Results 1 to 6 of 6
  1. #1
    Untangler
    Join Date
    Nov 2009
    Posts
    51

    Default Spam Filter Problems

    Been away from really using untangle for a while, testing it out on a vm at home and noticed a few issues.

    Untangle is set up in router mode on ESXi- all my previous messing with untangle has been as a transparent bridge so I can't say if that is a factor or whether it is issues with the latest version.

    1: Email released from quarantine has sender changed to the host name of the untangle vm

    2: Emails released from quarantine get an addition at the end of the email like X-Mailer: UVM MailSender

    3: Email released from quarantine doesn't obey the port forward rule set for email. Instead it seems like exim checks dns for mx record of the domain it is going to and sends it there. As much as this works for my test, this won't work in real life.

    At the moment, I manually type an email, if it isn't quarantined, I've set up a postfix box internal to untangle to forward the email to my friend's office. If I release a quarantined email from untangle, it doesn't go via my postfix box but straight to my friends office. If/when I get to set the box up at his office, I can see the untangle box finding it's wan ip when it looks up the mx record for my friend's domain which will probably either cause a problem, or the released emails would just be sent back to the untangle box.

  2. #2
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,040

    Default

    Quote Originally Posted by RGPEC View Post
    Been away from really using untangle for a while, testing it out on a vm at home and noticed a few issues.

    Untangle is set up in router mode on ESXi- all my previous messing with untangle has been as a transparent bridge so I can't say if that is a factor or whether it is issues with the latest version.

    1: Email released from quarantine has sender changed to the host name of the untangle vm

    2: Emails released from quarantine get an addition at the end of the email like X-Mailer: UVM MailSender

    3: Email released from quarantine doesn't obey the port forward rule set for email. Instead it seems like exim checks dns for mx record of the domain it is going to and sends it there. As much as this works for my test, this won't work in real life.
    That's all correct. The email isn't the original email, it's a new email originating from the Untangle.

    The Untangle will send email based on however the box is set up. If your email won't deliver based on DNS, then you will need to set it up to forward the mail to a smart host. Usually you just put your mail server's information in the email configuration page and it will work just fine.

    We find that if just released the original email, secondary spam detection would get grumpy because of the differences between the headers and the actual email.

    Quote Originally Posted by RGPEC View Post
    At the moment, I manually type an email, if it isn't quarantined, I've set up a postfix box internal to untangle to forward the email to my friend's office. If I release a quarantined email from untangle, it doesn't go via my postfix box but straight to my friends office. If/when I get to set the box up at his office, I can see the untangle box finding it's wan ip when it looks up the mx record for my friend's domain which will probably either cause a problem, or the released emails would just be sent back to the untangle box.
    Look at Config-Email to set this up correctly.
    m.


    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.

    It often helps troubleshooting if you have a good network map. Look here if you want my advice on how to draw one.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangler
    Join Date
    Nov 2009
    Posts
    51

    Default

    Many thanks for the rapid reply!

    Point 2 was nothing major, and point 3 seems to be rectified now that I've specified my postfix box, I just read the descriptions for the mail server settings and thought it only applied to emails generated by untangle e.g. reports as opposed to other emails.

    That nuisance should be sorted if I get to actually set up untangle at it's real intended location.

    However for point 1, I'm wondering how people are meant to reply to the emails (if the email doesn't contain the sender's address within the content)?

  4. #4
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,040

    Default

    Sorry, I didn't carefully read #1. That is most certainly not the case.. Here are the headers from an email I just released from my quarantine:

    Code:
    	From: 	Magento <info@magento.com>
    	Subject: 	Imagine 2012 Registration is Open!
    	Date: 	January 18, 2012 2:51:49 PM PST
    	To: 	Marc A. Runkel <MRunkel@NO$PAM.untangle.com>
    	Reply-To: 	info@magento.com
    	Received: 	from host51.untangle.com (10.0.0.1) by email.untangle.com (10.0.0.41) with Microsoft SMTP Server (TLS) id 8.1.393.1; Thu, 19 Jan 2012 17:01:44 -0800
    	Received: 	from localhost ([127.0.0.1])	by host51.untangle.com with esmtp (Exim 4.69)	(envelope-from <reports@NO$PAM.untangle.com>)	id 1Ro2rQ-0006mI-5a	for mrunkel@untangle.com; Thu, 19 Jan 2012 17:01:44 -0800
    	Received: 	from em-sm4-109.mktomail.com (em-sm4-109.mktomail.com [199.15.212.109])	(envelope-from <mail235@em107.mktomail.com>)	by email.untangle.com Microsoft ESMTP MAIL Service ready at Wed, 18 Jan 2012 14:52:21 -0800; Wed, 18 Jan 2012 14:52:22 -0800
    	Received: 	from mktomail.com ([172.25.6.140])	by em-sm4-109.mktomail.com (StrongMail Enterprise 4.1.1.6(4.1.1.6-56715)); Wed, 18 Jan 2012 16:51:49 -0600
    	Content-Class: 	urn:content-classes:message
    	Thread-Topic: 	Imagine 2012 Registration is Open!
    	Thread-Index: 	AczXDxP+88SCXJkvTuGmNhaYWCyJUg==
    	Message-Id: 	<1260580254.79694@magento.com>
    	Accept-Language: 	en-US
    	Content-Language: 	en-US
    	X-Ms-Exchange-Organization-Authas: 	Internal
    	X-Ms-Exchange-Organization-Authmechanism: 	06
    	X-Ms-Exchange-Organization-Authsource: 	EXCHANGE.Untangle.local
    	X-Ms-Has-Attach: 	
    	X-Ms-Tnef-Correlator: 	
    	Dkim-Signature: 	v=1; a=rsa-sha1; c=simple; d=magento.com; s=m1; i=@magento.com; h=Content-Transfer-Encoding:Content-Type:X-PVIQ: X-Report-Abuse:Reply-To:MIME-Version:Message-ID:Subject:Date:To:	From; bh=T4PTiOUxRMYJbTKu8dp0Le3wdUE=; b=mkMILZpUKq8KFkB6wzjnYLs akJQ9SHX+MwlIZ+oagbNcXMzBO7K2kXOVZ+ZFTKQxPdzTpqJKkZGFyBISjqinYPH 1N1eJKaX8IZ9KtAzePEOuttYcRyTLWzfPh1kWGiYtiucDqkpzcYdhUcYmDyi0t75 eddArq3HHG1Dz5/JAT8A=
    	X-Virtualserver: 	vsg-sm4-107, em-sm4-109.mktomail.com, 172.25.6.109
    	X-Virtualservergroup: 	vsg-sm4-107
    	X-Destination-Id: 	mrunkel@NO$PAM.untangle.com
    	X-Mailingid: 	1260580254::magentocommerceBetacust-3130-10692-0-3096-prod-3128::3128::0::1467742::79694
    	X-Smheadermap: 	mid="X-MailingID"
    	X-Smfbl: 	bXJ1bmtlbEB1bnRhbmdsZS5jb20=
    	X-Pviq: 	000326-000871-003130-000000-002450
    	X-Report-Abuse: 	Please report abuse here: http://www.marketo.com/policy
    	Content-Type: 	multipart/alternative; boundary="_000_126058025479694magentocom_"
    	Mime-Version: 	1.0
    As you can see, the from: and reply-to: headers are intact. There is an envelope-from header, but if your mail client is using that as the from address, it's broken.
    m.


