I use WINSCP to make changes to the files, using the built in editor.
Tera Term Pro (SSH) for console access.
Search found 50 matches
- 14 Sep 2017 22:06
- Forum: How-to
- Topic: Configuring EFA
- Replies: 7
- Views: 5601
- 24 Aug 2017 15:59
- Forum: Discussion
- Topic: EFA vs DKIM signing plug in module
- Replies: 3
- Views: 3616
Re: EFA vs DKIM signing plug in module
DKIM can be found here
viewtopic.php?t=1006
While you are at it implement DMARC see viewtopic.php?f=14&t=2616
viewtopic.php?t=1006
While you are at it implement DMARC see viewtopic.php?f=14&t=2616
- 24 Aug 2017 15:54
- Forum: Discussion
- Topic: SPF not working
- Replies: 12
- Views: 29147
Re: SPF not working
Check your SPF record is correct
https://vamsoft.com/support/tools/spf-syntax-validator
Have you an example of the one of the domains?
https://vamsoft.com/support/tools/spf-syntax-validator
Have you an example of the one of the domains?
- 21 Aug 2017 19:12
- Forum: Discussion
- Topic: Pyzor Questions
- Replies: 25
- Views: 20796
Re: Pyzor Questions
Wow this as been busy while I been away on leave.
I notice pyzor.nova53.net is listed, is this a look source to add to the setup?
Is the pyzor.scrolloutf1 worth adding for those that have tested it?
I notice pyzor.nova53.net is listed, is this a look source to add to the setup?
Is the pyzor.scrolloutf1 worth adding for those that have tested it?
- 21 Aug 2017 18:28
- Forum: How-to
- Topic: Implementing DMARC : How to
- Replies: 1
- Views: 5390
Implementing DMARC : How to
I was asked to get DMARC working on top of the EFA box.
So I read the forum post here which discussed does EFA support SPF/DKIM/DMARC
https://forum.efa-project.org/viewtopic.php?f=5&t=2239&p=8518&hilit=DMARC#p8518
DKIM can be found here https://forum.efa-project.org/viewtopic.php?t=1006
This ...
So I read the forum post here which discussed does EFA support SPF/DKIM/DMARC
https://forum.efa-project.org/viewtopic.php?f=5&t=2239&p=8518&hilit=DMARC#p8518
DKIM can be found here https://forum.efa-project.org/viewtopic.php?t=1006
This ...
- 26 Jul 2017 12:16
- Forum: Discussion
- Topic: Pyzor Questions
- Replies: 25
- Views: 20796
Re: Pyzor Questions
With regards to version 1.0 it was more a question of any dependances that anybody was aware of.
I have going to download and have a play and report back once was working.
Pyzor is working, Pyzor ping works.
Tried /var/spool/postfix/.pyzor
also tried /var/spool/MailScanner/spammassassin
but ...
I have going to download and have a play and report back once was working.
Pyzor is working, Pyzor ping works.
Tried /var/spool/postfix/.pyzor
also tried /var/spool/MailScanner/spammassassin
but ...
- 25 Jul 2017 13:17
- Forum: Discussion
- Topic: Pyzor Questions
- Replies: 25
- Views: 20796
Pyzor Questions
I noticed that the Pyzor on the latest EFA is version 0.7, while version 1.0 is available.
Do you know of a reason to not move to 1.0?
Also where are of the configuration files, I was looking add "pyzor.scrolloutf1.com:24441" as another server to the default.
Do you know of a reason to not move to 1.0?
Also where are of the configuration files, I was looking add "pyzor.scrolloutf1.com:24441" as another server to the default.
- 25 Jul 2017 12:22
- Forum: How-to
- Topic: Multiple Domains, Mailservers, different user verification, Cluster
- Replies: 2
- Views: 3094
Re: Multiple Domains, Mailservers, different user verification, Cluster
RavioliKing
If I am reading you correct you want to create a list of valid recipients email addresses and reject unknown ones, and these list will come from multiple servers, is this multiple AD's?
I have two different AD domains, I extract all valid emails addresses from the two AD, merge the ...
If I am reading you correct you want to create a list of valid recipients email addresses and reject unknown ones, and these list will come from multiple servers, is this multiple AD's?
I have two different AD domains, I extract all valid emails addresses from the two AD, merge the ...
Re: DHL Spam
if your code works, go with I am not an expert on SA coding.
I was suggesting an alternative to the problem, since I added "reject_non_fqdn_sender" I very rarely get DHL spam anymore.
I also force inbound TLS for common delivery company like dhl.com get rid the spoofed, zombie PCs tend not to do ...
I was suggesting an alternative to the problem, since I added "reject_non_fqdn_sender" I very rarely get DHL spam anymore.
I also force inbound TLS for common delivery company like dhl.com get rid the spoofed, zombie PCs tend not to do ...
Re: DHL Spam
Is this mail from somebodies home PC?
