Search found 47 matches
- 12 Sep 2022 18:29
- Forum: Discussion
- Topic: PDF attachment converting to Base64 plain text
- Replies: 35
- Views: 117095
Re: PDF attachment converting to Base64 plain text
I'm having the same issue with Zoom meeting invites from one particular sender. in EFA it shows as an attachment named partialMessage.bin When the person cc's the invite to a Yahoo account it is received there as an attachment named invite.ics, other recipients get the actual Zoom invitation with op...
- 13 Mar 2020 18:45
- Forum: How-to
- Topic: Use Postfix to block sender with certain text
- Replies: 12
- Views: 11922
Re: Use Postfix to block sender with certain text
Actually I was able to get it working with header_checks by just whitelisting the valid Email addresses first then black listing the CEO's realname. Prepending the From line prevents it from actually getting to the user because now EFA sees a malformed header and marks it as spam.
- 11 Mar 2020 18:55
- Forum: How-to
- Topic: Use Postfix to block sender with certain text
- Replies: 12
- Views: 11922
Re: Use Postfix to block sender with certain text
Thanks for your suggestions, you're right, I did not intend for there to be a space, so I tried modifying it while removing the space, still did not work. I am not all that good with writing Regex. That being said, I can't find the log entries I am trying to match because neither maillog nor message...
- 20 Jan 2020 17:00
- Forum: How-to
- Topic: Use Postfix to block sender with certain text
- Replies: 12
- Views: 11922
Re: Use Postfix to block sender with certain text
Sorry to revive an old thread but I'm working on a similar issue. I'm trying to use header_checks to block specific messages. Here's the situation: Some scammer creates generic Gmail/yahoo accounts using our CEO's real name, then Emails the entire company with "I need you to discretely do a tas...
- 17 Dec 2018 22:50
- Forum: How-to
- Topic: Ban flooding IPs
- Replies: 10
- Views: 7069
Re: Ban flooding IPs
I've finally gotten a custom fail2ban filter working with regex. Sharing in case anyone else is trying to accomplish this: [INCLUDES] before = common.conf failregex = ^%(__prefix_line)s[-._\w]+: hold: header Received: from [-._\w]+ \(unknown \[<HOST>]\)\?\?by host.yourdomain.com \(Postfix\) with ESM...
- 17 Dec 2018 03:15
- Forum: Discussion
- Topic: Some clever spoofing
- Replies: 8
- Views: 6155
Re: Some clever spoofing
I too have been seeing this, thanks for the help.
- 13 Dec 2018 00:32
- Forum: How-to
- Topic: Ban flooding IPs
- Replies: 10
- Views: 7069
Re: Ban flooding IPs
Your fail2ban suggestion looks promising but when the attacks come they seem to be brand new IP's that wont be on that list. But it gave me an idea and been playing with fail2ban, trying to write a custom filter. But, I'm horrible with python, not sure if anyone here has experience with python and f...
- 03 Dec 2018 16:31
- Forum: How-to
- Topic: Ban flooding IPs
- Replies: 10
- Views: 7069
Re: Ban flooding IPs
The Spam attacks have resumed today 100 messages per minute every 10 minutes. Blocking at firewall and reporting to abuse@ the hosting provider
- 30 Nov 2018 19:47
- Forum: How-to
- Topic: Ban flooding IPs
- Replies: 10
- Views: 7069
Re: Ban flooding IPs
I've added all the RBL's you had listed, tested with my yahoo account and found SORBS was blocking yahoo mail, no surprise I guess, so I removed sorbs and got yahoo mail through. Incoming mail has significantly decreased, just hope there isn't more legitimate mail blocked. I guess I'll see if I get ...
- 27 Nov 2018 18:43
- Forum: How-to
- Topic: Ban flooding IPs
- Replies: 10
- Views: 7069
Re: Ban flooding IPs
I disabled greylisting because I was getting a lot of complaints about delayed messages, seemed to only affect legitimate mail.
As for the restrictions, can I just add these things in "other restrictions" in Webmin SMTP Client Restrictions or is there a conf file I can add them to?
As for the restrictions, can I just add these things in "other restrictions" in Webmin SMTP Client Restrictions or is there a conf file I can add them to?
- 19 Nov 2018 13:34
- Forum: How-to
- Topic: Ban flooding IPs
- Replies: 10
- Views: 7069
Re: Ban flooding IPs
Thanks for the tip, I'll look into implementing Snort first and see how that goes. It seems that the IP ranges that are flooding are always changing, never used twice. It seems that a subnet gets compromised and the spammers use it until its blacklisted everywhere then move on to another IP. Many ar...
