Search found 50 matches

by thewomble
01 Feb 2022 11:32
Forum: Discussion
Topic: PDF attachment converting to Base64 plain text
Replies: 35
Views: 97427

Re: PDF attachment converting to Base64 plain text

If this means anything to anyone, or point to a resource to understand further. Content-Type: multipart/mixed; boundary="_008_daa66855df2349c898d4c61b4b5403c0********couk_" MIME-Version: 1.0 --_008_daa66855df2349c898d4c61b4b5403c0********couk_ Content-Type: multipart/related; boundary=&quo...
by thewomble
01 Feb 2022 10:16
Forum: Discussion
Topic: PDF attachment converting to Base64 plain text
Replies: 35
Views: 97427

Re: PDF attachment converting to Base64 plain text

I did get one of the companies to send the message to my personal email (external from EFA) and forward it to the internal users and was delivered as expected. Three of the companies use the same "advanced email filter" so it does seem to server specific.
by thewomble
01 Feb 2022 10:05
Forum: Discussion
Topic: PDF attachment converting to Base64 plain text
Replies: 35
Views: 97427

Re: PDF attachment converting to Base64 plain text

I too am seeing this on version 4 code, I forced rejected the connection and it is then processed by the version 3 code box I still have running which delivers it as successful. If the attachment is too big, so not processed by Mailscanner, it is delivered as expected on the v4 box. Its getting a lo...
by thewomble
27 May 2021 14:15
Forum: How-to
Topic: Enable TLS on EFA
Replies: 2
Views: 1571

Re: Enable TLS on EFA

Are you on EFA3 or EFA4 build, I just built an EFA4 and I seen TLS1.3 connections, and I do know its not supported on EFA3

Surprised they are only allowing TLS1.3, nothing wrong at the mo with TLS 1.2 which is supported on both versions.
by thewomble
27 May 2021 13:42
Forum: How-to
Topic: SOPHOS on EFA4
Replies: 2
Views: 1656

Re: SOPHOS on EFA4

thanks give that a go.
by thewomble
20 May 2021 20:26
Forum: How-to
Topic: SOPHOS on EFA4
Replies: 2
Views: 1656

SOPHOS on EFA4

Well I have finally got round to building an EFA4 appliance and migrated my EFA3 settings. The only task not started/completed is installing Sophos on EFA4 is there any issues I need to be aware of? Which method did you use to install? https://forum.efa-project.org/viewtopic.php?f=14&t=3506&...
by thewomble
08 Dec 2019 00:09
Forum: How-to
Topic: block MS office documents with macros
Replies: 4
Views: 4092

Re: block MS office documents with macros

I had some success in blocking using

https://github.com/fmbla/spamassassin-olemacro

but it not a silver bullet. has pdwalker says MS docs can be tricky.
by thewomble
30 Apr 2019 13:39
Forum: Discussion
Topic: messages with KAM_DRIVENUM 5.0 qurantined
Replies: 3
Views: 3561

Re: messages with KAM_DRIVENUM 5.0 qurantined

Add below into local.cf

Code: Select all

score KAM_DRIVENUM 0.0
score KAM_COUK 0.0
This will score the objects with 0
by thewomble
30 Apr 2019 13:27
Forum: Feature Requests
Topic: Option to Disable KAM
Replies: 1
Views: 6105

Re: Option to Disable KAM

in your local.cf set your own scores for the values that are giving you issues.

score KAM_LAZY_DOMAIN_SECURITY 0.00

If the rule triggers it will use the value in local.cf, so set the values as you see fit.
by thewomble
25 Jan 2019 16:53
Forum: 3.x Bugs
Topic: Overzealous double extension filter
Replies: 2
Views: 2759

Re: Overzealous double extension filter

I agree with henk, anything here with a double extension should beblocked, and is blocked here.

When I first "turned it on" I got some pain, now I cannot rememeber the last time anybody complained about it.
by thewomble
25 Jan 2019 16:48
Forum: How-to
Topic: Custom bad sites Phishtank.com
Replies: 13
Views: 36470

Re: Custom bad sites Phishtank.com

Alleyviper ok I have downloaded and it works, thanks. But how does EFA use this data? I went to www.phishtank.com and took the url at the top of the list added it into phishing.bad.sites.custom saved it reloaded MailScanner sent myself an email externally with the phishing url Could not see how it u...
by thewomble
14 Jan 2019 20:33
Forum: 3.x Bugs
Topic: Sophos AV does no more work !
Replies: 22
Views: 13452

Re: Sophos AV does no more work !

I just done a mailscanner lint test and I got email notification, thinking about I not seem a Sophos notification in a while apart from EICAR test just done. A threat was detected during an on-demand scan. Details follow: 2 files scanned. Number of infections detected: 1 Number of infected files det...
by thewomble
09 Nov 2018 15:02
Forum: How-to
Topic: SSL on 3.0.2.5 - how to?
Replies: 6
Views: 9291

Re: SSL on 3.0.2.5 - how to?

