How to completely enable remote content in Thunderbird? - encryption

I have seen this being discussed at multiple places, however the most obvious answers do not work for me.
I have Thunderbird 102.7.1 (64-bit) with Allow remote content in messages option enabled, but I still have a warning message popup in some messages without any option/preferences button. (If I un-check the checkbox I can see the same message bar, but with the button with remote content preferences)
I think the problem is that the remote content is blocked in encrypted messages with S/MIME. In other emails I can see the remote content loaded without issues.
Is there a way how to enable it even for these encrypted messages?

Related

AWS SES userAgent returning the same value for all the users

We have created an application to send out bulk emails using AWS SES. We are able to send out the emails and track the metrics like Opens, Clicks etc using AWS SNS successfully. The only problem we have is that in the "Opens" object that SNS is sending, it is always returning the same value "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0 (via ggpht.com GoogleImageProxy)". What we are looking at is to determine where the email is opened like Mobile/Tab/Desktop and in which browser. Even when the email is opened in Chrome, it is returning as Mozilla. Any help/suggestion in this regard is highly appreciated.
Additional Info: I figured out that the userAgent is being correctly returned in "clicks" object. But not in the "Open" object. Not sure why. We would like to track the same information when the email is opened also as not all the recipients click on a link.
There isn't actually a way to determine that a message has been opened.¹ Detecting "opens" relies on detection of the viewer fetching an image embedded in the message when the mail is "opened."
At the bottom of each message, we insert a 1 pixel by 1 pixel transparent GIF image. Each email includes a unique link to this image file; when the image is opened, we can tell exactly which message was opened and by whom.
When the viewer is Gmail, the user's browser doesn't fetch this image.
https://aws.amazon.com/blogs/messaging-and-targeting/open-and-click-tracking-have-arrived/
When a message is opened in gmail, the user's browser doesn't fetch the image directly, it fetches it from the google image proxy, and the image proxy fetches it from SES and generates the tracking event. Hence, (via ggpht.com GoogleImageProxy).
This isn't something that you have control over, as the sender.
The proxy can identify itself by saying whatever it likes in the User-Agent field -- there is no reason to believe that the entire user-agent string isn't being created by the proxy. Google searching the topic seems to confirm that this is how the proxy always appears. Mozilla/5.0 is a generic user agent string, that does not mean anything more than "I am some kind of web browser, or want the server to believe that I am."
¹there isn't actually a way... well, technically, there is, but thanks to the widespread profusion of spam, this standard is almost never applied to Internet mail. As noted in RFC-8098, "The presence of a Disposition-Notification-To header field in a message is merely a request for an MDN. The recipients' user agents are always free to silently ignore such a request." This is almost always what happens... nothing.

