... thanks** and sorry if bothering you!
PiotrEsse
commented
3 years ago After Update MAilcow few days ago this issue reappear. I am getting 40 points hit only for sending plaintext .doc
Ive lower rspamd Symbols&rules - MIME_BAD_EXTENSION to 0,001
Many people cand send and recieve mails - they getting error: 554 5.7.1 "This message does not meet our delivery requirements"
andryyy
commented
3 years ago New Emotet variants are being sent and mostly hidden in .doc.
Please use a newer and less dangerous container format for office files. :)
Am 08.09.2020 um 13:07 schrieb PiotrEsse notifications@github.com:
ï»ż After Update MAilcow few days ago this issue reappear. I am getting 40 points hit only for sending plaintext .doc
Ive lower rspamd Symbols&rules - MIME_BAD_EXTENSION to 0,001
Many people cand send and recieve mails - they getting error: 554 5.7.1 "This message does not meet our delivery requirements"
â You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.
PiotrEsse
commented
3 years ago Dear Andry, Thank You Very much!!
andryyy
commented
3 years ago You are welcome!
mkuron
commented
3 years ago New Emotet variants are being sent and mostly hidden in .doc.
But even without explicitly blocking .doc, they should still be caught by the oletools check for macros, right? Or are there now variants that donât need macros at all?
andryyy
commented
3 years ago No macros were detected. :(
mkuron
commented
3 years ago Oh, thatâs bad. Now I wonder whether itâs an oletools bug or they found a new infection vector that doesnât require macros. Have you had a chance to inspect the file more closely?
andryyy
commented
3 years ago I will give it a try when I find time today.
Am 09.09.2020 um 07:40 schrieb Michael Kuron notifications@github.com:
ï»ż Oh, thatâs bad. Now I wonder whether itâs an oletools bug or they found a new infection vector that doesnât require macros. Have you had a chance to inspect the file more closely?
â You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.
PiotrEsse
commented
3 years ago In my case it was simple plain DOC file beeing blocked.
I am attaching it as ZIP file because GIT prevent DOC upload- coincidence? I do not think.. () littlelovesforsrtnew.zip
andryyy
commented
3 years ago It is correct that we block plain .doc files. What @mkuron meant was an infected .doc, that slipped through Oletools and ClamAV. No need to attach the doc. :)
andryyy
commented
3 years ago @mkuron There was a bug in oletools that prevents oletools to work with olefy. C-R provided me a fix. :) Now it is detected.
@ntimo Can you work on a test for macros? :)
Haves1001
commented
3 years ago I saw the same issue appear when one of my accounts received a mail with an atteched .doc file.
It got rated with MIME_BAD_EXTENSION (40) [doc], while rspamd states that the symbol MIME_BAD_EXTENSION has a score of 2. Shouldn't this email then being rated with (2)?
Hi everyone,
fresh install of mailcow-dockerized on Ubuntu 18.04LTS. Production environment.
The following happens: Someone sends email with .doc Attachment to mailbox on this mailcow. Email gets rejected due to SPAM Score. RSPAMd shows the following in the gui => history tab
MIME_BAD_EXTENSION (20) [doc]
The same happens, but without rejecting the email, if someone sends email with .doc attachment from/thru this mailcow instance to someone on the internet.
MAILCOW_AUTH (-20) MIME_BAD_EXTENSION (20) [doc] BAYES_HAM (-5.5) [100.00%] MIME_GOOD (-0.1) [multipart/mixed,text/plain] DYN_RL_CHECK (0) TO_DN_ALL (0) MIME_TRACE (0) [0:+,1:+,2:-,2:~] MID_RHS_MATCH_FROM (0) DKIM_SIGNED (0)
Anyone any idea?
thanks in advance best greetings Markus