efa-project.org

you need to add the sending server to mynetworks in postfix main.cf, however I believe that it only accepts IP addresses, not hostnames, so you might need to write a script that updates the mynetworks section every time it detects a change in IP address for your host.

http://www.postfix.org/BASIC ...

There is a technique that has been exploited recently where messages can be bundled and one sneaks through.
There should be an update for postfix to catch this soon.
Also make sure that there is no way that someone can send mail directly to your mailserver from the internet, bypassing the eFa ...

I'm not sure that this is a good idea even if it was possible.
Why would you want to do this?

This is how I set the hostname in my (not eFa) build script on Debian 12.
This should be pretty close to working on RHEL clones


# Set Hostname etc.
hostnamectl set-hostname $FQDN
sleep 5
HN=$(hostname -s)
MYDOMAIN=$(hostname -d)
MYIP=$(hostname -I)

# Rebuild the hosts file
echo "127.0.0.1 ...

goldengate wrote: 18 Nov 2023 00:00 I have been idly considering how to migrate our small efa host from CentOS 7 to Rocky 8.

Honestly, I'd do a parallel install, then cut over... That migration sounds like it's way too much work...

Well Debian 12 works great, but what I have ended up with doesn't really resemble ESVA or EFA.
No Mailwatch, No MailScanner, No Quarantine, No WebMin, No Greylisting, no MySQL, no GUI...

It's a distributed system with the capability to have many parallel nodes so pretty scalable with no SPOF.

That'll work

Frustrating...
The domains and senders usually end up on the realtime (paid) lists fairly quickly.
I'd suggest rather than blocking the domains, create a custom spamassassin rule that scores messages from those domains quite high - like 4.0 so they are at an immediate disadvantage. Anything minor ...

I'm kind of over hosting stuff on Azure. For quick tests I tend to fire up a local VM. If I need anything long term I add another VPS from my VPS provider, and if it's just a quick test that needs full inbound internet connectivity, then I will fire up an Azure VM for the few hours that I need it ...

I'd suggest keeping it in the same family - stream 9 and rocky 9 are pretty much identical, but another distro family is always going to be a problem when there are as many moving parts as EFA. Trust me - I tried and failed miserably porting to Debian 12 Bookworm. MailScanner really did not want to ...

In that case you can create a file with extension .cf in /etc/spamassassin and put a line like this in it so that spamassassin ignores your internal server.

That's correct Shawn. I have an override score to 0.0 for that SpamAssassin rule

The commercial RBLs have a new domains filter.
You are unlikely to see legit mail from these scam sub domains anyway

You can add RBLs and other feeds, including non-standard ClamAV definitions.

If you are interested, I'm looking for beta testers for free on my commercial platform. I need to ad volume of real mail to fine-tune the platform and discover capacity and usability limits.

The platform is not based on ...

Increase the number of children

Here's a tricky one...
Does anyone know of a plugin or method for detecting QR codes in emails and if they are malicious or not (i guess the URL needs to be extracted and checked against the known phish/scam sites).
There is software that can read the QRcodes like zbarimg (in zbar-tools package in ...

So... Where to start...
After a few false starts and some late nights I have what I think is a good foundation.

I tried and failed with MailScanner - I don't think the problem is with MailScanner itself, but a lack of stability in perl modules, and perhaps MailScanner has kind of been superseded as ...

Not much help, but DKIM shouldn't be looking at anything except the headers...
Is it the opendkim milter or is it MailScanner/spamassassin that's killing the message?
I guess if you're seeing it in Mailwatch, then it's not the milter because that would kill the message before it hits MailScanner...

Jumpstarting this necro-thread.

Long story short, I'm working on a Debian 12 based build. It's a bit rough around the edges at the moment, but I'm just about ready to move it from the lab onto an external test server once I resolve a clamav issue.
There's no MailWatch yet, and it's also missing a ...

You know what would be great?
A tweak to MailWatch to show not only the load averages and disk space, but the memory consumption and disk queues...

Just one more thing - These kind of projects are run by people on a voluntary basis - no-one is getting rich from something that no-one pays for. We all have day jobs, some of us run our own businesses and this is all in everyone's spare time, or whatever is shared by people making changes for their ...

I tried it on Stream 9 and it broke spectacularly... So I'm going to say no.
I've been getting pretty annoyed with a bunch of broken stuff in the redhat stack - just simple stuff like adding users to the OS on a clean install throws up error that have persisted for years.
I've been using Debian 12 ...

I like the RedHat ecosystem, however I've been using Debian 12 for a project lately, and I'm kind of liking it...
Thinking I might have a stab at recreating things on Debian to see what roadblocks I come up against at some stage in the future. I'm pretty sure the eFa build scripts can be tweaked to ...

Sorry to resurrect this necro-thread, but I'm going through some sizing exercises at the moment.
I guess it's going to depend mostly on the number of MailScanner threads you elect to run and your users appetite for delays if mail starts backing up.
I'd start by looking at the actual load on your ...

Good security practice means not logging in directly as root, which means that the installer for eFa won't run as the standard command.
It's simple to get it to work though rather than switching to the root account or having to force a root password change in order to switch using su...

sudo curl ...