Do you see a frequently appearing error message BitDefender Threat Scanner on your Windows 10 PC? The issue specifies the presence of a Threat Scanner.dmp file in your Temp folder. In most cases, this dmp file is completely unreadable in Notepad. Also, if you don’t close the pop up, then your PC restarts forcibly after a while.

BitDefender Threat Scanner error occurs irrespective of the cases you have installed this antivirus or not in your Windows 10 PC. After installing the recent update of the solution, some users confront this problem. However, lots of users are out there who don’t use BitDefender at all but still find error pop up.

In such cases, it is the Spybot’s file that is damaged. Once you replace the Spybot’s corrupted file, things will work smoothly. Just like other popular antivirus solutions, Spybot also combines BitDefender technology and that is the reason the error states about the creation of a dmp file.

So, stick to the tutorial and let’s walk through all the solutions to bypass this BitDefender error.

How to Fix BitDefender Threat Scanner Error in Windows 10

1 – Clear temp folder

The pop-up notifies that information related to the error is stored in temp folder. However, when you locate and try to open that dmp file, it fails to load. So, the first attempt you should take is to completely clear out the entries that are present in temp folder. For many users, cleaning this folder bypasses the problem completely and to do so, follow the given steps.

1 – Open Run by jointly pressing Windows + R keys to get rid of BitDefender Threat Scanner. Type temp in the provided text field and click Ok button.

2 – The above action opens temp folder, select all the entries and press Delete key.

Note – In case, any specific entry is running, then Force Close Ongoing Programs in Windows 10.

3 – Moving ahead, again launch Run, type in %temp% and press Enter to execute it. This opens the Temp folder for your user account, select all the items. Finally, press Delete to eradicate all the items of the folder.

4 – Once you clear all the entries from the folder, restart Windows 10 PC. In the end, see if BitDefender Threat Scanner still occurs or not.

Follow our detailed tutorial to Remove Temporary Files on Windows 10.

2 – Download and Run a Patch

If you have upgraded your BitDefender, you may likely to face this specific BitDefender Threat Scanner error message on Windows 10. So, the possible workaround that BitDefender suggests is to download and run a patch depending upon the architecture of your operating system.

1 – First of all, figure out the architecture of your Windows 10 operating system.

Follow our tutorial to Find the Version of Windows Installed on System.

2 – Depending on the version and architecture, run the patch accordingly. Go to this web page and click Run this patch for 32 bit or 64 bit as per requirement.

BitDefender introduced this patch to fix this particular error that comes up after updating it. So, after running the patch, it should resolve the BitDefender issue.

3 – Fix Spybot’s Corrupted File

As mentioned earlier, many times, this error also happens because of Spybot’s corrupted file. The root cause is that Spybot uses this specific BitDefender Technology and when its file gets damaged, it leads to this error.

1 – Open File Explorer to resolve BitDefender Threat Scanner. Once you launch it, navigate to this given path –C:\Program Files (x86)\Spybot – Search & Destroy 2.

2 – Here, search for a file namely SDAV.dll. This is the file that leads to the occurrence of the error. If the file seems to be missing from the Spybot – Search & Destroy 2 folder, you face this error. Or, if the file size is not 32KB, this error message pops-up on the PC screen.

3 – So, if you don’t see the SDAV.dll file in the folder, then visit this web page and download the missing file.

4 – After downloading the file, copy it and travel to Spybot – Search & Destroy 2 folder (for entire path, see Step 1). Paste the SDAV.dll file in the folder.

5 – In case, the SDAV.dll file is already existing in the folder, then verify its size. If its size is not 32KB, you need to replace it immediately as it got corrupted.

Note – To confirm the size, right-click on SDAV.dll and click Properties. Here, you can read its size.

6 – So, to replace it repeat Step 3 and 4 and paste the new file. While pasting it, you may come across Replace or Skip files dialog on the PC screen. Moving ahead, click the first one, “Replace the file in the destination“.

Once you successfully substitute the damaged Spybot’s file, the BitDefender Threat Scanner error note should not appear.

[mai mult...]

When you experience “ERR_ADDRESS_UNREACHABLE” errors, restarting your router often resolves them. There are many cases in which the router enters error mode, and network devices will likely experience this issue in the future. Restarting your router will resolve this error message. Here is what you need to do:

1: Ensure you have disconnected your router or modem from its power source. Don’t simply turn it off.

2: You should wait approximately 15 to 20 seconds before reconnecting the device.

3: You’ll have to wait for the device to reopen.

You can try other options when you can’t fix the problem and the error message still appears. Alternatively, you may reset your router, which may be a good solution. Before you do this, ensure you know the method your ISP uses to enable your router to function.

