efa-project.org

Feb 5 10:12:10.286 [81210] warn: config: invalid regexp for __LOCAL_FROM_TLD_1 '/@.{1,}\.com/iU': invalid end delimiter/mods 0.00229
Feb 5 10:12:10.286 [81210] warn: config: invalid regexp for __LOCAL_FROM_TLD_2 '/@.{1,}\.nl/iU': invalid end delimiter/mods 1.0E-5
Feb 5 10:12:10.286 [81210] warn ...

Your regular expression is fine, that is weird that it's not working correctly

What happens if we change it up a little?


# add points if the From address is not a valid host in a listed TLD
header __LOCAL_FROM_TLD_1 From =~ /@.{1,}\.com/iU
header __LOCAL_FROM_TLD_2 From =~ /@.{1,}\.nl/iU
header ...

Since it's a singular issue the problem is probably the script and not the efa appliance.

[uname@mx01 log]$ sudo grep "TLS connection established" maillog | sed 's/.*: //g' | sort | uniq -c | sort -rn
2773 TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
254 TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits ...

Should be configurable in main.cf. I just checked my config, it is not blocked in my config but I have no TLS 1.1 connections either.

I updated my local.cf to this


score RCVD_IN_MSPIKE_BL 0.001 2.0 0.001 2.0
score RCVD_IN_MSPIKE_L5 0.001 2.0 0.001 2.0
score RCVD_IN_MSPIKE_L4 0.001 1.8 0.001 1.8
score RCVD_IN_MSPIKE_L3 0.001 1.2 0.001 1.2
score RCVD_IN_MSPIKE_L2 0.001 0.6 0.001 0.6
score RCVD_IN_MSPIKE_H2 0.001 -0.5 0.002 -0.5 ...

Just got a chance to look at this, and it appears the hostname package was missing. strange.

Has anyone with EFA tried this yet, if so what did you think, Hoe big of a difference did it make??


The following set of regular expressions attempt to stop bot spam connections by matching the FQrDNS name of the sending IP against known consumerish rDNS patterns or other rDNS patterns likely to ...

Did you restart mailscanner after making the changes?

What happens if you do below?

Work off of this:

https://gist.github.com/adamlwatson/9623703

Or maybe a milter that runs it through this:

https://github.com/guanting112/remove_emoji

I haven't had a chance to look into this yet but it doesn't appear to be effecting anything at the moment.

/etc/cron.hourly/mailscanner:

/usr/sbin/ms-check: line 40: hostname: command not found

From the docs:
In order to apply filename and filetype checks on the contents of Zip, Rar and UU-encoded archives, they are all unpacked. The Rar archives are unpacked using an external "unrar" program, while Zip and UU-encoded archives are handled internally. Any archive found nested deeper than ...

I vote Rocky Linux or Debian

Rocky would be a simple transition, Debian not so much, but I do love Debian.

I don't really consider ubuntu or Devuan viable candidates.

I was spinning up a new instance on a container in my private cloud. Installed efa4 which originally did not complete successfully because i was missing yum-utils. After i installed that everything seemed to go ok. When i went to do a system restore that failed because tar was not installed. The ...

#Nothing but sig
body __KAM_SIGONLY1 /.{0,10}--/i
tflags __KAM_SIGONLY1 nosubject

meta KAM_SIGONLY (__KAM_SIGONLY1 >= 1)
score KAM_SIGONLY 1.5
describe KAM_SIGONLY Messages is (mostly) just a signature

#SigOnly spam
meta KAM_SIGONLY2 (KAM_SIGONLY + (__KAM_DIDYOUBODY + __KAM_DIDYOUSUBJ >= 1) >= 2 ...

HEre's his contact information

Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 xxx.xxxx.xxx
Cell. +39 xxx.xx.xx.xxx
Web: www.gruppocomet.it




It's probably not a wise idea to post his numbers in a public forum without his approval. I've edited ...

MXPF can be downloaded here

HEre's his contact information

Web bug / Web Beacon / Mail bug's (whatever you wqant to call them) are defused in eFa. you will need to make an exception for your mailjet

You'll need to use the "ignored web bug filenames" to bypass this in mailscanner

If that is not the problem then post the log, maybe "propagate_unmatched_extensions" is messing you up? (if its even configured) (I don't have eFa in front of me to investigate myself)

Did you check what version postfix is running. It only supports multiple delimiters in 2.11 and later

Why are you messing with the recipient delimiter at the spam gateway level? That sounds like a job for the Mail Server, the spam gateway should just be passing it on as it is.

Clever, clever indeed

From: "Antonio Figueira <antonio.figueira@example.org>" <bill@example.com>

SpamAssassin has a plugin just for this...

https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Plugin_FromNameSpoof.txt

Looks like we better mainline this one into eFa.


I just ...

Try adding the internal IP of the eFa aka 192.168.1.x to TrustedHosts

148.105.0.0/16 would be it in as 148.105.
Thes other to need to be put in as seperate /24's aka

205.201.128.
205.201.129.
etc
etc