Thank you, that fixed these faulty entries.
Now these FQDNs are correctly marked as definitive fraud.
Thanks for the fast fix.
Search found 12 matches
- 09 Nov 2018 07:39
- Forum: 3.x Bugs
- Topic: Defective entries in phishing.bad.sites.conf
- Replies: 3
- Views: 7368
- 08 Nov 2018 11:11
- Forum: 3.x Bugs
- Topic: Defective entries in phishing.bad.sites.conf
- Replies: 3
- Views: 7368
Defective entries in phishing.bad.sites.conf
Hello,
I noticed that eFa does not use the default MailScanner phishing.bad.sites.conf and phishing.safe.sites.conf.
That itself is not a problem but the phishing.bad.sites.conf has invalid or not working entries.
Most of the entries go like this:
bad.url.com
But some have ",http:" attached ...
I noticed that eFa does not use the default MailScanner phishing.bad.sites.conf and phishing.safe.sites.conf.
That itself is not a problem but the phishing.bad.sites.conf has invalid or not working entries.
Most of the entries go like this:
bad.url.com
But some have ",http:" attached ...
- 28 Mar 2018 14:45
- Forum: Discussion
- Topic: Too many notifications
- Replies: 0
- Views: 2758
Too many notifications
Hello,
I got asked from a collegue what happens when a spammer tries to send a mail to us and send many in periodic intervals [~5 min between each mail].
His question was, if the end user would receive a notification for every mail that was sent and classified as SPAM.
So he wanted to know if the ...
I got asked from a collegue what happens when a spammer tries to send a mail to us and send many in periodic intervals [~5 min between each mail].
His question was, if the end user would receive a notification for every mail that was sent and classified as SPAM.
So he wanted to know if the ...
- 03 Jan 2018 14:12
- Forum: 3.x Bugs
- Topic: update 3.0.2.5 - > 3.0.2.6
- Replies: 10
- Views: 14507
Re: update 3.0.2.5 - > 3.0.2.6
I also just updated to 3.0.2.6 without any major problems but experienced the same problems
I also noticed that if you use the EFA-configure that the utility cannot restart the "MailScanner": "unrecognized service"
The change in the service name ("MailScanner"->"mailscanner") is probably to blame ...
I also noticed that if you use the EFA-configure that the utility cannot restart the "MailScanner": "unrecognized service"
The change in the service name ("MailScanner"->"mailscanner") is probably to blame ...
- 02 Jan 2018 12:54
- Forum: How-to
- Topic: Monitoring Software - delayed responses
- Replies: 15
- Views: 11634
Re: Monitoring Software - delayed responses
After some tinkering I found out that the problem seems to only occur when I expose the eFa using one specific IP.
If I use any other IP in the same IP Range the problem does not appear.
All firewall and VM settings are the same. I only changed the external IP on the portforwarding, I was not able ...
If I use any other IP in the same IP Range the problem does not appear.
All firewall and VM settings are the same. I only changed the external IP on the portforwarding, I was not able ...
- 19 Dec 2017 07:50
- Forum: How-to
- Topic: Monitoring Software - delayed responses
- Replies: 15
- Views: 11634
Re: Monitoring Software - delayed responses
OK, here the path from the Internet to efa:
Internet - Firewall - iptables - efa
Here the iptables output:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp ...
Internet - Firewall - iptables - efa
Here the iptables output:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp ...
- 15 Dec 2017 11:01
- Forum: How-to
- Topic: Monitoring Software - delayed responses
- Replies: 15
- Views: 11634
Re: Monitoring Software - delayed responses
I tried setting "smtpd_client_event_limit_exceptions" to the connecting client IPs so that the anvil ignores these IPs, but that did not help.
Is there another setting I could try.
Is there another setting I could try.
- 14 Dec 2017 07:11
- Forum: How-to
- Topic: Monitoring Software - delayed responses
- Replies: 15
- Views: 11634
Re: Monitoring Software - delayed responses
Do you mean the my firewall in front of the efa or a service installed within the efa appliance?
In front of the efa appliance is a Fortigate Firewall with a simple "Virtual IP" (Portforwarding) setup. No Filters are applied, so traffic is not scanned or filtered.
If you mean a firewall in the efa ...
In front of the efa appliance is a Fortigate Firewall with a simple "Virtual IP" (Portforwarding) setup. No Filters are applied, so traffic is not scanned or filtered.
If you mean a firewall in the efa ...
- 13 Dec 2017 10:13
- Forum: How-to
- Topic: Monitoring Software - delayed responses
- Replies: 15
- Views: 11634
Re: Monitoring Software - delayed responses
hello,
I was able to further test the behavior using verbose logging.
postfix can see the connection but for some reason does nothing for exactly 10 seconds, that is too long of a delay for the client and it closes the connection itself.
Here the entry from the session from the log:
Dec 13 10:55 ...
I was able to further test the behavior using verbose logging.
postfix can see the connection but for some reason does nothing for exactly 10 seconds, that is too long of a delay for the client and it closes the connection itself.
Here the entry from the session from the log:
Dec 13 10:55 ...
- 12 Dec 2017 10:29
- Forum: How-to
- Topic: Monitoring Software - delayed responses
- Replies: 15
- Views: 11634
Re: Monitoring Software - delayed responses
Hello,
check is run from an external machine on the internet.
I just connect to the 25 port using any SMTP client, eg, telnet using port 25 or putty using 25.
As soon as I click connect (or press Enter) I see a blank screen for about 10 seconds and then I get 220 response from postfix.
The ...
check is run from an external machine on the internet.
I just connect to the 25 port using any SMTP client, eg, telnet using port 25 or putty using 25.
As soon as I click connect (or press Enter) I see a blank screen for about 10 seconds and then I get 220 response from postfix.
The ...
- 12 Dec 2017 07:34
- Forum: How-to
- Topic: Monitoring Software - delayed responses
- Replies: 15
- Views: 11634
Re: Monitoring Software - delayed responses
Hello,
the tool opens a SMTP connection on port 25, the delay occurs at this point, only after ~10 seconds I get the first answer from the server.
I checked the maillog and there I can only see the client after the 10 seconds.
Is there another log which tracks connections, that I could check ...
the tool opens a SMTP connection on port 25, the delay occurs at this point, only after ~10 seconds I get the first answer from the server.
I checked the maillog and there I can only see the client after the 10 seconds.
Is there another log which tracks connections, that I could check ...
- 06 Dec 2017 16:19
- Forum: How-to
- Topic: Monitoring Software - delayed responses
- Replies: 15
- Views: 11634
Monitoring Software - delayed responses
Hello,
I am currently in the process of setting up eFa in our environment.
It works great so far, but I have one issue regarding our external monitoring software.
After a few requests from our monitoring software it shows that the response times spikes for a period of time.
Could this be a ...
I am currently in the process of setting up eFa in our environment.
It works great so far, but I have one issue regarding our external monitoring software.
After a few requests from our monitoring software it shows that the response times spikes for a period of time.
Could this be a ...