1: Locate the reset tag in the small hole on the back of your router.

2: Insert a small pin continuously into the hole for 4-5 seconds. Once this activity has been completed, you must reset your router.

3: You can obtain its address once connected to the router with an Ethernet cable, and you will probably find this address on the back.

4: Enter your Internet Service Provider’s information once complete.

5: Now that the error message is gone, you can check if the problem is fixed.

Allow or Disallow Proxy Access

Windows users can also resolve this error without any hassle. If you receive an ERR_ADDRESS_UNREACHABLE message, it may be due to incorrect proxy settings. You must check your proxy settings to resolve the issue if this is the case. Here’s how to fix it.

1: The first step is to press the Windows key and select the Settings icon to access the Windows Settings page.

2: Next, click on the first result that appears when you search for Internet Options.

3: Click on the Connections tab within the Internet Properties window, and then click on LAN settings. Remove the check mark next to Use a proxy server for your LAN.

4: Then, click OK. Then, click Apply and restart your computer.

5 Ensure that your problem has been resolved by restarting Chrome.

The error may be fixed by adjusting your proxy settings, but if not, please proceed to the next possible solution below.

Check Address

This is another way to clear the error message ERR_ADDRESS_UNREACHABLE. Occasionally, you may receive an error message if you attempt to access a private address through a public network. For reg, 192.168.1.8 is considered a private address, so only private networks can access it.

If the network is secure, ensure that the network does not bind the address you wish to access. Connect to the correct network and then attempt to reaccess the address.

You can resolve the error by checking the address you are trying to access, but if you still experience difficulties, you can contact your Internet Service Provider (ISP).

Clear Google Chrome DNS Cache

You can fix the ERR_ADDRESS_UNREACHABLE message by clearing Chrome’s DNS cache. The solution is easy to implement and does not require much time.

Here are the steps to follow.

1: Open the Google Chrome browser.

2: Enter Chrome://net-internals/#dns into your browser’s address bar and press Enter.

3: Clear the host cache by clicking the button.

4: Try to reopen the website after clearing Chrome’s cache, then check if the problem has been resolved.

Reset the TCP/IP Protocol

When all the solutions above have failed to fix the problem, you can attempt to reset TCP/IP using the Command Prompt. This solution has been successful in fixing ERR_ADDRESS_UNREACHABLE errors. Here are some instructions for resetting TCP/IP quickly.

1: Click the Windows logo key + R simultaneously to open the Run dialog box.

2: Type cmd and press Shift + Ctrl + Enter to open Command Prompt as an administrator. If you make bad choices with the Command Prompt, your PC may crash, and there’s even a chance of losing some important stuff. Thus, it’s best to use the command prompt carefully.

3: Please type the following commands one at a time and press Enter after each one.

ipconfig /release

ipconfig /all

ipconfig /flushdns

ipconfig /renew

netsh int ip set dns

netsh Winsock reset

4: After entering the commands, close the Command Prompt and restart your computer.

5: Restart your computer and see if it’s fixed.

You can try these additional tips instead of the ones above:

If your browser isn’t working, try another one. You can get to the website with another one and reinstall or reset it if yours doesn’t work.

It might help if you try another ISP and network. If you can’t access the website, try visiting it in incognito. By doing this, you’ll be able to figure out if your browser add-ons are causing the error. You can also access it from another device on the same network, and you’ll then be able to determine if your device or your network causes the error.

[mai mult...]

• Force Shutdown your computer.
• Update all your Graphics Card drivers
• Disconnect all the unwanted external peripherals such as printers, Webcams, Headphones, Scanner, Fax machine, and additional monitors connected, if any.
• Remove or Disable Overclocking settings and tool.

Solution 1. Shut Down Your Windows PC:

Hence, you should first press the Power button. Hold it till the PC is not turning off. It can solve your issue for sure. Hope; that you don’t need to follow any other complicated procedures.

Solution 2. Disconnect Unnecessary External Hardware:

Sometimes, webcams, printers, monitors, or headphones are causing the problem. It is the reason why we recommend unplugging this external hardware. Disconnect these when they are connected to your PC or computer.

Solution 3. Disable Overclock Settings:

You may overclock the PC to enhance the performance. But you should know that it can increase the temperature of your computer. As a result, it can damage your CPU or GPU ultimately. Here, we have given the method that lets you know how to disable overclocking.

Sometimes, PCs can run slow or face system glitches. If it happens to your PC or computer, then it requires maintenance. You can use a dedicated PC optimization tool. It helps you to check your computer’s health and apply the necessary fixes.

