RE: Re[2]: [qmailtoaster] detect macros in ms documents
eric have implemented this in my production machines. it seems to be working correctly. will revert after a few days. thank you, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Sat, 05 Aug 2017 07:21:41 + Subject: Sorry, didn't see the other files # yum install perl-Archive-Zip # yum install perl-IO-String # cd /etc/spamassassin (or your spamassassin directory) # wget -O ./OLEMacro.pm https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm # wget -O ./OLEMacro.cf https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.cf # wget -O ./OLEMacro.pre https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pre # vi local.cf Add: include OLEMacro.cf Save # spamassassin --lint -D Look for OLE -- Original Message -- From: "Eric Broch"To: qmailtoaster-list@qmailtoaster.com Sent: 8/5/2017 12:44:12 AM Subject: Re: [qmailtoaster] detect macros in ms documents >Rajesh, > >I don't use it but wouldn't it be easy to apply? > ># wget -O >/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm >https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm > ># chmod 444 >/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm > >Add the below line to /etc/spamassassin/local.cf > >loadplugin Mail::SpamAssassin::Plugin::OLEMacro > ># spamassassin --lint -D &> sadump.txt > >search sadump.txt for OLEMacro > >Eric > > >-- Original Message -- >From: "Rajesh M" <24x7ser...@24x7server.net> >To: qmailtoaster-list@qmailtoaster.com >Sent: 8/4/2017 10:57:35 PM >Subject: [qmailtoaster] detect macros in ms documents > >>hi >> >>there are rising number of incidences with ms .doc and .xls being >>transmitted with embedded macro virus >> >>i found a tool here which will detect such files containing macro >>virus and mark them as spam >>https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm >> >>i dont wish rely on antivirus -- in the last incident sophos, >>kaspersky (i am seeing it fail for the first time) and clam did not >>detect it. >> >>does anybody use the above spamassassin module or something equivalent >>? >> >>rajesh >> >> - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re[2]: [qmailtoaster] detect macros in ms documents
Sorry, didn't see the other files # yum install perl-Archive-Zip # yum install perl-IO-String # cd /etc/spamassassin (or your spamassassin directory) # wget -O ./OLEMacro.pm https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm # wget -O ./OLEMacro.cf https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.cf # wget -O ./OLEMacro.pre https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pre # vi local.cf Add: include OLEMacro.cf Save # spamassassin --lint -D Look for OLE -- Original Message -- From: "Eric Broch"To: qmailtoaster-list@qmailtoaster.com Sent: 8/5/2017 12:44:12 AM Subject: Re: [qmailtoaster] detect macros in ms documents Rajesh, I don't use it but wouldn't it be easy to apply? # wget -O /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm # chmod 444 /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm Add the below line to /etc/spamassassin/local.cf loadplugin Mail::SpamAssassin::Plugin::OLEMacro # spamassassin --lint -D &> sadump.txt search sadump.txt for OLEMacro Eric -- Original Message -- From: "Rajesh M" <24x7ser...@24x7server.net> To: qmailtoaster-list@qmailtoaster.com Sent: 8/4/2017 10:57:35 PM Subject: [qmailtoaster] detect macros in ms documents hi there are rising number of incidences with ms .doc and .xls being transmitted with embedded macro virus i found a tool here which will detect such files containing macro virus and mark them as spam https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm i dont wish rely on antivirus -- in the last incident sophos, kaspersky (i am seeing it fail for the first time) and clam did not detect it. does anybody use the above spamassassin module or something equivalent ? rajesh
Re: [qmailtoaster] detect macros in ms documents
