1 (edited by jeremyjvogel 2018-04-07 00:07:37)

Topic: Base64-Scrambled IRedAdmin Pro Install Email

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version: CentOS 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

When I click the link to have an email sent to me with the download for the latest iRedAdmin Pro, it sends me an email that looks like this.  All I have found online is a possible virus scanning issue, but I made sure all bug fixes were up to date with Amavisd and have rebooted the server after install just in case.  This is the actual body of the email but the subject comes through correctly. 

RGVhciBjdXN0b21lciwKCllvdSBjYW4gbm93IGNsaWNrIGxpbmsgYmVsb3cg
dG8gZG93bmxvYWQgdGhlIGxhdGVzdCBpUmVkQWRtaW4tUHJvLCBpZiBpdCdz
IG5vdApyZXF1ZXN0ZWQgYnkgeW91LCBpdCdzIHNhZmUgdG8gaWdub3JlIHRo
aXMgZW1haWwuCgotIFVSTDogaHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9p
bnQuY29tL3YyL3VybD91PWh0dHBzLTNBX19saWMuaXJlZG1haWwub3JnX2lS
ZWRBZG1pbi0yRFByb19TUUxfMi45LjBfMjAxODA0MDRTdVdnOWNVOUFHb2Zt
Nm1LaFhteldyTmpfJmQ9RHdJQ0FRJmM9ZXVHWnN0Y2FURGxsdmltRU44Yjdq
WHJ3cU9mLXY1QV9DZHBnblZmaWlNTSZyPTMtX3B2NjhvT3BJT1ZfNm1tdVB4
UGx4NVVqMExralFmWk1mWnpxUGJoWFEmbT1sWUpyT1p1SGV0Z2tDSVBWRHJF
UXJZNzk0M2FMVHdVcmxGX2tIOXJZNVlzJnM9S2tJZzBocEVqS2UwMmY0T1NK
eDVvcjJ3aGI5SDg2SU1zUmM2dGYxbmdJSSZlPQotIFVzZXJuYW1lOiA0ZDYy
TWs0T1J2bXMKLSBQYXNzd29yZDogbm1SYzRPSEVKV1JoCgpJbnN0YWxsYXRp
b24gdHV0b3JpYWxzIGFuZCB1cGdyYWRlIHR1dG9yaWFscyBhcmUgYXZhaWxh
YmxlIGFmdGVyIGxvZ2dlZCBpbnRvCmFib3ZlIGxpbmssIHBsZWFzZSB1cGdy
YWRlIHlvdXIgaVJlZE1haWwgdG8gdGhlIGxhdGVzdCBzdGFibGUgcmVsZWFz
ZSBmaXJzdC4KClVwZ3JhZGUgdHV0b3JpYWxzIG9mIGlSZWRNYWlsIGFyZSBh
dmFpbGFibGUgaGVyZToKaHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQu
Y29tL3YyL3VybD91PWh0dHBzLTNBX19kb2NzLmlyZWRtYWlsLm9yZ19pcmVk
bWFpbC5yZWxlYXNlcy5odG1sJmQ9RHdJQ0FRJmM9ZXVHWnN0Y2FURGxsdmlt
RU44YjdqWHJ3cU9mLXY1QV9DZHBnblZmaWlNTSZyPTMtX3B2NjhvT3BJT1Zf
Nm1tdVB4UGx4NVVqMExralFmWk1mWnpxUGJoWFEmbT1sWUpyT1p1SGV0Z2tD
SVBWRHJFUXJZNzk0M2FMVHdVcmxGX2tIOXJZNVlzJnM9ZUJFclhCUVJHbzA0
bUJ2Z1JmU0xfNmQtUHFZcnJQeWhVOHZ1MzhsaEMtcyZlPQoKVXBncmFkZSBp
UmVkQWRtaW4gb3Igb2xkIGlSZWRBZG1pbi1Qcm8gdG8gdGhlIGxhdGVzdCBy
