efa-project.org

Have two sample emails caught by the spam filter. Both come from the Russian Federation. However only one of them got tagged with the bad relay. Any ideas on why half the emails are getting tagged and the other half not? Right click on the sample screenshots and choose to open in new tab and they ...

Hello,

Getting the following error in postfix logs even after adding the IP and hostname to the RBL override located at /etc/postfix/rbl_override

NOQUEUE: reject: RCPT from mail.XXXXXX.ru[185.51.158.XX]: 554 5.7.1 <tenders@XXXXX.ru>: Sender address rejected: Access denied; from=<tenders@XXXXXX.ru ...

Hello,

A few times i have run into this issue and i'm not sure of an automatic way of correcting it.

An email comes in and gets greylisted. 5 or so minutes later the sending server honors the request and sends the email again, however it then comes from a different IP address. How can i have ...

I had this same problem and the solutions listed in here didn't work for me. Not even webmin would load. This was my solution to get everything working again. Just passing the info along in case it can help someone else.

////////////////////////////////////////////////////
Disable Lets Encrypt ...

I should mention that just adding that ID to the list of excludes did not actually stop it from running. It only worked after commenting out those lines. Once i commented out those lines i did not proceed in investigating any further as it was on a production server.

I have managed to get rid of all the errors by commenting out two lines in:
/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf

# -=[ Detect DB Names ]=-
#
#SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "(?i:(?:m(?:s ...

"(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite($
..." at ARGS:chk[]. [file "/etc/httpd/modsecurity.d/activated ...

These are the lines that jump out at me:

ssl_access_log
10.1.10.116 - - [01/May/2017:11:32:39 -0400] "POST /sgwi/connect.php HTTP/1.1" 200 58876
10.1.10.116 - - [01/May/2017:11:32:40 -0400] "GET /sgwi/connect.php?sort=first_seen&csort=sender_name&order=desc HTTP/1.1" 403 337

10.1.10.116 - - [01 ...

Still receiving forbidden messages when trying to move an item in the greylist to whitelist

You don't have permission to access /sgwi/connect.php on this server.

All secrules that have been mentioned to add in the previous posts have been added
SecRuleRemoveByID 981173
SecRuleRemoveByID 981249 ...

Yeah, i have the same problem when trying to release a message:
You don't have permission to access /mailscanner/detail.php on this server.

Seems that version 3.0.1.9 and forward seriously did not go through any quality testing before release.

Because within minutes of the backup server being brought online it was hit hard with spam emails. So in the off chance one gets through the backup server to the primary server i want the users to exercise more caution when viewing emails that have MX2 in the subject line when the primary server has ...

Good day all,

I have two zimbra email servers, one on location, and one remote. Both also have EFA project running as well to filter emails.

Basic concept is if the primary location goes down, our secondary MX records will kick in and email will still get delivered and filtered through the off ...

Hello all,

My company gets file attachments from government agencies. Some of these incoming emails have attachments that have multiple periods in the file name which the /etc/MailScanner/filename.rules.conf will block. This is really good in most cases, but for the few legitimate emails that get ...

Hello everyone,

Just started using this wonderful product in our office and while it is doing great. I would like to ask a few questions that after searching have not found clear answers on how to perform.

1) How would i go about blocking entire IP ranges from countries. I use https://www ...