efa-project.org

Hi, first of all thanks for the great job you're doing. eFa is simply AWESOME. Defaults consider 4 and above as "Spam", 7 and above as "High Spam". What I found difficult to find out is "lower scoring spam". Which value is it? Below 6? When "lower scoring spam&quo...

Also, I have a Python3 script that I'm using with the 'PyMySQL' and 'ldap3' modules which queries my Active Directory for users and group memberships, then queries the mailscanner database and updates each user with their Active Directory attributes. It then updates the user_filter to allow users to...

I forgot to mention the recipient restrictions: /etc/postfix/relay_recipient_maps.cf /etc/postfix/ldap_relay_recipient_maps.cf # # server_host = ldaps://<FQDN DC hostname> search_base = CN=Users,DC=<Your Domain>,DC=<Your Domain Suffix> version = 3 scope = sub bind_dn = CN=<Your AD Account>,CN=Users,...

I've been reading MailScanner and MailWatch documentation trying to get an answer to this. I'm unclear on whether or not messages that have been released or deleted from the quarantine should still show up in the quarantine listing. I don't know if I have a bad configuration or if this is expected b...

/facepalm

Do you think adding an EOL anchor to the regex would be sufficient?

I'm having some trouble getting .zip and .gz files through MailScanner. I'm seeing a number of 5.7.1 message content rejected messages in /var/log/maillog. I've updated the filename fules in MailScanner: /etc/MailScanner/archives.filename.rules.conf # These are known to be mostly harmless. allow \.j...

I highly recommend it. I'll admit that I get confused where the MTA configuration leaves off and the MailScanner configuration picks up sometimes ( took me a few hours to figure out how to allow compressed attachments through ), but the ability to customize the behavior that you need to to tailor th...

Okay. LDAPS. Not working for sasl auth yet, but I'll try that next. So, my assumption is that you've got a certificate for your AD DC already. In my case, I've got ADCS running PKI for my domain. I'll assume since you're using Windows that you've got the certificate in .DER format. What you'll want ...

Hello! I suppose I registered last month but just got around to logging in. I've added some content to the Active Directory integration HOWTO. ( I may have also posted a question in an inappropriate location -- sorry! )

Okay, I think I've got it. File is /var/www/html/mailscanner/functions.php , line 2610 #/var/www/html/mailscanner/functions.php $ldap_query_sAMAccountName_custom = "(&(objectClass=user)(objectCategory=person)(sAMAccountName=$user)(!(userAccountControl=514))(!(userAccountControl:1.2.840.1135...

It looks like the relevant file to modify is /var/www/html/mailscanner/functions.conf , starting at line 2610 #/var/www/html/mailscanner/functions.conf //search for $user in LDAP directory if (LDAP_EMAIL_FIELD === 'mail' && strpos($user, '@')) { $ldap_search_results = ldap_search($ds, LDAP_D...

We are in an interesting scenario in which we have external service that send e-mail notifications on our behalf - sometimes through our server. As such, I needed to require authentication for using our EFA as a relay. I added: #/etc/postfix/main.cf smtpd_sender_restrictions = permit_sasl_authentica...

Interesting. I just managed to register on the forums. I've been replacing our current appliance ( a Calyptix Security box ) with the EFA-Project and I've been very happy with it. There are a few things left to do. I had managed to get fail2ban working with postfix. I created two jails, postfix and ...