Search found 43 matches

by BruceLeeRoy
17 Dec 2018 22:50
Forum: 3.x How-to
Topic: Ban flooding IPs
Replies: 10
Views: 1259

Re: Ban flooding IPs

I've finally gotten a custom fail2ban filter working with regex. Sharing in case anyone else is trying to accomplish this: [INCLUDES] before = common.conf failregex = ^%(__prefix_line)s[-._\w]+: hold: header Received: from [-._\w]+ \(unknown \[<HOST>]\)\?\?by host.yourdomain.com \(Postfix\) with ESM...
by BruceLeeRoy
17 Dec 2018 03:15
Forum: Discussion
Topic: Some clever spoofing
Replies: 8
Views: 1734

Re: Some clever spoofing

I too have been seeing this, thanks for the help. :clap:
by BruceLeeRoy
13 Dec 2018 00:32
Forum: 3.x How-to
Topic: Ban flooding IPs
Replies: 10
Views: 1259

Re: Ban flooding IPs

Your fail2ban suggestion looks promising but when the attacks come they seem to be brand new IP's that wont be on that list. But it gave me an idea and been playing with fail2ban, trying to write a custom filter. But, I'm horrible with python, not sure if anyone here has experience with python and f...
by BruceLeeRoy
03 Dec 2018 16:31
Forum: 3.x How-to
Topic: Ban flooding IPs
Replies: 10
Views: 1259

Re: Ban flooding IPs

The Spam attacks have resumed today 100 messages per minute every 10 minutes. :cry: Blocking at firewall and reporting to abuse@ the hosting provider
by BruceLeeRoy
30 Nov 2018 19:47
Forum: 3.x How-to
Topic: Ban flooding IPs
Replies: 10
Views: 1259

Re: Ban flooding IPs

I've added all the RBL's you had listed, tested with my yahoo account and found SORBS was blocking yahoo mail, no surprise I guess, so I removed sorbs and got yahoo mail through. Incoming mail has significantly decreased, just hope there isn't more legitimate mail blocked. I guess I'll see if I get ...
by BruceLeeRoy
27 Nov 2018 18:43
Forum: 3.x How-to
Topic: Ban flooding IPs
Replies: 10
Views: 1259

Re: Ban flooding IPs

I disabled greylisting because I was getting a lot of complaints about delayed messages, seemed to only affect legitimate mail.


As for the restrictions, can I just add these things in "other restrictions" in Webmin SMTP Client Restrictions or is there a conf file I can add them to?
by BruceLeeRoy
19 Nov 2018 13:34
Forum: 3.x How-to
Topic: Ban flooding IPs
Replies: 10
Views: 1259

Re: Ban flooding IPs

Thanks for the tip, I'll look into implementing Snort first and see how that goes. It seems that the IP ranges that are flooding are always changing, never used twice. It seems that a subnet gets compromised and the spammers use it until its blacklisted everywhere then move on to another IP. Many ar...
by BruceLeeRoy
06 Nov 2018 18:56
Forum: 3.x How-to
Topic: Ban flooding IPs
Replies: 10
Views: 1259

Ban flooding IPs

Wondering if anyone has found a way to ban an IP that floods EFA with spam. Maybe there's a way to use fail2ban with blacklist entries? I've been getting attacks at the rate of 70 messages per minute (as reported by EFA) that originate from the same IP, sometimes the IP increments through a subnet w...
by BruceLeeRoy
14 Sep 2018 11:53
Forum: 3.x Feature Requests
Topic: Spam Trap
Replies: 2
Views: 1638

Re: Spam Trap

Actually I just found that you can run a filter for your spam trap then click "Message Operations" where you can flag the whole page of results to learn as spam.
by BruceLeeRoy
12 Sep 2018 15:04
Forum: 3.x Feature Requests
Topic: Spam Trap
Replies: 2
Views: 1638

Re: Spam Trap

I was searching for a similar feature. there are several email accounts that were closed over 10 years ago on my mail server that are still getting hammered. I have blacklisted them in EFA to cut down on backscatter and excessive traffic to and from the mail server. I occasionally go through the log...
by BruceLeeRoy
05 Sep 2018 19:51
Forum: 3.x How-to
Topic: Phishing Whitelist
Replies: 0
Views: 1105

Phishing Whitelist

Been having problems with Phishing whitelists not working, because of links being rewritten by "na01.safelinks.protection.outlook.com" as mentioned here: https://github.com/MailScanner/v5/issues/108 which seems to have been resolved by Shawn in ver 5.0.7-4 of Mail scanner. I have added *.outlook.com...
by BruceLeeRoy
12 Apr 2018 02:21
Forum: Discussion
Topic: Relay access denied
Replies: 10
Views: 2412

Re: Relay access denied

I believe the bouncebacks were from spam that originally got through, I'm thinking Zimbra tried to bounce the messages but EFA wasn't relaying them. Zimbra likely kept them queued, then when I added the zimbra server address to the hosts file in EFA it started allowing them to flow out. Strange thin...
by BruceLeeRoy
07 Apr 2018 12:28
Forum: Discussion
Topic: Relay access denied
Replies: 10
Views: 2412

