Search found 1553 matches

by pdwalker
18 Aug 2022 10:39
Forum: How-to
Topic: Whitelisted IP still rejected
Replies: 8
Views: 12655

Re: Whitelisted IP still rejected

<sender@fake-domain.com>: Sender address rejected: Access denied; from=<sender@fake-domain.com> to=<our-client@own-fake-domain.com> This is your problem. EFA/postfix is rejecting the message because it does not like the sender address for some reason. Can you check your /etc/postfix/main.cf smtpd_s...
by pdwalker
18 Aug 2022 09:52
Forum: How-to
Topic: Limit login to localhost
Replies: 21
Views: 32110

Re: Limit login to localhost

postfix doesn't do sasl authentication. Instead, it hands it off to another program: http://www.postfix.org/SASL_README.html#server_sasl_enable If you look in your /etc/postfix/master.cf, you will see that the submission process has the following parameters (or it does on mine): submission inet n - ...
by pdwalker
17 Aug 2022 12:26
Forum: How-to
Topic: Limit login to localhost
Replies: 21
Views: 32110

Re: Limit login to localhost

What changes did you make to your postfix-sasl jail configuration? I was looking through the configuration and I noticed that there is a way to integrated it with blocklist.de, a fail2ban reporting site. The idea is, if multiple people are reporting the same ips, then everyone can get the benefit of...
by pdwalker
17 Aug 2022 08:33
Forum: How-to
Topic: Limit login to localhost
Replies: 21
Views: 32110

Re: Limit login to localhost

my server only allows the three smtp ports open

the authentication attempts are happening over smtp.

dovecot is just acting as the authenticator.
by pdwalker
17 Aug 2022 06:39
Forum: How-to
Topic: Limit login to localhost
Replies: 21
Views: 32110

Re: Limit login to localhost

Ask yourself where are the login attempts coming from and what program are they trying to connect to? Answer: dovecot. dovecot is the imap and pop server process that manages mailboxes for external users. It also provides user authentication for smtp connections. So have a look at your /var/log/mess...
by pdwalker
16 Aug 2022 06:58
Forum: 4.x Bugs
Topic: Emails that are retained for containing .dat files
Replies: 11
Views: 20941

Re: Emails that are retained for containing .dat files

Without the original message to examine, I don't have a solution other than to disable the "No executables" rule inside of MailScanner in the filetype rules configuration files.
by pdwalker
12 Aug 2022 06:55
Forum: 4.x Bugs
Topic: Emails that are retained for containing .dat files
Replies: 11
Views: 20941

Re: Emails that are retained for containing .dat files

Oh, hey, look! I found this in the EFA slack channel Ben 2:58 PM Hey, is there any to fix the MailScanner: No programs allowed (220000.dat) and allow .dat files? Shawn Iverson 6:53 PM In /etc/MailScanner/MailScanner.conf: Archives: Ignore DAT File Executable = yes What are your settings? This is my ...
by pdwalker
12 Aug 2022 06:43
Forum: 4.x Bugs
Topic: Emails that are retained for containing .dat files
Replies: 11
Views: 20941

Re: Emails that are retained for containing .dat files

Ok, so that is weird. I cannot reproduce the problem. Is it possible for you to forward me an email as an attachment that is triggered by your efa system? I would like to inspect the email in question to see if I can work out why it is trigguring the "No executables" rule. Maybe there is a...
by pdwalker
12 Aug 2022 06:15
Forum: How-to
Topic: How to "source" a .conf file
Replies: 3
Views: 948

Re: How to "source" a .conf file

You're welcome. It's actually a question I had for myself, but I was previously too lazy to get off my ass and work it out.
by pdwalker
12 Aug 2022 06:13
Forum: How-to
Topic: How to Configure DKIM | Multiple Domains
Replies: 13
Views: 7544

Re: How to Configure DKIM | Multiple Domains

If all goes well and they do implement it, I will aks if we can mentione their name as users. I belive this would be great advertising. Paraticularly because they have centralised relays for all their email globally. Banks are touchy about exposing information. Don't worry about it too much. On the...
by pdwalker
12 Aug 2022 06:10
Forum: How-to
Topic: How to Configure DKIM | Multiple Domains
Replies: 13
Views: 7544

Re: How to Configure DKIM | Multiple Domains

a compromised dkim key are not the end of the world because it is only 1 part of the entire verification/authentication process. There is still the SPF record, the dmarc settings for verifying whether the message is legitimate or not. Just the same, change the keys occassionally. Office365 creates t...
by pdwalker
11 Aug 2022 11:21
Forum: How-to
Topic: How to Configure DKIM | Multiple Domains
Replies: 13
Views: 7544

