Search found 463 matches
- 09 Aug 2017 07:01
- Forum: 3.x Bugs
- Topic: Message tracking
- Replies: 7
- Views: 5566
Re: Message tracking
I also remember seeing that info but couldn't find it with newer EFA versions. I applied your solution but still can't find it. Where exactly should I be looking? I thought I remembered last seeing this info when opening an email in EFA, somewhere above the SA score but its still not ehre even thoug...
- 08 Aug 2017 10:32
- Forum: 3.x Bugs
- Topic: Spam mails getting through
- Replies: 16
- Views: 10997
Re: Spam mails getting through
just wanted to add that I often see:
that usually happens when the email didn't have anything new to add to Bayes apparently?
Code: Select all
Learned tokens from 0 message(s) (1 message(s) examined)
- 08 Aug 2017 10:28
- Forum: Discussion
- Topic: quick question about incoming email for users not yet created
- Replies: 11
- Views: 7022
Re: quick question about incoming email for users not yet created
I'm not sure if I did something wrong but I think that when you setup MailScanner to use "personalized" SA scores emails for users which are not yet created in EFA will be simply passed through without any checking. Not 100% if this ist still the case but I remember I had this issue once w...
- 08 Aug 2017 10:24
- Forum: Feature Requests
- Topic: A new Antivirus
- Replies: 8
- Views: 12822
Re: A new Antivirus
MailScanner already supports plenty of mail scanners, see /etc/MailScanner/MailScanner.conf adding Comodo would be nice but just the plain scanner, I mean EFA is an email gateway so adding the comodo email gateway (like neodg suggested) seems like quite some overhead. If I understand this right the ...
- 27 Jul 2017 13:01
- Forum: Discussion
- Topic: clamav-unofficial signatures related question
- Replies: 2
- Views: 2957
Re: clamav-unofficial signatures related question
for what its worth I checked these and I get these exact same md5 hashes on both machines for this folder (haven't checked the others as this one contains the securite DBs) md5sum /var/lib/clamav-unofficial-sigs/dbs-si/* 8a278699859e4e9149444fe98fbebbd6 /var/lib/clamav-unofficial-sigs/dbs-si/javascr...
- 27 Jul 2017 10:16
- Forum: Discussion
- Topic: clamav-unofficial signatures related question
- Replies: 2
- Views: 2957
clamav-unofficial signatures related question
I have 2 EFAs. EFA A caught an email with: SecuriteInfo.com.Ransomware I was curios and did this on EFA A: sigtool --find-sigs SecuriteInfo.com.Ransomware results in a long string of similar lines: [javascript.ndb] SecuriteInfo.com.Ransomware:3:*:687474703a2f2f7a7077616e672e6e6574 and checking the e...
- 27 Jul 2017 06:26
- Forum: Discussion
- Topic: If using EFA in your business, where do you place it?
- Replies: 4
- Views: 3612
Re: If using EFA in your business, where do you place it?
The only reasons I can of off the top of my head to proxy smtp traffic via nginx is: a) to take advantage of the ssl encryption support of nginx possibly for SSL/TLS connections b) to reroute mail to other servers based on <criteria> (which I can already do in efa) c) to provide an additional layer...
- 26 Jul 2017 15:01
- Forum: Discussion
- Topic: If using EFA in your business, where do you place it?
- Replies: 4
- Views: 3612
Re: If using EFA in your business, where do you place it?
OK, I might not have been very precise with my question so lets clarify a little: - I also don't allow external access to EFA's web interface only port 25 - When I mentioned nginx I meant that you can reverse proxy the port 25 mail traffic too. (AFAIK the method differs a little from reverse proxyin...
- 26 Jul 2017 13:24
- Forum: Discussion
- Topic: If using EFA in your business, where do you place it?
- Replies: 4
- Views: 3612
If using EFA in your business, where do you place it?
Currently, I have 2 systems in my DMZ: a reverse proxy to allow access to certain internal services and EFA. I'm feeling slightly uncomfortable having EFA accessible in my DMZ as it does store emails for up to 30 days as configured so I do have sensible data in my DMZ. If I stop EFA from archiving a...
- 28 Jun 2017 13:30
- Forum: Feature Requests
- Topic: extremeShok UnOfficial SIGS
- Replies: 7
- Views: 6013
Re: extremeShok UnOfficial SIGS
apparently EFA uses the yum package clamav-unofficial-sigs which is currently at Version: v5.4.1 (20 July 2016) while https://github.com/extremeshok/clamav-unofficial-sigs is at Version 5.6.2 (updated 2017-03-19) so my question is if it would not be better to include the second version in EFA direct...
- 21 Jun 2017 06:11
- Forum: Discussion
- Topic: My SpamAssassin Rule Hits report is messed up
- Replies: 7
- Views: 5108
Re: My SpamAssassin Rule Hits report is messed up
thanks for checking, must have broken a few updates ago.
I often run that report to check stats and find out which rules I need to tweak
I often run that report to check stats and find out which rules I need to tweak
- 20 Jun 2017 10:54
- Forum: Discussion
- Topic: My SpamAssassin Rule Hits report is messed up
- Replies: 7
- Views: 5108
My SpamAssassin Rule Hits report is messed up
going to EFA web interface => Search and reports => SpamAssassin Rule Hits all I see are rules which hit SPAM, not a single rule seems to have hit any HAM? Going back to Search & Reports I double checked that I do not have any active filters set. This EFA has been updated step by step from 3.0.1...
