Search found 50 matches

by thewomble
14 Sep 2017 22:06
Forum: How-to
Topic: Configuring EFA
Replies: 7
Views: 5601

Re: Configuring EFA

I use WINSCP to make changes to the files, using the built in editor.

Tera Term Pro (SSH) for console access.
by thewomble
24 Aug 2017 15:59
Forum: Discussion
Topic: EFA vs DKIM signing plug in module
Replies: 3
Views: 3616

Re: EFA vs DKIM signing plug in module

DKIM can be found here

viewtopic.php?t=1006



While you are at it implement DMARC see viewtopic.php?f=14&t=2616
by thewomble
24 Aug 2017 15:54
Forum: Discussion
Topic: SPF not working
Replies: 12
Views: 29147

Re: SPF not working

Check your SPF record is correct

https://vamsoft.com/support/tools/spf-syntax-validator

Have you an example of the one of the domains?
by thewomble
21 Aug 2017 19:12
Forum: Discussion
Topic: Pyzor Questions
Replies: 25
Views: 20796

Re: Pyzor Questions

Wow this as been busy while I been away on leave.

I notice pyzor.nova53.net is listed, is this a look source to add to the setup?

Is the pyzor.scrolloutf1 worth adding for those that have tested it?
by thewomble
21 Aug 2017 18:28
Forum: How-to
Topic: Implementing DMARC : How to
Replies: 1
Views: 5390

Implementing DMARC : How to

I was asked to get DMARC working on top of the EFA box.

So I read the forum post here which discussed does EFA support SPF/DKIM/DMARC
https://forum.efa-project.org/viewtopic.php?f=5&t=2239&p=8518&hilit=DMARC#p8518

DKIM can be found here https://forum.efa-project.org/viewtopic.php?t=1006

This ...
by thewomble
26 Jul 2017 12:16
Forum: Discussion
Topic: Pyzor Questions
Replies: 25
Views: 20796

Re: Pyzor Questions

With regards to version 1.0 it was more a question of any dependances that anybody was aware of.
I have going to download and have a play and report back once was working.

Pyzor is working, Pyzor ping works.

Tried /var/spool/postfix/.pyzor

also tried /var/spool/MailScanner/spammassassin

but ...
by thewomble
25 Jul 2017 13:17
Forum: Discussion
Topic: Pyzor Questions
Replies: 25
Views: 20796

Pyzor Questions

I noticed that the Pyzor on the latest EFA is version 0.7, while version 1.0 is available.

Do you know of a reason to not move to 1.0?

Also where are of the configuration files, I was looking add "pyzor.scrolloutf1.com:24441" as another server to the default.
by thewomble
25 Jul 2017 12:22
Forum: How-to
Topic: Multiple Domains, Mailservers, different user verification, Cluster
Replies: 2
Views: 3094

Re: Multiple Domains, Mailservers, different user verification, Cluster

RavioliKing

If I am reading you correct you want to create a list of valid recipients email addresses and reject unknown ones, and these list will come from multiple servers, is this multiple AD's?

I have two different AD domains, I extract all valid emails addresses from the two AD, merge the ...
by thewomble
13 Jun 2017 21:57
Forum: How-to
Topic: DHL Spam
Replies: 3
Views: 4040

Re: DHL Spam

if your code works, go with I am not an expert on SA coding.

I was suggesting an alternative to the problem, since I added "reject_non_fqdn_sender" I very rarely get DHL spam anymore.

I also force inbound TLS for common delivery company like dhl.com get rid the spoofed, zombie PCs tend not to do ...
by thewomble
13 Jun 2017 15:49
Forum: How-to
Topic: DHL Spam
Replies: 3
Views: 4040

Re: DHL Spam

Is this mail from somebodies home PC?

If so, I find adding this to my main.cf (reject_non_fqdn_sender)

smtpd_sender_restrictions =
......
reject_non_fqdn_sender,
..... other rules

The reason is the majority of PC's are normally standalone and they are not joined to a domain, so they do not ...
by thewomble
12 Jun 2017 13:12
Forum: How-to
Topic: Excluding email originator from the internet headers
Replies: 2
Views: 2910

Re: Excluding email originator from the internet headers

In headers_check in /etc/postfix add below in, change ExchangeServer to what name your internal server is.

You need to put a # in front of the line "/^Message-ID:/ HOLD"

/^Received:/ HOLD

/^Received: from ExchangeServer/ IGNORE
/^Received: from 127.0.0.1/ IGNORE

Then issue

postmap /etc ...
by thewomble
12 Jun 2017 13:05
Forum: How-to
Topic: the unknown phishing link
Replies: 4
Views: 3674

Re: the unknown phishing link

I did end up using this

rawbody WOMBLE_FREEWEB /tripod\.com|freewebs\.com|wix\.com|ukit\.com/
score WOMBLE_FREEWEB 4.00
describe WOMBLE_FREEWEB Body contains hyperlink to free website hosting domain (phishing?) low security

At least the message is tagged as spam, if it fails other test it can ...
by thewomble
12 Jun 2017 13:01
Forum: How-to
Topic: the unknown phishing link
Replies: 4
Views: 3674

Re: the unknown phishing link

I did do both of those.