Re: How to Configure DKIM | Multiple Domains

My first reaction would be to say "create a separate dkim record for each signing mta". Each dns txt record would need to be unique to each mta. e.g. efa1: KeyTable mta1._domainkey.example.com... efa2: KeyTable nta2._domainkey.example.com... However if both machines are serving mail for al...
by pdwalker
09 Aug 2022 09:35
Forum: 4.x Bugs
Topic: eFa not block infected files detected by ESET
Replies: 4
Views: 1740

Re: eFa not block infected files detected by ESET

I'm also testing with the EICAR test virus (https://www.eicar.org/download-anti-malware-testfile/) and that gets blocked properly. [edit: ignore the following. MS_FOUND_SPAMVIRUS is one of my own custom rules.] Comparing the two messages, I am seeing the following the spamassassin MS_FOUND_SPAMVIRUS...
by pdwalker
09 Aug 2022 09:09
Forum: 4.x Bugs
Topic: eFa not block infected files detected by ESET
Replies: 4
Views: 1740

Re: eFa not block infected files detected by ESET

Similarly, from this thread https://forum.efa-project.org/viewtopic.php?p=19107#p19107 clamav is passing on a file it thinks is a virus: Aug 9 16:43:19 efa4 MailScanner[25395]: New Batch: Scanning 1 messages, 76484 bytes Aug 9 16:43:19 efa4 MailScanner[25395]: Virus and Content Scanning: Starting Au...
by pdwalker
09 Aug 2022 08:48
Forum: Discussion
Topic: Deliver infected .xls file
Replies: 7
Views: 2202

Re: Deliver infected .xls file

I got it.

clamav definitely detects is, and then it gets delivered.

investigating.
by pdwalker
09 Aug 2022 07:55
Forum: How-to
Topic: How to Configure DKIM | Multiple Domains
Replies: 13
Views: 7544

Re: How to Configure DKIM | Multiple Domains

for "ReportAddress" in /etc/opendkim.conf, only use 1 email address. your /etc/opendkim/KeyTable is correct. your /etc/opendkim/SigningTable is correct. your /etc/opendkim/TrustedHosts looks correct. My own multidomain configuration matches yours and it works for me. Did you test your dkim...
by pdwalker
09 Aug 2022 07:44
Forum: Discussion
Topic: General Question with Whitelist
Replies: 8
Views: 3065

Re: General Question with Whitelist

ok, the white list is SQL Grey in operation and it is working as designed. SQL Grey is a way of blocking spam from "fake" mailservers. If a message from a new sender is rejected with the temporary error, most of the fake sending mail servers will not resend and that spam will be never ente...
by pdwalker
09 Aug 2022 07:38
Forum: How-to
Topic: MailScanner mailto: false positives
Replies: 3
Views: 1605

Re: MailScanner mailto: false positives

Hi, I am getting false positives with bad URL for mailto: address links. An example: MailScanner has detected a possible fraud attempt from "domain.com" claiming to be mailto:user@domain.com The following was added to /etc/MailScanner/phishing.safe.sites.conf: mailto:* *.domain.com This d...
by pdwalker
09 Aug 2022 07:19
Forum: How-to
Topic: How to "source" a .conf file
Replies: 3
Views: 948

Re: How to "source" a .conf file

Does anyone know if there is an easy way to "source" a mailscanner .conf file from another? Like for example, if I wanted to include some special rules for a certain group of e-mails/domains - I could just import the changes to the main ruleset. That's called "include" and I don...
by pdwalker
09 Aug 2022 06:54
Forum: 4.x Bugs
Topic: Emails that are retained for containing .dat files
Replies: 11
Views: 20941

Re: Emails that are retained for containing .dat files

log into your efa box and run the following command from the shell and post the results here.

Code: Select all

grep -r "No programs allowed" /etc/MailScanner/
by pdwalker
09 Aug 2022 06:46
Forum: Discussion
Topic: Deliver infected .xls file
Replies: 7
Views: 2202

Re: Deliver infected .xls file

Sorry, I've been away.

No, I did not receive it.
by pdwalker
09 Aug 2022 06:44
Forum: Feature Requests
Topic: Remove Whitelist Scoring
Replies: 3
Views: 3737

Re: Remove Whitelist Scoring

Code: Select all

[root@efa4 ~]# locate local.cf
/etc/mail/spamassassin/local.cf
by pdwalker
28 Jun 2022 20:29
Forum: Discussion
Topic: Deliver infected .xls file
Replies: 7
Views: 2202

Re: Deliver infected .xls file

I've emailed you privately with an address you can send them to.
by pdwalker
28 Jun 2022 06:24
Forum: Discussion
Topic: General Question with Whitelist
Replies: 8
Views: 3065

Re: General Question with Whitelist

ok, I think I know what the issue really is, but I am seeking confirmation.

Short tentative answer: everything is probably working as designed.