Updated 17-09-2021
Comply EFA to IT Security Guidelines for Transport Layer Security (TLS) v2.1
This list contains the following in order to comply to the "IT Security Guidelines for Transport Layer Security (TLS) v2.1"
You can check your score/setting on https://en.internet.nl/ . Enter your ...
Search found 111 matches
- 16 Aug 2021 10:20
- Forum: How-to
- Topic: How-To comply EFA with TLS Guidelines
- Replies: 0
- Views: 8422
- 15 Jul 2021 12:08
- Forum: How-to
- Topic: Massive spam attack - how to block?
- Replies: 1
- Views: 5247
Massive spam attack - how to block?
Hi all,
I'm currently receiving a lot of spam email all to my domain.
They are not originating from our IP, so SPF is doing it's job but i still have a lagging spamfilter due too all spam emails.
Just for the idea, my Milter Inbound hasnt dropped under 2000 all day.
https://i.imgur.com/rJ9M0ng ...
I'm currently receiving a lot of spam email all to my domain.
They are not originating from our IP, so SPF is doing it's job but i still have a lagging spamfilter due too all spam emails.
Just for the idea, my Milter Inbound hasnt dropped under 2000 all day.
https://i.imgur.com/rJ9M0ng ...
- 13 Jul 2021 12:41
- Forum: Discussion
- Topic: Let's Encrypt is not auto-renewing
- Replies: 1
- Views: 19146
Let's Encrypt is not auto-renewing
Hi everyone,
I'm currently facing the following with two of my EFA machines. All the others are functioning corretly.
Let's Encrypt is not auto-renewing on these two hosts.
------
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache ...
I'm currently facing the following with two of my EFA machines. All the others are functioning corretly.
Let's Encrypt is not auto-renewing on these two hosts.
------
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache ...
- 12 Jul 2021 08:10
- Forum: Feature Requests
- Topic: EFA4 Cluster?
- Replies: 6
- Views: 31127
Re: EFA4 Cluster?
Any news on this cluster function?
- 12 May 2020 07:07
- Forum: How-to
- Topic: Blacklist To user
- Replies: 0
- Views: 5049
Blacklist To user
Hi there,
Is there a possibility to blacklist a To address?
We are receiving a big amount of spam in our filter and report to a mailbox which is not in use for years.
Blacklisting the From is not possible since it's empty for some reason and the IP's are constantly changing of this spammers ...
Is there a possibility to blacklist a To address?
We are receiving a big amount of spam in our filter and report to a mailbox which is not in use for years.
Blacklisting the From is not possible since it's empty for some reason and the IP's are constantly changing of this spammers ...
- 04 May 2020 10:04
- Forum: Feature Requests
- Topic: EFA4 Cluster?
- Replies: 6
- Views: 31127
Re: EFA4 Cluster?
Hi Shawn,shawniverson wrote: 26 Nov 2019 22:43 Yep, in the works. Evaluating a candidate mailscanner admin interface to facilitate this currently.
Any news on this topic?

Kind regards and stay safe!
- 14 Feb 2020 08:03
- Forum: Feature Requests
- Topic: Outdated TLS
- Replies: 2
- Views: 4441
Outdated TLS
Since TLS 1.0 and TLS 1.1 will be phased out on March 2020, i would like to suggest removing/disabling it in EFA.
An additional request would be to integrate the Mozilla SSL Config list, which contains all the secure cihpers so you don't have to edit/remove them manually. (https://ssl-config ...
An additional request would be to integrate the Mozilla SSL Config list, which contains all the secure cihpers so you don't have to edit/remove them manually. (https://ssl-config ...
- 27 Nov 2019 12:06
- Forum: Feature Requests
- Topic: EFA4 Cluster?
- Replies: 6
- Views: 31127
Re: EFA4 Cluster?
This is indeed a most-wanted function here, so i will be following it with pleasure.
Let me know if you need testers Shawn
Let me know if you need testers Shawn

- 11 Nov 2019 14:04
- Forum: 4.x Bugs
- Topic: SSL uses self signed instead of Lets encrypt
- Replies: 4
- Views: 5109
Re: SSL uses self signed instead of Lets encrypt
Will this be overwritten by an update of eFa?kommunen wrote: 06 Nov 2019 07:56 That mx99.domain.nl certificate was automatically created when you installed EFA.
