RE: Re[2]: [qmailtoaster] detect macros in ms documents

[Rajesh M]

eric

have implemented this in my production machines.

it seems to be working correctly.

will revert after a few days.

thank you,
rajesh

- Original Message -
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
To: qmailtoaster-list@qmailtoaster.com
Sent: Sat, 05 Aug 2017 07:21:41 +
Subject:

Sorry, didn't see the other files

# yum install perl-Archive-Zip
# yum install perl-IO-String
# cd /etc/spamassassin (or your spamassassin directory)
# wget -O ./OLEMacro.pm
https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm
# wget -O ./OLEMacro.cf
https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.cf
# wget -O ./OLEMacro.pre
https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pre
# vi local.cf
Add:
include OLEMacro.cf
Save

# spamassassin --lint -D
Look for OLE




-- Original Message --
From: "Eric Broch" 
To: qmailtoaster-list@qmailtoaster.com
Sent: 8/5/2017 12:44:12 AM
Subject: Re: [qmailtoaster] detect macros in ms documents

>Rajesh,
>
>I don't use it but wouldn't it be easy to apply?
>
># wget -O
>/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm
>https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm
>
># chmod 444
>/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm
>
>Add  the below line to /etc/spamassassin/local.cf
>
>loadplugin Mail::SpamAssassin::Plugin::OLEMacro
>
># spamassassin --lint -D  &> sadump.txt
>
>search sadump.txt for OLEMacro
>
>Eric
>
>
>-- Original Message --
>From: "Rajesh M" <24x7ser...@24x7server.net>
>To: qmailtoaster-list@qmailtoaster.com
>Sent: 8/4/2017 10:57:35 PM
>Subject: [qmailtoaster] detect macros in ms documents
>
>>hi
>>
>>there are rising number of incidences with ms .doc and .xls being
>>transmitted with embedded macro virus
>>
>>i found a tool here which will detect such files containing macro
>>virus and mark them as spam
>>https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm
>>
>>i dont wish rely on antivirus -- in the last incident sophos,
>>kaspersky (i am seeing it fail for the first time) and clam did not
>>detect it.
>>
>>does anybody use the above spamassassin module or something equivalent
>>?
>>
>>rajesh
>>
>>


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re[2]: [qmailtoaster] detect macros in ms documents

[Eric Broch]

Sorry, didn't see the other files

# yum install perl-Archive-Zip
# yum install perl-IO-String
# cd /etc/spamassassin (or your spamassassin directory)
# wget -O ./OLEMacro.pm  
https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm
# wget -O ./OLEMacro.cf 
https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.cf
# wget -O ./OLEMacro.pre 
https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pre

# vi local.cf
Add:
include OLEMacro.cf
Save

# spamassassin --lint -D
Look for OLE




-- Original Message --
From: "Eric Broch" 
To: qmailtoaster-list@qmailtoaster.com
Sent: 8/5/2017 12:44:12 AM
Subject: Re: [qmailtoaster] detect macros in ms documents


Rajesh,

I don't use it but wouldn't it be easy to apply?

# wget -O 
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm  
https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm


# chmod 444 
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm


Add  the below line to /etc/spamassassin/local.cf

loadplugin Mail::SpamAssassin::Plugin::OLEMacro

# spamassassin --lint -D  &> sadump.txt

search sadump.txt for OLEMacro

Eric


-- Original Message --
From: "Rajesh M" <24x7ser...@24x7server.net>
To: qmailtoaster-list@qmailtoaster.com
Sent: 8/4/2017 10:57:35 PM
Subject: [qmailtoaster] detect macros in ms documents


hi

there are rising number of incidences with ms .doc and .xls being 
transmitted with embedded macro virus


i found a tool here which will detect such files containing macro 
virus and mark them as spam

https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm

i dont wish rely on antivirus -- in the last incident sophos, 
kaspersky (i am seeing it fail for the first time) and clam did not 
detect it.


does anybody use the above spamassassin module or something equivalent 
?


rajesh

Re: [qmailtoaster] detect macros in ms documents

[Alex Kan]

Should you have any queries, please don't hesitate to contact me.

