Search found 32 matches

by iglooo
28 Oct 2019 14:01
Forum: How-to
Topic: Converting mailscanner quarantine files to .eml files?
Replies: 1
Views: 4166

Re: Converting mailscanner quarantine files to .eml files?

This was pretty time sensitive so I've found a workaround. I'm sure there's more elegant and proper ways to do this, but you can follow this if you're in a pinch: First, add the admin user to group called mtagroup. usermod -a -G mtagroup admin Then, you can use WinSCP to transfer the MailScanner qua...
by iglooo
28 Oct 2019 12:44
Forum: How-to
Topic: Converting mailscanner quarantine files to .eml files?
Replies: 1
Views: 4166

Converting mailscanner quarantine files to .eml files?

Hi,

Does anyone here know how to convert mailscanner quarantine files to .eml format? Or any other format, that I can then convert to .eml?
by iglooo
11 Apr 2019 14:21
Forum: Discussion
Topic: Inbound mail queue has become slow
Replies: 5
Views: 4780

Re: Inbound mail queue has become slow

:shhh: Not clear what you mean with: " It has since been moved to a physical drive - actually, 2 different drives for testing, " I use vmware, but the concept would be the same. I mean the hyperv host has multiple physical drives so initially I moved EFA from an iscsi drive to a physical ...
by iglooo
10 Apr 2019 15:38
Forum: Discussion
Topic: Inbound mail queue has become slow
Replies: 5
Views: 4780

Re: Inbound mail queue has become slow

Haha henk, indeed nothing has changed HOWEVER the night this happened, our hyperv host was set to reboot, and upon restarting the iscsi drive EFA lives on didn't come back online automatically. It has since been moved to a physical drive - actually, 2 different drives for testing, but the performanc...
by iglooo
10 Apr 2019 14:24
Forum: Discussion
Topic: Inbound mail queue has become slow
Replies: 5
Views: 4780

Re: Inbound mail queue has become slow

Anyone?
by iglooo
09 Apr 2019 15:04
Forum: Discussion
Topic: Inbound mail queue has become slow
Replies: 5
Views: 4780

Inbound mail queue has become slow

Hey, Normally any inbound queues get processed within a second or so but today I've noticed it can take upwards of 15 seconds. Spam learning takes very long to process too. Here's lint for mailscanner and spamassassin: Apr 9 10:57:34.635 [41763] dbg: rules: __HAS_LIST_ID merged duplicates: __ML2 0.6...
by iglooo
11 Mar 2019 13:17
Forum: 4.x Bugs
Topic: Webmin in EFA4
Replies: 17
Views: 11392

Re: Webmin in EFA4

Does it really matter if the admin site is sitting behind a firewall? I don't see why anyone in their right mind would open mailwatch/webadmin pages to the world
by iglooo
11 Mar 2019 13:13
Forum: 3.x Bugs
Topic: [re-fixed] Outgoing mail stuck in queue
Replies: 1
Views: 2457

Re: [re-fixed] Outgoing mail stuck in queue

How did you fix the yar/yara and duplicate database issues? Thankfully my EFA is working well but someone might find the fix useful
by iglooo
08 Mar 2019 18:36
Forum: 3.x Bugs
Topic: Can't view headers
Replies: 1
Views: 2413

Re: Can't view headers

It's because of GeoIP v1 discontinuation. Search the forums - henk has uploaded a working version
by iglooo
04 Mar 2019 15:41
Forum: Discussion
Topic: Notification at the top of each email
Replies: 6
Views: 4987

Re: Notification at the top of each email

ASEsysadmin wrote: 01 Mar 2019 17:44 Why not just do this the right way and use an SPF record.
SPF does nothing to prevent spoofed names
by iglooo
20 Feb 2019 16:53
Forum: How-to
Topic: Can't allow specific double extensions
Replies: 4
Views: 5780

Re: Can't allow specific double extensions

Update! Got it working. Turns out it matters where in /etc/MailScanner/filename.rules.conf you add your entries - I had been adding the exception for doc.pdf after "deny all other double file extensions", and moving the entry right above it fixed the issue
by iglooo
20 Feb 2019 16:38
Forum: Discussion
Topic: How to reject mail to unknown user instead of sending a bounce?
Replies: 4
Views: 3708

Re: How to reject mail to unknown user instead of sending a bounce?

Gotcha! I added reject_unverified_recipient and set up relay to exchange:2525 because exchange 2013 doesn't check rcpt:to on port 25 Just to make sure, what's the expected behavior? The sender doesn't get any bounce backs if the user doesn't exist, correct? I see "NOQUEUE: reject" in maill...
by iglooo
19 Feb 2019 17:52
Forum: Discussion
Topic: How to reject mail to unknown user instead of sending a bounce?
Replies: 4
Views: 3708

Re: How to reject mail to unknown user instead of sending a bounce?

Hm.. I see. It doesn't sound exactly ideal - how do you have it personally configured?

