efa-project.org

Thanks for the suggestion, the chances of getting port 80 opened from the outside are zero!

After doing a bit of reading of postfix, I've enabled TLS manually using the SSL cert I already head for the web interface. Just means an extra step to remember next year when the cert needs to be replaced.

We were interested in turning on TLS on our EFA box (latest version). From reading on here, it seems I just needed to enable Let's Encrypt but ran into the problem below as the server is behind a firewall that only allows SMTP traffic through.


Would you like to Enable Let's Encrypt? [y/n/c]
y ...

This probably doesn't make a difference but I noticed the yum reports this message whenever I do an update.

Invalid configuration value: failovermethod=priority in /etc/yum.repos.d/eFa4.repo; Configuration: OptionBinding with id "failovermethod" does not exist

I commented out that line which got ...

After a morning reading about postfix config, I think I've a check now that lets this junk through from Salesforce but still blocks the spammers.

In main.cf I've modified:

smtpd_sender_restrictions = permit_sasl_authenticated, check_sender_access pcre:/etc/postfix/allow_salesforce_junk , reject ...

Lots of vendors we deal with (Dell, Cadence & others) are now using Salesforce for handing customer queries. Problem is that all such emails are rejected by EFA due to the fabricated domains that Salesforce use for sending emails. e.g.

Jan 4 15:34:55 efa postfix/smtpd[26850]: NOQUEUE: reject: RCPT ...

Thanks for this info, recently people have started using Docusign internally which has been bombarding us with .doc.pdf files which were getting blocked. This rule addition makes life a lot easier.

I found how to not scan outgoing content by changing the content.scanning.rules file in /etc/MailScanner/rules. It's not the ideal solution so if anyone has any better suggestions would appreciate it.

We're still using 3.0.2.6 as haven't got round to moving v4 just yet. One thing I've noticed is that outgoing mail is scanned & if it's blocked it doesn't get included in the quarantine report sent to the user. This cropped up as someone accidentally sent an attachment with a dodgy extension which ...

Just to confirm (as you might expect) this works fine for VMware environments as well. Thanks!

I'll give this a try tomorrow as bit too busy at work today.

Similar to the above, shouldn't be a problem cloning our existing efa VM to test a migration.

Just tried an install of this into a fresh VM using the kickstart file, the install went ok although looks like it shut itself down rather than rebooting when it finished (wasn't watching it sorry). After I powered it on again, it went through the initial setup and looks to be alive & well. I was ...

We're using efa for outgoing email also which is working fine but my boss asked me to check if there was a way to turn disable the spam checking in this case? Although personally I'm not sure why you might want to :?:

Actually just realised we could presumably just whitelist our own domain & that ...

Old topic I know but I just did this to get rid of the warning when users connect to the server to check spam etc. Where I work can generate our own certs so all I had to do was change three lines in the ssl.conf file:

SSLCertificateFile /etc/pki/tls/certs/efa_domainname_ie.crt ...

Just started using EFA as a replacement for an aging home-grown anti-spam/antivirus system. Looking good so far for the test group as they've noticed nothing