Process:

• First, tap on the Home or Start key. Then, your task is to choose the Settings icon.
• Next, choose the Update and Security option from the list.
• Now, you can see a Recovery option on the left side of the windows panel. Tap on this.
• After that, tap on the Restart now options under the Advanced startup option.
• After doing that, you can see your PC is restarting and showing Choose an option.
• Now, your job is to tap on the Troubleshoot option. When the following display appears, your task is to choose the Advanced Options.
• Choose the UEFI Firmware Settings after that and then tap on the Restart option.
• As soon as your PC restarts, the BIOS menu will open automatically.
• Go to the Advanced tab now and choose the Performance option.
• Then, your task is to look for the Overclocking option and make it disabled.
• Now, tap the F10 button after completing your work. Choose the Yes option while you are going to save the changes. Then, select the exit option.
• Some users don’t prefer to change the overclocking settings. If you are also one of them, purchase a cooling pad for CPU or GPU. With the help of this system tool, you can stop your PC from getting overheated.

[mai mult...]

Disable automatic restart

First, to facilitate troubleshooting the problem, disable automatic restart.

1. From the desktop or in the Windows Start menu, right-click My Computer or Computer.
2. Click the Properties option.
3. In the System Properties window, click the Advanced tab or the Advanced system settings link.
4. On the Advanced tab, click the Settings button in the Startup and Recovery section.
5. In the Startup and Recovery window, uncheck the Automatically restart check box.
6. Click OK.

Blue screen errors

Windows NT, 2000, XP, Vista, and later versions of Windows have a blue screen error that is similar to the example shown below. These error messages often contain more detailed information and contain information that can be searched for and found. If you’re not getting a blue screen error that looks like the example below, skip to the next Fatal exceptions section.

1. Identify the blue screen by locating a line containing all capital letters with underscores instead of spaces, such as the above example, BAD_POOL_HEADER. Write this information down. If you do not see anything written in all caps with underscores like this, skip this step.
2. Get either the STOP: error message at the top of the error, or in the “Technical Information:” portion of the error. For example, in the above error, it is STOP: 0x00000019, write the first portion of this error message down.
3. Finally, if technical information is shown, write down the file and the address.

[mai mult...]

Într-o mișcare determinată de a combate infracțiunile cibernetice și traficul de droguri, autoritățile finlandeze, în colaborare strânsă cu cele germane și lituaniene, au reușit să închidă Piilopuoti, una dintre cele mai cunoscute piețe ilegale de pe Dark Web specializate în vânzarea de droguri.

Utilizatorii care obișnuiau să acceseze această piață ilegală de droguri sunt întâmpinați acum de un mesaj care anunță că “Acest domeniu a fost confiscat”. Cu o simplă frază, autoritățile au reușit să distrugă o întreagă operațiune criminală. Potrivit Europol, pe această platformă cu limbă finlandeză, au fost vândute droguri și alte bunuri ilegale în cantități semnificative. Această piață funcționa pe rețeaua Onion Router (Tor).

Un aspect notabil al acestei operațiuni este colaborarea strânsă dintre autoritățile finlandeze, germane și lituaniene. Acest nivel de coordonare transfrontalieră este esențial pentru combaterea crimei cibernetice la nivel global.
Europol, organizația europeană de poliție, a avut un rol crucial în facilitarea comunicării între aceste țări și în coordonarea acțiunii. Acest efort comun a permis autorităților să obțină succesul în închiderea acestei piețe ilegale de droguri și să prevină răspândirea mai departe a activităților ilegale desfășurate prin intermediul acestei platforme Dark Web.

Cu toate că internetul ascunde multe pericole, acest caz arată că există speranță în lupta împotriva infracțiunilor online și că autoritățile pot lua măsuri decisive pentru a proteja societatea.

[mai mult...]

Dezvoltatorii AtlasVPN lucrează la remedierea unei vulnerabilități de scurgere a adresei IP, ale cărei detalii au fost făcute publice de un cercetător care a ales să opteze pentru divulgarea completă după ce încercările de divulgare responsabilă au fost ignorate.

Breșa de securitate afectează clientul AtlasVPN pentru Linux și poate fi exploatată atrăgând utilizatorul țintă pe un site web care găzduiește codul de exploatare. Exploatarea determină deconectarea AtlasVPN, ceea ce duce la dezvăluirea adresei IP reale a utilizatorului către site-ul atacatorului.

Clientul AtlasVPN pentru Linux constă în două părți. Un daemon (atlasvpnd) care gestionează conexiunile și un client (atlasvpn) pe care utilizatorul îl controlează pentru a se conecta, deconecta și a lista serviciile. Clientul nu se conectează printr-un socket local sau prin alte mijloace sigure, ci deschide în schimb o interfață API pe localhost pe portul 8076.

