Search found 47 matches

by BruceLeeRoy
12 Sep 2022 18:29
Forum: Discussion
Topic: PDF attachment converting to Base64 plain text
Replies: 35
Views: 104106

Re: PDF attachment converting to Base64 plain text

I'm having the same issue with Zoom meeting invites from one particular sender. in EFA it shows as an attachment named partialMessage.bin When the person cc's the invite to a Yahoo account it is received there as an attachment named invite.ics, other recipients get the actual Zoom invitation with op...
by BruceLeeRoy
13 Mar 2020 18:45
Forum: How-to
Topic: Use Postfix to block sender with certain text
Replies: 12
Views: 11438

Re: Use Postfix to block sender with certain text

Actually I was able to get it working with header_checks by just whitelisting the valid Email addresses first then black listing the CEO's realname. Prepending the From line prevents it from actually getting to the user because now EFA sees a malformed header and marks it as spam.
by BruceLeeRoy
11 Mar 2020 18:55
Forum: How-to
Topic: Use Postfix to block sender with certain text
Replies: 12
Views: 11438

Re: Use Postfix to block sender with certain text

Thanks for your suggestions, you're right, I did not intend for there to be a space, so I tried modifying it while removing the space, still did not work. I am not all that good with writing Regex. That being said, I can't find the log entries I am trying to match because neither maillog nor message...
by BruceLeeRoy
20 Jan 2020 17:00
Forum: How-to
Topic: Use Postfix to block sender with certain text
Replies: 12
Views: 11438

Re: Use Postfix to block sender with certain text

Sorry to revive an old thread but I'm working on a similar issue. I'm trying to use header_checks to block specific messages. Here's the situation: Some scammer creates generic Gmail/yahoo accounts using our CEO's real name, then Emails the entire company with "I need you to discretely do a tas...
by BruceLeeRoy
17 Dec 2018 22:50
Forum: How-to
Topic: Ban flooding IPs
Replies: 10
Views: 6975

Re: Ban flooding IPs

I've finally gotten a custom fail2ban filter working with regex. Sharing in case anyone else is trying to accomplish this: [INCLUDES] before = common.conf failregex = ^%(__prefix_line)s[-._\w]+: hold: header Received: from [-._\w]+ \(unknown \[<HOST>]\)\?\?by host.yourdomain.com \(Postfix\) with ESM...
by BruceLeeRoy
17 Dec 2018 03:15
Forum: Discussion
Topic: Some clever spoofing
Replies: 8
Views: 6120

Re: Some clever spoofing

I too have been seeing this, thanks for the help. :clap:
by BruceLeeRoy
13 Dec 2018 00:32
Forum: How-to
Topic: Ban flooding IPs
Replies: 10
Views: 6975

Re: Ban flooding IPs

Your fail2ban suggestion looks promising but when the attacks come they seem to be brand new IP's that wont be on that list. But it gave me an idea and been playing with fail2ban, trying to write a custom filter. But, I'm horrible with python, not sure if anyone here has experience with python and f...
by BruceLeeRoy
03 Dec 2018 16:31
Forum: How-to
Topic: Ban flooding IPs
Replies: 10
Views: 6975

Re: Ban flooding IPs

The Spam attacks have resumed today 100 messages per minute every 10 minutes. :cry: Blocking at firewall and reporting to abuse@ the hosting provider
by BruceLeeRoy
30 Nov 2018 19:47
Forum: How-to
Topic: Ban flooding IPs
Replies: 10
Views: 6975

Re: Ban flooding IPs

I've added all the RBL's you had listed, tested with my yahoo account and found SORBS was blocking yahoo mail, no surprise I guess, so I removed sorbs and got yahoo mail through. Incoming mail has significantly decreased, just hope there isn't more legitimate mail blocked. I guess I'll see if I get ...
by BruceLeeRoy
27 Nov 2018 18:43
Forum: How-to
Topic: Ban flooding IPs
Replies: 10
Views: 6975

Re: Ban flooding IPs

I disabled greylisting because I was getting a lot of complaints about delayed messages, seemed to only affect legitimate mail.


As for the restrictions, can I just add these things in "other restrictions" in Webmin SMTP Client Restrictions or is there a conf file I can add them to?
by BruceLeeRoy
19 Nov 2018 13:34
Forum: How-to
Topic: Ban flooding IPs
Replies: 10
Views: 6975

Re: Ban flooding IPs

Thanks for the tip, I'll look into implementing Snort first and see how that goes. It seems that the IP ranges that are flooding are always changing, never used twice. It seems that a subnet gets compromised and the spammers use it until its blacklisted everywhere then move on to another IP. Many ar...
by BruceLeeRoy
06 Nov 2018 18:56
Forum: How-to
Topic: Ban flooding IPs
Replies: 10
Views: 6975