Its location is defined in /etc/postfix/main.cf . Look for smtpd_tls
- 11 Nov 2019 10:46
- Forum: 4.x Bugs
- Topic: EFA4.0 rc3 updates
- Replies: 12
- Views: 13876
Re: EFA4.0 rc3 updates
Just a small note with the first command
Instead of
sudo rm /etc/yum.repos.d/eFa4-Testing.repo
I had to use
sudo rm /etc/yum.repos.d/eFa4-testing.repo
Otherwise i receive a file/folder not found
- 05 Nov 2019 10:09
- Forum: 4.x Bugs
- Topic: SSL uses self signed instead of Lets encrypt
- Replies: 4
- Views: 5109
Re: SSL uses self signed instead of Lets encrypt
After using the Let's Encrypt the certificate is correct.
How can i do this with my own certificates? Seems likethe certificates used on HTTPS are not the same used on Postfix/EFA
How can i do this with my own certificates? Seems likethe certificates used on HTTPS are not the same used on Postfix/EFA
- 05 Nov 2019 09:03
- Forum: Discussion
- Topic: Forward to email
- Replies: 4
- Views: 8027
Re: Forward to email
Instead of emailing it from EFA to a mailserver, directly to a mail adres like user@domain.nl
Like a catch-all emailbox
Like a catch-all emailbox
- 05 Nov 2019 09:00
- Forum: 4.x Bugs
- Topic: SSL uses self signed instead of Lets encrypt
- Replies: 4
- Views: 5109
SSL uses self signed instead of Lets encrypt
Hi there,
I'm using "hardenize" and "STARTTLS Everywhere" to check all my domain records, and both are giving errors on my MX server.
I have a EFA 3.2.6 server and a EFA 4 RC3 server which both give the same error/result
For some reason the tools pick up a Self-Signed certificate, which i've never ...
I'm using "hardenize" and "STARTTLS Everywhere" to check all my domain records, and both are giving errors on my MX server.
I have a EFA 3.2.6 server and a EFA 4 RC3 server which both give the same error/result
For some reason the tools pick up a Self-Signed certificate, which i've never ...
- 02 Sep 2019 08:57
- Forum: Discussion
- Topic: Forward to email
- Replies: 4
- Views: 8027
Forward to email
Hi there,
Would it be possible to forward all emails to a email address instead of a server?
What i mean is, adding a mailaddress to a domain in "Transport Mapping" instead of smtp:[server]
This way i could save a lot of "forwarder" Mailboxes on my Exchange, which saves licensing costs.
Kind ...
Would it be possible to forward all emails to a email address instead of a server?
What i mean is, adding a mailaddress to a domain in "Transport Mapping" instead of smtp:[server]
This way i could save a lot of "forwarder" Mailboxes on my Exchange, which saves licensing costs.
Kind ...
- 03 May 2019 08:32
- Forum: How-to
- Topic: Enabling Auto Release Feature in 3.0.1.4
- Replies: 13
- Views: 43098
Re: Enabling Auto Release Feature in 3.0.1.4
I am contemplating the ability to support the postfix feature of recipient address verification.
http://www.postfix.org/ADDRESS_VERIFICATION_README.html
Combine that with a process that detects successful deliveries and grabs recipient addresses, it may be possible to automatically populate the ...
- 03 May 2019 08:27
- Forum: 4.x Bugs
- Topic: eFa 4.0 RTM
- Replies: 7
- Views: 11540
Re: eFa 4.0 RTM
Enjoy your vacation!shawniverson wrote: 25 Apr 2019 22:33 Hi!
I was on vacation for a few. I'm wrapping things up to do the first release.![]()
Yeah, so yes, it has been very quiet.![]()
One question
Any news on the synchronisation between multiple server?
- 18 Apr 2019 12:18
- Forum: 4.x Bugs
- Topic: IPv6 disable bug
- Replies: 1
- Views: 2914
IPv6 disable bug
Hi there,
When i try to disable IPv6 on our system i get the following error:
/var/eFa/lib/eFa-Configure/func_ipsettings: line 94: Read: command not found
All done
Steps are as followed:
4) IP Settings --> 6) Disable IPv6 --> Error
Any idea how to solve this?
Our IPv6 implementation is ...
