efa-project.org

Hi
i also want to implement now country blocking and this post helps. But allow me still some questions.

1) as the article is a little bit older than the current release of efa. Does the last post from 2018 still apply and is it enough ? Or do i need to load the respectivy plugin ?

2) How to check ...

Hi
the issue was in

/etc/mail/spamassassin/local.cf

were the trusted network needs to be an IP not a FQDN.

My fault.

Yours

Hi
i realized that i get the error below when i manually mark messages as SPAM in the web gui.

SA Learn netset: illegal IP address given (patricia trie): 'macmini.xxx.de/128': invalid key at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/NetSet.pm line 183., , netset: illegal IP address given ...

Hi
i just wanted to thanks everybody for the great support during the last years and wish you a good move to the new year.

Stay healthy.

See you next year.

HI
as im now running this config for some weeks i would like to confirm that this seems to solve the issue.

Yours

Hi
below the information requested.
I currently assum that adding a .tmp to the jail.local prevents loading, but im not sure.



[root@derb ~]# fail2ban-client get sshd banned
['157.245.76.66', '82.197.58.234', '5.196.224.183', '43.154.162.100', '42.176.205.222', '80.94.95.81', '118.31.51.38 ...

Hi
i believe i found the issue.
I had under /etc/fail2ban/jail.d
2 .local files. And in the efa.local didnt have any maxretry,findtime,bantime in.
By adding these and renaming jail.local to jail.local.tmp it started working.

Now my question is which files should be in the directory and what would ...

Hi
thanks for the hint.

As your "firewall-cmd --list-all" shows rich-rules and mine not i would assume something is wrong on my side.

Can you check the following ?

[root@derb ~]# fail2ban-client get sshd actions
The jail sshd has the following actions:
firewallcmd-rich-rules

and perhaps ...

Some addon.
When i use the small script below i can see fail2ban believes it has blocked but nothing is in the ip tabels nor is something visible with the fiewal-cmd.


[ root@derb fail2ban]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0 ...

Hi
looking into fail2ban i get the following errors.

---

[root@derb fail2ban]# pwd
/etc/fail2ban
[root@derb fail2ban]# fail2ban-client status
Status
|- Number of jail: 3
`- Jail list: mailwatch, postfix-sasl, sshd
[root@derb fail2ban]# fail2ban-client get sshd status
2024-06-08 11:34:37,297 ...

Hi
the topic around the oom-killer continued to turn around in my head and i started looking around how to limit mem usage for clamd.
And i found this: https://betatim.github.io/posts/clamav-memory-usage/

This seemed to help but it just limited the frequency . So first step taken.
The i had a look ...

shawniverson wrote: 31 May 2024 11:59 4GB is insufficient. clamd plus all the signatures require a lot of memory, which is why we recommend 8GB.

Thx overlooked this in the requirements.

Interesting. The eFa4 is running on my side with 2 CPU and 4GB without any hickup since years.
But will try to upgrade the mem of the vServer.

Hi
another issue seems to be clamd.

Im having a VM with 4 vCPU and 4GB mem. Normaly idling around.
Just before the issue happens it gets sluggish.



[ 756.157760] MailScanner: wa invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[ 756.158313] oom ...

Hi
on eFA5 i have for some whitelisting actions the following effect.

- i select the email i want to whitelist
- i select: Move selected entries to whitelist
- press sent.
and then i have a blank border see attached picture.

I'm getting the same error while installing on alma linux 8 which supposed to be supported with the efa 4 script?

is there a way around this ( by the way also the mysql error is present in my rollout)


Hi,

First, greate news and thanks for EFA v5 beta ...
I don't know where to this topic (no ...

Hi
thanks for the quick reply.

I got it installed on a AlmaLinux 9.4. No issues to install.

Below you find the first issue. Look like clamd went crazy.



------
[ 756.157760] MailScanner: wa invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[ 756 ...

Hi
i would like to support testing on AlmaLinux9 or Rocky 9.
Can anybody point me to a kickstart location for information how to start ?

Thx

Hi
i can see the same on my eFa4 (CentOS7).


[root@efa4 ~]# matchpathcon -V /var/spool/MailScanner/*
/var/spool/MailScanner/archive verified.
/var/spool/MailScanner/incoming has context system_u:object_r:tmpfs_t:s0, should be system_u:object_r:mscan_spool_t:s0
/var/spool/MailScanner/milterin ...

Hi
i would like to know if anybody has used this information and sucessfully setup DKIM on EFA ?

Just wondering as nobody seem to have questions on this post.


Or is there a better walk through ?


Greeting

Hi
thanks for the positive feedback.

I was just wondering.

All the best to all of you for 2024 !!

In the past weeks i posted some issues which could be an entry for evil people into efa.
Up to now no comment at all to my posts.

Now my questions are.

- Is this the right forum to post ?
- Is there an interest to have this information here ?

Thx
hoping to some feedback.

Hi
on efa we currently have postfix 3.5.9 which has , as many other versions a bug which got disclosed on 37c3 in Hamburg.

https://media.ccc.de/v/37c3-11782-smtp_smuggling_spoofing_e-mails_worldwide

Workaround can be found here:


https://www.postfix.org/smtp-smuggling.html

Happy new year to ...

Hi
checked a little bit some other sources also and it seem that disabling the -etm macs is also advisable.

Same as for ciphers.

get the current list of macs:
sshd -T | grep -i 'mac'

remove the ones with -etm in the name and add a line at the end to /etc/sshd/config.

sample for centos 7 ...

Hi

there is a weakness in SSH with can be used to exploid connections.

https://forum.netgate.com/topic/184941/terrapin-ssh-attack


https://cloud.google.com/knowledge/kb/disable-weak-ssh-ciphers-for-compute-engine-linux-vms-000004592



How to check : nmap --script ssh2-enum-algos -sV -p 22 ...

shawniverson wrote: 09 Dec 2020 20:04 In light of the sudden news on CentOS 8...

New poll!

Which distro should we focus on for eFa?

Hi
in the light of redhats announcement to close the source . Wouldn`t it make sense now to focus on Debian or Ubuntu LTS ?