- 13 Jun 2017 06:00
- Forum: Discussion
- Topic: Question about phishing and mailscanner
- Replies: 2
- Views: 3387
Re: Question about phishing and mailscanner
Not sure, I thought not but I might be wrong. I understood that whatever.tld1 would not trigger when the link actually is wahtver.tld2 Here are the respective definitions if someone wants to weigh in: https://www.mailscanner.info/MailScanner.conf.index.html#Find Phishing Fraud https://www.mailscanne...
- 12 Jun 2017 14:32
- Forum: Discussion
- Topic: Question about phishing and mailscanner
- Replies: 2
- Views: 3387
Question about phishing and mailscanner
I have "Use stricter phishing net" disabled and yet Mailscanner keeps complaining about this supposed phishing attempt: MailScanner has detected a possible fraud attempt from "www.telekom.de" claiming to be www.telekom.com/geschäftskunden does that make sense? I thought this was ...
- 01 Jun 2017 07:35
- Forum: Discussion
- Topic: Whitelist networks from greylist
- Replies: 1
- Views: 2080
Re: Whitelist networks from greylist
Look at /etc/sqlgrey/clients_ip_whitelist for examples then edit your own /etc/sqlgrey/clients_ip_whitelist.local
- 23 May 2017 08:11
- Forum: How-to
- Topic: Installation F-Prot Free Antivirus to scan attachements
- Replies: 38
- Views: 864014
Re: Installation F-Prot Free Antivirus to scan attachements
Thanks pdwalker, I'm not going to put energy into fixing this, I'm about to go on holiday and I have had like 5-10 viruses a month max so I don't really need this report. I guess I'll give it another try once I'm back but thanks for confirming yours worked fine after the update.
- 21 May 2017 06:48
- Forum: How-to
- Topic: Installation F-Prot Free Antivirus to scan attachements
- Replies: 38
- Views: 864014
Re: Installation F-Prot Free Antivirus to scan attachements
I just upgraded to EFA 3.0.2.3 and neither nicola's version nor pdwalker's are working anymore. pdwalker's shows: no rows were fetched or similar and nicola's version simply shows the headers but no results. also I noticed that none of the other virus reports which were baked in show anything anymor...
- 19 May 2017 14:16
- Forum: 3.x Bugs
- Topic: Access denied to clamd after expanding TNEF archive
- Replies: 0
- Views: 1883
Access denied to clamd after expanding TNEF archive
Saw this in my logs: May 19 12:06:57 efa MailScanner[29760]: Expanding TNEF archive at /var/spool/MailScanner/incoming/29760/8B26610005E.AC361/winmail.dat May 19 12:06:57 efa MailScanner[29760]: Clamd::ERROR:: image001.png/Access denied. ERROR :: ./8B26610005E.AC361/tnef4n4EdZ May 19 12:06:57 efa Ma...
- 17 May 2017 20:19
- Forum: How-to
- Topic: Setting up different smarthosts for outbound mail relays
- Replies: 9
- Views: 7311
Re: Setting up different smarthosts for outbound mail relays
Ah, I think I get it. Let me see if I got this right: a number (currently 2) of your email servers forward their emails to 1 EFA and you want this 1 EFA to send them out through different IPs based on the originating email server? as far as I know, EFA does not have this feature. You can do some pos...
Re: YARA
Easy to check. Inside /etc/clamav-unofficial-sigs/master.conf I see: # Yara Rules Project Database(s) # ======================== # Add or remove database file names between quote marks as needed. To # disable any Yara Rule database downloads, remove the appropriate # lines below. yararulesproject_db...
Re: YARA
after reading this thread I checked and I see there are new YARA rules not integrated by this script. Please share the list of those you have added.
- 17 May 2017 10:32
- Forum: How-to
- Topic: Setting up different smarthosts for outbound mail relays
- Replies: 9
- Views: 7311
Re: Setting up different smarthosts for outbound mail relays
I'm pretty confused by this but I think that you do that when you setup the transport in EFA?
When setting up a new domain for EFA to accept you can decide where its emails are forwarded to.
Why don't you just set it up there? Or did I misread your request?
When setting up a new domain for EFA to accept you can decide where its emails are forwarded to.
Why don't you just set it up there? Or did I misread your request?
- 17 May 2017 07:37
- Forum: How-to
- Topic: How to setup a some sort of backup for an email server?
- Replies: 6
- Views: 4554
Re: How to setup a some sort of backup for an email server?
Thanks for all the feedback, there is some really interesting and relevant info in here. In the end we have decided to go with a backup solution by provider of our main connection. Out main line is fiber optics, the backup will be DSL via a guaranteed disjunct line to our building. We'll have one se...
- 16 May 2017 10:55
- Forum: Discussion
- Topic: How come I get different Sa scores from EFA GUI vs SA command line?
- Replies: 8
- Views: 5346
Re: How come I get different Sa scores from EFA GUI vs SA command line?
I found an email via EFA GUI with invalid DKIM and will PM you the excerpt from the log file in case it helps.
- 16 May 2017 09:26
- Forum: Discussion
- Topic: How come I get different Sa scores from EFA GUI vs SA command line?
- Replies: 8
- Views: 5346
Re: How come I get different Sa scores from EFA GUI vs SA command line?
Run As User = postfix
Run As Group = postfix
Run As Group = postfix