efa-project.org

Thanks for the detailed answer, that's about all I wanted to know

P.S. Thanks for making such a great tool!

I haven't found a comparison so far hence my question.
I'm just curious what changed i.e. do both use the same components (i.e. postfix, spamassassin, mailwatch etc.?)
What else is different?

shawniverson wrote: 29 Jan 2020 11:37 I can send my alerts to you?

Please don't do that.
I learned a very valuable lesson to double check my posted snippets before publicly submitting them.

pdwalker wrote: 06 Dec 2017 07:19

Good luck!

no luck. still getting those pesky emails

I would be very interested, just yesterday I noticed one of my clients had about 40 incoming emails blocked as VIRUS because malwarepatrol as far as I remember blocked emails from alibaba because they contain links to alibaba CDN.
Now imagine having to search for 40 mails manually, copy/paste their ...

manually releasing isn't a problem. I installed alpine on EFA that way I can send them out via Email straight away, very easy, I was wondering why the "rele4ase" button in Mailscanner wasn't working for me

pdwalker wrote: 28 Oct 2019 11:49 This is what I do when that happens:

• resubmit the message

  /usr/sbin/sendmail.postfix -t < /var/spool/MailScanner/quarantine/<YYMMDD>/<MESSAGEID>/message

Thanks. I will try this tip to see if I can resubmit the email the next time this happens.

Hi there,

I have read a couple of similar posts around here but I think my problem is different. Recently apparently malwarepatrol seems to have started marking email containing docs.gogle.com as viruses:

sigtool --find-sigs MBL_34101911
[malwarepatrol.ndb] MBL_34101911:0 ...

Found the solution this was due to a GeoIp Update => viewtopic.php?p=13578

I have retraced my steps.

All I did before this problem occured was this:

inside /etc/mail/spamassassin I edited my
my-adjusted-scores.cf and added this content at the bottom of the file (I had more modified scores inside there)

#
# these ones scored well, upping their score
#


# original 0.10 ...

This seems to be only the case for incoming emails where this info is missing...

It might have been me modifying some configs but I can't retrace what triggered this:

https://pasteboard.co/IvQaTUK.png

Any ideas? The emails are still being scanned properly and everythign works but I still want to see those details

Just stumbled across these free signatures: https://malware.expert/signatures/ - anyone knows those guys?
Any hitns on the best way to add them in addition to the other sources?

I'm sorry can you quickly explain what exactly this is: "reverse sender host domain"?
Do you take the IP of the sending server and do a reverse DNS lookup?

Oh wow, looking at what you linked to you are totally right and one should not consider this a viable alternative.
I found the product via a tech newsletter, looks like someone didn't really quality check their newsletter

I can try and explain how I understand the situation but I might be wrong.

Looking at https://docs.mailwatch.org/using/user-filter.html and https://forum.efa-project.org/viewtopic.php?t=3002

this is what I took away:

If you create a user named johndoe@example.com as user type User and I log-in ...

I'm not sure what you have decided for EFA v4 but I jsut stumbled upon this project and thought I'd share it here: https://orangeassassin.org/

From their description:
OrangeAssassin was created as an upgraded open-source drop-in replacement for SpamAssassin for Linux users and control panel ...

Thanks for confirming and digging out that old post. I did not have to add a new user in a while but when I tried adding 2 new domains and saw that all my old users were in a different format, I just vaguely remembered there was a reason for that but couldn't find where it was described :-)

I'll ...

Yes, thanks henk, that is exactly what I meant but the link you posted is a bit confusing as the screenshot does not exactly fit the text you wrote there.

This is what I am confused about:
In previous MailWatch versions we could enter any username in a non valid email format, to generate 1 ...

Found this manual entry: https://docs.mailwatch.org/using/user-filter.html

is that how it works now? Should I rename my domain admin users?

I previously had only listed one user per domain as domain administrator, it looked like this:

https://monosnap.com/file/TMty0szOLSMhTJiuoezZF11tILsmiE

you notice the user name is the full domain. Seems that is no longer possible as I now get: "For all users other than Administrator you must use ...

@alleyviper: you should add this to the github issue tracker as a feature suggestion for EFA v4 though => https://github.com/E-F-A/v4/issues

I do think adding phishtank is unnecessary as after reading this old thread it seems it is or was already incorporated: https://forum.efa-project.org/viewtopic.php?f=14&t=1736

/etc/MailScanner/phishing.bad.sites.conf USED to include this line:
# This file is updated once per day from http://www ...

Hi there,

Where to put pm file included?


I don't think its necessary to do anything. as of Sa 3.4.2 if you have /etc/mail/spamassassin/hashbl.cf look inside, mine says:

loadplugin Mail::SpamAssassin::Plugin::HashBL HashBL.pm

ifplugin Mail::SpamAssassin::Plugin::HashBL
header HASHBL_EMAIL ...