In the meantime I've configured "maximal_queue_lifetime = 1d" so at least the outgoing queue won't get filled up over 5 days with messages that will never make it out
by iglooo
14 Feb 2019 19:32
Forum: Discussion
Topic: How to reject mail to unknown user instead of sending a bounce?
Replies: 4
Views: 3708

How to reject mail to unknown user instead of sending a bounce?

There's countless bounces sent out every day by postfix in reply to spam sent to unknown users. How can we flat out reject said emails instead of sending a bounce to a (most likely) spammer? I read that you can add "virtual_alias_domains = $mydomain" to main.cf but I don't know if that wou...
by iglooo
14 Feb 2019 17:09
Forum: How-to
Topic: Email Details Invisible
Replies: 5
Views: 5555

Re: Email Details Invisible

You mean message details on mailwatch? It might be this if you're running version 3 - viewtopic.php?f=13&t=3311
by iglooo
12 Feb 2019 14:22
Forum: How-to
Topic: Releasing a password protected archive? (quarantine stored)
Replies: 8
Views: 6913

Re: Releasing a password protected archive? (quarantine stored)

Swear to god that wasn't me haha. It's a relatively fresh hyperv install of 3.0.2.6 and I've only changed a handful of things Besides the default README file, there's nothing under /etc/MailScanner/conf.d pp.archive.rules lives in /etc/MailScanner/rules/ and here's the contents: FromOrTo: 127.0.0.1 ...
by iglooo
12 Feb 2019 00:06
Forum: How-to
Topic: Can't allow specific double extensions
Replies: 4
Views: 5780

Re: Can't allow specific double extensions

Just tried your way and it still gets blocked. :/
Quarantine: /var/spool/MailScanner/quarantine/20190211/60EC6100105.AC00C
Report: MailScanner: Attempt to hide real filename extension (teest.doc.pdf)
by iglooo
12 Feb 2019 00:00
Forum: How-to
Topic: Releasing a password protected archive? (quarantine stored)
Replies: 8
Views: 6913

Re: Releasing a password protected archive? (quarantine stored)

Sorry henk :)

I've attached my mailscanner config, appreciate you taking the time to look at it!
by iglooo
11 Feb 2019 23:36
Forum: How-to
Topic: Releasing a password protected archive? (quarantine stored)
Replies: 8
Views: 6913

Re: Releasing a password protected archive? (quarantine stored)

Appreciate the input as always, hank! I've read every single thread about password protected archives on here, as well as elsewhere, and nothing really helps.

Is there any chance the server needs a reboot for the changes to take effect, because clearly restarting the mailscanner service does nothing
by iglooo
11 Feb 2019 22:27
Forum: How-to
Topic: Releasing a password protected archive? (quarantine stored)
Replies: 8
Views: 6913

Re: Releasing a password protected archive? (quarantine stored)

Anyone? I don't get why it's not accepting rulesets. Same thing with double extensions getting blocked despite me allowing select few.

Is this a bug or something, or have I messed up the mailscanner config somewhere?
by iglooo
11 Feb 2019 20:02
Forum: How-to
Topic: Can't allow specific double extensions
Replies: 4
Views: 5780

Can't allow specific double extensions

I'm trying to allow .doc/.docx.pdf extensions but it doesn't work with the below configuration. What am I doing wrong? I've already restarted mailscanner and I'm using tabs for spaces. Feb 11 14:42:31 efaserv MailScanner[29811]: Filename Checks: Found possible filename hiding (E569E101301.AB8C0 tees...
by iglooo
07 Feb 2019 20:30
Forum: How-to
Topic: Releasing a password protected archive? (quarantine stored)
Replies: 8
Views: 6913

Re: Releasing a password protected archive? (quarantine stored)

I've tried adding a ruleset to allow localhost to receive password protected archives but that did nothing. Same with a ruleset to not scan viruses for localhost. Either way I just get a report about a blocked email, and maillog entries don't look any different no matter what I change Also followed ...
by iglooo
07 Feb 2019 16:42
Forum: How-to
Topic: Releasing a password protected archive? (quarantine stored)
Replies: 8
Views: 6913

Releasing a password protected archive? (quarantine stored)

Hey, Incoming password protected archives are automatically blocked which isn't a problem but we never receive the released message after *successfully* releasing them in mailwatch. The message doesn't show up in exchange server logs either. I also noticed that the "from" field gets change...
by iglooo
06 Feb 2019 19:59
Forum: 3.x Bugs
Topic: [solved] GeoIP not working
Replies: 10
Views: 56645

Re: GeoIP not working

... And the file should be a link. [root@sansspam ~]# ls -l /usr/share/GeoIP/GeoLiteCountry.dat lrwxrwxrwx 1 root root 40 Apr 26 2018 /usr/share/GeoIP/GeoLiteCountry.dat -> /var/www/html/mailscanner/temp/GeoIP.dat Thanks for the updated database henk! Curious, why does GeoLiteCountry.dat have to be...