Search found 30 matches

by skoppes
10 May 2018 19:22
Forum: 3.x Bugs
Topic: Missing Child Domain in From: Report Fields
Replies: 4
Views: 656

Re: Missing Child Domain in From: Report Fields

The first example shows how the message looks in the recent/quarantine lists. The second example shows the message details once you open it up. The From: fields are incorrect, but the From: listed in the message header is correct. https://www.penncommercial.edu/tmp/from-dialog-child-domain-missing-m...
by skoppes
10 May 2018 19:11
Forum: 3.x Bugs
Topic: Missing Child Domain in From: Report Fields
Replies: 4
Views: 656

Re: Missing Child Domain in From: Report Fields

Yes, figuring out how to describe this issue has been bugging me. I've noticed it for a long time (a year or so?) and just ignored it for that exact reason, but it troubles me that there may be something else going on. Incoming mail from from Internet -> Google-hosted child domain does NOT go throug...
by skoppes
10 May 2018 14:11
Forum: 3.x Bugs
Topic: Missing Child Domain in From: Report Fields
Replies: 4
Views: 656

Missing Child Domain in From: Report Fields

Hello all, I've noticed that the child domain used by our students is not properly reported in the From: field in reports and message lists, such as 'Recent Messages' and the 'From:' field when viewing said message. For example, these report the from domain as 'schooldomain.edu' rather than 'my.scho...
by skoppes
13 Sep 2016 13:10
Forum: 3.x How-to
Topic: Infected files slipping through
Replies: 17
Views: 2304

Re: Infected files slipping through

Update: Yes, that is the address I sent it to. Apparently our (updated) EFA was happy to kill it on outbound, so I had to try a few times to send while bypassing EFA. My apologies if it came through more than once - our email server was being a little difficult. EFA did not automatically notify me a...
by skoppes
09 Sep 2016 18:40
Forum: 3.x How-to
Topic: Infected files slipping through
Replies: 17
Views: 2304

Re: Infected files slipping through

I sent an email request through the site to you pdwalker, and a copy of the file directly to you ovizii.

These are nasty little buggers!
by skoppes
09 Sep 2016 16:44
Forum: 3.x Bugs
Topic: 3.0.1.3 - Release Message From Web Not Working?
Replies: 1
Views: 725

3.0.1.3 - Release Message From Web Not Working?

Hello, We had a fairly painless upgrade to 3.0.1.3, and tests worked (somehow). After an hour or so, we started getting calls of missing email. Went in and found the MailScanner was apparently repeatedly crashing, causing EFA to quarantine/hold everything on inbound and outbound. Yikes! This was dir...
by skoppes
02 Sep 2016 15:39
Forum: 3.x How-to
Topic: jar files in zip
Replies: 7
Views: 1609

Re: jar files in zip

I'm still rather new to everything in EFA (been using it for ~1.5 years) and find myself asking the same questions. My best advice would be to document your changes, so you can look back at them in the future. I've certainly found files in some odd places too! It doesn't help that the forum search f...
by skoppes
02 Sep 2016 13:49
Forum: 3.x How-to
Topic: jar files in zip
Replies: 7
Views: 1609

Re: jar files in zip

I also ran into this previously - EFA doesn't (didn't?) look inside ZIP files by default. I don't know if the default behavior has changed yet or not. The workaround is located here: https://forum.efa-project.org/viewtopic.php?f=13&t=1210 Make the following config change (unless an update has change...
by skoppes
02 Sep 2016 13:47
Forum: 3.x How-to
Topic: Infected files slipping through
Replies: 17
Views: 2304

Re: Infected files slipping through

We had the same thing happen. Several users, over several days, were getting slammed with macro-infected DOC files. I still have one that came directly to me for reference: Spam Report: Score Matching Rule Description -0.00 BAYES_20 Bayes spam probability is 5 to 20% 1.10 DCC_CHECK Detected as bulk ...
by skoppes
31 Aug 2016 13:15
Forum: Discussion
Topic: Preventing Domain Spoofing - Problem With A Twist?
Replies: 15
Views: 3403

Re: Preventing Domain Spoofing - Problem With A Twist?

I finally got a chance to implement this as a test. My guess about incoming mail not coming through when relayed back was correct - they are denied. The work-around suggested above did not work. What we did not anticipate was it entirely preventing email from the student domain. I'll have to get you...
by skoppes
09 May 2016 13:11
Forum: Discussion
Topic: MailScanner.conf denying zip files
Replies: 4
Views: 2056

Re: MailScanner.conf denying zip files

I also ran into this previously - EFA doesn't look inside ZIP files by default? My workaround is located here: https://forum.efa-project.org/viewtopic.php?f=13&t=1210 Make the following config change (unless an update has changed it from 0 as default?): Edit: /etc/MailScanner/MailScanner.conf Change...
by skoppes
05 Apr 2016 15:52
Forum: 3.x Bugs
Topic: TLS Problem - Delayed Inbound Mail - Tried To Resolve
Replies: 2
Views: 1913

Re: TLS Problem - Delayed Inbound Mail - Tried To Resolve

I think I found the problem, server is unfortunately using RC4 Cipher. There is not an easy fix to this. We have a near-term project in the works to get that server retired anyhow. I wanted to share some of my experiences. Attempted to create work-around, per the following: http://www.postfix.org/TL...
by skoppes
31 Mar 2016 18:49
Forum: 3.x Bugs
Topic: TLS Problem - Delayed Inbound Mail - Tried To Resolve
Replies: 2
Views: 1913

TLS Problem - Delayed Inbound Mail - Tried To Resolve

Hello all! Since 3.0.0.9 enabled TLS for Postfix, we've been having all sorts of intermittent issues with incoming email. It turns out the EFA doesn't like our in-house CA security certificates, causing intermittent delays on inbound messages. This can be diagnosed by: openssl s_client -starttls smt...
by skoppes
15 Mar 2016 19:45
Forum: Discussion
Topic: message marked as spam gives a razor error
Replies: 38
Views: 11582

Re: message marked as spam gives a razor error

Ran into this with 3.0.0.8 - downloaded as the Hyper-V VM.

