efa-project.org

Thank you, that fixed these faulty entries.
Now these FQDNs are correctly marked as definitive fraud.

Thanks for the fast fix.

Hello,

I noticed that eFa does not use the default MailScanner phishing.bad.sites.conf and phishing.safe.sites.conf.

That itself is not a problem but the phishing.bad.sites.conf has invalid or not working entries.

Most of the entries go like this:
bad.url.com

But some have ",http:" attached ...

Hello,

I got asked from a collegue what happens when a spammer tries to send a mail to us and send many in periodic intervals [~5 min between each mail].
His question was, if the end user would receive a notification for every mail that was sent and classified as SPAM.
So he wanted to know if the ...

I also just updated to 3.0.2.6 without any major problems but experienced the same problems

I also noticed that if you use the EFA-configure that the utility cannot restart the "MailScanner": "unrecognized service"
The change in the service name ("MailScanner"->"mailscanner") is probably to blame ...

After some tinkering I found out that the problem seems to only occur when I expose the eFa using one specific IP.
If I use any other IP in the same IP Range the problem does not appear.

All firewall and VM settings are the same. I only changed the external IP on the portforwarding, I was not able ...

OK, here the path from the Internet to efa:
Internet - Firewall - iptables - efa

Here the iptables output:


Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp ...

I tried setting "smtpd_client_event_limit_exceptions" to the connecting client IPs so that the anvil ignores these IPs, but that did not help.

Is there another setting I could try.

Do you mean the my firewall in front of the efa or a service installed within the efa appliance?

In front of the efa appliance is a Fortigate Firewall with a simple "Virtual IP" (Portforwarding) setup. No Filters are applied, so traffic is not scanned or filtered.

If you mean a firewall in the efa ...

hello,

I was able to further test the behavior using verbose logging.

postfix can see the connection but for some reason does nothing for exactly 10 seconds, that is too long of a delay for the client and it closes the connection itself.

Here the entry from the session from the log:
Dec 13 10:55 ...

Hello,

check is run from an external machine on the internet.

I just connect to the 25 port using any SMTP client, eg, telnet using port 25 or putty using 25.
As soon as I click connect (or press Enter) I see a blank screen for about 10 seconds and then I get 220 response from postfix.

The ...

Hello,

the tool opens a SMTP connection on port 25, the delay occurs at this point, only after ~10 seconds I get the first answer from the server.

I checked the maillog and there I can only see the client after the 10 seconds.
Is there another log which tracks connections, that I could check ...

Hello,

I am currently in the process of setting up eFa in our environment.

It works great so far, but I have one issue regarding our external monitoring software.
After a few requests from our monitoring software it shows that the response times spikes for a period of time.

Could this be a ...