efa-project.org

Updated 17-09-2021

Comply EFA to IT Security Guidelines for Transport Layer Security (TLS) v2.1

This list contains the following in order to comply to the "IT Security Guidelines for Transport Layer Security (TLS) v2.1"
You can check your score/setting on https://en.internet.nl/ . Enter your ...

Hi all,

I'm currently receiving a lot of spam email all to my domain.
They are not originating from our IP, so SPF is doing it's job but i still have a lagging spamfilter due too all spam emails.
Just for the idea, my Milter Inbound hasnt dropped under 2000 all day.

https://i.imgur.com/rJ9M0ng ...

Hi everyone,

I'm currently facing the following with two of my EFA machines. All the others are functioning corretly.
Let's Encrypt is not auto-renewing on these two hosts.

------
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache ...

Any news on this cluster function?

Hi there,

Is there a possibility to blacklist a To address?
We are receiving a big amount of spam in our filter and report to a mailbox which is not in use for years.
Blacklisting the From is not possible since it's empty for some reason and the IP's are constantly changing of this spammers ...

shawniverson wrote: 26 Nov 2019 22:43 Yep, in the works. Evaluating a candidate mailscanner admin interface to facilitate this currently.

Hi Shawn,

Any news on this topic?

Kind regards and stay safe!

Since TLS 1.0 and TLS 1.1 will be phased out on March 2020, i would like to suggest removing/disabling it in EFA.

An additional request would be to integrate the Mozilla SSL Config list, which contains all the secure cihpers so you don't have to edit/remove them manually. (https://ssl-config ...

This is indeed a most-wanted function here, so i will be following it with pleasure.
Let me know if you need testers Shawn

kommunen wrote: 06 Nov 2019 07:56 That mx99.domain.nl certificate was automatically created when you installed EFA.

Its location is defined in /etc/postfix/main.cf . Look for smtpd_tls

Will this be overwritten by an update of eFa?

shawniverson wrote: 09 Nov 2019 18:49 viewtopic.php?f=8&t=3879&p=14828

Just a small note with the first command

Instead of
sudo rm /etc/yum.repos.d/eFa4-Testing.repo

I had to use
sudo rm /etc/yum.repos.d/eFa4-testing.repo

Otherwise i receive a file/folder not found

After using the Let's Encrypt the certificate is correct.
How can i do this with my own certificates? Seems likethe certificates used on HTTPS are not the same used on Postfix/EFA

Instead of emailing it from EFA to a mailserver, directly to a mail adres like user@domain.nl
Like a catch-all emailbox

Hi there,

I'm using "hardenize" and "STARTTLS Everywhere" to check all my domain records, and both are giving errors on my MX server.
I have a EFA 3.2.6 server and a EFA 4 RC3 server which both give the same error/result

For some reason the tools pick up a Self-Signed certificate, which i've never ...

Hi there,

Would it be possible to forward all emails to a email address instead of a server?
What i mean is, adding a mailaddress to a domain in "Transport Mapping" instead of smtp:[server]

This way i could save a lot of "forwarder" Mailboxes on my Exchange, which saves licensing costs.

Kind ...

I am contemplating the ability to support the postfix feature of recipient address verification.

http://www.postfix.org/ADDRESS_VERIFICATION_README.html

Combine that with a process that detects successful deliveries and grabs recipient addresses, it may be possible to automatically populate the ...

shawniverson wrote: 25 Apr 2019 22:33 Hi!

I was on vacation for a few. I'm wrapping things up to do the first release.

Yeah, so yes, it has been very quiet.

Enjoy your vacation!

One question
Any news on the synchronisation between multiple server?

Hi there,

When i try to disable IPv6 on our system i get the following error:
/var/eFa/lib/eFa-Configure/func_ipsettings: line 94: Read: command not found
All done

Steps are as followed:
4) IP Settings --> 6) Disable IPv6 --> Error

Any idea how to solve this?
Our IPv6 implementation is ...

henk wrote: 04 Mar 2019 10:53 Check the values in /etc/eFa/eFa-Config

Do you use RC3? ( eFa-Configure -- DNS server entry throwing an error is a resolved issue viewtopic.php?f=19&t=3306

This file shows the 2 DNS records i need and added.
I use the latest version of this morning.

Yes. It shows the name server(s) that would be used to look up the name specified.

Just dig google.com multiple times. Query time should be 0 msec

The main question is: how did this happen ("though i added them with the setup")

Can you show the original /etc/unbound/conf.d/forwarders.conf, just ...

unbound-checkconf[29880:0] error: cannot parse forward . ip address: 'forward-addr:'

can you check?: cat /etc/unbound/conf.d/forwarders.conf

it should be something like this:
forward-zone:
name: "."
forward-addr: xxx.xxx.xxx.xxx
forward-first: yes


restart unbound after changing

test ...

I keep receiving this error email after a few days.
Sadly, i cannot find the logfile which is needed to get more info.

-----
eFa Monitor ALERT


Service unbound down and restarted ( 3 attempts in past day, max attempts is 3 )

Please examine your eFa logs on mx99.domain.nl and resources to ...

Actually, this is so simple, it is probably easier just to make a little howto...

Step 1

Run these commands on the v3 as root


MYSQLPWD=$(grep MYSQLROOTPWD /etc/EFA-Config | sed -e 's/^.*://')
mysqldump --user=root --password=$MYSQLPWD mailscanner blacklist > list.sql
mysqldump --user=root ...

Hi there,

Our backup EFA MX crashed, which wasnt used a lot anyway.
So i would like to setup a new one with v4.

How can i Export the blacklist/whitelist from my primary EFA MX v3 and import them in my clean EFA MX v4?
Found this topic, but i only want the two lists instead of the whole system ...

shawniverson wrote: 26 Jan 2019 20:25 Migration testers are needed!

Feel free to PM me.
I can clone my production VM to provide migration tests.

I'm having the same issue at the moment.
44mb left on /var

/var/lib/mysql/mailscanner has a file name maillog.ibd which is 23.6 GB

Is there a way to shrink this?