SpamExperts Top Software Updates 3rd Quarter 2016

20160929_top-software-updates

With October peeking just around the corner, it’s time for the SpamExperts Q3 Software Updates blog post. If there’s no rest for the wicked, that means there’s no R&R time for the good guys too.

We’ve been working on adding new features so SpamExperts stays ahead of the curve and efficiently combats spam, phishing attempts, viruses, malware, ransomware and other such threats.

As always, we want to give a huge thank you to our loyal customers for trusting us in handling their email!

Software

Prohibiting release of certain emails

Spam and phishing emails can be very deceptive, and the probability for an user to consider them legitimate is incredibly high. If just one phishing email gets through, it might lead to all sorts of damaging consequences.

This situation arises when the filtering software correctly identifies a bad message and quarantines it, but the user, upon doing a review, thinks it may be legitimate and releases the email in question. Once out in the open, if it contains malicious attachments, the user can end up infecting his system.

Because we are proactively seeking for new ways to combat spam, we have added a new option which allows domain users to prevent email users from releasing messages with particular attachments.

The restriction applies to:

  • Email user level Protection Reports
  • Releasing in the Web Interface (at email user level only).

Any other message that doesn’t contain an attachment, or if the attachment is not found by our software in the prohibited list, will be allowed to be released as normal.

To further expand the functionality of this new feature, users can go to the “Attachment Restrictions” page where they will find the new “Disallowed release extensions” section. There, users can add the attachment extensions for which releasing is not allowed  – such as, all .exe or .zip attachments.

DMARC

To combat phishing emails, senders have two primary tools: SPF and DKIM aka Sender Policy Framework, respectively DomainKeys Identified Mail.

  • SPF is designed to protect against email spoofing by checking that the messages that come from an envelope sender will only originate from servers that are explicitly authorized.
  • DKIM employs a mechanism that adds a signature to the message to allow the recipient to assess if the message or its email headers have been changed in transit or not.

Now, DMARC, which is short for Domain-based Message Authentication, Reporting and Conformance, is a system that builds on top of SPF and DKIM and provides tools for senders to better prevent and monitor abuse of their domains.

Support for SPF, DKIM and DMARC has been added a long time ago, but we only just recently have made it possible for users to access the DMARC feature directly via the web interface. To enable/disable DMARC, go to the “Filter Settings” page and check the DMARC box – it can be found just near the SPF and DKIM checks. For better customization, we recommend using the “Manage list of domains and IP Addresses with disabled SPF, DKIM and DMARC checks” link – e.g. following DMARC rules, except for one particular sender domain.

If a user wants to receive email which does not conform to the SPF, DKIM or DMARC policy, those features need to be disabled. This situation arises, for example, when a user forwards an email from one server to another, thus changing the original delivery server, causing the SPF check to fail. Furthermore, if a user is getting traffic from a mailing list that modifies the email content (e.g. changing the subject), then DKIM may fail as well.

In general we strongly recommend that users setup their SPF/DKIM/DMARC, so that spammers cannot easily abuse the sender’s domain and hence to make it more difficult to execute phishing attacks.

Other updates

  • Added support for blocking extensions that have dots in them – such as tar.gz.
  • Increased the daily statistics expiry period to 30 days.
  • Added support for IPv6 networks as outgoing users.
  • Added a 4th DNS server for custom MX records. Read more on our dedicated knowledgebase page.
  • SpamExperts now allows users to connect to any server from the cluster to access the quarantine via IMAP.

Frontend / GUI

Taking action on all search results

This functionality is available for the Incoming or Outgoing filter.

After executing a log search, a user will be able to select multiple messages from the search results and perform various actions on them – for example, removing them from the quarantine.

Now, it’s also possible to do this for messages that expand on several pages (i.e. more than one page filled with entries) without the need to repeat the same actions over and over again. When all the messages are selected on the page, a user will see the “Select all messages that match this search criteria?” link next to the respective action. This will select all of the messages, including the ones that aren’t seen on the first page. This provides a very efficient way to remove a very large number of messages from your quarantine.

The action is executed in the background, so users are able to immediately continue working on something else in the web interface. The change in status of the messages will show up once the action is completed.

New password policy

There are a lot of “most common password” lists on the internet from various leaks or break-ins. To avoid headaches, we have added a new “no common passwords” policy – a hard-coded list of over one hundred thousand commonly used passwords, as well as an optional (set as default) policy that prevents using any of the password-strings found in the list.

Archive Expiry extended

We’ve exposed the option to set the number of days that archived messages are kept for domain users up to the limit configured at cluster level – available for both Hosted Cloud and Local Cloud deployments.

End of support for IE8

We have now officially ended support for using the web interface with Internet Explorer 8. Going forward, we will not be doing any Quality Assurance against IE8, and SpamExperts will not be fixing any bugs that are specific to IE8. Users will continue to be prompted to update to a modern, secure, supported browser if they attempt to use the interface with IE8.

Other updates

  • Added the SpamExperts Control Panel API call to set grained permissions for an admin.
  • We’ve made it possible to compose/send mail from the SpamExperts Control Panel. Read more in our Send Email via the Web Interface blog post.
  • Added Control API method to add Outgoing users.

Plugins and Integration

Zimbra addon

We have released the SpamExperts Zimbra addon / zimlet. This addon allows admins to integrate access to their SpamExperts control panel interface into their Zimbra platform for email users, and also gives them the ability to report spam directly to our central training systems.

Additional information regarding the Zimbra integration, how to use and install it, can be found in our Zimbra addon / zimlet knowledgebase page.

Minimum requirement of PHP 5.4 for control panel integrations

PHP 5.3 reached the end of support for security updates in 2014, PHP 5.4. in 2015, and PHP 5.5 a few months ago, in July. We notice that a lot of servers hosting our integrations are still running an outdated PHP environment. We strongly recommend updating to at least PHP 5.6 to ensure the safety of those servers – it has security support until the end of 2018.

For users who do not update and still use a version of PHP older than 5.4 for control panel integration (such as cPanel addon, DirectAdmin addon, Plesk addon/extension and so on), they will be restricted to a “frozen update tier” and will not receive any updates other than for critical and security issues.

Safety patches against MySQL vulnerabilities

Vulnerabilities in the MySQL family of database systems were announced recently – CVE-2016-5696, CVE-2016-6304 and CVE-2016-6662.

We immediately audited our systems and found they are not vulnerable. However, for additional protection, we have also deployed the patches that block the threat (this was pushed out separately from the normal update schedule, as a security improvement).

Until our next quarterly technical update, stay safe and simply spam free. Drop us a comment in the section below and spread the world on social media.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s