A new wave of spam emails and viruses is currently affecting IT systems around the world. Since early November 2018, fake invoices, bank account warnings and other forged documents containing malicious code in the form of banking trojan Emotet are being distributed.
With the last Microsoft patchday on September 12th, a security update for the .NET framework was released, which closes a critical vulnerability. To exploit the vulnerability, the victim must open a document specially prepared by the attacker. Even if there is no direct danger for NoSpamProxy customers, we recommend installing the update. Further information and the download links can be found here.
Dear NoSpamProxy customers,
since a few hours we see in customer environments that send outgoing e-mails from O365 via NoSpamProxy the error “Unable to relay”. We found that Microsoft uses a new certificate to identify all Office 365 email servers, which was issued by a GlobalSign CA rather than Microsoft’s own CA. The NoSpamProxy security check to see if the server is a valid “company e-mail server” fails and the e-mails are rejected. A new Fast Channel Version is available to fix this issue.
We apologize for any inconvenience caused.
Your NoSpamProxy Team
Emails are a common part of our private and professional communication. However, there seems to be no awareness of the vulnerability of each individual email sent. In many cases, emails travel across a variety of servers and countries, regardless of whether the recipient lives on a different continent or just on a different floor in the same building. The structure of the internet makes this possible.
As a result, anyone with the neccessary technical knowledge can intercept, read or even change emails at any node during transport. And he or she can write emails in your name.
Similar to Microsoft Exchange, some NoSpamProxy features can only be enabled through a PowerShell cmdlet. Specifying an “SPF-authenticated corporate email server” is one such feature. Entries of this kind facilitate the maintenance of NoSpamProxy enormously. “Corporate email servers” define the servers of a company that are allowed to use owned domains in email sender addresses. By default, IP addresses, subnets, host names, TLS-authenticated hosts, and Office 365 tenants can be specified.
The latest version of our gateway solution NoSpamProxy is now available at „Download NoSpamProxy“. Therewith, you can meet the requirements of your clients insofar as email security in a Microsoft environment even better and easier.
In our new video tutorial we show step by step how to set up the content filter in NoSpamProxy 12 and which new features there are.
Security researchers discovered a serious safety vulnerability in Microsoft Office last week. With specially prepared files in Word or Excel format, attackers can run any desired code on the users’ system after the files have been opened.