If so, I find adding this to my main.cf (reject_non_fqdn_sender)
smtpd_sender_restrictions =
......
reject_non_fqdn_sender,
..... other rules
The reason is the majority of PC's are normally standalone and they are not joined to a domain, so they do not ...
If so, I find adding this to my main.cf (reject_non_fqdn_sender)
smtpd_sender_restrictions =
......
reject_non_fqdn_sender,
..... other rules
The reason is the majority of PC's are normally standalone and they are not joined to a domain, so they do not ...
- 12 Jun 2017 13:12
- Forum: How-to
- Topic: Excluding email originator from the internet headers
- Replies: 2
- Views: 2910
Re: Excluding email originator from the internet headers
In headers_check in /etc/postfix add below in, change ExchangeServer to what name your internal server is.
You need to put a # in front of the line "/^Message-ID:/ HOLD"
/^Received:/ HOLD
/^Received: from ExchangeServer/ IGNORE
/^Received: from 127.0.0.1/ IGNORE
Then issue
postmap /etc ...
You need to put a # in front of the line "/^Message-ID:/ HOLD"
/^Received:/ HOLD
/^Received: from ExchangeServer/ IGNORE
/^Received: from 127.0.0.1/ IGNORE
Then issue
postmap /etc ...
- 12 Jun 2017 13:05
- Forum: How-to
- Topic: the unknown phishing link
- Replies: 4
- Views: 3674
Re: the unknown phishing link
I did end up using this
rawbody WOMBLE_FREEWEB /tripod\.com|freewebs\.com|wix\.com|ukit\.com/
score WOMBLE_FREEWEB 4.00
describe WOMBLE_FREEWEB Body contains hyperlink to free website hosting domain (phishing?) low security
At least the message is tagged as spam, if it fails other test it can ...
rawbody WOMBLE_FREEWEB /tripod\.com|freewebs\.com|wix\.com|ukit\.com/
score WOMBLE_FREEWEB 4.00
describe WOMBLE_FREEWEB Body contains hyperlink to free website hosting domain (phishing?) low security
At least the message is tagged as spam, if it fails other test it can ...
- 12 Jun 2017 13:01
- Forum: How-to
- Topic: the unknown phishing link
- Replies: 4
- Views: 3674
Re: the unknown phishing link
I did do both of those.
I did some more reading and found another example that used rawbody
I changed
body TRIPOD1 /\.tripod\.com/
to
rawbody TRIPOD1 /\.tripod\.com/
and compiled and restarted MailScanner, it did not work, I went to bed, and went to have a look the following day and ...
I did some more reading and found another example that used rawbody
I changed
body TRIPOD1 /\.tripod\.com/
to
rawbody TRIPOD1 /\.tripod\.com/
and compiled and restarted MailScanner, it did not work, I went to bed, and went to have a look the following day and ...
- 09 Jun 2017 13:02
- Forum: How-to
- Topic: the unknown phishing link
- Replies: 4
- Views: 3674
the unknown phishing link
Just like virus there are also zero day phishing links that have not filtering into any urbl list.
I am trying to get Mailscanner/SA as part of a spam check to add urls is certain free hosting web-sites to be given a score.
In local.cf I have added
body WOMBLE_FREEWEB /tripod\.com|freewebs\.com ...
I am trying to get Mailscanner/SA as part of a spam check to add urls is certain free hosting web-sites to be given a score.
In local.cf I have added
body WOMBLE_FREEWEB /tripod\.com|freewebs\.com ...
- 14 Feb 2017 23:18
- Forum: Discussion
- Topic: Sophos and the flag Dangerous?
- Replies: 2
- Views: 2912
Re: Sophos and the flag Dangerous?
SOLUTION BELOW:
in MailScanner.conf
by default for AV scanning you have
Virus Scanners = clamd
When I installed sophos I added
Virus Scanners = clamd sophos
What I did was swop them round, the email is quarantined, the user can see it, but cannot release it, problem solved.
Virus ...
in MailScanner.conf
by default for AV scanning you have
Virus Scanners = clamd
When I installed sophos I added
Virus Scanners = clamd sophos
What I did was swop them round, the email is quarantined, the user can see it, but cannot release it, problem solved.
Virus ...
- 13 Feb 2017 12:19
- Forum: Discussion
- Topic: Sophos and the flag Dangerous?
- Replies: 2
- Views: 2912
Sophos and the flag Dangerous?
I used the instructions to install from another poster
https://forum.efa-project.org/viewtopic.php?f=14&t=1329&p=7288&hilit=sophos#p7288
I have noticed since installing SOPHOS has detected a number of ransomware viruses based on the double extension. All good, however on the MailWatch screen it ...
https://forum.efa-project.org/viewtopic.php?f=14&t=1329&p=7288&hilit=sophos#p7288
I have noticed since installing SOPHOS has detected a number of ransomware viruses based on the double extension. All good, however on the MailWatch screen it ...
