Search found 375 matches

by henk
06 Jun 2019 22:20
Forum: 3.x How-to
Topic: spamassassin filtering not consistently working for some TLDs
Replies: 7
Views: 144

Re: spamassassin filtering not consistently working for some TLDs

Why do all the mail have a score 0? and your -succesfull- blacklisted mail a 150 score? And you did enable MCP? Do you ever have a score > 0 ? Looks like you disabled scanning somehow. Anyway, when you enter them via the Gui-> blackandwhitelist just enter @ and the domain you want to blacklist. so j...
by henk
06 Jun 2019 22:01
Forum: Discussion
Topic: Smarthost with TLS
Replies: 3
Views: 93

Re: Smarthost with TLS

As "one of the Directors has been doing the "IT stuff" since then", they have "state of the art" hardware? Everybody can buy a hammer and nails, but that doesn't make them a carpenter :snooty: ( translated from Dutch it looks silly..) The good news, besides the hotel bar, they use Efa 8-) When you s...
by henk
06 Jun 2019 18:02
Forum: Discussion
Topic: Smarthost with TLS
Replies: 3
Views: 93

Re: Smarthost with TLS

There are more members as fortunate as you :lol: they should be able to give advise on this one.

I use efa inbound only and, lucky me, no Exchange ;) and I sure like pfsense a lot. :clap:

but, "important partners from a Gmail account"? :shifty: :oops:
by henk
06 Jun 2019 17:47
Forum: 3.x How-to
Topic: spamassassin filtering not consistently working for some TLDs
Replies: 7
Views: 144

Re: spamassassin filtering not consistently working for some TLDs

Somehow i live in a banned rule tld ( .nl) :think: blacklist_from *.agency - Remove the wildcard and just leave the domain. Via MailWatch GUI under black and white lists. will take effect either after restarting MailScanner. You could also add block country / ip's - https://forum.efa-project.org/vie...
by henk
06 Jun 2019 09:57
Forum: 4.x Testing
Topic: eFa 4.0 RTM
Replies: 7
Views: 781

Re: eFa 4.0 RTM

As you have version 3.0.2.5 running you could take a look at version 3.0.2.6 https://github.com/E-F-A/v3/blob/master/CHANGELOG and decide if you want to upgrade or wait for the first v4 stable release. Nice to know: you can migrate from v3 to v4. As v4 contains massive changes, I'm sure the efa team...
by henk
05 Jun 2019 15:03
Forum: 4.x Testing
Topic: eFa 4.0 RTM
Replies: 7
Views: 781

Re: eFa 4.0 RTM

"try one on production" As in "Test in Production" ? :shifty: :roll:
by henk
02 Jun 2019 13:49
Forum: Discussion
Topic: LetsEncrypt: Blessing and curse at the same time?
Replies: 0
Views: 58

LetsEncrypt: Blessing and curse at the same time?

As DNS is essential, not only in efa, it's worth the time to read this post about Global DNS Hijacking.

It's the perfect way to harvest credentials and get access.

https://www.fireeye.com/blog/threat-res ... scale.html
by henk
02 Jun 2019 09:54
Forum: Discussion
Topic: help about blocked files
Replies: 3
Views: 103

Re: help about blocked files

"All DNS settings are correct" So if you dig your TXT record, your sending IP shows , or is included? Maybe someone, who is also sending notifications, can step in? Besides dns , you can take a look at https://forum.efa-project.org/viewtopic.php?t=2802 about double extensions ( Attempt to hide real ...
by henk
02 Jun 2019 09:28
Forum: 4.x Testing
Topic: 1 jun bug / emails are not released
Replies: 2
Views: 175

Re: 1 jun bug / emails are not released

Having no issues whatsoever, I would say that the next messages in your log are pointing to the issue:

continue not asking DCC 438 seconds after 5 failures

Insufficient system resources (SystemMemory)


And check your available diskspace https://robot.lk/viewtopic.php?f=20&t=2972
by henk
01 Jun 2019 19:05
Forum: Discussion
Topic: help about blocked files
Replies: 3
Views: 103

Re: help about blocked files

You should check your DNS settings for your domain, as efa sends mail to the outside world,and gmail checks if the ip is allowed to send mail for your domain ( that's correct) dig MX <yourdomain> and dig TXT <yourdomain> And check if reverse dns points to the correct PTR name. If you make sure the T...
by henk
31 May 2019 07:10
Forum: 3.x Bugs
Topic: mysql overloading system cpu/IO
Replies: 34
Views: 5182

Re: mysql overloading system cpu/IO

From the mysql documentation : https://dev.mysql.com/doc/refman/5.7/en/host-cache.html You should check your EFA Unbound dns. As the dns seems to be a problem. Mysqltuner provides usefull info. To bypass dns issues with mysql and bump up security by using localhost for connections only 1. /etc/my.cn...
by henk
28 May 2019 07:30
Forum: Discussion
Topic: Show login history
Replies: 4
Views: 185