sendmail genericstable not used when mailing

I want to forward all mail for root (so basically the output of all cron jobs but other mails for root as well) to an external email address (hotmail).
Easiest method would be to use the aliases file. I updated the root alias:
root: mymail#hotmail.com
And ran newaliases.
When an email is sent I see that the hotmail MX server "accepts" my mail. Standard MS Security through obscurity makes me think it's silently discarding my email ( not in junk mail, ... ).
This server is used to send/receive mail for a domain (and more domains in the future).
I've checked the logs and it seems the mail is sent with from field of : root#mail.domain.com
I'm pretty sure this is at the root of my mail never received in my hotmail.
The existing email addresses are using user#domain.com as from.
Now I would like to rewrite this (mail) from address/ctladdr.
I thought this would be an easy fix with genericstable.
Genericstable (had multiple tries):
root info#domain.com
root#localhost info#domain.com
root#mail.domain.com info#domain.com
Regenerated the db with makemap.
I tried with different settings.
I also removed the EXPOSED_USER root (from the generic m4 file). I can see it's not in the generated cf file.
I also added root to the trusted users.
In my m4 file:
FEATURE(genericstable)dnl
GENERICS_DOMAIN(domain.com)dnl
dnl GENERICS_DOMAIN(mail.domain.com)dnl
dnl GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl
FEATURE(masquerade_envelope)dnl
dnl define(`LOCAL_RELAY', `localhost')dnl
I have a submit mc file as well. Not sure if this matters but I don't think so.
(I don't have sendmail in MSP mode running as far as I know).
I've tried with GENERICS_DOMAIN as the domain that I want it to be or the domain that I want to be rewritten.
make all install
and restarted sendmail.
Still it just seems to go out as root#mail.domain.com
I tried with sendmail in address test mode (bt; tryflags hs and try esmtp root). This correctly modifies to the wanted source address: info#domain.com.
Anyone has some other ideas why this is not working? Or more debugging ways?
Do I need local_relay to make this work? What's expected to be in the hosts file? Fqdn(mail.domain.com) and hostname(so mail) for 127.0.0.1 ?
EDIT: I probably should mention that I have an incoming queue for MailScanner.
Thanks a lot in advance!
I believe the source of my issue is that I was expecting all mailserver mentioned in the headers to have the mail.example.com removed.
However the first header is to submit it to the local queue.
And only when Sendmail is sending the mail out (connecting to the outside MX of example.com) the translation gets done.
So the servers mentioned in the headers stay with mail.example.com.
I thought the mail.example.com was the culprit in hotmail not delivering my email. Which seemed to be wrong.
After investigating for a long time I noticed that if I sent an email from info#example.com to hotmail it was nowhere shown(no, not even in spam, ...) while it was accepted.
If I sent an email first to info#example.com and then sent one back from info#example.com the mail gets successfully delivered in the hotmail mailbox.
This also seems to be the case with other users of the same example.com domain (so not solely with info#).
After some more investigating I noticed: html email seems to be more easily delivered(sent through squirrelmail). Plain text only mails seem to be ignored.
NOTE: in all cases my mail was accepted by the hotmail mailserver. So no error code 550 or something. I was always sending mail from the mail.example.com server (either command line or through Squirrelmail).
EDIT: I had yet another annoying encounter with Hotmail. Again my message is accepted and just disappears. I've been sending to this destination address before without any issues. But for some reason all of a sudden Hotmail mailservers get "improved".
I'd like to throw in this reference of a topic that got opened years ago which is still ongoing with no feedback from MS: https://answers.microsoft.com/en-us/outlook_com/forum/oemail-osend/messages-reported-as-250-queued-for-delivery-but/f451cda5-ba7d-45ff-b643-501efe2413dc?page=2 . So you're definitely not alone. But also understand that there can be multiple issues leading to the same symptoms.
So I'd like to add some steps which might help preventing a massive headache for others:
Use a footer that clearly states your company and domain.
Use HTML mail
For some reasons sometimes I see mails getting delivered directly in the Deleted folder. Not in Spam
For some reason sending more mails from your domain is better as you gain more "reputation"
You can open a case with Microsoft here:
https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0&wfname=capsub&productkey=edfsmsbl3&locale=en-us&ccsid=635754176123391261
Don't set your expectations high. They'll mainly send you an email back that you're not eligible for remediation and later on answer on your case with a standard answer. HOWEVER what creating this case does do is probably getting confirmation that your email got indeed "filtered" by the mighty SmartScreen (they will not tell you why). But this way at least you know it's the spam filter and the below points might help you out.
Make sure to pass the message ID, timestamp, ... (log entry from maillog is what I did)
The answer on your case will certainly mention to use SNDS(Smart Network Data Service) and JMRP (Junk Mail Reporting Program)
SNDS: I've subscribed and never seen anything listed here. So if you have low email volume don't expect anything to show up here
JMRP: this is a service that will send you an email when a message gets marked as spam by users. I've never got anything useful out of this either.
make sure that your DNS settings are correct (MX record, A record, PTR record). This was all correct for me and nobody could point out a flaw in my configuration.
if you open a case they'll also send you a link to "Improving E-mail Deliverability into Windows Live Hotmail". You can find this on google as well and it might give some pointers.
if you're clearly sending an email campaign add in an Opt-out link (which again was not the case for me)
even if the destination address has your email address whitelisted your mail might be silently discarded. This goes beyond all logic.
having them send an email and reply might get your email delivered as well although it looks clumsy to go ask to send you an email so you can actually use email.
Basically the filter tries to "intelligently" determine what's normal mail behavior and based on that will take actions. So there's a big chance you can get your mail delivered by improving the content of your mails.
All in all I can only recommend to not use hotmail. Not for yourself or for your customers if you're a business. Unless you always want to be doubting if the other side actually received the mail. Sometimes you might be able to call, but if this is a lead through your site and they never get your response that's lost business. Of course it's the user's choice but if you can, try to convince them to use another mail account they have as none of the other providers just silently deletes mails (or at least I've never seen it).
I hope this helps someone else.

