efa-project.org

Thank you, that fixed these faulty entries.
Now these FQDNs are correctly marked as definitive fraud.

Thanks for the fast fix.

Hello, I noticed that eFa does not use the default MailScanner phishing.bad.sites.conf and phishing.safe.sites.conf. That itself is not a problem but the phishing.bad.sites.conf has invalid or not working entries. Most of the entries go like this: bad.url.com But some have ",http:" attached: bad.url...

Hello, I got asked from a collegue what happens when a spammer tries to send a mail to us and send many in periodic intervals [~5 min between each mail]. His question was, if the end user would receive a notification for every mail that was sent and classified as SPAM. So he wanted to know if the en...

I also just updated to 3.0.2.6 without any major problems but experienced the same problems I also noticed that if you use the EFA-configure that the utility cannot restart the "MailScanner": "unrecognized service" The change in the service name ("MailScanner"->"mailscanner") is probably to blame fo...

After some tinkering I found out that the problem seems to only occur when I expose the eFa using one specific IP. If I use any other IP in the same IP Range the problem does not appear. All firewall and VM settings are the same. I only changed the external IP on the portforwarding, I was not able t...

OK, here the path from the Internet to efa: Internet - Firewall - iptables - efa Here the iptables output: Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- a...

I tried setting "smtpd_client_event_limit_exceptions" to the connecting client IPs so that the anvil ignores these IPs, but that did not help.

Is there another setting I could try.

Do you mean the my firewall in front of the efa or a service installed within the efa appliance? In front of the efa appliance is a Fortigate Firewall with a simple "Virtual IP" (Portforwarding) setup. No Filters are applied, so traffic is not scanned or filtered. If you mean a firewall in the efa a...

hello, I was able to further test the behavior using verbose logging. postfix can see the connection but for some reason does nothing for exactly 10 seconds, that is too long of a delay for the client and it closes the connection itself. Here the entry from the session from the log: Dec 13 10:55:04 ...

Hello, check is run from an external machine on the internet. I just connect to the 25 port using any SMTP client, eg, telnet using port 25 or putty using 25. As soon as I click connect (or press Enter) I see a blank screen for about 10 seconds and then I get 220 response from postfix. The problem o...

Hello, the tool opens a SMTP connection on port 25, the delay occurs at this point, only after ~10 seconds I get the first answer from the server. I checked the maillog and there I can only see the client after the 10 seconds. Is there another log which tracks connections, that I could check? Regards

Hello, I am currently in the process of setting up eFa in our environment. It works great so far, but I have one issue regarding our external monitoring software. After a few requests from our monitoring software it shows that the response times spikes for a period of time. Could this be a feature o...