Ban flooding IPs

Wondering if anyone has found a way to ban an IP that floods EFA with spam. Maybe there's a way to use fail2ban with blacklist entries? I've been getting attacks at the rate of 70 messages per minute (as reported by EFA) that originate from the same IP, sometimes the IP increments through a subnet w...
by BruceLeeRoy
14 Sep 2018 11:53
Forum: Feature Requests
Topic: Spam Trap
Replies: 6
Views: 19449

Re: Spam Trap

Actually I just found that you can run a filter for your spam trap then click "Message Operations" where you can flag the whole page of results to learn as spam.
by BruceLeeRoy
12 Sep 2018 15:04
Forum: Feature Requests
Topic: Spam Trap
Replies: 6
Views: 19449

Re: Spam Trap

I was searching for a similar feature. there are several email accounts that were closed over 10 years ago on my mail server that are still getting hammered. I have blacklisted them in EFA to cut down on backscatter and excessive traffic to and from the mail server. I occasionally go through the log...
by BruceLeeRoy
05 Sep 2018 19:51
Forum: How-to
Topic: Phishing Whitelist
Replies: 0
Views: 2933

Phishing Whitelist

Been having problems with Phishing whitelists not working, because of links being rewritten by "na01.safelinks.protection.outlook.com" as mentioned here: https://github.com/MailScanner/v5/issues/108 which seems to have been resolved by Shawn in ver 5.0.7-4 of Mail scanner. I have added *.o...
by BruceLeeRoy
12 Apr 2018 02:21
Forum: Discussion
Topic: Relay access denied
Replies: 10
Views: 8681

Re: Relay access denied

I believe the bouncebacks were from spam that originally got through, I'm thinking Zimbra tried to bounce the messages but EFA wasn't relaying them. Zimbra likely kept them queued, then when I added the zimbra server address to the hosts file in EFA it started allowing them to flow out. Strange thin...
by BruceLeeRoy
07 Apr 2018 12:28
Forum: Discussion
Topic: Relay access denied
Replies: 10
Views: 8681

Re: Relay access denied

Yes, you're right, I tend to get frustrated because my understanding of mail flow is limited. I'm still trying to find the messages in the logs that were said aren't getting delivered. Seems like they aren't even getting to EFA. One user said after I "disabled" EFA he immediately got a tes...
by BruceLeeRoy
02 Apr 2018 18:29
Forum: Discussion
Topic: Relay access denied
Replies: 10
Views: 8681

Re: Relay access denied

So I have people complaining their email isn't reaching some recipients. Is there any way with my setup to bypass efa mail checking on outbound?
by BruceLeeRoy
28 Mar 2018 20:14
Forum: Discussion
Topic: Relay access denied
Replies: 10
Views: 8681

Re: Relay access denied

Ok, so zimbra had nothing in MTA so I added the IP of the efa server. at first I didnt think it was working because I couldnt get any mail in or out. Then I noticed the inbound and outbound queues in efa UI was growing. For some reason it got quite backlogged so I disabled everything. I just re-enab...
by BruceLeeRoy
27 Mar 2018 13:35
Forum: Discussion
Topic: Relay access denied
Replies: 10
Views: 8681

Re: Relay access denied

It is the internal IP address of the Zimbra server. I believe during my troubleshooting at one point I changed this to the WAN IP but still had the same results.
by BruceLeeRoy
26 Mar 2018 02:13
Forum: Discussion
Topic: Relay access denied
Replies: 10
Views: 8681

Relay access denied

Been trying to figure this out for a few weeks, I have my Network Firewalled with PfSense, zimbra mail server behind it as well as EFA on a different IP addresses. Everything works fine with zimbra but when I enable EFA I can't send any mail to external domains unless I send from zimbra web client. ...
by BruceLeeRoy
25 Jul 2017 17:13
Forum: Feature Requests
Topic: Date / Timestamp
Replies: 7
Views: 6697

Re: Date / Timestamp

Wow, that was easy! Thanks!
by BruceLeeRoy
24 Jul 2017 13:45
Forum: Feature Requests
Topic: Date / Timestamp
Replies: 7
Views: 6697

Re: Date / Timestamp

Thank you for the detailed explanation! I've been playing with the rsyslog and noticed the changes in the linux logfiles in /var/log but specifically I was referring to the entries in the web interface such as the "Recent Messages" and "Virus Report" which apparently aren't pulle...
by BruceLeeRoy
21 Jul 2017 21:01
Forum: Feature Requests
Topic: Date / Timestamp
Replies: 7
Views: 6697

Re: Date / Timestamp

Oh, no I mean in EFA mail logs.
by BruceLeeRoy
17 Jul 2017 21:00
Forum: Feature Requests
Topic: Date / Timestamp
Replies: 7
Views: 6697

Date / Timestamp

Hard to search the Forum for date layout, not sure if there is a was to change the way Dates are displayed in the logs MM/DD/YYYY or MM/DD/YY is common in the US. Is this possible to change?