Thank you, that fixed these faulty entries.
Now these FQDNs are correctly marked as definitive fraud.
Thanks for the fast fix.
Search found 12 matches
- 09 Nov 2018 07:39
- Forum: 3.x Bugs
- Topic: Defective entries in phishing.bad.sites.conf
- Replies: 3
- Views: 5053
- 08 Nov 2018 11:11
- Forum: 3.x Bugs
- Topic: Defective entries in phishing.bad.sites.conf
- Replies: 3
- Views: 5053
Defective entries in phishing.bad.sites.conf
Hello, I noticed that eFa does not use the default MailScanner phishing.bad.sites.conf and phishing.safe.sites.conf. That itself is not a problem but the phishing.bad.sites.conf has invalid or not working entries. Most of the entries go like this: bad.url.com But some have ",http:" attache...
- 28 Mar 2018 14:45
- Forum: Discussion
- Topic: Too many notifications
- Replies: 0
- Views: 2270
Too many notifications
Hello, I got asked from a collegue what happens when a spammer tries to send a mail to us and send many in periodic intervals [~5 min between each mail]. His question was, if the end user would receive a notification for every mail that was sent and classified as SPAM. So he wanted to know if the en...
- 03 Jan 2018 14:12
- Forum: 3.x Bugs
- Topic: update 3.0.2.5 - > 3.0.2.6
- Replies: 10
- Views: 9702
Re: update 3.0.2.5 - > 3.0.2.6
I also just updated to 3.0.2.6 without any major problems but experienced the same problems I also noticed that if you use the EFA-configure that the utility cannot restart the "MailScanner": "unrecognized service" The change in the service name ("MailScanner"->"ma...
- 02 Jan 2018 12:54
- Forum: How-to
- Topic: Monitoring Software - delayed responses
- Replies: 15
- Views: 8362
Re: Monitoring Software - delayed responses
After some tinkering I found out that the problem seems to only occur when I expose the eFa using one specific IP. If I use any other IP in the same IP Range the problem does not appear. All firewall and VM settings are the same. I only changed the external IP on the portforwarding, I was not able t...
- 19 Dec 2017 07:50
- Forum: How-to
- Topic: Monitoring Software - delayed responses
- Replies: 15
- Views: 8362
Re: Monitoring Software - delayed responses
OK, here the path from the Internet to efa: Internet - Firewall - iptables - efa Here the iptables output: Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- a...
- 15 Dec 2017 11:01
- Forum: How-to
- Topic: Monitoring Software - delayed responses
- Replies: 15
- Views: 8362
Re: Monitoring Software - delayed responses
I tried setting "smtpd_client_event_limit_exceptions" to the connecting client IPs so that the anvil ignores these IPs, but that did not help.
Is there another setting I could try.
Is there another setting I could try.
- 14 Dec 2017 07:11
- Forum: How-to
- Topic: Monitoring Software - delayed responses
- Replies: 15
- Views: 8362
Re: Monitoring Software - delayed responses
Do you mean the my firewall in front of the efa or a service installed within the efa appliance? In front of the efa appliance is a Fortigate Firewall with a simple "Virtual IP" (Portforwarding) setup. No Filters are applied, so traffic is not scanned or filtered. If you mean a firewall in...
- 13 Dec 2017 10:13
- Forum: How-to
- Topic: Monitoring Software - delayed responses
- Replies: 15
- Views: 8362
Re: Monitoring Software - delayed responses
hello, I was able to further test the behavior using verbose logging. postfix can see the connection but for some reason does nothing for exactly 10 seconds, that is too long of a delay for the client and it closes the connection itself. Here the entry from the session from the log: Dec 13 10:55:04 ...
- 12 Dec 2017 10:29
- Forum: How-to
- Topic: Monitoring Software - delayed responses
- Replies: 15
- Views: 8362
Re: Monitoring Software - delayed responses
Hello, check is run from an external machine on the internet. I just connect to the 25 port using any SMTP client, eg, telnet using port 25 or putty using 25. As soon as I click connect (or press Enter) I see a blank screen for about 10 seconds and then I get 220 response from postfix. The problem o...
- 12 Dec 2017 07:34
- Forum: How-to
- Topic: Monitoring Software - delayed responses
- Replies: 15
- Views: 8362
Re: Monitoring Software - delayed responses
Hello, the tool opens a SMTP connection on port 25, the delay occurs at this point, only after ~10 seconds I get the first answer from the server. I checked the maillog and there I can only see the client after the 10 seconds. Is there another log which tracks connections, that I could check? Regards
- 06 Dec 2017 16:19
- Forum: How-to
- Topic: Monitoring Software - delayed responses
- Replies: 15
- Views: 8362
Monitoring Software - delayed responses
Hello, I am currently in the process of setting up eFa in our environment. It works great so far, but I have one issue regarding our external monitoring software. After a few requests from our monitoring software it shows that the response times spikes for a period of time. Could this be a feature o...