efa-project.org

skoppes was able to send me one, and it passed through cleanly. virustotal.com now mostly recongnizes this file, so when the clamav updates get pushed out, this one should be stopped. SHA256: 9efc192fae6979799481f42cf411d8c32f1b8e3ad91e2bd3ae72e3506402c5d5 File name: ss_pennantcapital.com_68574.doc ...

Hi Charles,

I think I'd need to see the full headers of one of those messages (click on the #) to get a better idea of why.

I just snapshotted the vm, and ran the upgrade from 3.0.1.1 to 3.0.1.4. so far, there appears to be no problems and everything is running fine after the reboot. :clap: edit: oh, and my mailwatch fixes are in. happy day! edit2: almost all. the spamassassin rule hits report is still broken and needs p...

skoppes wrote:I sent an email request through the site to you pdwalker, and a copy of the file directly to you ovizii.

These are nasty little buggers!

Hi Skoppes,

I'm going to pm you another email account to send to. The one registered with the site goes to google and not to my efa installation.

As long as you are relying on <major isp's> dns servers, you'll be stuck with this problem. You might as well turn off the dns rbl lookups.

The solution is to run your own caching dns server that queries the rbl's directly.

*bump* Useful information. I have a few external domains that are picky about who they accept mail from. In their case, I cannot get them to accept our mail directly. However, we do use messagelabs to filter out the viruses from our incoming mail and they also act as an external smart host if we wis...

A jar file is another kind of zip file.

As Shawn says, increase the archive scanning depth.

Can you show us the spam report?

Also, is the attachment a doc file, or a doc.js file? Would you be willing to attempt to send it to me?

I have some additional checks in place to help catch these kinds of things. I'd be curious to see if my checks would trap it.

Easy to set up and highly recommended!

better yet, tell me what instructions you used for integrating postfix and mysql and I'll figure it out for you.

Javier, Given that EFA doesn't support his directly, you could easily have a script that would take the EFA domain list and convert it into a series of SQL insert/update statements. Can you tell me the database scheme used (show create table XXX) for your mysql table? It shouldn't take more than a f...

My first guess would have been that you didn't restart the MailScanner process after disabling greylisting.

As for the delay, were the emails getting delayed coming from outlook.com, or another large provider like that?

Hi Rickster, I'm using 2007 and all I did was point the EFA to the ip address of my exchange server. I didn't have to configure anything under exchange for incoming mail, other than the normal configuration for having exchange server accept mail in the first place. What problem are you having exactly?

Found the answer. Invoke spamassassin from the command line against one of the messages in the message queues:

Code: Select all

spamassassin -D -t < /var/spool/MailScanner/quarantine/[date]/spam/[messageid] 2>&1 | vim -

This might only be a problem with my installation. I'm putting the information here in case anyone else has the same problem. While running the following command spamassassin -D --lint 2&>1 | grep failed I came across the following error dbg: diag: [...] module not installed: Net::DNS::Nameserve...

ovizil, if you check the code, nicola left in a comment on how to match class C addresses. There are two places you'd need to change if you want to change it yourself. Everyone, Does anyone have any experience with debugging spamassassin modules? I'd like to debug a spamassassin module, but I have n...

Thanks. I've still not mastered the use of github.

One thing, I've looked at your changed and it appears you've left out the two lines required to display the results in the html table.

Look for two single line additions at the bottom of the diff.

make a backup copy of your rep_sa_rule_hits.php file and apply the following changes: [user@efa mailscanner]# diff -c rep_sa_rule_hits.php rep_sa_rule_hits-new.php *** rep_sa_rule_hits.php 2016-08-19 19:53:59.204962437 +0800 --- rep_sa_rule_hits-new.php 2016-08-19 20:15:39.413789144 +0800 **********...

Hi Shawn, I had a look. mailscanner/rep_sa_rule_hits.php throws the scores away (see lines 85-87 in particular): 76 // Split the array, and get rid of the score and required values 77 if (isset($sa_rules[0])) { 78 $sa_rules = explode(", ", $sa_rules[0]); 79 } else { 80 $sa_rules = array();...

Fair enough. That's a valid reason to disable greylisting.

Nicola,

You should make one definitive post for the RRWL feature. You have posts everywhere and newcomers might find it confusing.

Include the latest code and features (like using the batch learn script above)

I wouldn't. The problem is only temporary. After a time, the ip addresses will all be in the greylist and there will be no future problem. greylisting, for me, reduces a lot of the spam I might otherwise receive. it's worth the hassle. You can also keep an eye on the incoming pending greylists and w...

edit: /etc/httpd/conf.d/ssl.conf
search for: 443
change to: 555
run the following comand: apachectl configtest
look for: "Syntax OK"
restart apache: apache2ctl restart

You can see my changes near the top of this thread. I've had fewer false positives since then.

This is a problem that can happen with other hypervisors, and the solution is the same.

efa-project.org

Search found 1553 matches

Re: Infected files slipping through

Re: Bug after update 3.0.1.1 --> 3.0.1.4

Re: How to safely update EFA?

Re: Infected files slipping through

Re: Strange URI Blocked

Re: non standard smtp port and multiple domains

Re: jar files in zip

Re: Infected files slipping through

Re: 2 powerful plugins

Re: How to Integrate Transport Settings (Mail Domain) to MySQL

Re: How to Integrate Transport Settings (Mail Domain) to MySQL

Re: Receiving Mail Delay & Not Receiving From Exchange

Re: Need QuickStart Guide for EFA

Re: "mxpf" [plugin]

CentosBFS: spamassassin: "module not installed: Net::DNS::Nameserver ('require' failed)"

Re: "mxpf" [plugin]

Re: Can the "SpamAssassin Rule Hits" report include the score of a rule?

Re: Can the "SpamAssassin Rule Hits" report include the score of a rule?

Re: Can the "SpamAssassin Rule Hits" report include the score of a rule?

Re: [HELP] Email delays

Re: Batch Learn

Re: [HELP] Email delays

Re: getting error Forbidden. Not a mobile device

Re: ImageCerberusPLG5 high score, no?

Re: Hyper-v failover, eth0 is now missing