- 06 Nov 2018 18:56
- Forum: How-to
- Topic: Ban flooding IPs
- Replies: 10
- Views: 7069
Ban flooding IPs
Wondering if anyone has found a way to ban an IP that floods EFA with spam. Maybe there's a way to use fail2ban with blacklist entries? I've been getting attacks at the rate of 70 messages per minute (as reported by EFA) that originate from the same IP, sometimes the IP increments through a subnet w...
- 14 Sep 2018 11:53
- Forum: Feature Requests
- Topic: Spam Trap
- Replies: 6
- Views: 19678
Re: Spam Trap
Actually I just found that you can run a filter for your spam trap then click "Message Operations" where you can flag the whole page of results to learn as spam.
- 12 Sep 2018 15:04
- Forum: Feature Requests
- Topic: Spam Trap
- Replies: 6
- Views: 19678
Re: Spam Trap
I was searching for a similar feature. there are several email accounts that were closed over 10 years ago on my mail server that are still getting hammered. I have blacklisted them in EFA to cut down on backscatter and excessive traffic to and from the mail server. I occasionally go through the log...
- 05 Sep 2018 19:51
- Forum: How-to
- Topic: Phishing Whitelist
- Replies: 0
- Views: 2959
Phishing Whitelist
Been having problems with Phishing whitelists not working, because of links being rewritten by "na01.safelinks.protection.outlook.com" as mentioned here: https://github.com/MailScanner/v5/issues/108 which seems to have been resolved by Shawn in ver 5.0.7-4 of Mail scanner. I have added *.o...
- 12 Apr 2018 02:21
- Forum: Discussion
- Topic: Relay access denied
- Replies: 10
- Views: 8750
Re: Relay access denied
I believe the bouncebacks were from spam that originally got through, I'm thinking Zimbra tried to bounce the messages but EFA wasn't relaying them. Zimbra likely kept them queued, then when I added the zimbra server address to the hosts file in EFA it started allowing them to flow out. Strange thin...
- 07 Apr 2018 12:28
- Forum: Discussion
- Topic: Relay access denied
- Replies: 10
- Views: 8750
Re: Relay access denied
Yes, you're right, I tend to get frustrated because my understanding of mail flow is limited. I'm still trying to find the messages in the logs that were said aren't getting delivered. Seems like they aren't even getting to EFA. One user said after I "disabled" EFA he immediately got a tes...
- 02 Apr 2018 18:29
- Forum: Discussion
- Topic: Relay access denied
- Replies: 10
- Views: 8750
Re: Relay access denied
So I have people complaining their email isn't reaching some recipients. Is there any way with my setup to bypass efa mail checking on outbound?
- 28 Mar 2018 20:14
- Forum: Discussion
- Topic: Relay access denied
- Replies: 10
- Views: 8750
Re: Relay access denied
Ok, so zimbra had nothing in MTA so I added the IP of the efa server. at first I didnt think it was working because I couldnt get any mail in or out. Then I noticed the inbound and outbound queues in efa UI was growing. For some reason it got quite backlogged so I disabled everything. I just re-enab...
- 27 Mar 2018 13:35
- Forum: Discussion
- Topic: Relay access denied
- Replies: 10
- Views: 8750
Re: Relay access denied
It is the internal IP address of the Zimbra server. I believe during my troubleshooting at one point I changed this to the WAN IP but still had the same results.
- 26 Mar 2018 02:13
- Forum: Discussion
- Topic: Relay access denied
- Replies: 10
- Views: 8750
Relay access denied
Been trying to figure this out for a few weeks, I have my Network Firewalled with PfSense, zimbra mail server behind it as well as EFA on a different IP addresses. Everything works fine with zimbra but when I enable EFA I can't send any mail to external domains unless I send from zimbra web client. ...
- 25 Jul 2017 17:13
- Forum: Feature Requests
- Topic: Date / Timestamp
- Replies: 7
- Views: 6770
Re: Date / Timestamp
Wow, that was easy! Thanks!
- 24 Jul 2017 13:45
- Forum: Feature Requests
- Topic: Date / Timestamp
- Replies: 7
- Views: 6770
Re: Date / Timestamp
Thank you for the detailed explanation! I've been playing with the rsyslog and noticed the changes in the linux logfiles in /var/log but specifically I was referring to the entries in the web interface such as the "Recent Messages" and "Virus Report" which apparently aren't pulle...
- 21 Jul 2017 21:01
- Forum: Feature Requests
- Topic: Date / Timestamp
- Replies: 7
- Views: 6770
Re: Date / Timestamp
Oh, no I mean in EFA mail logs.
- 17 Jul 2017 21:00
- Forum: Feature Requests
- Topic: Date / Timestamp
- Replies: 7
- Views: 6770
Date / Timestamp
Hard to search the Forum for date layout, not sure if there is a was to change the way Dates are displayed in the logs MM/DD/YYYY or MM/DD/YY is common in the US. Is this possible to change?