When i try to disable IPv6 on our system i get the following error:
/var/eFa/lib/eFa-Configure/func_ipsettings: line 94: Read: command not found
All done
Steps are as followed:
4) IP Settings --> 6) Disable IPv6 --> Error
Any idea how to solve this?
Our IPv6 implementation is ...
- 04 Mar 2019 11:28
- Forum: 4.x Bugs
- Topic: Service unbound down
- Replies: 6
- Views: 6973
Re: Service unbound down
This file shows the 2 DNS records i need and added.henk wrote: 04 Mar 2019 10:53 Check the values in /etc/eFa/eFa-Config
Do you use RC3? ( eFa-Configure -- DNS server entry throwing an error is a resolved issue viewtopic.php?f=19&t=3306
I use the latest version of this morning.
- 04 Mar 2019 10:45
- Forum: 4.x Bugs
- Topic: Service unbound down
- Replies: 6
- Views: 6973
Re: Service unbound down
Yes. It shows the name server(s) that would be used to look up the name specified.
Just dig google.com multiple times. Query time should be 0 msec
The main question is: how did this happen ("though i added them with the setup")
Can you show the original /etc/unbound/conf.d/forwarders.conf, just ...
- 04 Mar 2019 09:18
- Forum: 4.x Bugs
- Topic: Service unbound down
- Replies: 6
- Views: 6973
Re: Service unbound down
unbound-checkconf[29880:0] error: cannot parse forward . ip address: 'forward-addr:'
can you check?: cat /etc/unbound/conf.d/forwarders.conf
it should be something like this:
forward-zone:
name: "."
forward-addr: xxx.xxx.xxx.xxx
forward-first: yes
restart unbound after changing
test ...
- 04 Mar 2019 07:48
- Forum: 4.x Bugs
- Topic: Service unbound down
- Replies: 6
- Views: 6973
Service unbound down
I keep receiving this error email after a few days.
Sadly, i cannot find the logfile which is needed to get more info.
-----
eFa Monitor ALERT
Service unbound down and restarted ( 3 attempts in past day, max attempts is 3 )
Please examine your eFa logs on mx99.domain.nl and resources to ...
Sadly, i cannot find the logfile which is needed to get more info.
-----
eFa Monitor ALERT
Service unbound down and restarted ( 3 attempts in past day, max attempts is 3 )
Please examine your eFa logs on mx99.domain.nl and resources to ...
- 11 Feb 2019 09:07
- Forum: 4.x Bugs
- Topic: Exporting blacklist/whitelist
- Replies: 3
- Views: 5647
Re: Exporting blacklist/whitelist
Actually, this is so simple, it is probably easier just to make a little howto...
Step 1
Run these commands on the v3 as root
MYSQLPWD=$(grep MYSQLROOTPWD /etc/EFA-Config | sed -e 's/^.*://')
mysqldump --user=root --password=$MYSQLPWD mailscanner blacklist > list.sql
mysqldump --user=root ...
- 08 Feb 2019 10:43
- Forum: 4.x Bugs
- Topic: Exporting blacklist/whitelist
- Replies: 3
- Views: 5647
Exporting blacklist/whitelist
Hi there,
Our backup EFA MX crashed, which wasnt used a lot anyway.
So i would like to setup a new one with v4.
How can i Export the blacklist/whitelist from my primary EFA MX v3 and import them in my clean EFA MX v4?
Found this topic, but i only want the two lists instead of the whole system ...
Our backup EFA MX crashed, which wasnt used a lot anyway.
So i would like to setup a new one with v4.
How can i Export the blacklist/whitelist from my primary EFA MX v3 and import them in my clean EFA MX v4?
Found this topic, but i only want the two lists instead of the whole system ...
Re: Migration
Feel free to PM me.
I can clone my production VM to provide migration tests.
- 11 Jan 2019 09:51
- Forum: How-to
- Topic: Only 66mb in VAR !!
- Replies: 8
- Views: 8298
Re: Only 66mb in VAR !!
I'm having the same issue at the moment.
44mb left on /var
/var/lib/mysql/mailscanner has a file name maillog.ibd which is 23.6 GB
Is there a way to shrink this?
44mb left on /var
/var/lib/mysql/mailscanner has a file name maillog.ibd which is 23.6 GB
Is there a way to shrink this?