BaruwaOS 6.10.2

New Features

Support Verification Only Delivery servers

Support has been added for delivery servers that are only used to validate the existance of recipient email addresses prior to accepting the message at SMTP-Time using SMTP callback.

The verification only delivery servers are not used to deliver mail but only for checking the existance of email addresses.

Support for verification only delivery servers was necessitated by the changes to Exchange server versions >= 2013 where invalid recipients are no longer rejected at the RCPT stage of the SMTP conversation.

Support SMTP Callback Address verification on newer Exchange versions

With Microsoft Exchange server versions >= 2013, Microsoft have altered the behavior of the Exchange FrontEnd Transport service so that it no longer rejects invalid recipients after they are specified. The rejection only happens after the DATA command. This prevents the validation of recipients on Baruwa using SMTP callback.

The Default HubTransport connector which is still SMTP compliant, and rejects invalid recipients after they are specified using the RCPT TO command. By default the Default HubTransport connector is accessed on port 2525.

For SMTP Callback Address verification in Baruwa to work you need to configure the Default HubTransport connector for your exchange server and then add a verification only destination server for the domain pointing to your Default HubTransport connector.

Improved SMTP-Time support for Approved list entries

Previously only entries listed to any/all were allowed to by pass SMTP-Time checks such as DNSBL, SPF, DKIM.

With this release all listed entries can now by pass these SMTP-Time checks.

This allows for more fine grained approved listings such as email to email or email to domain.

Bounce email address entries are now supported at SMTP-Time as well.

Macro reporting

A macros report filter has been added to the reporting function to allow for reports to be generated on emails with attachments that contain macros.

Scanner Macro checking rules

A plugin has been added to identify messages that have attachments that contain macros. This is an additional layer of security to the Anti-Virus based check for attachments with macros.

The following rules will be matched.

Rule name Rule description Rule score
BARUWA_OLEMACRO Attachment has an Office Macro 3.0
BARUWA_OLEMACRO_MALICE Potentially malicious Office Macro 10.0
BARUWA_OLEMACRO_ENCRYPTED Has an Office doc that is encrypted 10.0
BARUWA_OLEMACRO_RENAME Has an Office doc that has been renamed 5.0
BARUWA_OLEMACRO_ZIP_PW Has an Office doc that is password protected in a zip 10.0

You can increase your local scores based on your requirements to block messages that match these rules.

Name Spoofing checking rules

A plugin has been added to identify messages that have a spoofed from: name. Spoofing of the from name part is increasingly common. It is used to trick users into believing the sender is someone within their own domain.

The following rules will be matched.

Rule name Rule description Rule score
BARUWA_FROMNAME_EMAIL From: name contains an email address 0.5
BARUWA_FROMNAME_DIFFERENT From: name differs from From: address 2.0
BARUWA_FROMNAME_OWNERS_DIFFER From: name owner differs from From: address 2.0
BARUWA_FROMNAME_DOMAIN_DIFFER From: name domain differs from From: address 2.0
BARUWA_FROMNAME_SPOOF From: name is spoofed 3.0
BARUWA_FROMNAME_EQUALS_TO From: name same as To: address 2.0

You can increase your local scores based on your requirements to block messages that match these rules.

Depreciations

Scanner Spam Lists

The use of Scanner Spam Lists (Settings > MailScanner Settings > Spam Checks > Spam List) which was depreciated in BaruwaOS 6.8.1 has been removed.

Scanner Spam Domain Lists

The use of Scanner Spam Domain Lists (Settings > MailScanner Settings > Spam Checks > Spam Domain List) which was depreciated in BaruwaOS 6.8.1 has been removed.

Sought Spam Rules removed

The sought spam check rules update channel has been disabled as the rules are no longer maintained.

Known Issues

TypeError: an integer is required

Ensure you have the latest baruwa-setup tool by running the following command:

yum install baruwa-setup -y

You can then ran baruwa-setup again.

Template changes

If you are using a custom template and do not update your templates you may ran into issues, ensure that you update your templates on upgrade.