Posted details here: viewtopic.php?t=1473

Hopefully these steps may help track-down why this happens for some people?
by skoppes
15 Mar 2016 19:42
Forum: 3.x Bugs
Topic: Learn+Report - Razor2 Error (Resolved?)
Replies: 2
Views: 1771

Learn+Report - Razor2 Error (Resolved?)

Running EFA 3.0.0.8 - downloaded as a pre-compiled Hyper-V VM We were having an issue, and it looked like a repeat of the following: https://forum.efa-project.org/viewtopic.php?t=531 When attempting to 'Learn + Report' on a message, it was throwing the following error: warn: reporter: razor2 report ...
by skoppes
10 Mar 2016 21:07
Forum: Discussion
Topic: Preventing Domain Spoofing - Problem With A Twist?
Replies: 15
Views: 3403

Re: Preventing Domain Spoofing - Problem With A Twist?

After looking at it, the syntax doesn't look correct, but that is certainly how Google is tagging them. Odd, but then again, that is Google! I have it in place and will check it when we implement the other rule(s) as mentioned above. I'll try to remember and update this post after it is in place. Fo...
by skoppes
01 Mar 2016 18:25
Forum: Discussion
Topic: Preventing Domain Spoofing - Problem With A Twist?
Replies: 15
Views: 3403

Re: Preventing Domain Spoofing - Problem With A Twist?

Sent. Thank you again for your assistance!
by skoppes
23 Feb 2016 16:32
Forum: Discussion
Topic: Preventing Domain Spoofing - Problem With A Twist?
Replies: 15
Views: 3403

Re: Preventing Domain Spoofing - Problem With A Twist?

Attempted to send via email. Please let me know if you need anything else!
by skoppes
16 Feb 2016 18:22
Forum: Discussion
Topic: Preventing Domain Spoofing - Problem With A Twist?
Replies: 15
Views: 3403

Re: Preventing Domain Spoofing - Problem With A Twist?

(Sorry, I forgot I posted this last week!) The outbound messages do come from our Exchange server, so there are Received: headers indicating it originated on our network. I have far too little experience with the powerful features available in *nix. Unfortunately. I would be happy to provide a sampl...
by skoppes
09 Feb 2016 18:54
Forum: Discussion
Topic: Preventing Domain Spoofing - Problem With A Twist?
Replies: 15
Views: 3403

Preventing Domain Spoofing - Problem With A Twist?

In reference to the ingenious article here: https://forum.efa-project.org/viewtopic.php?f=14&t=1278 While working on the logistics to implement this solution, I ran into a catch with Google. We have Google handling our student email accounts, and as such, we have several internal users as 'owners' f...
by skoppes
12 Oct 2015 15:33
Forum: Discussion
Topic: Handling Spammy IP Addresses / Address Blocks
Replies: 5
Views: 2470

Re: Handling Spammy IP Addresses / Address Blocks

The domain names are all disposable to spammers these days. 5 of the 6 domain names don't even resolve as of today, and the 6'th doesn't have SPF any more.

Ugh.
by skoppes
07 Oct 2015 21:07
Forum: Discussion
Topic: Handling Spammy IP Addresses / Address Blocks
Replies: 5
Views: 2470

Handling Spammy IP Addresses / Address Blocks

Hello all, Part of the reason we moved away from our old (failing) solution was that it was failing to filter effectively. We were getting hit by spam-blasts very frequently throughout the day, and the filtering solution was unable to effectively handle the problem. Each blast comes from a handful o...
by skoppes
07 Oct 2015 20:45
Forum: 3.x How-to
Topic: SQLGrey - Greylisting Improvements with SPF\DNSWL
Replies: 15
Views: 4811

Re: SQLGrey - Greylisting Improvements with SPF\DNSWL

Thank you very much for your clarification. I had it configured correctly from the get-go, but ended up with poor results. Unfortunately, the spammers are using legitimate SPF records now. After enabling this, we were getting slammed with messages coming from spammers with valid SPF records for much...
by skoppes
07 Oct 2015 18:12
Forum: 3.x How-to
Topic: SQLGrey - Greylisting Improvements with SPF\DNSWL
Replies: 15
Views: 4811

Re: SQLGrey - Greylisting Improvements with SPF\DNSWL

Zohman, Thank you again for the very informative post, and for the attempted clarification. Unfortunately, I'm still confused. I understand 'comment out' to mean any line starting with # in this case. When I read the 'don't comment out this' I am confused, because it is already commented out in your...
by skoppes
07 Oct 2015 13:48
Forum: 3.x How-to
Topic: SQLGrey - Greylisting Improvements with SPF\DNSWL
Replies: 15
Views: 4811

Re: SQLGrey - Greylisting Improvements with SPF\DNSWL

This is excellent work - I've been wondering how to make EFA more pro-active to learning regular traffic! As I am implementing it, however, I am confused by the following from the initial instructions: #dnswl_reject_unauthorized = 1 Shortly following is a comment: but don't comment out dnswl_reject_...