Best regards,
===
Alex Kan
UNICORN Tech & Network Limited
Direct: (852) 3721 2668
Mobile: (852) 9196 4136
Tel: (852) 3165 1565
Fax: (852) 3721 2682
E-mail: a...@unicorntn.com.hk
===


From: Rajesh M <24x7ser...@24x7server.net>
Sent: Saturday, August 5, 2017 12:57:35 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] detect macros in ms documents

hi

there are rising number of incidences with ms .doc and .xls being transmitted 
with embedded macro virus

i found a tool here which will detect such files containing macro virus and 
mark them as spam
https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm

i dont wish rely on antivirus -- in the last incident sophos, kaspersky (i am 
seeing it fail for the first time) and clam did not detect it.

does anybody use the above spamassassin module or something equivalent ?

rajesh


This message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail. Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and delete 
this e-mail from your system. E-mail transmission cannot be guaranteed to be 
secure or error-free as information could be intercepted, corrupted, lost, 
destroyed, arrive late or incomplete, or contain viruses. The sender therefore 
does not accept liability for any errors or omissions in the contents of this 
message, which arise as a result of e-mail transmission. If verification is 
required please request a hard-copy version. UNICORN Tech & Network Limited, 
Room 1106, 11/F., Liven House, 61-63 King Yip Street, Kwun Tong, Kowloon, Hong 
Kong, www.unicorntn.com.hk

Re: [qmailtoaster] detect macros in ms documents

[Alex Kan]

Should you have any queries, please don't hesitate to contact me.

Best regards,
===
Alex Kan
UNICORN Tech & Network Limited
Direct: (852) 3721 2668
Mobile: (852) 9196 4136
Tel: (852) 3165 1565
Fax: (852) 3721 2682
E-mail: a...@unicorntn.com.hk
===


From: Rajesh M <24x7ser...@24x7server.net>
Sent: Saturday, August 5, 2017 12:57:35 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] detect macros in ms documents

hi

there are rising number of incidences with ms .doc and .xls being transmitted 
with embedded macro virus

i found a tool here which will detect such files containing macro virus and 
mark them as spam
https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm

i dont wish rely on antivirus -- in the last incident sophos, kaspersky (i am 
seeing it fail for the first time) and clam did not detect it.

does anybody use the above spamassassin module or something equivalent ?

rajesh


This message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail. Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and delete 
this e-mail from your system. E-mail transmission cannot be guaranteed to be 
secure or error-free as information could be intercepted, corrupted, lost, 
destroyed, arrive late or incomplete, or contain viruses. The sender therefore 
does not accept liability for any errors or omissions in the contents of this 
message, which arise as a result of e-mail transmission. If verification is 
required please request a hard-copy version. UNICORN Tech & Network Limited, 
Room 1106, 11/F., Liven House, 61-63 King Yip Street, Kwun Tong, Kowloon, Hong 
Kong, www.unicorntn.com.hk

Re: [qmailtoaster] detect macros in ms documents

[Eric Broch]

Rajesh,

I don't use it but wouldn't it be easy to apply?

# wget -O 
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm  
https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm


# chmod 444 
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm


Add  the below line to /etc/spamassassin/local.cf

loadplugin Mail::SpamAssassin::Plugin::OLEMacro

# spamassassin --lint -D  &> sadump.txt

search sadump.txt for OLEMacro

Eric


-- Original Message --
From: "Rajesh M" <24x7ser...@24x7server.net>
To: qmailtoaster-list@qmailtoaster.com
Sent: 8/4/2017 10:57:35 PM
Subject: [qmailtoaster] detect macros in ms documents


hi

there are rising number of incidences with ms .doc and .xls being 
transmitted with embedded macro virus


i found a tool here which will detect such files containing macro virus 
and mark them as spam

https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm

i dont wish rely on antivirus -- in the last incident sophos, kaspersky 
(i am seeing it fail for the first time) and clam did not detect it.


does anybody use the above spamassassin module or something equivalent 
?


rajesh

Re[4]: [qmailtoaster] Qmailtoaster smtproutes

[Eric Broch]

I was looking into the indimail patch that accomplishes just what you 
what. In time I might have this available.

https://groups.google.com/forum/#!topic/indimail/26HYfVrtGYo

-- Original Message --
From: "Kan Teruo" 
To: qmailtoaster-list@qmailtoaster.com
Sent: 8/4/2017 10:18:19 PM
Subject: RE: Re[2]: [qmailtoaster] Qmailtoaster smtproutes


Dear Eric,



Thanks for your confirmation.



Teruo



From: Eric Broch [mailto:ebr...@whitehorsetc.com]
Sent: Saturday, August 5, 2017 11:22 AM
To:qmailtoaster-list@qmailtoaster.com
Subject: Re[2]: [qmailtoaster] Qmailtoaster smtproutes



Sorry,

I don't think there is a way to do this in qmailtoaster as it sits.

