Search found 33 matches

by skoppes
09 Dec 2019 20:57
Forum: 4.x Bugs
Topic: Mailscanner changes FROM address
Replies: 2
Views: 2816

Re: Mailscanner changes FROM address

This sounds suspiciously like what I ran into before: https://forum.efa-project.org/viewtopic.php?t=3086 While my problem was with 3.x, I'm not sure if it's still applicable in 4.x. It might at least give you somewhere to start looking. Copied so you don't have to wade through everything. EFA is con...
by skoppes
16 May 2019 17:46
Forum: 3.x Bugs
Topic: RESOLVED: Missing Child Domain in From: Report Fields
Replies: 6
Views: 10681

Re: Missing Child Domain in From: Report Fields

I FINALLY FIGURED THIS OUT! EFA, by default, is configured to masquerade (re-write) child domains of it's own domain. This causes ANY child domain (of the EFA configured domain) on incoming email to be re-written! This is a default configuration option that is disabled by default in postfix but enab...
by skoppes
03 May 2019 20:53
Forum: 3.x Bugs
Topic: RESOLVED: Missing Child Domain in From: Report Fields
Replies: 6
Views: 10681

Re: Missing Child Domain in From: Report Fields

I must re-visit this issue, because it has become a problem with the insane amount of scam/fraud messages coming through. I took a deeper look and have determined that the web interface is working properly. The information has been populated incorrectly into the maillog table in the mailscanner data...
by skoppes
10 May 2018 19:22
Forum: 3.x Bugs
Topic: RESOLVED: Missing Child Domain in From: Report Fields
Replies: 6
Views: 10681

Re: Missing Child Domain in From: Report Fields

The first example shows how the message looks in the recent/quarantine lists. The second example shows the message details once you open it up. The From: fields are incorrect, but the From: listed in the message header is correct. <images removed since issue resolved> It's very puzzling. I have no i...
by skoppes
10 May 2018 19:11
Forum: 3.x Bugs
Topic: RESOLVED: Missing Child Domain in From: Report Fields
Replies: 6
Views: 10681

Re: Missing Child Domain in From: Report Fields

Yes, figuring out how to describe this issue has been bugging me. I've noticed it for a long time (a year or so?) and just ignored it for that exact reason, but it troubles me that there may be something else going on. Incoming mail from from Internet -> Google-hosted child domain does NOT go throug...
by skoppes
10 May 2018 14:11
Forum: 3.x Bugs
Topic: RESOLVED: Missing Child Domain in From: Report Fields
Replies: 6
Views: 10681

RESOLVED: Missing Child Domain in From: Report Fields

Hello all, I've noticed that the child domain used by our students is not properly reported in the From: field in reports and message lists, such as 'Recent Messages' and the 'From:' field when viewing said message. For example, these report the from domain as 'schooldomain.edu' rather than 'my.scho...
by skoppes
13 Sep 2016 13:10
Forum: How-to
Topic: Infected files slipping through
Replies: 17
Views: 8185

Re: Infected files slipping through

Update: Yes, that is the address I sent it to. Apparently our (updated) EFA was happy to kill it on outbound, so I had to try a few times to send while bypassing EFA. My apologies if it came through more than once - our email server was being a little difficult. EFA did not automatically notify me a...
by skoppes
09 Sep 2016 18:40
Forum: How-to
Topic: Infected files slipping through
Replies: 17
Views: 8185

Re: Infected files slipping through

I sent an email request through the site to you pdwalker, and a copy of the file directly to you ovizii.

These are nasty little buggers!
by skoppes
09 Sep 2016 16:44
Forum: 3.x Bugs
Topic: 3.0.1.3 - Release Message From Web Not Working?
Replies: 1
Views: 1886

3.0.1.3 - Release Message From Web Not Working?

Hello, We had a fairly painless upgrade to 3.0.1.3, and tests worked (somehow). After an hour or so, we started getting calls of missing email. Went in and found the MailScanner was apparently repeatedly crashing, causing EFA to quarantine/hold everything on inbound and outbound. Yikes! This was dir...
by skoppes
02 Sep 2016 15:39
Forum: How-to
Topic: jar files in zip
Replies: 7
Views: 4820

Re: jar files in zip

I'm still rather new to everything in EFA (been using it for ~1.5 years) and find myself asking the same questions. My best advice would be to document your changes, so you can look back at them in the future. I've certainly found files in some odd places too! It doesn't help that the forum search f...
by skoppes
02 Sep 2016 13:49
Forum: How-to
Topic: jar files in zip
Replies: 7
Views: 4820

Re: jar files in zip

I also ran into this previously - EFA doesn't (didn't?) look inside ZIP files by default. I don't know if the default behavior has changed yet or not. The workaround is located here: https://forum.efa-project.org/viewtopic.php?f=13&t=1210 Make the following config change (unless an update has ch...
by skoppes
02 Sep 2016 13:47
Forum: How-to
Topic: Infected files slipping through
Replies: 17
Views: 8185

Re: Infected files slipping through

We had the same thing happen. Several users, over several days, were getting slammed with macro-infected DOC files. I still have one that came directly to me for reference: Spam Report: Score Matching Rule Description -0.00 BAYES_20 Bayes spam probability is 5 to 20% 1.10 DCC_CHECK Detected as bulk ...
by skoppes
31 Aug 2016 13:15
Forum: Discussion
Topic: Preventing Domain Spoofing - Problem With A Twist?
Replies: 15
Views: 8728

Re: Preventing Domain Spoofing - Problem With A Twist?