I did some more reading and found another example that used rawbody

I changed

body TRIPOD1 /\.tripod\.com/

to

rawbody TRIPOD1 /\.tripod\.com/

and compiled and restarted MailScanner, it did not work, I went to bed, and went to have a look the following day and ...
by thewomble
09 Jun 2017 13:02
Forum: How-to
Topic: the unknown phishing link
Replies: 4
Views: 3674

the unknown phishing link

Just like virus there are also zero day phishing links that have not filtering into any urbl list.

I am trying to get Mailscanner/SA as part of a spam check to add urls is certain free hosting web-sites to be given a score.

In local.cf I have added

body WOMBLE_FREEWEB /tripod\.com|freewebs\.com ...
by thewomble
14 Feb 2017 23:18
Forum: Discussion
Topic: Sophos and the flag Dangerous?
Replies: 2
Views: 2912

Re: Sophos and the flag Dangerous?

SOLUTION BELOW:

in MailScanner.conf

by default for AV scanning you have

Virus Scanners = clamd

When I installed sophos I added

Virus Scanners = clamd sophos

What I did was swop them round, the email is quarantined, the user can see it, but cannot release it, problem solved.

Virus ...
by thewomble
13 Feb 2017 12:19
Forum: Discussion
Topic: Sophos and the flag Dangerous?
Replies: 2
Views: 2912

Sophos and the flag Dangerous?

I used the instructions to install from another poster
https://forum.efa-project.org/viewtopic.php?f=14&t=1329&p=7288&hilit=sophos#p7288


I have noticed since installing SOPHOS has detected a number of ransomware viruses based on the double extension. All good, however on the MailWatch screen it ...
by thewomble
06 Feb 2017 11:37
Forum: How-to
Topic: Notification of some viruses
Replies: 0
Views: 1974

Notification of some viruses

My top virus on my system is reported as "YARA.possible_includes_base64_packed_functions.UNOFFICIAL", with just 1.4% daily of all messages being logged as virus infected. I am using the default unofficial ones, plus a securiteinfo.com subscription.

I have had a report from one of my users that they ...
by thewomble
23 Jan 2017 21:45
Forum: Discussion
Topic: PCI Compliance Scan results
Replies: 6
Views: 23256

Re: PCI Compliance Scan results

I noticed one of the domains we force TLS to and from had changed their TLS settings to high, and mail was not being delivered, it was OK on low.

On analyzing the MTA logs, it was found we was getting an error similar to below.

postfix/smtp[<pid>]: warning: TLS library problem:
error:1407741A ...
by thewomble
20 Jan 2017 11:00
Forum: How-to
Topic: using surbl.org or uribl.com professional datafeeds in spamassassin
Replies: 1
Views: 2929

Re: using surbl.org or uribl.com professional datafeeds in spamassassin

just incase anybody else is going to do this, this is the HOW TO.

In the /etc/unbound/conf.d/forwarders.conf I added the following lines, x.x.x.x is the local DNS that as the zone replication.

forward-zone:
name: "multi.surbl.org"
forward-addr: x.x.x.x
forward-addr: x.x.x.x

Also

# Use SBL ...
by thewomble
20 Jan 2017 10:54
Forum: Discussion
Topic: email disclaimer
Replies: 3
Views: 3889

Re: email disclaimer

Thanks for the pointer I will give that a go.
by thewomble
18 Jan 2017 11:54
Forum: How-to
Topic: using surbl.org or uribl.com professional datafeeds in spamassassin
Replies: 1
Views: 2929

using surbl.org or uribl.com professional datafeeds in spamassassin

I am using the stock build of EFA version 3.0.1.7.

I am getting URIBL_BLOCKED The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists\#dnsbl-block for more information.

I have access to access to non-public/professional data feed for SURBL and URIBL (http://www.surbl ...
by thewomble
17 Jan 2017 20:23
Forum: Discussion
Topic: email disclaimer
Replies: 3
Views: 3889

email disclaimer

I have my existing mail gateway which I am looking to replace with EFA over the next few months so I am looking to try and get as much as possible the same.

The system adds disclaimers to email (as does EFA) but the disclaimer is dynamic, where the disclaimers uses variables such as date/time the ...
by thewomble
17 Jan 2017 19:46
Forum: Discussion
Topic: Upgrading to later version of EFA.
Replies: 1
Views: 2199

Upgrading to later version of EFA.

I recently installed by first EFA Vm.

I have noticed point release .8 is now out, think I was on 5 or 6 when I built it, now on 7. I have made some changes in the main.cf file, if I upgrade to .8 will any of the configuration files be replaced?
by thewomble
17 Jan 2017 19:44
Forum: Introduction
Topic: Hello EFA
Replies: 1
Views: 2900

Hello EFA

Hello,

While looking to building a email gateway to front my exchange I found first, Mailscanner then EFA. Very easy to build and setup. I am still playing with it and there seems to a lot that been built in over the years.

What is enabled by default, and what do you need to be tweaked for an ...
by thewomble
17 Jan 2017 12:59
Forum: Discussion
Topic: Not able to release items from quarantine
Replies: 3
Views: 3871

Re: Not able to release items from quarantine

webguyz I am having the same issue, what do I need to add 127.0.0.1 to?