Search found 30 matches

by iglooo
11 Apr 2019 14:21
Forum: Discussion
Topic: Inbound mail queue has become slow
Replies: 5
Views: 355

Re: Inbound mail queue has become slow

:shhh: Not clear what you mean with: " It has since been moved to a physical drive - actually, 2 different drives for testing, " I use vmware, but the concept would be the same. I mean the hyperv host has multiple physical drives so initially I moved EFA from an iscsi drive to a physical drive, and...
by iglooo
10 Apr 2019 15:38
Forum: Discussion
Topic: Inbound mail queue has become slow
Replies: 5
Views: 355

Re: Inbound mail queue has become slow

Haha henk, indeed nothing has changed HOWEVER the night this happened, our hyperv host was set to reboot, and upon restarting the iscsi drive EFA lives on didn't come back online automatically. It has since been moved to a physical drive - actually, 2 different drives for testing, but the performanc...
by iglooo
10 Apr 2019 14:24
Forum: Discussion
Topic: Inbound mail queue has become slow
Replies: 5
Views: 355

Re: Inbound mail queue has become slow

Anyone?
by iglooo
09 Apr 2019 15:04
Forum: Discussion
Topic: Inbound mail queue has become slow
Replies: 5
Views: 355

Inbound mail queue has become slow

Hey, Normally any inbound queues get processed within a second or so but today I've noticed it can take upwards of 15 seconds. Spam learning takes very long to process too. Here's lint for mailscanner and spamassassin: Apr 9 10:57:34.635 [41763] dbg: rules: __HAS_LIST_ID merged duplicates: __ML2 0.6...
by iglooo
11 Mar 2019 13:17
Forum: 4.x Testing
Topic: Webmin in EFA4
Replies: 14
Views: 1241

Re: Webmin in EFA4

Does it really matter if the admin site is sitting behind a firewall? I don't see why anyone in their right mind would open mailwatch/webadmin pages to the world
by iglooo
11 Mar 2019 13:13
Forum: 3.x Bugs
Topic: [re-fixed] Outgoing mail stuck in queue
Replies: 1
Views: 196

Re: [re-fixed] Outgoing mail stuck in queue

How did you fix the yar/yara and duplicate database issues? Thankfully my EFA is working well but someone might find the fix useful
by iglooo
08 Mar 2019 18:36
Forum: 3.x Bugs
Topic: Can't view headers
Replies: 1
Views: 180

Re: Can't view headers

It's because of GeoIP v1 discontinuation. Search the forums - henk has uploaded a working version
by iglooo
04 Mar 2019 15:41
Forum: Discussion
Topic: Notification at the top of each email
Replies: 6
Views: 508

Re: Notification at the top of each email

ASEsysadmin wrote:
01 Mar 2019 17:44
Why not just do this the right way and use an SPF record.
SPF does nothing to prevent spoofed names
by iglooo
20 Feb 2019 16:53
Forum: 3.x How-to
Topic: Can't allow specific double extensions
Replies: 3
Views: 239

Re: Can't allow specific double extensions

Update! Got it working. Turns out it matters where in /etc/MailScanner/filename.rules.conf you add your entries - I had been adding the exception for doc.pdf after "deny all other double file extensions", and moving the entry right above it fixed the issue
by iglooo
20 Feb 2019 16:38
Forum: Discussion
Topic: How to reject mail to unknown user instead of sending a bounce?
Replies: 4
Views: 329

Re: How to reject mail to unknown user instead of sending a bounce?

Gotcha! I added reject_unverified_recipient and set up relay to exchange:2525 because exchange 2013 doesn't check rcpt:to on port 25 Just to make sure, what's the expected behavior? The sender doesn't get any bounce backs if the user doesn't exist, correct? I see "NOQUEUE: reject" in maillog, but gm...
by iglooo
19 Feb 2019 17:52
Forum: Discussion
Topic: How to reject mail to unknown user instead of sending a bounce?
Replies: 4
Views: 329

Re: How to reject mail to unknown user instead of sending a bounce?

Hm.. I see. It doesn't sound exactly ideal - how do you have it personally configured?

In the meantime I've configured "maximal_queue_lifetime = 1d" so at least the outgoing queue won't get filled up over 5 days with messages that will never make it out
by iglooo
14 Feb 2019 19:32
Forum: Discussion
Topic: How to reject mail to unknown user instead of sending a bounce?
Replies: 4
Views: 329

How to reject mail to unknown user instead of sending a bounce?