Codul de exploatare a fost făcut public și nu este dificil de utilizat în scopuri dăunătoare. Un atacator trebuie doar să-l încarce pe un site pe care îl controlează. Vulnerabilitatea afectează clientul Atlas VPN pentru Linux, versiunea 1.0.3. Din cauza vulnerabilității, aplicația și, implicit, traficul criptat între utilizator și gateway-ul VPN pot fi deconectate de un actor rău intenționat. Acest lucru ar putea duce la dezvăluirea adresei IP a utilizatorului.

Începând cu septembrie 2023, vulnerabilitatea nu va mai fi prezentă în aplicația Linux în cea mai recentă versiune a sa. În urma acestei rezolvări, AtlasVPN va informa utilizatorii să-și actualizeze aplicațiile la versiunea 1.1 remediată.

[mai mult...]

Follow these steps to create a new email address in Plesk with the Power-user interface:

1. Open the Mail menu from the left column of the Plesk panel
2. Click the Create email address button
3. Enter the local part of the address (before the @ symbol) alongside the Email Address field
4. Select the domain name for the address from the drop-down to the right of the @ symbol
5. Select if you want to allow access to the customer Plesk panel using this email address using the tick-box for Access to the Customer Panel
6. Enter a password for the email and re-enter into the confirm password field or select Generate to automatically generate a password for the address
7. You can select to apply the default mailbox size or select Another size to set a disk space quota for the mailbox
8. Optional: You can enter a description for the email address into the Description in Plesk field, or you can leave this field blank
9. Click OK at the bottom of the page to create the address.

Service Provider interface

Follow these steps to create a new email address in Plesk with the Service-provider interface:

1. Open the domains menu from the left column of the Plesk panel.
2. Click the domain name that you want to create an email address for from the list on the following page
3. Click the Mail or Email Addresses link from the domain control panel page
4. Click the Create email address button to add a new address
5. Enter the local part of the address (before the @ symbol) alongside the Email Address field
6. Enter a password for the email and re-enter into the confirm password field or select Generate to automatically generate a password for the address
7. You can select to apply the default mailbox size or select Another size to set a disk space quota for the mailbox
8. Optional: You can enter a description for the email address into the Description in Plesk field, or you can leave this field blank
9. Click OK at the bottom of the page to create the address.

Email Client Settings

The following settings can be used to add the address to an email client application/device:

Account type: POP or IMAP
Incoming server: mail.yourdomain.com
Username: full email address
Password: Enter the mailbox password for the address
Incoming Port: 110 for POP accounts, 143 for IMAP accounts.
Outgoing server: mail.yourdomain.com
Authentication: Authentication is required for outgoing mail, using the same username/password as incoming settings.
Outgoing Port: 25

[mai mult...]

These are some notes on setting up a small mail server suitable for a single user or a few users.

This setup uses the following projects to enable sending and receiving mail using SPF, DKIM, and DMARC for email authentication:

• Postfix for mail transfer and delivery to Dovecot via LMTP.
• Dovecot for IMAP access and SASL for Postfix with Pigeonhole for Sieve message filtering support
• Rspamd for spam filtering, email authentication validation, and DKIM signing (with Redis for caching)
• Let’s Encrypt and certbot to provide SSL certs

Moreover this configuration enables support for sending and receiving mail on two domains whereby the two domains mirror each other.

CERTIFICATES AND KEYS

SSL/TLS CERTS

Obtain an SSL certificate from Let’s Encrypt. This particular server did not have an existing HTTP server, so I used certbot in standalone mode:

# certbot certonly --standalone -d domain1.tld,domain2.tld

This produces a single certificate for both domains. Alternatively, one could invoke certbot for each domain to produce separate certificates.

DKIM KEYS

Rspamd includes a utility to generate DKIM keys. I created a directory within /etc/rspamd, protected it, and generated keys according to Rspamd’s dkim_signing guide.

# mkdir -p /etc/rspamd/dkim/keys
# chown -R rspamd:rspamd /etc/rspamd/dkim
# chmod -R 700 /etc/rspamd/dkim
# rspamadm dkim_keygen -s 'mail' -b 2048 -d domain1.tld -k /etc/rspamd/dkim/keys/domain1.tld.mail.key > /etc/rspamd/dkim/keys/domain1.tld.mail.txt
# rspamadm dkim_keygen -s 'mail' -b 2048 -d domain1.tld -k /etc/rspamd/dkim/keys/domain2.tld.mail.key > /etc/rspamd/dkim/keys/domain2.tld.mail.txt
# chown rspamd:rspamd /etc/rspamd/dkim/keys/*
# chmod 600 /etc/rspamd/dkim/keys/*

If you are having trouble splitting up the public key into multiple chunks within the DNS TXT record, you may need to use -b 1024 and live with the weakened security.