ZWxlYXNlLCBwbGVhc2UgZm9sbG93CnR1dG9yaWFsIGJlbG93OiAKaHR0cHM6
Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNB
X19kb2NzLmlyZWRtYWlsLm9yZ19taWdyYXRlLm9yLnVwZ3JhZGUuaXJlZGFk
bWluLmh0bWwmZD1Ed0lDQVEmYz1ldUdac3RjYVREbGx2aW1FTjhiN2pYcndx
T2YtdjVBX0NkcGduVmZpaU1NJnI9My1fcHY2OG9PcElPVl82bW11UHhQbHg1
VWowTGtqUWZaTWZaenFQYmhYUSZtPWxZSnJPWnVIZXRna0NJUFZEckVRclk3
OTQzYUxUd1VybEZfa0g5clk1WXMmcz1QYWZUVndjWml6cXlQcVR5c3pJUGdG
akxKSzdwVjBGQWdJak1GWmtLclBVJmU9CgojIyMjIyMjIyMjIyMjIyMKIyBM
aWNlbnNlIGluZm8KIwoKKiBQcm9kdWN0IG5hbWU6IGlSZWRBZG1pbi1Qcm8g
KFNRTCBlZGl0aW9uKQoqIFB1cmNoYXNlZCBvbjogMjAxNi0xMC0wNAoqIExp
Y2Vuc2Ugb3duZXIocyk6IHJlcGFpckByb2dlcnN0d293YXkuY29tCiogRXhw
aXJlcyBvbjogMjAyMC0xMS0wMQoKIyMjIyMjIyMKIyBOb3RlcwoKWW91IGNh
biBmb2xsb3cgc3RlcHMgYmVsb3cgdG8gZ2V0IGRvd25sb2FkIGxpbmsgb2Yg
dGhlIGxhdGVzdCBpUmVkQWRtaW4tUHJvOgoKKiBMb2dpbiB0byBpUmVkQWRt
aW4tUHJvIGFzIGdsb2JhbCBhZG1pbgoqIENsaWNrICJMaWNlbnNlIiBidXR0
b24gb24gdGhlIHRvcC1yaWdodCBjb3JuZXIsIGl0IHdpbGwgc2hvdyB5b3Ug
YmFzaWMKICBsaWNlbnNlIGluZm8gYW5kIGEgIkRvd25sb2FkIiBidXR0b24g
aWYgbmV3IHZlcnNpb24gaXMgYXZhaWxhYmxlIGZvcgogIHVwZ3JhZGluZy4K
CklmIHlvdSBoYXZlIGFueSBpc3N1ZXMvcXVlc3Rpb25zIGFib3V0IGlSZWRN
YWlsIGFuZCBpUmVkQWRtaW4tUHJvLCBwbGVhc2UgcG9zdAp0byBvdXIgb25s
aW5lIHN1cHBvcnQgZm9ydW06IGh0dHBzOi8vdXJsZGVmZW5zZS5wcm9vZnBv
aW50LmNvbS92Mi91cmw/dT1odHRwcy0zQV9fZm9ydW0uaXJlZG1haWwub3Jn
XyZkPUR3SUNBUSZjPWV1R1pzdGNhVERsbHZpbUVOOGI3alhyd3FPZi12NUFf
Q2RwZ25WZmlpTU0mcj0zLV9wdjY4b09wSU9WXzZtbXVQeFBseDVVajBMa2pR
ZlpNZlp6cVBiaFhRJm09bFlKck9adUhldGdrQ0lQVkRyRVFyWTc5NDNhTFR3
VXJsRl9rSDlyWTVZcyZzPXJxTXZ5bVJHWkpDeFVOT05TeHJUM1JkQjVCb01S
RDRJYUYwUmxOcWtmRW8mZT0KCmlSZWRNYWlsIFRlYW0KCi0tLS0KaVJlZE1h
aWwgaXMgYSBmcmVlLCBvcGVuIHNvdXJjZSBtYWlsIHNlcnZlciBzb2x1dGlv
biBmb3IgZm9yIFJlZCBIYXQsIENlbnRPUywKRGViaWFuLCBVYnVudHUsIEZy
ZWVCU0QsIE9wZW5CU0QuIGh0dHBzOi8vdXJsZGVmZW5zZS5wcm9vZnBvaW50
LmNvbS92Mi91cmw/dT1odHRwcy0zQV9fd3d3LmlyZWRtYWlsLm9yZ18mZD1E
d0lDQVEmYz1ldUdac3RjYVREbGx2aW1FTjhiN2pYcndxT2YtdjVBX0NkcGdu
VmZpaU1NJnI9My1fcHY2OG9PcElPVl82bW11UHhQbHg1VWowTGtqUWZaTWZa
enFQYmhYUSZtPWxZSnJPWnVIZXRna0NJUFZEckVRclk3OTQzYUxUd1VybEZf
a0g5clk1WXMmcz0xWjllYW0tTm51YWlLZU82REpoVER6Q2RocUZVTUNib0lm
THROYmtPX1ZrJmU9Cg==