- 06 Feb 2017 11:37
- Forum: How-to
- Topic: Notification of some viruses
- Replies: 0
- Views: 1974
Notification of some viruses
My top virus on my system is reported as "YARA.possible_includes_base64_packed_functions.UNOFFICIAL", with just 1.4% daily of all messages being logged as virus infected. I am using the default unofficial ones, plus a securiteinfo.com subscription.
I have had a report from one of my users that they ...
I have had a report from one of my users that they ...
- 23 Jan 2017 21:45
- Forum: Discussion
- Topic: PCI Compliance Scan results
- Replies: 6
- Views: 23256
Re: PCI Compliance Scan results
I noticed one of the domains we force TLS to and from had changed their TLS settings to high, and mail was not being delivered, it was OK on low.
On analyzing the MTA logs, it was found we was getting an error similar to below.
postfix/smtp[<pid>]: warning: TLS library problem:
error:1407741A ...
On analyzing the MTA logs, it was found we was getting an error similar to below.
postfix/smtp[<pid>]: warning: TLS library problem:
error:1407741A ...
- 20 Jan 2017 11:00
- Forum: How-to
- Topic: using surbl.org or uribl.com professional datafeeds in spamassassin
- Replies: 1
- Views: 2929
Re: using surbl.org or uribl.com professional datafeeds in spamassassin
just incase anybody else is going to do this, this is the HOW TO.
In the /etc/unbound/conf.d/forwarders.conf I added the following lines, x.x.x.x is the local DNS that as the zone replication.
forward-zone:
name: "multi.surbl.org"
forward-addr: x.x.x.x
forward-addr: x.x.x.x
Also
# Use SBL ...
In the /etc/unbound/conf.d/forwarders.conf I added the following lines, x.x.x.x is the local DNS that as the zone replication.
forward-zone:
name: "multi.surbl.org"
forward-addr: x.x.x.x
forward-addr: x.x.x.x
Also
# Use SBL ...
- 20 Jan 2017 10:54
- Forum: Discussion
- Topic: email disclaimer
- Replies: 3
- Views: 3889
Re: email disclaimer
Thanks for the pointer I will give that a go.
- 18 Jan 2017 11:54
- Forum: How-to
- Topic: using surbl.org or uribl.com professional datafeeds in spamassassin
- Replies: 1
- Views: 2929
using surbl.org or uribl.com professional datafeeds in spamassassin
I am using the stock build of EFA version 3.0.1.7.
I am getting URIBL_BLOCKED The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists\#dnsbl-block for more information.
I have access to access to non-public/professional data feed for SURBL and URIBL (http://www.surbl ...
I am getting URIBL_BLOCKED The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists\#dnsbl-block for more information.
I have access to access to non-public/professional data feed for SURBL and URIBL (http://www.surbl ...
- 17 Jan 2017 20:23
- Forum: Discussion
- Topic: email disclaimer
- Replies: 3
- Views: 3889
email disclaimer
I have my existing mail gateway which I am looking to replace with EFA over the next few months so I am looking to try and get as much as possible the same.
The system adds disclaimers to email (as does EFA) but the disclaimer is dynamic, where the disclaimers uses variables such as date/time the ...
The system adds disclaimers to email (as does EFA) but the disclaimer is dynamic, where the disclaimers uses variables such as date/time the ...
- 17 Jan 2017 19:46
- Forum: Discussion
- Topic: Upgrading to later version of EFA.
- Replies: 1
- Views: 2199
Upgrading to later version of EFA.
I recently installed by first EFA Vm.
I have noticed point release .8 is now out, think I was on 5 or 6 when I built it, now on 7. I have made some changes in the main.cf file, if I upgrade to .8 will any of the configuration files be replaced?
I have noticed point release .8 is now out, think I was on 5 or 6 when I built it, now on 7. I have made some changes in the main.cf file, if I upgrade to .8 will any of the configuration files be replaced?
- 17 Jan 2017 19:44
- Forum: Introduction
- Topic: Hello EFA
- Replies: 1
- Views: 2900
Hello EFA
Hello,
While looking to building a email gateway to front my exchange I found first, Mailscanner then EFA. Very easy to build and setup. I am still playing with it and there seems to a lot that been built in over the years.
What is enabled by default, and what do you need to be tweaked for an ...
While looking to building a email gateway to front my exchange I found first, Mailscanner then EFA. Very easy to build and setup. I am still playing with it and there seems to a lot that been built in over the years.
What is enabled by default, and what do you need to be tweaked for an ...
- 17 Jan 2017 12:59
- Forum: Discussion
- Topic: Not able to release items from quarantine
- Replies: 3
- Views: 3871
Re: Not able to release items from quarantine
webguyz I am having the same issue, what do I need to add 127.0.0.1 to?