Re: Relay access denied

Yes, you're right, I tend to get frustrated because my understanding of mail flow is limited. I'm still trying to find the messages in the logs that were said aren't getting delivered. Seems like they aren't even getting to EFA. One user said after I "disabled" EFA he immediately got a test message ...
by BruceLeeRoy
02 Apr 2018 18:29
Forum: Discussion
Topic: Relay access denied
Replies: 10
Views: 2412

Re: Relay access denied

So I have people complaining their email isn't reaching some recipients. Is there any way with my setup to bypass efa mail checking on outbound?
by BruceLeeRoy
28 Mar 2018 20:14
Forum: Discussion
Topic: Relay access denied
Replies: 10
Views: 2412

Re: Relay access denied

Ok, so zimbra had nothing in MTA so I added the IP of the efa server. at first I didnt think it was working because I couldnt get any mail in or out. Then I noticed the inbound and outbound queues in efa UI was growing. For some reason it got quite backlogged so I disabled everything. I just re-enab...
by BruceLeeRoy
27 Mar 2018 13:35
Forum: Discussion
Topic: Relay access denied
Replies: 10
Views: 2412

Re: Relay access denied

It is the internal IP address of the Zimbra server. I believe during my troubleshooting at one point I changed this to the WAN IP but still had the same results.
by BruceLeeRoy
26 Mar 2018 02:13
Forum: Discussion
Topic: Relay access denied
Replies: 10
Views: 2412

Relay access denied

Been trying to figure this out for a few weeks, I have my Network Firewalled with PfSense, zimbra mail server behind it as well as EFA on a different IP addresses. Everything works fine with zimbra but when I enable EFA I can't send any mail to external domains unless I send from zimbra web client. ...
by BruceLeeRoy
25 Jul 2017 17:13
Forum: 3.x Feature Requests
Topic: Date / Timestamp
Replies: 7
Views: 2281

Re: Date / Timestamp

Wow, that was easy! Thanks!
by BruceLeeRoy
24 Jul 2017 13:45
Forum: 3.x Feature Requests
Topic: Date / Timestamp
Replies: 7
Views: 2281

Re: Date / Timestamp

Thank you for the detailed explanation! I've been playing with the rsyslog and noticed the changes in the linux logfiles in /var/log but specifically I was referring to the entries in the web interface such as the "Recent Messages" and "Virus Report" which apparently aren't pulled from the standard ...
by BruceLeeRoy
21 Jul 2017 21:01
Forum: 3.x Feature Requests
Topic: Date / Timestamp
Replies: 7
Views: 2281

Re: Date / Timestamp

Oh, no I mean in EFA mail logs.
by BruceLeeRoy
17 Jul 2017 21:00
Forum: 3.x Feature Requests
Topic: Date / Timestamp
Replies: 7
Views: 2281

Date / Timestamp

Hard to search the Forum for date layout, not sure if there is a was to change the way Dates are displayed in the logs MM/DD/YYYY or MM/DD/YY is common in the US. Is this possible to change?
by BruceLeeRoy
14 Jun 2017 14:36
Forum: 3.x Bugs
Topic: After Update logoff after 3 Minutes
Replies: 12
Views: 2929

Re: After Update logoff after 3 Minutes

I have a new installation from a few days ago v3.0.2.3 using the .ovf I'm getting auto logged off rather quickly, could be about 3 minutes, but it only happens if I'm jumping between tabs, if I stay on the EFA tab in the browser it seems to stay logged in. Update: the user timeout setting in v3.0.2....
by BruceLeeRoy
03 Mar 2017 16:25
Forum: 3.x Bugs
Topic: Mail stuck in inbound queue after update.
Replies: 7
Views: 2457

Re: Mail stuck in inbound queue after update.

For some reason sendmail was running so I stopped that and started postfix then it started processing mail, changed owner of mqueue as you suggested. still getting emails from root: /etc/cron.hourly/mailwatch_relay.sh: Notice: Undefined variable: _relay in /var/www/html/mailscanner/postfix_relay.php...
by BruceLeeRoy
26 Feb 2017 17:29
Forum: 3.x Bugs
Topic: Mail stuck in inbound queue after update.
Replies: 7
Views: 2457

Re: Mail stuck in inbound queue after update.

I'm having the same problem after updating to EFA-3.0.1.8 Won't process mail, Here's some entries from the logs: /var/log/maillog Feb 26 11:07:45 mail MailScanner[3501]: Enabling SpamAssassin auto-whitelist functionality... Feb 26 11:07:48 mail MailScanner[3501]: Connected to Processing Attempts Dat...
by BruceLeeRoy
07 Nov 2015 13:47
Forum: Discussion
Topic: Bizarre Email about Clamav
Replies: 13
Views: 2789

Re: Bizarre Email about Clamav

woohoo! I'm on 3.0.0.8 thanks for the help greatly appreciated! :)