There's countless bounces sent out every day by postfix in reply to spam sent to unknown users. How can we flat out reject said emails instead of sending a bounce to a (most likely) spammer? I read that you can add "virtual_alias_domains = $mydomain" to main.cf but I don't know if that would work as...
by iglooo
14 Feb 2019 17:09
Forum: 3.x How-to
Topic: Email Details Invisible
Replies: 5
Views: 337

Re: Email Details Invisible

You mean message details on mailwatch? It might be this if you're running version 3 - viewtopic.php?f=13&t=3311
by iglooo
12 Feb 2019 14:22
Forum: 3.x How-to
Topic: Releasing a password protected archive? (quarantine stored)
Replies: 8
Views: 562

Re: Releasing a password protected archive? (quarantine stored)

Swear to god that wasn't me haha. It's a relatively fresh hyperv install of 3.0.2.6 and I've only changed a handful of things Besides the default README file, there's nothing under /etc/MailScanner/conf.d pp.archive.rules lives in /etc/MailScanner/rules/ and here's the contents: FromOrTo: 127.0.0.1 ...
by iglooo
12 Feb 2019 00:06
Forum: 3.x How-to
Topic: Can't allow specific double extensions
Replies: 3
Views: 239

Re: Can't allow specific double extensions

Just tried your way and it still gets blocked. :/
Quarantine: /var/spool/MailScanner/quarantine/20190211/60EC6100105.AC00C
Report: MailScanner: Attempt to hide real filename extension (teest.doc.pdf)
by iglooo
12 Feb 2019 00:00
Forum: 3.x How-to
Topic: Releasing a password protected archive? (quarantine stored)
Replies: 8
Views: 562

Re: Releasing a password protected archive? (quarantine stored)

Sorry henk :)

I've attached my mailscanner config, appreciate you taking the time to look at it!
by iglooo
11 Feb 2019 23:36
Forum: 3.x How-to
Topic: Releasing a password protected archive? (quarantine stored)
Replies: 8
Views: 562

Re: Releasing a password protected archive? (quarantine stored)

Appreciate the input as always, hank! I've read every single thread about password protected archives on here, as well as elsewhere, and nothing really helps.

Is there any chance the server needs a reboot for the changes to take effect, because clearly restarting the mailscanner service does nothing
by iglooo
11 Feb 2019 22:27
Forum: 3.x How-to
Topic: Releasing a password protected archive? (quarantine stored)
Replies: 8
Views: 562

Re: Releasing a password protected archive? (quarantine stored)

Anyone? I don't get why it's not accepting rulesets. Same thing with double extensions getting blocked despite me allowing select few.

Is this a bug or something, or have I messed up the mailscanner config somewhere?
by iglooo
11 Feb 2019 20:02
Forum: 3.x How-to
Topic: Can't allow specific double extensions
Replies: 3
Views: 239

Can't allow specific double extensions

I'm trying to allow .doc/.docx.pdf extensions but it doesn't work with the below configuration. What am I doing wrong? I've already restarted mailscanner and I'm using tabs for spaces. Feb 11 14:42:31 efaserv MailScanner[29811]: Filename Checks: Found possible filename hiding (E569E101301.AB8C0 tees...
by iglooo
07 Feb 2019 20:30
Forum: 3.x How-to
Topic: Releasing a password protected archive? (quarantine stored)
Replies: 8
Views: 562

Re: Releasing a password protected archive? (quarantine stored)

I've tried adding a ruleset to allow localhost to receive password protected archives but that did nothing. Same with a ruleset to not scan viruses for localhost. Either way I just get a report about a blocked email, and maillog entries don't look any different no matter what I change Also followed ...
by iglooo
07 Feb 2019 16:42
Forum: 3.x How-to
Topic: Releasing a password protected archive? (quarantine stored)
Replies: 8
Views: 562

Releasing a password protected archive? (quarantine stored)

Hey, Incoming password protected archives are automatically blocked which isn't a problem but we never receive the released message after *successfully* releasing them in mailwatch. The message doesn't show up in exchange server logs either. I also noticed that the "from" field gets changed to my em...
by iglooo
06 Feb 2019 19:59
Forum: 3.x Bugs
Topic: [solved] GeoIP not working
Replies: 9
Views: 1653

Re: GeoIP not working

... And the file should be a link. [root@sansspam ~]# ls -l /usr/share/GeoIP/GeoLiteCountry.dat lrwxrwxrwx 1 root root 40 Apr 26 2018 /usr/share/GeoIP/GeoLiteCountry.dat -> /var/www/html/mailscanner/temp/GeoIP.dat Thanks for the updated database henk! Curious, why does GeoLiteCountry.dat have to be...
by iglooo
05 Feb 2019 18:43
Forum: Discussion
Topic: What happened after I released an email?
Replies: 11
Views: 715

Re: What happened after I released an email?

efa4 is still in testing right? Not a great idea to put something that's not final into production. Any idea when it's coming out?

And I did search for yara but nothing comprehensive came up
by iglooo
05 Feb 2019 17:33
Forum: Discussion
Topic: What happened after I released an email?
Replies: 11
Views: 715

Re: What happened after I released an email?

So I checked maillog again and somehow I missed this but there's countless log entries pertaining to the message loop: Jan 25 13:01:29 efaserv MailScanner[9710]: Virus Scanning: Found 1 viruses Jan 25 13:01:29 efaserv MailScanner[9710]: Spam Checks: Starting Jan 25 13:01:29 efaserv MailScanner[9710]...