Search found 33 matches
- 09 Dec 2019 20:57
- Forum: 4.x Bugs
- Topic: Mailscanner changes FROM address
- Replies: 2
- Views: 2874
Re: Mailscanner changes FROM address
This sounds suspiciously like what I ran into before: https://forum.efa-project.org/viewtopic.php?t=3086 While my problem was with 3.x, I'm not sure if it's still applicable in 4.x. It might at least give you somewhere to start looking. Copied so you don't have to wade through everything. EFA is con...
- 16 May 2019 17:46
- Forum: 3.x Bugs
- Topic: RESOLVED: Missing Child Domain in From: Report Fields
- Replies: 6
- Views: 10982
Re: Missing Child Domain in From: Report Fields
I FINALLY FIGURED THIS OUT! EFA, by default, is configured to masquerade (re-write) child domains of it's own domain. This causes ANY child domain (of the EFA configured domain) on incoming email to be re-written! This is a default configuration option that is disabled by default in postfix but enab...
- 03 May 2019 20:53
- Forum: 3.x Bugs
- Topic: RESOLVED: Missing Child Domain in From: Report Fields
- Replies: 6
- Views: 10982
Re: Missing Child Domain in From: Report Fields
I must re-visit this issue, because it has become a problem with the insane amount of scam/fraud messages coming through. I took a deeper look and have determined that the web interface is working properly. The information has been populated incorrectly into the maillog table in the mailscanner data...
- 10 May 2018 19:22
- Forum: 3.x Bugs
- Topic: RESOLVED: Missing Child Domain in From: Report Fields
- Replies: 6
- Views: 10982
Re: Missing Child Domain in From: Report Fields
The first example shows how the message looks in the recent/quarantine lists. The second example shows the message details once you open it up. The From: fields are incorrect, but the From: listed in the message header is correct. <images removed since issue resolved> It's very puzzling. I have no i...
- 10 May 2018 19:11
- Forum: 3.x Bugs
- Topic: RESOLVED: Missing Child Domain in From: Report Fields
- Replies: 6
- Views: 10982
Re: Missing Child Domain in From: Report Fields
Yes, figuring out how to describe this issue has been bugging me. I've noticed it for a long time (a year or so?) and just ignored it for that exact reason, but it troubles me that there may be something else going on. Incoming mail from from Internet -> Google-hosted child domain does NOT go throug...
- 10 May 2018 14:11
- Forum: 3.x Bugs
- Topic: RESOLVED: Missing Child Domain in From: Report Fields
- Replies: 6
- Views: 10982
RESOLVED: Missing Child Domain in From: Report Fields
Hello all, I've noticed that the child domain used by our students is not properly reported in the From: field in reports and message lists, such as 'Recent Messages' and the 'From:' field when viewing said message. For example, these report the from domain as 'schooldomain.edu' rather than 'my.scho...
- 13 Sep 2016 13:10
- Forum: How-to
- Topic: Infected files slipping through
- Replies: 17
- Views: 8236
Re: Infected files slipping through
Update: Yes, that is the address I sent it to. Apparently our (updated) EFA was happy to kill it on outbound, so I had to try a few times to send while bypassing EFA. My apologies if it came through more than once - our email server was being a little difficult. EFA did not automatically notify me a...
- 09 Sep 2016 18:40
- Forum: How-to
- Topic: Infected files slipping through
- Replies: 17
- Views: 8236
Re: Infected files slipping through
I sent an email request through the site to you pdwalker, and a copy of the file directly to you ovizii.
These are nasty little buggers!
These are nasty little buggers!
- 09 Sep 2016 16:44
- Forum: 3.x Bugs
- Topic: 3.0.1.3 - Release Message From Web Not Working?
- Replies: 1
- Views: 1904
3.0.1.3 - Release Message From Web Not Working?
Hello, We had a fairly painless upgrade to 3.0.1.3, and tests worked (somehow). After an hour or so, we started getting calls of missing email. Went in and found the MailScanner was apparently repeatedly crashing, causing EFA to quarantine/hold everything on inbound and outbound. Yikes! This was dir...
- 02 Sep 2016 15:39
- Forum: How-to
- Topic: jar files in zip
- Replies: 7
- Views: 4841
Re: jar files in zip
I'm still rather new to everything in EFA (been using it for ~1.5 years) and find myself asking the same questions. My best advice would be to document your changes, so you can look back at them in the future. I've certainly found files in some odd places too! It doesn't help that the forum search f...
- 02 Sep 2016 13:49
- Forum: How-to
- Topic: jar files in zip
- Replies: 7
- Views: 4841
Re: jar files in zip
I also ran into this previously - EFA doesn't (didn't?) look inside ZIP files by default. I don't know if the default behavior has changed yet or not. The workaround is located here: https://forum.efa-project.org/viewtopic.php?f=13&t=1210 Make the following config change (unless an update has ch...
- 02 Sep 2016 13:47
- Forum: How-to
- Topic: Infected files slipping through
- Replies: 17
- Views: 8236
Re: Infected files slipping through
We had the same thing happen. Several users, over several days, were getting slammed with macro-infected DOC files. I still have one that came directly to me for reference: Spam Report: Score Matching Rule Description -0.00 BAYES_20 Bayes spam probability is 5 to 20% 1.10 DCC_CHECK Detected as bulk ...
- 31 Aug 2016 13:15
- Forum: Discussion
- Topic: Preventing Domain Spoofing - Problem With A Twist?
- Replies: 15
- Views: 8814
Re: Preventing Domain Spoofing - Problem With A Twist?