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Base64-Scrambled IRedAdmin Pro Install Email

Hi jeremy,

Sorry about this trouble. I sent you a new email with download link, please let me know if you didn't receive it.

3 (edited by jeremyjvogel 2018-04-05 06:41:44)

Re: Base64-Scrambled IRedAdmin Pro Install Email

ZhangHuangbin wrote:

Hi jeremy,

Sorry about this trouble. I sent you a new email with download link, please let me know if you didn't receive it.

I got the email, same issue, here is the body of the one you just sent.  I don't think there is anything wrong with your email that you are sending, I think iRedMail scrambles it on my end:

RGVhciBjdXN0b21lciwKCllvdSBjYW4gbm93IGNsaWNrIGxpbmsgYmVsb3cg
dG8gZG93bmxvYWQgdGhlIGxhdGVzdCBpUmVkQWRtaW4tUHJvLCBpZiBpdCdz
IG5vdApyZXF1ZXN0ZWQgYnkgeW91LCBpdCdzIHNhZmUgdG8gaWdub3JlIHRo
aXMgZW1haWwuCgotIFVSTDogaHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9p
bnQuY29tL3YyL3VybD91PWh0dHBzLTNBX19saWMuaXJlZG1haWwub3JnX2lS
ZWRBZG1pbi0yRFByb19TUUxfMi45LjBfMjAxODA0MDQzSUNtQ2k4OEVnakJR
Z2dHdEdRZjQ5Rm1fJmQ9RHdJQ0FRJmM9ZXVHWnN0Y2FURGxsdmltRU44Yjdq
WHJ3cU9mLXY1QV9DZHBnblZmaWlNTSZyPTMtX3B2NjhvT3BJT1ZfNm1tdVB4
UGx4NVVqMExralFmWk1mWnpxUGJoWFEmbT11VjM3bVdVWmUtSWkybWg0OFM0
bmNFcTVNZmMwZUZUbEpwM040MkhOR0E0JnM9dDF1UHhTYk9EdmF6S1cyNXV3
VXp3ejR3OU9ldVM1ZTU0cFYyaVdkOF90MCZlPQotIFVzZXJuYW1lOiBGWmM2
eURJa0lXczAKLSBQYXNzd29yZDogTjZoS3BGejBrNE1tCgpJbnN0YWxsYXRp
b24gdHV0b3JpYWxzIGFuZCB1cGdyYWRlIHR1dG9yaWFscyBhcmUgYXZhaWxh
YmxlIGFmdGVyIGxvZ2dlZCBpbnRvCmFib3ZlIGxpbmssIHBsZWFzZSB1cGdy
YWRlIHlvdXIgaVJlZE1haWwgdG8gdGhlIGxhdGVzdCBzdGFibGUgcmVsZWFz
ZSBmaXJzdC4KClVwZ3JhZGUgdHV0b3JpYWxzIG9mIGlSZWRNYWlsIGFyZSBh
dmFpbGFibGUgaGVyZToKaHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQu
Y29tL3YyL3VybD91PWh0dHBzLTNBX19kb2NzLmlyZWRtYWlsLm9yZ19pcmVk
bWFpbC5yZWxlYXNlcy5odG1sJmQ9RHdJQ0FRJmM9ZXVHWnN0Y2FURGxsdmlt
RU44YjdqWHJ3cU9mLXY1QV9DZHBnblZmaWlNTSZyPTMtX3B2NjhvT3BJT1Zf
Nm1tdVB4UGx4NVVqMExralFmWk1mWnpxUGJoWFEmbT11VjM3bVdVWmUtSWky
bWg0OFM0bmNFcTVNZmMwZUZUbEpwM040MkhOR0E0JnM9WG5qcVZrd0hrMHc2
V3Z1S3JLWXgzZWZWSVFweVRRNWdKQjNMdGx0WTVDdyZlPQoKVXBncmFkZSBp
UmVkQWRtaW4gb3Igb2xkIGlSZWRBZG1pbi1Qcm8gdG8gdGhlIGxhdGVzdCBy