If you are using the same certificate for both TLS (mail) and HTTPS (web)

You have to make sure you have the appropiate lines in main.cf for the mail

and httpd.conf / or / ssl.conf for apache

I use a Digicert wildcard to do the same.
by thewomble
06 Nov 2018 14:37
Forum: How-to
Topic: SSL on 3.0.2.5 - how to?
Replies: 6
Views: 9291

Re: SSL on 3.0.2.5 - how to?

Is Apache running?

service httpd start

or service httpd restart

does that throw any errors?
by thewomble
26 Oct 2018 11:54
Forum: How-to
Topic: Block Office documents with Macro's and notify recipient, rulebased
Replies: 8
Views: 8629

Re: Block Office documents with Macro's and notify recipient, rulebased

I agree with above user education is key. They are the best spam dectector you have got with the correct training/education.

The spammers/malware vendors will spoof/rewrite the headers so you may end up hurting your users more with legitimate macro enabled documents depending on what you do.
by thewomble
29 Sep 2018 20:14
Forum: How-to
Topic: Internet <-> Encryption Gateway <-> EFA <-> Exchange -> How to set up? [FIXED]
Replies: 2
Views: 2202

Re: Internet <-> Encryption Gateway <-> EFA <-> Exchange -> How to set up?

What is the purpose of the Encryption Gatway? To send mail out encrypted using PKI (like PGP), or send a web messenger link if PKI is not avilable and decrypt the replies? I would recommend the inbound mail flow Internet >>> EFA >>> Encryption GW >> Exchange, EFA is be better placed the protect you ...
by thewomble
27 Sep 2018 10:53
Forum: Discussion
Topic: multiple domain
Replies: 3
Views: 3065

Re: multiple domain

in etc/postfix/main.cf add you domains to line relay_domains = domain1.com, domain2.com, domain3.com in etc/postfix/transport domain1.com smtp:[x.x.x.x] domain2.com smtp:[x.x.x.x] domain3.com smtp:[x.x.x.x] where x.x.x.x is your exchnage server remember to do "postmap /etc/postfix/transport"
by thewomble
25 Sep 2018 21:34
Forum: Discussion
Topic: multiple domain
Replies: 3
Views: 3065

Re: multiple domain

The short answer is yes, it supports as many domains as you want to front. EFA is mailgateway, it not a mail server for accounts, I use it to front an Microsoft exchange environment, so you would also a server behind for IMAP and POP accounts and webmail , eg https://www.dovecot.org/ However see htt...
by thewomble
15 Jun 2018 19:43
Forum: Discussion
Topic: TLS error
Replies: 7
Views: 5929

Re: TLS error

If you have a need/requirement enforce TLS inbound from certain domains. This is an HOW TO: create a file /etc/postfix/tls_server_policy_sender sender-must-be-tls.com reject_plaintext_session In main.cf add check_sender_access hash:/etc/postfix/tls_server_policy_sender, under smtpd_sender_restrictio...
by thewomble
15 May 2018 20:29
Forum: Discussion
Topic: ARC - Authenticated Received Chain
Replies: 2
Views: 3015

Re: ARC - Authenticated Received Chain

Currently having a play with this. Compile the OpenARC package: cd git clone https://github.com/trusteddomainproject/OpenARC cd OpenARC autoreconf -fvi ./configure make make install ldconfig And check if the libs are found with: Verify that the package can be run: openarc -V openarc: OpenARC Filter ...
by thewomble
03 Jan 2018 16:02
Forum: How-to
Topic: Multiple destination server
Replies: 2
Views: 2620

Re: Multiple destination server

example.com :[gateway.example.com]

where gateway.example.com would two A records 1.1.1.1 and 1.1.1.2 it would round rob, so send to both.

or use load balancer for sending to 1.1.1.1 and 1.1.1.2 if the first is not available, do not think this logic is available in postfix.
by thewomble
09 Oct 2017 17:04
Forum: Feature Requests
Topic: View mail Log
Replies: 5
Views: 7648

Re: View mail Log

I have been using tail -f /var/log/maillog to view the maillog log in realtime via SSH I have just installed log.io which allows you view whatever log you want using a browser, plus it allows you to filter in real time. I followed https://www.tecmint.com/linux-server-log-monitoring-with-log-io/ Word...
by thewomble
09 Oct 2017 15:21
Forum: How-to
Topic: HOWTO - Mailq monitor alerting
Replies: 1
Views: 2047

HOWTO - Mailq monitor alerting

I have had an issue where the mail queue grew, which a reboot of EFA fixed, not sure why. However I wanted to create a monitor when send an email alert once this got over a certain threshold, so I created a script as below and saved it to /usr/local/bin/mailqcheck.sh Simply change alertemail variabl...