Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    E-mail sender information

    Kopano WebApp
    5
    17
    1766
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • fbartels
      fbartels Kopano last edited by

      fyi we have opened a pull request at the upstream library (vmime). the pr can be found at https://github.com/kisli/vmime/pull/192

      Regards Felix

      Resources:
      https://kopano.com/blog/how-to-get-kopano/
      https://documentation.kopano.io/
      https://kb.kopano.io/

      Support overview:
      https://kopano.com/support/

      1 Reply Last reply Reply Quote 2
      • Jo-TL
        Jo-TL last edited by

        push, what’s going on with this security fix?

        1 Reply Last reply Reply Quote 0
        • fbartels
          fbartels Kopano last edited by

          Hi @Jo-TL ,

          the issue was resolved through the patch with the upstream library. If you are using our packages you have meanwhile received an updated libvmime-kopano1 package. If you are using other packages you have to bug the maintainer of your libvmime package.

          Regards Felix

          Resources:
          https://kopano.com/blog/how-to-get-kopano/
          https://documentation.kopano.io/
          https://kb.kopano.io/

          Support overview:
          https://kopano.com/support/

          1 Reply Last reply Reply Quote 1
          • Jo-TL
            Jo-TL last edited by

            An upgrade didn’t solve the issue for me.

            WebApp: 3.4.24.1929+84.1
            Kopano Core: 8.6.8
            libvmime-kopano1/stable,now 0.9.2.50+11.1 amd64 [installiert]

            It seams to be parsed not correctly for webapp

            Example

            1 Reply Last reply Reply Quote 0
            • fbartels
              fbartels Kopano last edited by

              Hi @Jo-TL ,

              when you last posted in this thread I have verified the behaviour with the example posted in https://jira.kopano.io/browse/KC-1044. For me it did show up correctly in WebApp (although I cannot say with certainty which webapp version I used during the test).

              Can you provide a test message that still shows the old behaviour?

              Regards Felix

              Resources:
              https://kopano.com/blog/how-to-get-kopano/
              https://documentation.kopano.io/
              https://kb.kopano.io/

              Support overview:
              https://kopano.com/support/

              1 Reply Last reply Reply Quote 0
              • Jo-TL
                Jo-TL last edited by Jo-TL

                ok, then a part of the problem is already fixed, but there are also spoofing mails like the following.

                the best solution would be to match the end of the string

                Return-Path: <m.alberts@kopano.com>
                Received: from malberts-kopano.zarafa.lan ([::ffff:127.0.0.1]:48640)
                	by malberts-kopano (kopano-dagent) with LMTP;
                	Tue, 13 Feb 2018 09:30:41 +0100 (CET)
                Received: from malberts-kopano (localhost [127.0.0.1])
                	by malberts-kopano.zarafa.lan (Postfix) with ESMTP id 75950940008
                	for <m.alberts@kopano.com>; Tue, 13 Feb 2018 09:30:41 +0100 (CET)
                Received: by malberts-kopano (kopano-spooler) with MAPI; Tue, 13 Feb 2018
                 09:30:41 +0100
                Subject: martijn eml
                From: Your Boss <yourboss@kopano.de> <secretlysomeoneelse@kopano.net>
                To: =?utf-8?Q?martijn_Test?= <m.alberts@kopano.com>
                Date: Tue, 13 Feb 2018 09:30:41 +0100
                Mime-Version: 1.0
                Content-Type: text/html; charset=utf-8
                Content-Transfer-Encoding: quoted-printable
                X-Priority: 3 (Normal)
                X-Mailer: Kopano 8.5.80
                Message-Id: <kcim.5a82a231.1b9c.741b3c847dcfcaaf@malberts-kopano>
                
                <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://ww=
                w.w3.org/TR/html4/loose.dtd"><html>
                <head>
                  <meta name=3D"Generator" content=3D"Kopano WebApp vdevel">
                  <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8=
                ">
                  <title>martijn eml</title>
                </head>
                <body>
                <p style=3D"padding: 0; margin: 0;"><span style=3D"font-size: 10pt; font-=
                family: tahoma, arial, helvetica, sans-serif;"><br /></span></p>
                </body>
                </html>
                
                
                fbartels 1 Reply Last reply Reply Quote 0
                • fbartels
                  fbartels Kopano @Jo-TL last edited by

                  Hi @Jo-TL ,

                  thanks for the example. So the difference in these two cases is:

                  $ diff martijn.eml email-spoof.eml
                  11c11
                  < From: yourboss@kopano.de <secretlysomeoneelse@kopano.net>
                  ---
                  > From: Your Boss <yourboss@kopano.de> <secretlysomeoneelse@kopano.net>
                  34d33
                  <
                  

                  I have created https://jira.kopano.io/browse/KC-1350 with some additional details for followup.

                  Regards Felix

                  Resources:
                  https://kopano.com/blog/how-to-get-kopano/
                  https://documentation.kopano.io/
                  https://kb.kopano.io/

                  Support overview:
                  https://kopano.com/support/

                  1 Reply Last reply Reply Quote 0
                  • thctlo
                    thctlo last edited by thctlo

                    That message is clearly a spam message.
                    If you look you see : From "Some name " <some@email.tld> <someotherspammer@email.tld>

                    Add this to you spamassassin config.

                    header MULTI_FROM_ADDRESS From =~ /^.*<.*@.*>.*<.*@.*>/i
                    score MULTI_FROM_ADDRESS 5.0
                    describe MULTI_FROM_ADDRESS Multiple senders in From: header
                    
                    1 Reply Last reply Reply Quote 0
                    • djtremors
                      djtremors last edited by

                      welcome to RFC2822 headers is non verifiable and even good mail servers exploit the idiocy of these headers ie “From: YourPersonalServices” and is meant to be a proper service. The header From can have anything it wants and it’s up to your mail system (not really kopano) to block this if it looks wrong.

                      My exim verifies many conditions before it even hits rspamd rules and I kick quite a lot of spam/invalid/faked emails.
                      exim can pull out the header from domain in the email address, if empty, it’s invalid… good or bad…

                      I’ve moved away from postfix due to the cumbersome ways to put filters and I used it for many years too.

                      1 Reply Last reply Reply Quote 0
                      • Jo-TL
                        Jo-TL last edited by

                        Sure it’s a spam massage.

                        But kopano/vmime gives a “wrong result” parsing the from field, so obfuscated sender in spoofing mails stay hidden.
                        .
                        Everybody can block mails like this, but a correct result in the frontend makes the world better ;)

                        1 Reply Last reply Reply Quote 0
                        • Jo-TL
                          Jo-TL last edited by

                          In addition of the vmime pull request/open ticket from november:

                          In my opinion it should match the following from types:
                          sender@domain.com
                          Named Sender sender@domain.com
                          Named Sender fakedSender@domain.com sender@domain.com

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post