Search found 14 matches

by northwindit
15 Oct 2019 19:52
Forum: How-to
Topic: GeoIP not always tagging email
Replies: 25
Views: 22251

GeoIP not always tagging email

Have two sample emails caught by the spam filter. Both come from the Russian Federation. However only one of them got tagged with the bad relay. Any ideas on why half the emails are getting tagged and the other half not? Right click on the sample screenshots and choose to open in new tab and they wi...
by northwindit
16 Jul 2019 16:02
Forum: How-to
Topic: Whitelisted IP still rejected
Replies: 8
Views: 12650

Whitelisted IP still rejected

Hello, Getting the following error in postfix logs even after adding the IP and hostname to the RBL override located at /etc/postfix/rbl_override NOQUEUE: reject: RCPT from mail.XXXXXX.ru[185.51.158.XX]: 554 5.7.1 <tenders@XXXXX.ru>: Sender address rejected: Access denied; from=<tenders@XXXXXX.ru> t...
by northwindit
14 Mar 2019 14:33
Forum: How-to
Topic: Greylisting sending server sends on different IP
Replies: 3
Views: 3368

Greylisting sending server sends on different IP

Hello, A few times i have run into this issue and i'm not sure of an automatic way of correcting it. An email comes in and gets greylisted. 5 or so minutes later the sending server honors the request and sends the email again, however it then comes from a different IP address. How can i have greylis...
by northwindit
04 Sep 2018 15:16
Forum: Discussion
Topic: Letsencrypt not installing/renewing on EFA 3.0.2.6
Replies: 10
Views: 10425

Re: Letsencrypt not installing/renewing on EFA 3.0.2.6

I had this same problem and the solutions listed in here didn't work for me. Not even webmin would load. This was my solution to get everything working again. Just passing the info along in case it can help someone else. //////////////////////////////////////////////////// Disable Lets Encrypt Disab...
by northwindit
01 May 2017 19:57
Forum: 3.x Bugs
Topic: 3.0.2.1 - Can't add a particular domain to blacklist
Replies: 16
Views: 12248

Re: 3.0.2.1 - Can't add a particular domain to blacklist

I should mention that just adding that ID to the list of excludes did not actually stop it from running. It only worked after commenting out those lines. Once i commented out those lines i did not proceed in investigating any further as it was on a production server.
by northwindit
01 May 2017 17:11
Forum: 3.x Bugs
Topic: 3.0.2.1 - Can't add a particular domain to blacklist
Replies: 16
Views: 12248

Re: 3.0.2.1 - Can't add a particular domain to blacklist

I have managed to get rid of all the errors by commenting out two lines in: /etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf # -=[ Detect DB Names ]=- # #SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "(?i:(?:m...
by northwindit
01 May 2017 16:57
Forum: 3.x Bugs
Topic: 3.0.2.1 - Can't add a particular domain to blacklist
Replies: 16
Views: 12248

Re: 3.0.2.1 - Can't add a particular domain to blacklist

"(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite($ ..." at ARGS:chk[]. [file "/etc/httpd/modsecurit...
by northwindit
01 May 2017 15:37
Forum: 3.x Bugs
Topic: 3.0.2.1 - Can't add a particular domain to blacklist
Replies: 16
Views: 12248

Re: 3.0.2.1 - Can't add a particular domain to blacklist

These are the lines that jump out at me: ssl_access_log 10.1.10.116 - - [01/May/2017:11:32:39 -0400] "POST /sgwi/connect.php HTTP/1.1" 200 58876 10.1.10.116 - - [01/May/2017:11:32:40 -0400] "GET /sgwi/connect.php?sort=first_seen&csort=sender_name&order=desc HTTP/1.1" 403 ...
by northwindit
01 May 2017 14:55
Forum: 3.x Bugs
Topic: 3.0.2.1 - Can't add a particular domain to blacklist
Replies: 16
Views: 12248

Re: 3.0.2.1 - Can't add a particular domain to blacklist

Still receiving forbidden messages when trying to move an item in the greylist to whitelist You don't have permission to access /sgwi/connect.php on this server. All secrules that have been mentioned to add in the previous posts have been added SecRuleRemoveByID 981173 SecRuleRemoveByID 981249 SecRu...
by northwindit
25 Apr 2017 18:59
Forum: 3.x Bugs
Topic: 3.0.2.1 - Can't add a particular domain to blacklist
Replies: 16
Views: 12248

Re: 3.0.2.1 - Can't add a particular domain to blacklist

Yeah, i have the same problem when trying to release a message:
You don't have permission to access /mailscanner/detail.php on this server.

Seems that version 3.0.1.9 and forward seriously did not go through any quality testing before release.
by northwindit
27 Oct 2016 12:29
Forum: How-to
Topic: Tag clean emails (backup server)
Replies: 2
Views: 2188

Re: Tag clean emails (backup server)

Because within minutes of the backup server being brought online it was hit hard with spam emails. So in the off chance one gets through the backup server to the primary server i want the users to exercise more caution when viewing emails that have MX2 in the subject line when the primary server has...
by northwindit
26 Oct 2016 19:12
Forum: How-to
Topic: Tag clean emails (backup server)
Replies: 2
Views: 2188

Tag clean emails (backup server)

Good day all, I have two zimbra email servers, one on location, and one remote. Both also have EFA project running as well to filter emails. Basic concept is if the primary location goes down, our secondary MX records will kick in and email will still get delivered and filtered through the off-site ...
by northwindit
21 Apr 2016 14:18
Forum: How-to
Topic: Released bad content gets reblocked
Replies: 0
Views: 2437

Released bad content gets reblocked

Hello all, My company gets file attachments from government agencies. Some of these incoming emails have attachments that have multiple periods in the file name which the /etc/MailScanner/filename.rules.conf will block. This is really good in most cases, but for the few legitimate emails that get bl...
by northwindit
12 Apr 2016 15:55
Forum: How-to
Topic: Block entire Countries by IPs
Replies: 7
Views: 10063

Block entire Countries by IPs

Hello everyone, Just started using this wonderful product in our office and while it is doing great. I would like to ask a few questions that after searching have not found clear answers on how to perform. 1) How would i go about blocking entire IP ranges from countries. I use https://www.countryipb...