DIFFIE-HELLMAN PARAMETERS FOR DOVECOT

This is actually optional because I disabled non-ECC Diffie-Hellman ciphers in the Dovecot configuration.

# touch /etc/dovecot/dh.pem
# chmod 600 /etc/dovecot/dh.pem
# chown root:root /etc/dovecot/dh.pem
# openssl dhparam -out /etc/dovecot/dh.pem 4096

POSTFIX CONFIGURATION

The following Postfix configuration enables SASL through Dovecot, delivers mail to Dovecot’s LMTP service, enables TLS, and enables Rspamd as a milter.

I’ve only listed variables that differ from the defaults as of Postfix 3.7.

# based on Postfix 3.7.0
compatibility_level = 3.7

# Restrictions
# smtpd_recipient_restrictions includes the following features:
#   1.  prohibit specific senders via check_sender_access
#       create a list of prohibited domains in the following format
#           baddomain.tld   REJECT
#       save to /etc/postfix/sender_access and run `postmap /etc/postfix/sender_access`
#   2.  prepend X-Original-To for LMTP via check_recipient_access and set
#       lmtp_destination_recipient_limit
#       see https://dovecot.dovecot.narkive.com/jYiqyZYr/differences-in-delivered-to-header-between-deliver-and-lmtp#post7
smtpd_recipient_restrictions =  check_sender_access hash:/etc/postfix/sender_access,
                                check_recipient_access pcre:{{/(.+)/ prepend X-Original-To: $$1}}
lmtp_destination_recipient_limit = 1

# Aliases
alias_maps = hash:/etc/postfix/aliases
alias_database = $alias_maps

# Network
# set because $myhostname is domain.tld (not server.domain.tld)
mydomain = $myhostname
# set in order to add secondary domain
#   alternative is to use virtual domains: http://www.postfix.org/VIRTUAL_README.html
mydestination = $myhostname, localhost.$mydomain, localhost, localhost.localdomain, domain2.tld

# TLS support
smtpd_use_tls = yes
smtpd_tls_loglevel = 1
smtpd_tls_cert_file = /etc/letsencrypt/live/domain1.tld/fullchain.pem
smtpd_tls_key_file  = /etc/letsencrypt/live/domain1.tld/privkey.pem
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtp_tls_session_cache_database  = btree:/var/lib/postfix/smtp_scache

# SASL support
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

# Milters
#smtpd_milters = unix:/var/lib/rspamd/milter.sock
# or for TCP socket
smtpd_milters = inet:localhost:11332
non_smtpd_milters = $smtpd_milters
#milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
# skip mail without checks if something goes wrong
milter_default_action = accept

# Delivery
mailbox_transport = lmtp:unix:private/dovecot-lmtp

# Others
recipient_delimiter = +
biff = no

To enable “Submission” (port 587) for client usage, the following can be added to /etc/postfix/master.cf:

submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_tls_auth_only=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_recipient_restrictions=
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

Edit 2021-09-29: smtpd_tls_cert_file now points at the full chain instead of the individual cert.

Edit 2022-02-13: smtpd_recipient_restrictions uses Postfix 3.7’s inline pcre:{{}} syntax rather than requiring a separate file.

SUPPORTING MULTIPLE DOMAINS

In this configuration, I opted to serve multiple domains in the simplest way, by adding the second domain to mydestination. Postfix’s guide on this subject describes this way as being useful for the situation where each user receives mail in each domain, which was the case that applied to me. For more complex usages, one could use virtual alias domains, also described in that guide.

RELAY VS. RECIPIENT RESTRICTIONS

Postfix has a document that describes access restrictions. It notes that as of Postfix 2.10, the smtpd_relay_restrictions takes care of preventing Postfix from acting as an open relay. As such, many Postfix configuration tutorials do not have up-to-date guidance; instead, they opt to carefully configure smtpd_recipient_restrictions. As Postfix’s document illustrates, either way will work, so long as one of them prevents Postfix from acting as an open relay. In this configuration, I am relying on the sane default configuration of smtpd_relay_restrictions, which postconf -d smtpd_relay_restrictions reports to be:

smtpd_relay_restrictions = ${{$compatibility_level} < {1} ? {} : {permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}}

Optionally, you can use smtpd_recipient_restrictions to prohibit certain domains. In my case, an attacker has been trying to sign up for an unprotected service by using fake emails from my domain name. I reject all emails from that service.