Eric



-- Original Message --

From: "Kan Teruo" 

To: qmailtoaster-list@qmailtoaster.com

Sent: 8/4/2017 5:40:22 PM

Subject: RE: [qmailtoaster] Qmailtoaster smtproutes




Dear Eric,



Sorry for my pool explanation.

I studied http://wiki.qmailtoaster.com/index.php/Smtproutes before.

If my understanding is right, domaina.com:smarthost1.xxx.com means 
when send email to domaina.com then use smarthost1.xxx.com.


In my case, domaina.com, domainb.com and domainc.com are in my 
qmailtoaster box (not the destination).


If email send from domaina.com to outside, use smarthost1.xxx.com.

If email send from domainb.com to outside, use smarthost2.xxx.com.

If email send from domainc.com to outside, use smarthost3.xxx.com.

For email from others domains, send directly from qmailtoaster box.



Is there any ways to do like that in qmailtoaster?



Teruo





Sensitivity: Internal

From: Eric Broch [mailto:ebr...@whitehorsetc.com]
Sent: Friday, August 4, 2017 8:22 PM
To:qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Qmailtoaster smtproutes



Sorry,

domaina.com:smarthost1.xxx.com
domainb.com:smarthost2.xxx.com
domainc.com:smarthost3.xxx.com
qmailctl stop
qmailctl start

On 8/4/2017 6:19 AM, Eric Broch wrote:


In /var/qmail/control/smtproutes

domaina.com: smarthost1.xxx.com

domainb.com:marthost2.xxx.com

domainc.com:marthost3.xxx.com

qmailctl stop

qmailctl start



http://wiki.qmailtoaster.com/index.php/Smtproutes



On 8/4/2017 4:34 AM, Kan Teruo wrote:


Dear All,



I have few domains in qmailtoaster and want to use different smart 
host.




For example

domaina.com route to smarthost1.xxx.comdomainb.com route to 
smarthost2.xxx.comdomainc.com route to smarthost3.xxx.comrest of the 
domains directly send out from the qmailtoaster box



I checked /var/qmail/control/smtproutes but it just can route to 
different smart hosts by destination.


Is it possible to use different smart hosts based on sender domain 
inside qmailtoaster?




Thanks & best regards,

Teruo



Sensitivity: Internal




--

Eric Broch

White Horse Technical Consulting (WHTC)




--

Eric Broch

White Horse Technical Consulting (WHTC)

Re[2]: [qmailtoaster] Disable all security checking

[Eric Broch]

you could probably just do this:

:allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig"




-- Original Message --
From: "Kan Teruo" 
To: qmailtoaster-list@qmailtoaster.com
Sent: 8/4/2017 10:17:11 PM
Subject: RE: [qmailtoaster] Disable all security checking


Dear Eric,



I found that my /etc/tcprules.d/tcp.smtp is a little different with 
you.




:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"



Is it just simple to replace as you suggested?



:allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig",DKSIGN="/var/qmail/control/domainkeys/%/private"



Teruo



From: Eric Broch [mailto:ebr...@whitehorsetc.com]
Sent: Friday, August 4, 2017 9:06 PM
To:qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Disable all security checking



To disable simscan, dk, ripmime, and warlord in 
/etc/tcprules.d/tcp.smtp this SHOULD work, change the line :


:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",DKSIGN="/var/qmail/control/domainkeys/%/private",NOP0FCHECK="1"

to

:allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig",DKSIGN="/var/qmail/control/domainkeys/%/private"

qmailctl cdb

qmailctl stop

qmailctl start

From /var/qmail/supervise/smtp/run

remove line

$SPAMDYKE --config-file $SPAMDYKE_CONF \

and spfbehaviour looks good.



On 8/4/2017 3:36 AM, Kan Teruo wrote:


Dear All,



I would like to disable all security checking for some testing.

May I know below are enough/correct or not?



This is a new installation in Centos 7.



In /var/qmail/control change simcontrol 
:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif to

:clam=no,spam=no,spam_hits=12,attach=.mp3:.src:.bat:.pif

In /var/qmail/control change spfbehavior from 3 to 0Disable spamdyke
# cd /var/qmail/supervise/smtp

# ln -sf run.dist run

# qmailctl restart

Disable domain keys
cd /var/qmail/bin

ln -sf qmail-queue.orig qmail-queue

qmailctl restart



Thanks & best regards,

Teruo





--
Eric Broch
White Horse Technical Consulting (WHTC)