ZWxlYXNlLCBwbGVhc2UgZm9sbG93CnR1dG9yaWFsIGJlbG93OiAKaHR0cHM6
Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNB
X19kb2NzLmlyZWRtYWlsLm9yZ19taWdyYXRlLm9yLnVwZ3JhZGUuaXJlZGFk
bWluLmh0bWwmZD1Ed0lDQVEmYz1ldUdac3RjYVREbGx2aW1FTjhiN2pYcndx
T2YtdjVBX0NkcGduVmZpaU1NJnI9My1fcHY2OG9PcElPVl82bW11UHhQbHg1
VWowTGtqUWZaTWZaenFQYmhYUSZtPXVWMzdtV1VaZS1JaTJtaDQ4UzRuY0Vx
NU1mYzBlRlRsSnAzTjQySE5HQTQmcz05Q21EdUpVR0RqenRGWHY5WFVZYnpq
VFdJS1hMbXRGVFlYS0NRS1k5RnN3JmU9CgojIyMjIyMjIyMjIyMjIyMKIyBM
aWNlbnNlIGluZm8KIwoKKiBQcm9kdWN0IG5hbWU6IGlSZWRBZG1pbi1Qcm8g
KFNRTCBlZGl0aW9uKQoqIFB1cmNoYXNlZCBvbjogMjAxNi0xMC0wNAoqIExp
Y2Vuc2Ugb3duZXIocyk6IHJlcGFpckByb2dlcnN0d293YXkuY29tCiogRXhw
aXJlcyBvbjogMjAyMC0xMS0wMQoKIyMjIyMjIyMKIyBOb3RlcwoKWW91IGNh
biBmb2xsb3cgc3RlcHMgYmVsb3cgdG8gZ2V0IGRvd25sb2FkIGxpbmsgb2Yg
dGhlIGxhdGVzdCBpUmVkQWRtaW4tUHJvOgoKKiBMb2dpbiB0byBpUmVkQWRt
aW4tUHJvIGFzIGdsb2JhbCBhZG1pbgoqIENsaWNrICJMaWNlbnNlIiBidXR0
b24gb24gdGhlIHRvcC1yaWdodCBjb3JuZXIsIGl0IHdpbGwgc2hvdyB5b3Ug
YmFzaWMKICBsaWNlbnNlIGluZm8gYW5kIGEgIkRvd25sb2FkIiBidXR0b24g
aWYgbmV3IHZlcnNpb24gaXMgYXZhaWxhYmxlIGZvcgogIHVwZ3JhZGluZy4K
CklmIHlvdSBoYXZlIGFueSBpc3N1ZXMvcXVlc3Rpb25zIGFib3V0IGlSZWRN
YWlsIGFuZCBpUmVkQWRtaW4tUHJvLCBwbGVhc2UgcG9zdAp0byBvdXIgb25s
aW5lIHN1cHBvcnQgZm9ydW06IGh0dHBzOi8vdXJsZGVmZW5zZS5wcm9vZnBv
aW50LmNvbS92Mi91cmw/dT1odHRwcy0zQV9fZm9ydW0uaXJlZG1haWwub3Jn
XyZkPUR3SUNBUSZjPWV1R1pzdGNhVERsbHZpbUVOOGI3alhyd3FPZi12NUFf
Q2RwZ25WZmlpTU0mcj0zLV9wdjY4b09wSU9WXzZtbXVQeFBseDVVajBMa2pR
ZlpNZlp6cVBiaFhRJm09dVYzN21XVVplLUlpMm1oNDhTNG5jRXE1TWZjMGVG
VGxKcDNONDJITkdBNCZzPUNpLThnZUZxdUdUZm9BWTIzdmpiZlpMUjdBUGN3
RWx2YWtOVWxnVnN2aHMmZT0KCmlSZWRNYWlsIFRlYW0KCi0tLS0KaVJlZE1h
aWwgaXMgYSBmcmVlLCBvcGVuIHNvdXJjZSBtYWlsIHNlcnZlciBzb2x1dGlv
biBmb3IgZm9yIFJlZCBIYXQsIENlbnRPUywKRGViaWFuLCBVYnVudHUsIEZy
ZWVCU0QsIE9wZW5CU0QuIGh0dHBzOi8vdXJsZGVmZW5zZS5wcm9vZnBvaW50
LmNvbS92Mi91cmw/dT1odHRwcy0zQV9fd3d3LmlyZWRtYWlsLm9yZ18mZD1E
d0lDQVEmYz1ldUdac3RjYVREbGx2aW1FTjhiN2pYcndxT2YtdjVBX0NkcGdu
VmZpaU1NJnI9My1fcHY2OG9PcElPVl82bW11UHhQbHg1VWowTGtqUWZaTWZa
enFQYmhYUSZtPXVWMzdtV1VaZS1JaTJtaDQ4UzRuY0VxNU1mYzBlRlRsSnAz
TjQySE5HQTQmcz02aHZSQ2hWVWk1Zk1zMHd6aFpRTElkZzdveEVKX1dBaHh6
RUlUZ3dNR3JNJmU9Cg==