    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.

    It often helps troubleshooting if you have a good network map. Look here if you want my advice on how to draw one.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangler
    Join Date
    Nov 2009
    Posts
    51

    Default

    Hi mrunkel - many thanks for looking into this and sorry I've taken so long to come back.

    Tried setting it up again and again and seem to be getting the same result (Also tried re-downloading the install iso in case it was corrupted).

    I've tried installing it at my friend's office to eliminate the postfix forwarder I was using, the current setup is as follows:

    TPLink router handling the adsl link and handling the 1st ip of a /29 (nat disabled, it is routing the /29 only)

    pfSense router with a WAN ip from the same /29. Connectivity is perfect, and pfSense has no modules installed to handle email. All that is done is various port forward for untangle administration/viewing reports, and port forwarding 25 to untangle. The email server section has the ip address of the local SBS server.

    Untangle is installed as a transparent bridge, and test emails from the server work perfectly. I have specified the ip of the SBS under outgoing server smtp settings, and I have also set up a port forward to forward 25 tcp/udp to the ip address of the SBS.

    If I try to telnet to my pfsense/untangle combo and manually send an email, it gets quarantined - when I view the quarantine digest it shows the correct sender, but when released it changes.

    In my previous message I incorrectly said untangle was changing the from header to it's own hostname, it is actually changing it to the value specified as EMail From Address on the Outgoing Server (SMTP) section.

    Here is a copy of the headers from an affected email:

    E-Version: 1.0
    Received: from hostname.example.com (192.168.28.105) by MWGSERVER.mwg.local
    (192.168.28.100) with Microsoft SMTP Server id 8.1.436.0; Sat, 4 Feb 2012
    20:37:13 +0000
    Received: from localhost ([127.0.0.1]) by hostname.example.com with esmtp
    (Exim 4.69) (envelope-from <spamfilter@mwgst.com>) id 1RtmMD-00005y-EQ for
    robin@mwgst.com; Sat, 04 Feb 2012 20:37:13 +0000
    Received: from test.com (5ad5ce8a.bb.sky.com [90.213.206.138]) (envelope-from
    <robin@test.com>) by mail.mwgst.com Microsoft ESMTP MAIL Service ready at
    Sat, 4 Feb 2012 20:21:48 +0000; Sat, 4 Feb 2012 20:22:09 +0000
    From: "spamfilter@mwgst.com" <spamfilter@mwgst.com>
    Date: Sat, 4 Feb 2012 20:37:13 +0000
    Subject: subject
    Thread-Topic: subject
    Thread-Index: AczjfMbhV+qtcA90S+uGp/TlO9ksCw==
    Message-ID: <E1RtmMD-00005y-EQ@hostname.example.com>
    Accept-Language: en-GB, en-US
    Content-Language: en-US
    X-MS-Exchange-Organization-AuthAs: Anonymous
    X-MS-Exchange-Organization-AuthSource: MWGSERVER.mwg.local
    X-MS-Has-Attach:
    X-MS-Exchange-Organization-SenderIdResult: None
    X-MS-Exchange-Organization-SCL: 7
    X-MS-Exchange-Organization-PCL: 2
    X-MS-Exchange-Organization-PRD: mwgst.com
    X-MS-TNEF-Correlator:
    received-spf: None (MWGSERVER.mwg.local: spamfilter@mwgst.com does not
    designate permitted sender hosts)
    Content-Type: text/plain; charset="iso-8859-1"
    Content-Transfer-Encoding: quoted-printable

  6. #6
    Untangler
    Join Date
    Nov 2009
    Posts
    51

    Default

    Figured it out, for some reason untangle works with properly with pretty much every email, except what I was manually using to test:

    ehlo test.com
    mail from:me@test.com
    rcpt to:target@recipient.com
    data
    subject:subject
    text
    .


    Anyway, real world emails are fine so so this isn't a problem, sorry about moaning.

    Also this answers my spam log thread - for some reason these emails would trigger the count on the home screen and were releaseable from quarantine but wouldn't show in logs.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2