I finally got a chance to implement this as a test. My guess about incoming mail not coming through when relayed back was correct - they are denied. The work-around suggested above did not work. What we did not anticipate was it entirely preventing email from the student domain. I'll have to get you...
by skoppes
09 May 2016 13:11
Forum: Discussion
Topic: MailScanner.conf denying zip files
Replies: 4
Views: 4832

Re: MailScanner.conf denying zip files

I also ran into this previously - EFA doesn't look inside ZIP files by default? My workaround is located here: https://forum.efa-project.org/viewtopic.php?f=13&t=1210 Make the following config change (unless an update has changed it from 0 as default?): Edit: /etc/MailScanner/MailScanner.conf Ch...
by skoppes
05 Apr 2016 15:52
Forum: 3.x Bugs
Topic: TLS Problem - Delayed Inbound Mail - Tried To Resolve
Replies: 2
Views: 3792

Re: TLS Problem - Delayed Inbound Mail - Tried To Resolve

I think I found the problem, server is unfortunately using RC4 Cipher. There is not an easy fix to this. We have a near-term project in the works to get that server retired anyhow. I wanted to share some of my experiences. Attempted to create work-around, per the following: http://www.postfix.org/TL...
by skoppes
31 Mar 2016 18:49
Forum: 3.x Bugs
Topic: TLS Problem - Delayed Inbound Mail - Tried To Resolve
Replies: 2
Views: 3792

TLS Problem - Delayed Inbound Mail - Tried To Resolve

Hello all! Since 3.0.0.9 enabled TLS for Postfix, we've been having all sorts of intermittent issues with incoming email. It turns out the EFA doesn't like our in-house CA security certificates, causing intermittent delays on inbound messages. This can be diagnosed by: openssl s_client -starttls smt...
by skoppes
15 Mar 2016 19:45
Forum: Discussion
Topic: message marked as spam gives a razor error
Replies: 38
Views: 33535

Re: message marked as spam gives a razor error

Ran into this with 3.0.0.8 - downloaded as the Hyper-V VM.

Posted details here: viewtopic.php?t=1473

Hopefully these steps may help track-down why this happens for some people?
by skoppes
15 Mar 2016 19:42
Forum: 3.x Bugs
Topic: Learn+Report - Razor2 Error (Resolved?)
Replies: 2
Views: 4553

Learn+Report - Razor2 Error (Resolved?)

Running EFA 3.0.0.8 - downloaded as a pre-compiled Hyper-V VM We were having an issue, and it looked like a repeat of the following: https://forum.efa-project.org/viewtopic.php?t=531 When attempting to 'Learn + Report' on a message, it was throwing the following error: warn: reporter: razor2 report ...
by skoppes
10 Mar 2016 21:07
Forum: Discussion
Topic: Preventing Domain Spoofing - Problem With A Twist?
Replies: 15
Views: 8728

Re: Preventing Domain Spoofing - Problem With A Twist?

After looking at it, the syntax doesn't look correct, but that is certainly how Google is tagging them. Odd, but then again, that is Google! I have it in place and will check it when we implement the other rule(s) as mentioned above. I'll try to remember and update this post after it is in place. Fo...
by skoppes
01 Mar 2016 18:25
Forum: Discussion
Topic: Preventing Domain Spoofing - Problem With A Twist?
Replies: 15
Views: 8728

Re: Preventing Domain Spoofing - Problem With A Twist?

Sent. Thank you again for your assistance!
by skoppes
23 Feb 2016 16:32
Forum: Discussion
Topic: Preventing Domain Spoofing - Problem With A Twist?
Replies: 15
Views: 8728

Re: Preventing Domain Spoofing - Problem With A Twist?

Attempted to send via email. Please let me know if you need anything else!
by skoppes
16 Feb 2016 18:22
Forum: Discussion
Topic: Preventing Domain Spoofing - Problem With A Twist?
Replies: 15
Views: 8728

Re: Preventing Domain Spoofing - Problem With A Twist?

(Sorry, I forgot I posted this last week!) The outbound messages do come from our Exchange server, so there are Received: headers indicating it originated on our network. I have far too little experience with the powerful features available in *nix. Unfortunately. I would be happy to provide a sampl...
by skoppes
09 Feb 2016 18:54
Forum: Discussion
Topic: Preventing Domain Spoofing - Problem With A Twist?
Replies: 15
Views: 8728

Preventing Domain Spoofing - Problem With A Twist?

In reference to the ingenious article here: https://forum.efa-project.org/viewtopic.php?f=14&t=1278 While working on the logistics to implement this solution, I ran into a catch with Google. We have Google handling our student email accounts, and as such, we have several internal users as 'owner...
by skoppes
12 Oct 2015 15:33
Forum: Discussion
Topic: Handling Spammy IP Addresses / Address Blocks
Replies: 5
Views: 5812

Re: Handling Spammy IP Addresses / Address Blocks

The domain names are all disposable to spammers these days. 5 of the 6 domain names don't even resolve as of today, and the 6'th doesn't have SPF any more.

Ugh.
by skoppes
07 Oct 2015 21:07
Forum: Discussion
Topic: Handling Spammy IP Addresses / Address Blocks
Replies: 5
Views: 5812

Handling Spammy IP Addresses / Address Blocks

Hello all, Part of the reason we moved away from our old (failing) solution was that it was failing to filter effectively. We were getting hit by spam-blasts very frequently throughout the day, and the filtering solution was unable to effectively handle the problem. Each blast comes from a handful o...