I finally got a chance to implement this as a test. My guess about incoming mail not coming through when relayed back was correct - they are denied. The work-around suggested above did not work. What we did not anticipate was it entirely preventing email from the student domain. I'll have to get you...
- 09 May 2016 13:11
- Forum: Discussion
- Topic: MailScanner.conf denying zip files
- Replies: 4
- Views: 4851
Re: MailScanner.conf denying zip files
I also ran into this previously - EFA doesn't look inside ZIP files by default? My workaround is located here: https://forum.efa-project.org/viewtopic.php?f=13&t=1210 Make the following config change (unless an update has changed it from 0 as default?): Edit: /etc/MailScanner/MailScanner.conf Ch...
- 05 Apr 2016 15:52
- Forum: 3.x Bugs
- Topic: TLS Problem - Delayed Inbound Mail - Tried To Resolve
- Replies: 2
- Views: 3812
Re: TLS Problem - Delayed Inbound Mail - Tried To Resolve
I think I found the problem, server is unfortunately using RC4 Cipher. There is not an easy fix to this. We have a near-term project in the works to get that server retired anyhow. I wanted to share some of my experiences. Attempted to create work-around, per the following: http://www.postfix.org/TL...
- 31 Mar 2016 18:49
- Forum: 3.x Bugs
- Topic: TLS Problem - Delayed Inbound Mail - Tried To Resolve
- Replies: 2
- Views: 3812
TLS Problem - Delayed Inbound Mail - Tried To Resolve
Hello all! Since 3.0.0.9 enabled TLS for Postfix, we've been having all sorts of intermittent issues with incoming email. It turns out the EFA doesn't like our in-house CA security certificates, causing intermittent delays on inbound messages. This can be diagnosed by: openssl s_client -starttls smt...
- 15 Mar 2016 19:45
- Forum: Discussion
- Topic: message marked as spam gives a razor error
- Replies: 38
- Views: 36563
Re: message marked as spam gives a razor error
Ran into this with 3.0.0.8 - downloaded as the Hyper-V VM.
Posted details here: viewtopic.php?t=1473
Hopefully these steps may help track-down why this happens for some people?
Posted details here: viewtopic.php?t=1473
Hopefully these steps may help track-down why this happens for some people?
- 15 Mar 2016 19:42
- Forum: 3.x Bugs
- Topic: Learn+Report - Razor2 Error (Resolved?)
- Replies: 2
- Views: 4606
Learn+Report - Razor2 Error (Resolved?)
Running EFA 3.0.0.8 - downloaded as a pre-compiled Hyper-V VM We were having an issue, and it looked like a repeat of the following: https://forum.efa-project.org/viewtopic.php?t=531 When attempting to 'Learn + Report' on a message, it was throwing the following error: warn: reporter: razor2 report ...
- 10 Mar 2016 21:07
- Forum: Discussion
- Topic: Preventing Domain Spoofing - Problem With A Twist?
- Replies: 15
- Views: 8814
Re: Preventing Domain Spoofing - Problem With A Twist?
After looking at it, the syntax doesn't look correct, but that is certainly how Google is tagging them. Odd, but then again, that is Google! I have it in place and will check it when we implement the other rule(s) as mentioned above. I'll try to remember and update this post after it is in place. Fo...
- 01 Mar 2016 18:25
- Forum: Discussion
- Topic: Preventing Domain Spoofing - Problem With A Twist?
- Replies: 15
- Views: 8814
Re: Preventing Domain Spoofing - Problem With A Twist?
Sent. Thank you again for your assistance!
- 23 Feb 2016 16:32
- Forum: Discussion
- Topic: Preventing Domain Spoofing - Problem With A Twist?
- Replies: 15
- Views: 8814
Re: Preventing Domain Spoofing - Problem With A Twist?
Attempted to send via email. Please let me know if you need anything else!
- 16 Feb 2016 18:22
- Forum: Discussion
- Topic: Preventing Domain Spoofing - Problem With A Twist?
- Replies: 15
- Views: 8814
Re: Preventing Domain Spoofing - Problem With A Twist?
(Sorry, I forgot I posted this last week!) The outbound messages do come from our Exchange server, so there are Received: headers indicating it originated on our network. I have far too little experience with the powerful features available in *nix. Unfortunately. I would be happy to provide a sampl...
- 09 Feb 2016 18:54
- Forum: Discussion
- Topic: Preventing Domain Spoofing - Problem With A Twist?
- Replies: 15
- Views: 8814
Preventing Domain Spoofing - Problem With A Twist?
In reference to the ingenious article here: https://forum.efa-project.org/viewtopic.php?f=14&t=1278 While working on the logistics to implement this solution, I ran into a catch with Google. We have Google handling our student email accounts, and as such, we have several internal users as 'owner...
- 12 Oct 2015 15:33
- Forum: Discussion
- Topic: Handling Spammy IP Addresses / Address Blocks
- Replies: 5
- Views: 5859
Re: Handling Spammy IP Addresses / Address Blocks
The domain names are all disposable to spammers these days. 5 of the 6 domain names don't even resolve as of today, and the 6'th doesn't have SPF any more.
Ugh.
Ugh.
- 07 Oct 2015 21:07
- Forum: Discussion
- Topic: Handling Spammy IP Addresses / Address Blocks
- Replies: 5
- Views: 5859
Handling Spammy IP Addresses / Address Blocks
Hello all, Part of the reason we moved away from our old (failing) solution was that it was failing to filter effectively. We were getting hit by spam-blasts very frequently throughout the day, and the filtering solution was unable to effectively handle the problem. Each blast comes from a handful o...