Edit 2020-07-06: Per this discussion, I have added a check_recipient_access entry that adds an X-Original-To header containing the original address that the email was intended for. Paired with the adjustment of the Dovecot configuration variable lda_original_recipient_header, this makes Sieve filtering based on address and “detail” (label after the + in an address) fairly simple.

I structured /etc/dovecot to follow the example template provided with Dovecot.

# mkdir -p /etc/dovecot
# cp -R /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot
# cp -R /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot

Importantly, I had to make a few changes to the files in conf.d/:

1. Because I am using passwd-file authentication, I commented out the inclusion of auth-system.conf.ext in conf.d/10-auth.conf:

   #!include auth-system.conf.ext
   

2. Because SSL certs are located in /etc/letsencrypt, I commented out the attempts to read in those certs in conf.d/10-ssl.conf:

   #ssl_cert = </etc/ssl/certs/dovecot.pem
   #ssl_key = </etc/ssl/private/dovecot.pem
   

   I suppose one could symlink the certs to these locations instead.

I then made changes from the default configuration (as of Dovecot 2.3.10.1) by creating the following /etc/dovecot/local.conf. Dovecot will merge this configuration with the existing defaults.

protocols = imap lmtp

# conf.d/10-auth.conf

auth_mechanisms = plain login
!include conf.d/auth-passwdfile.conf.ext


# conf.d/10-mail.conf

mail_location = maildir:~/.mail


# conf.d/10-master.conf

service lmtp {
    unix_listener /var/spool/postfix/private/dovecot-lmtp {
        mode  = 0600
        user  = postfix
        group = postfix
    }
}

service auth {
    unix_listener /var/spool/postfix/private/auth {
        mode  = 0666
        user  = postfix
        group = postfix
    }
}


# conf.d/10-ssl.conf

ssl_cert = </etc/letsencrypt/live/domain1.tld/fullchain.pem
ssl_key  = </etc/letsencrypt/live/domain1.tld/privkey.pem
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
ssl_prefer_server_ciphers = yes


# conf.d/15-lda.conf

lda_original_recipient_header = X-Original-To


# conf.d/20-imap.conf

protocol imap {
    mail_max_userip_connections = 20
}


# conf.d/20-lmtp.conf

protocol lmtp {
    mail_plugins = $mail_plugins sieve
}

As a consequence, Dovecot provides a SASL service to Postfix for authentication and receives mail from Postfix via LMTP. It enables an IMAP service for mail user agent connection.

Edit 2020-07-06: The adjustment to lda_original_recipient_header (which also applies to LMTP) tells Dovecot to use the X-Original-To header to specify the original recipient.

Following Mozilla’s TLS guide, the minimum protocol is set to TLSv1.2. A more restrictive set of ciphers are allowed as well (in particular, no non-ECC Diffie-Hellman support).

Edit 2021-09-29: ssl_cert now points at the full chain instead of the individual cert.

USER AUTHENTICATION

This configuration uses a simple password file for authentication.

touch /etc/dovecot/users
chown dovecot:dovecot /etc/dovecot/users
chmod 600 /etc/dovecot/users

Passwords can be generated with dovecot pw -s SHA512-CRYPT as per Dovecot’s password scheme guide.

Then, following Dovecot’s Passwd-file guide, one can create a mostly-empty row:

in /etc/dovecot/users:

user:{SHA512-CRYPT}<hash>:sys_user:sys_user_group::/home/sys_user::

This configuration allows for a virtual mapping from user to the system account sys_user with its corresponding group sys_user_group and home directory /home/sys_user. user should be the account that you map all of your aliases in /etc/postfix/aliases to.

Edit 2022-01-29: The Rspamd-Redis connection now uses UNIX sockets.

Per Rspamd’s Quick Start guide, I adjusted a few Redis configuration settings slightly, namely setting a memory limit and policy and enabling access via UNIX socket. To do that, I added include /etc/redis.d/local.conf to the end of /etc/redis.conf and created the following /etc/redis.d/local.conf:

# settings recommended by Rspamd
#   https://rspamd.com/doc/quickstart.html

maxmemory 500mb
maxmemory-policy volatile-ttl
unixsocket /var/run/redis/redis.sock
unixsocketperm 770

I also followed the suggestion of setting vm.overcommit_memory = 1 with sysctl and in /etc/sysctl.d/.

RSPAMD

Rspamd is a powerful spam filtering tool that can also be used to add DKIM signatures to outgoing messages. I have used it since ~v1.2 (mid-2016); it has grown significantly since then, and there have been a few configuration-breaking changes in that time. However, I have not encountered such issues recently.