Google Chrome Giving SSL Warnings Only After Clicking Green Lock in Location Bar

When I visit a page I am securing with SSL, FF and IE both say everything is 100% secure, and Google Chrome even shows the green lock to the left of the green 'https' text (so, in the location bar, there is no indication of any errors or warnings). But when I click on the green lock, there are two sections:
Green lock icon: mywebsite.com
The identity of this website has been verified by 'cert company.'
Black/gray lock with warning icon:
Your connection to mywebsite.com is encrypted with a 128-bit encryption.
The connection uses SSL 3.0.
The connection is encrypted using RC4_128, with SHA1 for message authentication and RSA as the key exchange mechanism.
The connection is not compressed.
The connection had to be retired using SSL 3.0. This typically means that the server is using very old software and may have other security issues.
I would like to eliminate the entire second section indicating the warnings, but I can't find much information about why this is even happening. This is not quite the same as many other issues reported where the warning icon appears in the location bar. If I ctrl+shift+j, all of my resources (images, js, css, etc) are being referenced correctly. How can I eliminate these warnings? Thanks.

Browser hangs after HTTP POST from Acrobat Reader

The Adobe Acrobat browser plug-in is being used to accept form input from a user. After a user has completed the PDF form and clicked its submit button, the form data is posted to an Asp.Net page that accepts the data, stores it and returns a message as HTML.
This works fine in Acrobat Reader in Firefox. Within Internet Explorer, our targeted browser, after the PDF form has been submitted, the data is accepted by Asp.Net, saved to disk and, by way of a packet sniffer, I can see that the HTML response is served, but IE hangs after the PDF is unloaded like it's trying to load the response, but never does.
I've determined that the problem occurs with IIS6 and IIS7, with or without SSL, on Windows XP and 7, and with Adobe Reader 9 and 10; what considerations am I overlooking?
This behavior seems to occur in Internet Explorer when the Acrobat Reader plug-in sends the HTTP POST followed by an alert dialog box being invoked with something like the following:
app.alert({
cMsg: "Error! Try again!",
cTitle: "Acme Testing Service"
});
The issue seems to stem from running a script after the HTTP POST has been sent; reordering the sequence of events has resolved the issue I was experiencing.

How to ignore the error of the certificate

Sorry ,my English is poor, I have never speak English after I leave the school.
but now this problem have trouble me for a long days.
My problem: when I open the website which the security certificate is wrong ,then
IE8 show:
===========================
There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
Click here to close this webpage.
Continue to this website (not recommended).
==============================
I want to open this website(https) without show this alert page
the method may use "regedit", or change the internet Options, or by code ......and so on.
please help me
thanks thanks thanks
You can do this via regedit. Go to the following key:
HKEY_USERS\<SID>\Software\Microsoft\Windows\CurrentVersion\Internet Settings
And set WarnonBadCertRecving to 0
If it doesn't exist, create a new DWORD called WarnonBadCertRecving and then set that to 0.
Alternatively, make a .reg file containing this and double click to run:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"WarnonBadCertRecving"=dword:00000000

Resources