Should you have any queries, please don't hesitate to contact me. Best regards, === Alex Kan UNICORN Tech & Network Limited Direct: (852) 3721 2668 Mobile: (852) 9196 4136 Tel: (852) 3165 1565 Fax: (852) 3721 2682 E-mail: a...@unicorntn.com.hk === From: Rajesh M <24x7ser...@24x7server.net> Sent: Saturday, August 5, 2017 12:57:35 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] detect macros in ms documents hi there are rising number of incidences with ms .doc and .xls being transmitted with embedded macro virus i found a tool here which will detect such files containing macro virus and mark them as spam https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm i dont wish rely on antivirus -- in the last incident sophos, kaspersky (i am seeing it fail for the first time) and clam did not detect it. does anybody use the above spamassassin module or something equivalent ? rajesh This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. UNICORN Tech & Network Limited, Room 1106, 11/F., Liven House, 61-63 King Yip Street, Kwun Tong, Kowloon, Hong Kong, www.unicorntn.com.hk
Re: [qmailtoaster] detect macros in ms documents
Should you have any queries, please don't hesitate to contact me. Best regards, === Alex Kan UNICORN Tech & Network Limited Direct: (852) 3721 2668 Mobile: (852) 9196 4136 Tel: (852) 3165 1565 Fax: (852) 3721 2682 E-mail: a...@unicorntn.com.hk === From: Rajesh M <24x7ser...@24x7server.net> Sent: Saturday, August 5, 2017 12:57:35 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] detect macros in ms documents hi there are rising number of incidences with ms .doc and .xls being transmitted with embedded macro virus i found a tool here which will detect such files containing macro virus and mark them as spam https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm i dont wish rely on antivirus -- in the last incident sophos, kaspersky (i am seeing it fail for the first time) and clam did not detect it. does anybody use the above spamassassin module or something equivalent ? rajesh This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. UNICORN Tech & Network Limited, Room 1106, 11/F., Liven House, 61-63 King Yip Street, Kwun Tong, Kowloon, Hong Kong, www.unicorntn.com.hk
Re: [qmailtoaster] detect macros in ms documents
Rajesh, I don't use it but wouldn't it be easy to apply? # wget -O /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm https://raw.githubusercontent.com/fmbla/spamassassin-olemacro/master/OLEMacro.pm # chmod 444 /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/OLEMacro.pm Add the below line to /etc/spamassassin/local.cf loadplugin Mail::SpamAssassin::Plugin::OLEMacro # spamassassin --lint -D &> sadump.txt search sadump.txt for OLEMacro Eric -- Original Message -- From: "Rajesh M" <24x7ser...@24x7server.net> To: qmailtoaster-list@qmailtoaster.com Sent: 8/4/2017 10:57:35 PM Subject: [qmailtoaster] detect macros in ms documents hi there are rising number of incidences with ms .doc and .xls being transmitted with embedded macro virus i found a tool here which will detect such files containing macro virus and mark them as spam https://github.com/fmbla/spamassassin-olemacro/blob/master/OLEMacro.pm i dont wish rely on antivirus -- in the last incident sophos, kaspersky (i am seeing it fail for the first time) and clam did not detect it. does anybody use the above spamassassin module or something equivalent ? rajesh
Re[4]: [qmailtoaster] Qmailtoaster smtproutes
I was looking into the indimail patch that accomplishes just what you what. In time I might have this available. https://groups.google.com/forum/#!topic/indimail/26HYfVrtGYo -- Original Message -- From: "Kan Teruo"To: qmailtoaster-list@qmailtoaster.com Sent: 8/4/2017 10:18:19 PM Subject: RE: Re[2]: [qmailtoaster] Qmailtoaster smtproutes Dear Eric, Thanks for your confirmation. Teruo From: Eric Broch [mailto:ebr...