I made changes exclusively within /etc/rspamd/local.d and only included settings that changed the defaults as of Rspamd 2.5.

GLOBAL CONFIGURATION SETTINGS

I have Unbound configured as the local nameserver, so Rspamd will automatically use it (/etc/resolv.conf points to 127.0.0.1). Rspamd can generate a lot of DNS requests, so I have found this to be a valuable solution. Using a public nameserver will likely result in rejections over time.

Therefore, local.d/options.inc looks like:

# same as postfix $mynetworks minus loopback addresses (`postconf mynetworks`)
local_addrs = [
    <self IP addresses>
];

# DNS tuning for local DNS server
#   probably not necessary
dns {
    timeout = 10s;
    retransmits = 50;
}

# server does not support SSE3
disable_hyperscan = true;

PROXY WORKER AS MILTER

The Rspamd proxy worker acts as a milter by default, but should be configured to scan outbound mail to DKIM sign messages. That can be accomplished by setting the following in local.d/worker-proxy.inc:

upstream "local" {
    self_scan = yes;
}

# spawn more processes in self-scan mode
count = 4;

DKIM SIGNING

Because each DKIM key follows a structured file naming format, local.d/dkim_signing.conf is relatively simple:

# the same settings apply for all domains

selector = "mail";
path = "/etc/rspamd/dkim/keys/$domain.$selector.key";
allow_username_mismatch = true;

SPAM BLOCKING CONFIGURATION

For testing, it’s best to avoid outright rejecting emails that have a high spam score. The following adjustment in local.d/actions.conf adds spam headers to pretty much all messages that exceed the (default) add_header threshold.

# always add headers instead of rejecting
reject = 500;

The following files enable and configure their respective modules to use Redis as a backend.

Edit 2022-01-29: The Rspamd-Redis connection now uses UNIX sockets.

Rspamd connects to Redis via a UNIX socket (per these instructions). To provide Rspamd access, its user must be added to the redis group via usermod -a -G redis rspamd (note that some installations may have different usernames for Rspamd).

local.d/classifier-bayes.conf:

backend = "redis";

local.d/mx_check.conf:

enabled = true;

local.d/redis.conf:

servers = "/var/run/redis/redis.sock";

Adding the following to ~/.dovecot.sieve will send mail marked as spam to the Junk folder:

require ["fileinto"];

if header :is "X-Spam" "Yes" {
    fileinto "Junk";
    stop;
}

The firewall should open SMTP ports 25 and 587 and IMAP ports 143 and 993 to appropriate network traffic. For nftables, the following configuration can be added to an input inet filter chain:

tcp dport { 25, 587 }  accept comment "Allow SMTP/Submission"
tcp dport { 143, 993 } accept comment "Allow IMAP/IMAPS"

DNS entries need to be added for reverse DNS, SPF, DKIM, and DMARC. These tools all help other mail servers realize that your mail is not spam. Of course, an MX record is required as well.

For the domain name that matches $myhostname in Postfix (not any other domains), a PTR record is necessary. For example, for an IP address of 1.2.3.4:

4.3.2.1.in-addr.arpa. 3599 IN    PTR     domain1.tld.

An equivalent IPv6 PTR record is necessary, too. This tool is helpful in generating the record.

For all domains, an SPF record is required:

domain1.tld.    3599    IN      TXT     "v=spf1 ip4:<IPv4 Address> ip6:<IPv6 Address> -all"

Each of the DKIM keys generated above also generated a DNS record in /etc/rspamd/dkim/keys/$domain.$selector.txt. Each domain’s record must be added.

Adding a DMARC record to each domain helps other mail servers understand what to do with mail that failed SPF or DKIM checks. For testing, it makes sense to ask the mail server to keep the mail but send reports back to you.

_dmarc.domain1.tld. 3599    IN      TXT     "v=DMARC1; p=none; pct=100; rua=mailto:dmarc-reports@domain1.tld"

By changing to p=reject, the other server will reject mail that failed these checks.

[mai mult...]

Detecting whether email is junk, spam, or phishing is a challenge at the University of Washington. This is due primarily to the UW’s unusual email routing, which has been designed to support the UW community’s highly distributed IT infrastructure. The UW provides two centrally managed productivity platforms with email services (UW Google and UW Office 365). UW email also allows emails addressed from UW email addresses to be sent from anywhere, and incoming emails addressed to UW email addresses to be forwarded to anywhere.
Email sent to and from UW email addresses generally passes first through UW’s Email Infrastructure service infrastructure where it is scanned by Proofpoint, a software package that filters the majority of junk, spam, and phishing email, as well as email containing malware.

