efa-project.org

Hi Guys

i have scripted a small solution that will be started by a cron job.

you need a file with your spamtrap addresses (one per line) and read this in the script.

#Read a File with some Spamtrap Addresses and extracts information from maillog

while read sender
do
grep $sender /var/log ...

Hi shawniverson

thx for your reply.

the path in /etc/MailScanner/virus.scanners.conf is correct.

should i disable sophos daemon?

thx!

Hi Guys

i got the following issue. Sophos is installed on my EFA. Sophos will detect the Malware and a E-Mail will be sent:


Subject: [SAV-LINUX] Threat 'Troj/RtfExp-EP' detected on efa.domain.local

A threat classified as 'Troj/RtfExp-EP' was detected in the file '/var/spool/MailScanner/incoming ...

Hey Guys

i have the same issues here... EFA-3.0.2.6.


Maximum Archive Depth = 4
Find Archives By Content = yes


in /etc/archive.filetype.rules.conf i have the following line:
deny \.exe$ Windows/DOS Executable Executable DOS/Windows programs are dangerous in email

Also Sophos will detect the ...

Hey Guys
Today i found an Article on heise.de about phishing with QR Codes. Does anyone of you Guys already has a solution to solve this challenge, or any idea how to solve this problem by creating a Spamassassing Plugin.
My experience is no that deep, to create plugins, but there should be any ...

Hi Guys

if anyone has published some spamtrap Mailaddresses here you can find a small script that will autolearn each mail that arrives to this addresses.

Before Start:
You need to create a file with your spamtrap addresses listed. in my case the file is in "/scripts/spamtrap_addresses ...

sorry Nicola

i shame on me... i found the error. the uriskip.cf file was missing! everything works fine now!

thx a lot! buon estate

actually i did not modified anything expect the VURIFIXED Parameter

Ciao Nicola

Unfortunately the script ist not running on my efa box... i'll the the following output

./uriskip.sh: line 10:
: command not found
./uriskip.sh: line 42:
: command not found
./uriskip.sh: line 43:
: command not found
./uriskip.sh: line 47:
: command not found
./uriskip.sh: line 48 ...

Hi Guys

i have extended the Script with some Blacklists.

www.openphish.com
ransomwaretracker.abuse.ch
malwaredomains.com


#!/bin/bash
##############################################################
# www.phishtank.com | Phishing Sites ...

Hey Guys

i have to heat up this thread. I'd like to release a message from the quarantine and my Exchange 2013 will not receive anything... in /var/log/maillog i can find the following entry everytime i release a message:

Feb 21 15:15:35 pcm-efa postfix/sendmail[52011]: fatal: recipient@domain ...

install fail2ban and import the sender ip's to it. maybe there is a way to count


here is my Code Snippet to import ip's

wget -P /tmp/iplist http://api.blocklist.de/getlast.php?time=3600&service=mail

mv /tmp/iplist/getlast.php\?time\=3600 /tmp/iplist.txt

while read ip
do
fail2ban-client set ...

Hi genotix

nice if someone can use my script.

my spam-learn script looks similar to yours.

@pdwalker do you have any numbers of hits from the blocklist?

Found the Solution

in mailscanner.conf i had to change the following line:

line 1310 now the Mails could be released from Quarantine!

Hi Guys

i'm new with efa-project and need release a Mail from the quarantine.

the mail will be sent to the user but the mail is in a unreadable format.

the Sender of the Mail is "Apache" From: Apache <user.name@domain.com>

the Mail in Outlook looks like this

C_ 93578 821 1 0 93578 0T ...

Hi Guys

i use some additional Blacklists wich i found on https://lists.blocklist.de/lists/ the lists will be updated frequently.

like for my other scripts i use the following folder structure

home/
├── root/
├── scripts
├── learn
├── ham
└── spam

cd /home/root/scripts
#Download Mail ...

Hi Guys

for a long time i train the Mails from http://untroubled.org/spam/ to my Bayes DB. There are a lot Textmails and Mails with Attachments to train.

that i don't need to do this manual i have created some scripts that will be run every night with a cronjob:

you need the following folder ...

hi Guys i'm new with the efa-project. before i used copfilter on a old ipcop system.

from there i used the DMZS-sa-learn.pl script from https://www.dmzs.com/tools/files/spam/DMZS-sa-learn.pl to train mails directly from a Mailbox on our Exchangeserver over Imap.

i just had to change some path and ...