Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

Forum for things that doesn't really have anything to do with hMailServer. Such as php.ini, beer, etc etc.
Post Reply

palinka
Senior user
Senior user
Posts: 4419
Joined: 2017-09-12 17:57

Re: Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

Post by palinka » 2023-10-25 20:05

Is there a patch yet?

mats
Normal user
Normal user
Posts: 46
Joined: 2018-05-06 20:58

Re: Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

Post by mats » 2023-10-25 21:16

palinka wrote:
2023-10-25 20:05
Is there a patch yet?
Yes since about 10 days ago


User avatar
RvdH
Senior user
Senior user
Posts: 3190
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

Post by RvdH » 2023-11-06 10:08

https://github.com/roundcube/roundcubem ... /tag/1.6.5

Roundcube Webmail 1.6.5

Code: Select all

This is a security update to the stable version 1.6 of Roundcube Webmail. It provides a fix to a recently reported XSS vulnerability:

Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download reported by Rene Rehme (rehme.infosec).
This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!
For Roundcube Webmail 1.5.6 version, see:
https://github.com/roundcube/roundcubemail/releases
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

danieldummer
New user
New user
Posts: 7
Joined: 2017-08-31 14:39

Re: Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

Post by danieldummer » 2023-11-20 20:48

Anyone knows if the latest version of HMailServer ( 5.6.8 ) is compatible with the latest version of RoundCube ( 1.6.5 )?

Thanks

gotspatel
Senior user
Senior user
Posts: 347
Joined: 2013-10-08 05:42
Location: INDIA

Re: Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

Post by gotspatel » 2023-11-21 05:33

It has nothing to do with the roundcube version with hmailserver version since roundcube is just a mail client.

you can use any roundcube version with any version of hamilserver

Regards

danieldummer
New user
New user
Posts: 7
Joined: 2017-08-31 14:39

Re: Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

Post by danieldummer » 2023-11-21 16:28

gotspatel wrote:
2023-11-21 05:33
It has nothing to do with the roundcube version with hmailserver version since roundcube is just a mail client.

you can use any roundcube version with any version of hamilserver

Regards
Thank you

User avatar
RvdH
Senior user
Senior user
Posts: 3190
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

Post by RvdH » 2023-11-29 14:40

https://nextcloud.com/blog/open-source- ... nextcloud/

Can't they pickup hMailServer development as well? :lol:
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

palinka
Senior user
Senior user
Posts: 4419
Joined: 2017-09-12 17:57

Re: Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

Post by palinka » 2023-11-29 15:11

RvdH wrote:
2023-11-29 14:40
https://nextcloud.com/blog/open-source- ... nextcloud/

Can't they pickup hMailServer development as well? :lol:
Linux only! :lol: :lol: :lol:

User avatar
mattg
Moderator
Moderator
Posts: 22417
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

Post by mattg » 2023-11-30 01:45

palinka wrote:
2023-11-29 15:11
RvdH wrote:
2023-11-29 14:40
https://nextcloud.com/blog/open-source- ... nextcloud/

Can't they pickup hMailServer development as well? :lol:
Linux only! :lol: :lol: :lol:
Don't think so.
It is written in PHP.

I'm a long term user of Nextcloud - love it.
They already have a web mail client called Snappy Mail that is an app inclusion, but exciting to see them get a hold of roundcube too.

Nextcloud is an offshoot or OwnCloud
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

palinka
Senior user
Senior user
Posts: 4419
Joined: 2017-09-12 17:57

Re: Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

Post by palinka » 2023-11-30 07:55

mattg wrote:
2023-11-30 01:45
palinka wrote:
2023-11-29 15:11
RvdH wrote:
2023-11-29 14:40
https://nextcloud.com/blog/open-source- ... nextcloud/

Can't they pickup hMailServer development as well? :lol:
Linux only! :lol: :lol: :lol:
Don't think so.
It is written in PHP.

I'm a long term user of Nextcloud - love it.
They already have a web mail client called Snappy Mail that is an app inclusion, but exciting to see them get a hold of roundcube too.

Nextcloud is an offshoot or OwnCloud
Its not just php. You need to install docker on windows to run it, and also reverse proxy it if you have a webserver already running. It used to be php only and ran on windows + xampp. I did try it out many years ago. But at some point they gave up development for windows.

I've been using filerun, which is amazing. Very lightweight, fast, works well with webdav + nextcloud client. But they ended their free license so there will be no more updates unless you pay and the price is crazy - enterprise pricing. I would absolutely pay for 2 or 3 users if the price were reasonable. So I'm keeping my eye on nextcloud and owncloud.

GeorgeduH
New user
New user
Posts: 1
Joined: 2024-02-14 11:05
Location: Russia
Contact:

Staying out of spam folders.