Re: Show login history

You are right, so just did a test to see when someone logged in with ssh: 1. /var/log/secure grep -irHn 'Accepted password' /var/log/secure /var/log/secure:7794:May 28 09:05:09 efa sshd[10331]: Accepted password for <user> from <IP> port 49517 ssh2 /var/log/secure:7800:May 28 09:05:09 efa sshd[10334...
by henk
27 May 2019 15:59
Forum: Discussion
Topic: Show login history
Replies: 4
Views: 185

Re: Show login history

In the Gui-> Search and Reports->Audit Log

As there is housekeeping on this log, it will show the last 60 days, if I remember well
by henk
27 May 2019 14:48
Forum: 4.x Testing
Topic: PDF are blocked
Replies: 4
Views: 314

Re: PDF are blocked

There is an issue with clamav pdf's scanning at the moment. To temp solve it, and don't blame me if the message did report a valid (Win.Exploit.CVE_2019_0903-6966169-0) virus :shhh: 1. Howto whitelist a clamav signature https://www.clamav.net/documents/how-do-i-ignore-whitelist-a-clamav-signature 2....
by henk
26 May 2019 11:33
Forum: 3.x Bugs
Topic: Np data...
Replies: 10
Views: 2226

Re: Np data...

Hi Dave,

Take a look at this thread about the GEO-IP issue: viewtopic.php?f=13&t=3311&p=13191&hilit ... ion#p13203
by henk
15 May 2019 10:02
Forum: 3.x How-to
Topic: How to skip rbl check locally ?
Replies: 4
Views: 167

Re: How to skip rbl check locally ?

Just an idea: To bypass the uribl skipping issues, you could use EFA for inbound mail only.
by henk
14 May 2019 14:04
Forum: Discussion
Topic: question about user types
Replies: 7
Views: 308

Re: question about user types

as far as I remember, if I simply entered a domain as username and added an email to that user, that email would receive a quarantine report for that whole domain. You did remember well :D As I use fetchmail to fetch mail form external sources, I map that to a local user. So every mail user has a u...
by henk
13 May 2019 13:36
Forum: Discussion
Topic: question about user types
Replies: 7
Views: 308

Re: question about user types

Not sure if you mean this: https://forum.efa-project.org/viewtopic.php?t=3002 It's not recommended, but it works fine with me. /var/www/html/mailscanner/conf.php //Allow domain admins to create/edit/delete other domain admins from the same domain (not recommended, only for backward compatibility) de...
by henk
26 Apr 2019 12:11
Forum: 4.x Testing
Topic: efa4 Set default dcc servers
Replies: 0
Views: 126

efa4 Set default dcc servers

When setting the dcc servers, the dcc path in /var/eFa/lib/eFa-Configure/func_askdccservers is wrong [eFa] - Set DCC Server Pools [eFa] This option will allow you to set the DCC server [eFa] pools that you want to use. [eFa] The dcc-servers.net pool is limited use and what ships with dcc. [eFa] Choi...
by henk
20 Apr 2019 10:36
Forum: 4.x Testing
Topic: Mail delayed in Milter Incoming queue
Replies: 3
Views: 327

Re: Mail delayed in Milter Incoming queue

The discussion of firewalls is outside the scope of this forum, but as your first line of defense, it's worth the effort to pick a decent firewall. Can't say anything about the sophos firewall, but I'm a big fan of pfsense community edition. https://docs.netgate.com/ Easy to install/update/configure...
by henk
18 Apr 2019 18:02
Forum: 4.x Testing
Topic: Mail delayed in Milter Incoming queue
Replies: 3
Views: 327

Re: Mail delayed in Milter Incoming queue

The first tester that followed the requested format :dance: :clap: :violin: (I'm replacing email receipt currently handled by a Sophos firewall that's randomly breaking inbound emails Great firewall :whistle: "emails often sit in the Milter Incoming queue for 5 minutes or more before being processed...
by henk
18 Apr 2019 16:53
Forum: 3.x Bugs
Topic: Uribl Blocked also with dns recursive
Replies: 17
Views: 811

Re: Uribl Blocked also with dns recursive

*** Do you use ipv6? problem 1 "Y ou should also consider adding uri skips on your company domains. Especially if your mail clients append footers with your company url in each email. Because our DNS cache TTL is so low, each email containing your company domain could generate one or more queries. ...
by henk
18 Apr 2019 06:34
Forum: 3.x Bugs
Topic: Disk size /var suddenly increasing
Replies: 4
Views: 224

Re: Disk size /var suddenly increasing

You could check the cron maintenance jobs for errors. or consider to lower retension to less than 60 days. Did you move the dcc cron job from montly to daily? https://forum.efa-project.org/viewtopic.php?t=2610 Check number of dcc files: ls -l /var/dcc/log |wc -l Delete old files from /var/dcc/log ( ...