4

Re: Base64-Scrambled IRedAdmin Pro Install Email

iRedMail doesn't have a component to modify the message like this. Do you have any other content filter for spam/virus scanning or modify the mail message?

5

Re: Base64-Scrambled IRedAdmin Pro Install Email

ZhangHuangbin wrote:

iRedMail doesn't have a component to modify the message like this. Do you have any other content filter for spam/virus scanning or modify the mail message?

Yes, we use Proofpoint for email filtering.  I'll run this through their tech support and let you know what I find out.  Thank you for the help.

6 (edited by jeremyjvogel 2018-04-07 00:10:35)

Re: Base64-Scrambled IRedAdmin Pro Install Email

New information from Proofpoint:  They verified that the scrambling is happening after they modify the links and check for viruses.  It is not encryption, it is a change of base to base64.  Is there any functionality in iRedMail that can change the encoding of the email?  The email can actually be read if I run it through a base64 converter online. 

Why it only happens to certain emails is a mystery though.

7

Re: Base64-Scrambled IRedAdmin Pro Install Email

Having links in email message is quite normal. I think this is an issue of Proofpoint, it doesn't handle this correct.

8

Re: Base64-Scrambled IRedAdmin Pro Install Email

ZhangHuangbin wrote:

Having links in email message is quite normal. I think this is an issue of Proofpoint, it doesn't handle this correct.

They were able to determine that the scrambling takes place after it goes through Proofpoint.  Is there any way I can see what is coming into iRedMail vs. what is going out?  Is there a log that tells me what coding the message has when it comes in?

9

Re: Base64-Scrambled IRedAdmin Pro Install Email

jeremyjvogel wrote:

Is there any way I can see what is coming into iRedMail vs. what is going out?

Maybe you can try BCC?
FYI: https://docs.iredmail.org/monitor.incom … h.bcc.html

But if the BCCed email was modified by proofpoint too, i have no idea.

10

Re: Base64-Scrambled IRedAdmin Pro Install Email

I found out that it is my email client encoding the messages, Thunderbird.  Probably a new profile would have fixed it, but we are switching clients company-wide, so it is moot for us.  Thank you for all of the help.