Post by GeorgeduH » 2024-02-15 07:06

Is it possible to create a spam folder that filters out spam emails based on the sender's personality traits and behavioral patterns, rather than relying on keywords or known spam indicators?
ограничители опн https://energy-21.ru/katalog/opn/category/ogranichiteli-perenapryazheniya-35-kv опн 10 12 ухл1

User avatar
katip
Senior user
Senior user
Posts: 1151
Joined: 2006-12-22 07:58
Location: Istanbul

Re: Staying out of spam folders.

Post by katip » 2024-02-15 11:23

GeorgeduH wrote:
2024-02-15 07:06
Is it possible to create a spam folder that filters out spam emails based on the sender's personality traits and behavioral patterns, rather than relying on keywords or known spam indicators?
interesting but far OT question.
i'd suggest you open a new topic at Off-Topic Discussions section and explain by the way also how you imagine to read firm clues about personality, behaviors, social status, habits, physical/pyschological state, age, sex... of the sender from an email.
Katip
--
HMS 5.7, MariaDB 10.4.10, SA 4.0.0, ClamAV 0.103.8

User avatar
jimimaseye
Moderator
Moderator
Posts: 10035
Joined: 2011-09-08 17:48

Re: Staying out of spam folders.

Post by jimimaseye » 2024-02-15 11:43

katip wrote:
2024-02-15 11:23
GeorgeduH wrote:
2024-02-15 07:06
Is it possible to create a spam folder that filters out spam emails based on the sender's personality traits and behavioral patterns, rather than relying on keywords or known spam indicators?
interesting but far OT question.
i'd suggest you open a new topic at Off-Topic Discussions section and explain by the way also how you imagine to read firm clues about personality, behaviors, social status, habits, physical/pyschological state, age, sex... of the sender from an email.
This sniffs of tinned meat, Katip. Im confident that after his next post he will be deleted.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 6277
Joined: 2006-08-21 15:38
Location: Denmark

Re: Staying out of spam folders.

Post by SorenR » 2024-02-15 17:58

katip wrote:
2024-02-15 11:23
GeorgeduH wrote:
2024-02-15 07:06
Is it possible to create a spam folder that filters out spam emails based on the sender's personality traits and behavioral patterns, rather than relying on keywords or known spam indicators?
interesting but far OT question.
i'd suggest you open a new topic at Off-Topic Discussions section and explain by the way also how you imagine to read firm clues about personality, behaviors, social status, habits, physical/pyschological state, age, sex... of the sender from an email.
Yes, if your server is running Linux... Unfortunately the Windows version of Spamassassin does not support per-user profiles... It took me a week to figure that out messing with the hMailServer source code.

On a side note it will require some heavy modifying in hMailServer and the SPAM checking will have to be repositioned to identify the recipient.
SørenR.

Old data analysts don’t die – they just get broken down by age and sex.

User avatar
katip
Senior user
Senior user
Posts: 1151
Joined: 2006-12-22 07:58
Location: Istanbul

Re: Staying out of spam folders.

Post by katip » 2024-02-15 18:52

SorenR wrote:
2024-02-15 17:58


Yes, if your server is running Linux... Unfortunately the Windows version of Spamassassin does not support per-user profiles... It took me a week to figure that out messing with the hMailServer source code.

On a side note it will require some heavy modifying in hMailServer and the SPAM checking will have to be repositioned to identify the recipient.
The question was about "sender's personality traits and behavioral patterns", not the recipient's (i.e. SA user).
In fact, the question is not totally senseless if you think bona fide it's just bad constructed. Yes, you can train SA (with a per profile setup) according to your own "personality traits and behavioral patterns" and expect SA more or less scors also accordingly. That would be an interesting experience :roll:

However the question exactly as it reads, sounds rather phantastic.
Katip
--
HMS 5.7, MariaDB 10.4.10, SA 4.0.0, ClamAV 0.103.8

User avatar
SorenR
Senior user
Senior user
Posts: 6277
Joined: 2006-08-21 15:38
Location: Denmark

Re: Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

Post by SorenR » 2024-02-15 21:22

sender's personality traits and behavioral patterns
Is this not what we train Spamassassin to look for with the Bayesian Classifier?

Version 5.6.9...

Code: Select all

   void
   SpamAssassinClient::OnConnected()
   {
      // We'll handle all incoming data as binary.
      SetReceiveBinary(true);
      message_size_ = FileUtilities::FileSize(message_file_);
      EnqueueWrite("PROCESS SPAMC/1.2\r\n");
      String sConLen;
      sConLen.Format(_T("Content-length: %d\r\n"), message_size_);
      EnqueueWrite(sConLen);
      EnqueueWrite("User: Wile.E.Coyote@acme.inc\r\n"); // <== ;-)
      EnqueueWrite("\r\n");
      SendFileContents_(message_file_);
   }
   
SørenR.

Old data analysts don’t die – they just get broken down by age and sex.