@whitehorsetc.com] Sent: Saturday, August 5, 2017 11:22 AM To:qmailtoaster-list@qmailtoaster.com Subject: Re[2]: [qmailtoaster] Qmailtoaster smtproutes Sorry, I don't think there is a way to do this in qmailtoaster as it sits. Eric -- Original Message -- From: "Kan Teruo" To: qmailtoaster-list@qmailtoaster.com Sent: 8/4/2017 5:40:22 PM Subject: RE: [qmailtoaster] Qmailtoaster smtproutes Dear Eric, Sorry for my pool explanation. I studied http://wiki.qmailtoaster.com/index.php/Smtproutes before. If my understanding is right, domaina.com:smarthost1.xxx.com means when send email to domaina.com then use smarthost1.xxx.com. In my case, domaina.com, domainb.com and domainc.com are in my qmailtoaster box (not the destination). If email send from domaina.com to outside, use smarthost1.xxx.com. If email send from domainb.com to outside, use smarthost2.xxx.com. If email send from domainc.com to outside, use smarthost3.xxx.com. For email from others domains, send directly from qmailtoaster box. Is there any ways to do like that in qmailtoaster? Teruo Sensitivity: Internal From: Eric Broch [mailto:ebr...@whitehorsetc.com] Sent: Friday, August 4, 2017 8:22 PM To:qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Qmailtoaster smtproutes Sorry, domaina.com:smarthost1.xxx.com domainb.com:smarthost2.xxx.com domainc.com:smarthost3.xxx.com qmailctl stop qmailctl start On 8/4/2017 6:19 AM, Eric Broch wrote: In /var/qmail/control/smtproutes domaina.com: smarthost1.xxx.com domainb.com:marthost2.xxx.com domainc.com:marthost3.xxx.com qmailctl stop qmailctl start http://wiki.qmailtoaster.com/index.php/Smtproutes On 8/4/2017 4:34 AM, Kan Teruo wrote: Dear All, I have few domains in qmailtoaster and want to use different smart host. For example domaina.com route to smarthost1.xxx.comdomainb.com route to smarthost2.xxx.comdomainc.com route to smarthost3.xxx.comrest of the domains directly send out from the qmailtoaster box I checked /var/qmail/control/smtproutes but it just can route to different smart hosts by destination. Is it possible to use different smart hosts based on sender domain inside qmailtoaster? Thanks & best regards, Teruo Sensitivity: Internal -- Eric Broch White Horse Technical Consulting (WHTC) -- Eric Broch White Horse Technical Consulting (WHTC)
Re[2]: [qmailtoaster] Disable all security checking
you could probably just do this: :allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig" -- Original Message -- From: "Kan Teruo"To: qmailtoaster-list@qmailtoaster.com Sent: 8/4/2017 10:17:11 PM Subject: RE: [qmailtoaster] Disable all security checking Dear Eric, I found that my /etc/tcprules.d/tcp.smtp is a little different with you. :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private" Is it just simple to replace as you suggested? :allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig",DKSIGN="/var/qmail/control/domainkeys/%/private" Teruo From: Eric Broch [mailto:ebr...@whitehorsetc.com] Sent: Friday, August 4, 2017 9:06 PM To:qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Disable all security checking To disable simscan, dk, ripmime, and warlord in /etc/tcprules.d/tcp.smtp this SHOULD work, change the line : :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",DKSIGN="/var/qmail/control/domainkeys/%/private",NOP0FCHECK="1" to :allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig",DKSIGN="/var/qmail/control/domainkeys/%/private" qmailctl cdb qmailctl stop qmailctl start From /var/qmail/supervise/smtp/run remove line $SPAMDYKE --config-file $SPAMDYKE_CONF \ and spfbehaviour looks good. On 8/4/2017 3:36 AM, Kan Teruo wrote: Dear All, I would like to disable all security checking for some testing. May I know below are enough/correct or not? This is a new installation in Centos 7. In /var/qmail/control change simcontrol :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif to :clam=no,spam=no,spam_hits=12,attach=.mp3:.src:.bat:.pif In /var/qmail/control change spfbehavior from 3 to 0Disable spamdyke # cd /var/qmail/supervise/smtp # ln -sf run.dist run # qmailctl restart Disable domain keys cd /var/qmail/bin ln -sf qmail-queue.orig qmail-queue qmailctl restart Thanks & best regards, Teruo -- Eric Broch White Horse Technical Consulting (WHTC)