efa-project.org

I use WINSCP to make changes to the files, using the built in editor.

Tera Term Pro (SSH) for console access.

DKIM can be found here

viewtopic.php?t=1006



While you are at it implement DMARC see viewtopic.php?f=14&t=2616

Check your SPF record is correct

https://vamsoft.com/support/tools/spf-syntax-validator

Have you an example of the one of the domains?

Wow this as been busy while I been away on leave.

I notice pyzor.nova53.net is listed, is this a look source to add to the setup?

Is the pyzor.scrolloutf1 worth adding for those that have tested it?

I was asked to get DMARC working on top of the EFA box.

So I read the forum post here which discussed does EFA support SPF/DKIM/DMARC
https://forum.efa-project.org/viewtopic.php?f=5&t=2239&p=8518&hilit=DMARC#p8518

DKIM can be found here https://forum.efa-project.org/viewtopic.php?t=1006

This ...

With regards to version 1.0 it was more a question of any dependances that anybody was aware of.
I have going to download and have a play and report back once was working.

Pyzor is working, Pyzor ping works.

Tried /var/spool/postfix/.pyzor

also tried /var/spool/MailScanner/spammassassin

but ...

I noticed that the Pyzor on the latest EFA is version 0.7, while version 1.0 is available.

Do you know of a reason to not move to 1.0?

Also where are of the configuration files, I was looking add "pyzor.scrolloutf1.com:24441" as another server to the default.

RavioliKing

If I am reading you correct you want to create a list of valid recipients email addresses and reject unknown ones, and these list will come from multiple servers, is this multiple AD's?

I have two different AD domains, I extract all valid emails addresses from the two AD, merge the ...

if your code works, go with I am not an expert on SA coding.

I was suggesting an alternative to the problem, since I added "reject_non_fqdn_sender" I very rarely get DHL spam anymore.

I also force inbound TLS for common delivery company like dhl.com get rid the spoofed, zombie PCs tend not to do ...

Is this mail from somebodies home PC?

If so, I find adding this to my main.cf (reject_non_fqdn_sender)

smtpd_sender_restrictions =
......
reject_non_fqdn_sender,
..... other rules

The reason is the majority of PC's are normally standalone and they are not joined to a domain, so they do not ...

In headers_check in /etc/postfix add below in, change ExchangeServer to what name your internal server is.

You need to put a # in front of the line "/^Message-ID:/ HOLD"

/^Received:/ HOLD

/^Received: from ExchangeServer/ IGNORE
/^Received: from 127.0.0.1/ IGNORE

Then issue

postmap /etc ...

I did end up using this

rawbody WOMBLE_FREEWEB /tripod\.com|freewebs\.com|wix\.com|ukit\.com/
score WOMBLE_FREEWEB 4.00
describe WOMBLE_FREEWEB Body contains hyperlink to free website hosting domain (phishing?) low security

At least the message is tagged as spam, if it fails other test it can ...

I did do both of those.

I did some more reading and found another example that used rawbody

I changed

body TRIPOD1 /\.tripod\.com/

to

rawbody TRIPOD1 /\.tripod\.com/

and compiled and restarted MailScanner, it did not work, I went to bed, and went to have a look the following day and ...

Just like virus there are also zero day phishing links that have not filtering into any urbl list.

I am trying to get Mailscanner/SA as part of a spam check to add urls is certain free hosting web-sites to be given a score.

In local.cf I have added

body WOMBLE_FREEWEB /tripod\.com|freewebs\.com ...

SOLUTION BELOW:

in MailScanner.conf

by default for AV scanning you have

Virus Scanners = clamd

When I installed sophos I added

Virus Scanners = clamd sophos

What I did was swop them round, the email is quarantined, the user can see it, but cannot release it, problem solved.

Virus ...

I used the instructions to install from another poster
https://forum.efa-project.org/viewtopic.php?f=14&t=1329&p=7288&hilit=sophos#p7288


I have noticed since installing SOPHOS has detected a number of ransomware viruses based on the double extension. All good, however on the MailWatch screen it ...

My top virus on my system is reported as "YARA.possible_includes_base64_packed_functions.UNOFFICIAL", with just 1.4% daily of all messages being logged as virus infected. I am using the default unofficial ones, plus a securiteinfo.com subscription.

I have had a report from one of my users that they ...

I noticed one of the domains we force TLS to and from had changed their TLS settings to high, and mail was not being delivered, it was OK on low.

On analyzing the MTA logs, it was found we was getting an error similar to below.

postfix/smtp[<pid>]: warning: TLS library problem:
error:1407741A ...

just incase anybody else is going to do this, this is the HOW TO.

In the /etc/unbound/conf.d/forwarders.conf I added the following lines, x.x.x.x is the local DNS that as the zone replication.

forward-zone:
name: "multi.surbl.org"
forward-addr: x.x.x.x
forward-addr: x.x.x.x

Also

# Use SBL ...

Thanks for the pointer I will give that a go.

I am using the stock build of EFA version 3.0.1.7.

I am getting URIBL_BLOCKED The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists\#dnsbl-block for more information.

I have access to access to non-public/professional data feed for SURBL and URIBL (http://www.surbl ...

I have my existing mail gateway which I am looking to replace with EFA over the next few months so I am looking to try and get as much as possible the same.

The system adds disclaimers to email (as does EFA) but the disclaimer is dynamic, where the disclaimers uses variables such as date/time the ...

I recently installed by first EFA Vm.

I have noticed point release .8 is now out, think I was on 5 or 6 when I built it, now on 7. I have made some changes in the main.cf file, if I upgrade to .8 will any of the configuration files be replaced?

Hello,

While looking to building a email gateway to front my exchange I found first, Mailscanner then EFA. Very easy to build and setup. I am still playing with it and there seems to a lot that been built in over the years.

What is enabled by default, and what do you need to be tweaked for an ...

webguyz I am having the same issue, what do I need to add 127.0.0.1 to?