User avatar
katip
Senior user
Senior user
Posts: 1151
Joined: 2006-12-22 07:58
Location: Istanbul

Re: Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

Post by katip » 2024-02-15 22:25

SorenR wrote:
2024-02-15 21:22
sender's personality traits and behavioral patterns
Is this not what we train Spamassassin to look for with the Bayesian Classifier?
eh, me not, spammer punk can go to hell, I don't care, spit in his/her personality and manners :twisted:
But OTOH I understand well what you mean. That's also my concern at office, which i call "sectoral spam" although it isn't spam as such as commonly described. I must take care for a special Bayes training supported by many meta rules. Just for example, your bank or GSM operator spam also a lot! Forget about those opt-in/out nonsense. Only once a month your invoice or statement of account is what you maybe need. The rest is rubbish.
But I'm not sure if original question was about a comprehensive "classification" which is conceptionally beyond spam-or-ham. It was directly talking about one "spam" folder and sender's personality(?) etc.
I suppose you remember Popfile: https://en.wikipedia.org/wiki/POPFile
Katip
--
HMS 5.7, MariaDB 10.4.10, SA 4.0.0, ClamAV 0.103.8

User avatar
SorenR
Senior user
Senior user
Posts: 6277
Joined: 2006-08-21 15:38
Location: Denmark

Re: Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

Post by SorenR » 2024-02-16 01:56

katip wrote:
2024-02-15 22:25
SorenR wrote:
2024-02-15 21:22
sender's personality traits and behavioral patterns
Is this not what we train Spamassassin to look for with the Bayesian Classifier?
eh, me not, spammer punk can go to hell, I don't care, spit in his/her personality and manners :twisted:
But OTOH I understand well what you mean. That's also my concern at office, which i call "sectoral spam" although it isn't spam as such as commonly described. I must take care for a special Bayes training supported by many meta rules. Just for example, your bank or GSM operator spam also a lot! Forget about those opt-in/out nonsense. Only once a month your invoice or statement of account is what you maybe need. The rest is rubbish.
But I'm not sure if original question was about a comprehensive "classification" which is conceptionally beyond spam-or-ham. It was directly talking about one "spam" folder and sender's personality(?) etc.
I suppose you remember Popfile: https://en.wikipedia.org/wiki/POPFile
All my users use IMAP and every user have a SPAM mail folder. I classify SPAM by score at two levels; "Much SPAM" and "Not-so-much SPAM". The "Much SPAM" they never get to see - only the "Not-so-much SPAM". All SPAM regardless will have a copy forwarded to my "SPAM@home.arpa" user who is my source for nasties ;-)

When the user receive an email he/she can leave it in INBOX = Ham or move it to SPAM = :roll: and visa versa. every users INBOX and SPAM folder is scanned every night in case sender need reclassifying.

I actually needed a manual reclassification done today - I forgot the password to a website and had to request a new password ... Found the link to reset my password in the "SPAM@home.arpa" account - "Much SPAM" classified :mrgreen: so I went on to whitelist that sender just in case I forget the password again within the next 5 years :roll:
SørenR.

Old data analysts don’t die – they just get broken down by age and sex.

User avatar
SorenR
Senior user
Senior user
Posts: 6277
Joined: 2006-08-21 15:38
Location: Denmark

Re: Staying out of spam folders.

Post by SorenR » 2024-02-16 03:25

SorenR wrote:
2024-02-15 17:58
Yes, if your server is running Linux... Unfortunately the Windows version of Spamassassin does not support per-user profiles... It took me a week to figure that out messing with the hMailServer source code.

On a side note it will require some heavy modifying in hMailServer and the SPAM checking will have to be repositioned to identify the recipient.
To further elaborate on this... The function "getpwnam" is not included into the Windows version of Perl. Parameter 7 of "getpwnam" is the homedirectory where the user_prefs file would reside...

Spamassassin 4.0.0 Windows (RvdH)

Code: Select all

Fri Feb 16 01:37:12 2024 [-4008] info: spamd: connection from sorenr.home.arpa [192.168.0.61]:54821 to port 783, fd 7
Fri Feb 16 01:37:12 2024 [-4008] info: spamd: handle_user (getpwnam) unable to find user: 'development'
Fri Feb 16 01:37:12 2024 [-4008] info: spamd: processing message (unknown) for development:0
Fri Feb 16 01:37:14 2024 [-4008] info: spamd: identified spam (1004.7/3.0) for development:0 in 2.0 seconds, 109 bytes.
Fri Feb 16 01:37:14 2024 [-4008] info: spamd: result: Y 1004 - GTUBE,MISSING_DATE,MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,NO_HEADERS_MESSAGE,NO_RECEIVED,NO_RELAYS,TVD_SPACE_RATIO,T_SCC_BODY_TEXT_LINE scantime=2.0,size=109,user=development,uid=0,required_score=3.0,rhost=sorenr.home.arpa,raddr=192.168.0.61,rport=54821,mid=(unknown),autolearn=disabled
SørenR.

Old data analysts don’t die – they just get broken down by age and sex.

Post Reply