Once email has passed through the Email Infrastructure service, email is then delivered to the destination mailbox as selected on the UW email forwarding manage page. Upon delivery to the destination mailbox (e.g. UW Gmail, UW Office 365, consumer Gmail, Outlook.com, Yahoo!, etc.) email is then filtered again by the platform managing the destination mailbox (e.g. Google, Microsoft, Yahoo!, etc.) as junk, spam, or phishing email.
Read more about how the Email Infrastructure service filters email and how you can protect your email.
Determining if email is junk, spam, or phishing is up to each email service vendor (Proofpoint, Google, Microsoft, Yahoo! etc.) and is based on a wide variety of potential parameters that can change minute-by-minute. Additionally, user-implemented email filtering rules can also influence whether an email is filtered as junk, spam, or phishing.

If you send an email to or from a UW email address and receive a Non-Delivery Report (NDR) email
Non-Delivery Reports (NDR) are emails sent to a sender to report that an email has failed to deliver. These emails come from the last successful system to receive the email, not from the system that rejected or failed to accept the email. These reports should have details on why the email failed to deliver. Many times, the reason will simply be because the email address the email was sent to is no longer valid.
However, if the NDR email says an email was rejected as spam, try these steps:
• Send from a system officially “allowed” by your email domain’s Sender Policy. For those sending from @uw.edu email addresses, these include UW Google and UW Office 365 email services
• This does not currently include smtp.washington.edu and smtp.uw.edu that may be used with POP or IMAP clients to access UW Google and UW Office 365 mailboxes
• Never include links that immediately require a login
• Avoid using ALL CAPS in emails
• Avoid using excessive exclamation marks early and often in emails
• Remove any links or HTML from your signature
• Avoid using excessive HTML in emails with relatively little content
• Remove any potentially controversial or words commonly used in spam emails
If you try the above without success, try these steps:
• Switch to sending emails as plain text (instructions for Gmail and Outlook on the web)
If you are sending email that is being delivered to recipients’ spam/junk folders
If you are sending email that is being delivered to spam/junk folders for recipients utilizing UW Gmail, UW Office 365, commercial Gmail, Outlook.com, etc., try these steps:
• Send from a system officially “allowed” by your email domain’s Sender Policy.
• Never include links that immediately require a login
• Avoid using ALL CAPS in emails
• Avoid using excessive exclamation marks early and often in emails
• Remove any links or HTML from your signature
• Avoid using excessive HTML in emails with relatively little content
• Remove any potentially controversial or words commonly used in spam emails
If you try the above without success, try these steps:
• Switch to sending emails as plain text (Instructions for Gmail and Outlook on the web)
• Try sending the email from a different email address. If this works but you already have gotten this far down the list, then likely your specific email address has been marked as a problem. If you are using a UW email address, please contact help@edu for help in evaluating your situation. If you are using an outside address, please contact that organization for help
Read more about Gmail’s sender guidelines and Microsoft’s sender guidelines.
If you have tried all of the above which are practical for your situation, the recipient(s) will need to contact their email provider.

If you are receiving email that is incorrectly being delivered to your spam/junk folder
UW Gmail
If you are using UW Gmail and are finding emails in your spam folder that are being incorrectly delivered as spam, try these steps:
• Unmark an email as spam
• Add the sender as a contact
• Verify that you do not have a Gmail rule that filters these emails
• Verify that all devices and email clients you have configured to check your UW Gmail account have no rules or filtering in place
• If you have taken all of these steps and email is still incorrectly being delivered to your UW Gmail spam folder, please forward the email as an attachment to help@edu
If you try the above without success, you can:
• Add a Gmail rule to explicitly not filter the sender. Take this step with great caution and only for email addresses that are known and important to you, as it opens you to junk, spam, and phishing attacks sent from the email address(es) you exclude.
As a last resort, you can:
• Join this UW Group to opt out of all UW Gmail junk, spam, and phishing email protections
UW Office 365
If you are using UW Office 365 and are finding emails in your Junk E-Mail folder that are being incorrectly delivered as spam, try these steps:
• Under Filters, select “Trust email from my contacts” (Outlook on the web)
• Add the sender as a contact (Outlook on the web)
• Add the sender to Safe senders and domains (Outlook on the web)
• To add a domain, enter only the text after the @ symbol e.g. “edu” instead of “@edu”)
• Remove senders and their domains from Blocked senders and domains (Outlook on the web)
• Verify that you do not have rules or sweeps that could send emails to your Junk E-Mail folder (Outlook on the web rules, Outlook on the web sweeps)
• Verify that all devices and email clients you have configured to check your UW Office 365 account have no rules or filtering in place.

[mai mult...]