efa-project.org

I also remember seeing that info but couldn't find it with newer EFA versions. I applied your solution but still can't find it. Where exactly should I be looking? I thought I remembered last seeing this info when opening an email in EFA, somewhere above the SA score but its still not ehre even thoug...

just wanted to add that I often see: that usually happens when the email didn't have anything new to add to Bayes apparently?

I'm not sure if I did something wrong but I think that when you setup MailScanner to use "personalized" SA scores emails for users which are not yet created in EFA will be simply passed through without any checking. Not 100% if this ist still the case but I remember I had this issue once w...

MailScanner already supports plenty of mail scanners, see /etc/MailScanner/MailScanner.conf adding Comodo would be nice but just the plain scanner, I mean EFA is an email gateway so adding the comodo email gateway (like neodg suggested) seems like quite some overhead. If I understand this right the ...

for what its worth I checked these and I get these exact same md5 hashes on both machines for this folder (haven't checked the others as this one contains the securite DBs) md5sum /var/lib/clamav-unofficial-sigs/dbs-si/* 8a278699859e4e9149444fe98fbebbd6 /var/lib/clamav-unofficial-sigs/dbs-si/javascr...

I have 2 EFAs. EFA A caught an email with: SecuriteInfo.com.Ransomware I was curios and did this on EFA A: sigtool --find-sigs SecuriteInfo.com.Ransomware results in a long string of similar lines: [javascript.ndb] SecuriteInfo.com.Ransomware:3:*:687474703a2f2f7a7077616e672e6e6574 and checking the e...

The only reasons I can of off the top of my head to proxy smtp traffic via nginx is: a) to take advantage of the ssl encryption support of nginx possibly for SSL/TLS connections b) to reroute mail to other servers based on <criteria> (which I can already do in efa) c) to provide an additional layer...

OK, I might not have been very precise with my question so lets clarify a little: - I also don't allow external access to EFA's web interface only port 25 - When I mentioned nginx I meant that you can reverse proxy the port 25 mail traffic too. (AFAIK the method differs a little from reverse proxyin...

Currently, I have 2 systems in my DMZ: a reverse proxy to allow access to certain internal services and EFA. I'm feeling slightly uncomfortable having EFA accessible in my DMZ as it does store emails for up to 30 days as configured so I do have sensible data in my DMZ. If I stop EFA from archiving a...

apparently EFA uses the yum package clamav-unofficial-sigs which is currently at Version: v5.4.1 (20 July 2016) while https://github.com/extremeshok/clamav-unofficial-sigs is at Version 5.6.2 (updated 2017-03-19) so my question is if it would not be better to include the second version in EFA direct...

thanks for checking, must have broken a few updates ago.
I often run that report to check stats and find out which rules I need to tweak

going to EFA web interface => Search and reports => SpamAssassin Rule Hits all I see are rules which hit SPAM, not a single rule seems to have hit any HAM? Going back to Search & Reports I double checked that I do not have any active filters set. This EFA has been updated step by step from 3.0.1...

Not sure, I thought not but I might be wrong. I understood that whatever.tld1 would not trigger when the link actually is wahtver.tld2 Here are the respective definitions if someone wants to weigh in: https://www.mailscanner.info/MailScanner.conf.index.html#Find Phishing Fraud https://www.mailscanne...

I have "Use stricter phishing net" disabled and yet Mailscanner keeps complaining about this supposed phishing attempt: MailScanner has detected a possible fraud attempt from "www.telekom.de" claiming to be www.telekom.com/geschäftskunden does that make sense? I thought this was ...

Look at /etc/sqlgrey/clients_ip_whitelist for examples then edit your own /etc/sqlgrey/clients_ip_whitelist.local

Thanks pdwalker, I'm not going to put energy into fixing this, I'm about to go on holiday and I have had like 5-10 viruses a month max so I don't really need this report. I guess I'll give it another try once I'm back but thanks for confirming yours worked fine after the update.

I just upgraded to EFA 3.0.2.3 and neither nicola's version nor pdwalker's are working anymore. pdwalker's shows: no rows were fetched or similar and nicola's version simply shows the headers but no results. also I noticed that none of the other virus reports which were baked in show anything anymor...

Saw this in my logs: May 19 12:06:57 efa MailScanner[29760]: Expanding TNEF archive at /var/spool/MailScanner/incoming/29760/8B26610005E.AC361/winmail.dat May 19 12:06:57 efa MailScanner[29760]: Clamd::ERROR:: image001.png/Access denied. ERROR :: ./8B26610005E.AC361/tnef4n4EdZ May 19 12:06:57 efa Ma...

Ah, I think I get it. Let me see if I got this right: a number (currently 2) of your email servers forward their emails to 1 EFA and you want this 1 EFA to send them out through different IPs based on the originating email server? as far as I know, EFA does not have this feature. You can do some pos...

Easy to check. Inside /etc/clamav-unofficial-sigs/master.conf I see: # Yara Rules Project Database(s) # ======================== # Add or remove database file names between quote marks as needed. To # disable any Yara Rule database downloads, remove the appropriate # lines below. yararulesproject_db...

after reading this thread I checked and I see there are new YARA rules not integrated by this script. Please share the list of those you have added.

I'm pretty confused by this but I think that you do that when you setup the transport in EFA?
When setting up a new domain for EFA to accept you can decide where its emails are forwarded to.
Why don't you just set it up there? Or did I misread your request?

Thanks for all the feedback, there is some really interesting and relevant info in here. In the end we have decided to go with a backup solution by provider of our main connection. Out main line is fiber optics, the backup will be DSL via a guaranteed disjunct line to our building. We'll have one se...

I found an email via EFA GUI with invalid DKIM and will PM you the excerpt from the log file in case it helps.

Run As User = postfix
Run As Group = postfix