efa-project.org

Not sure why, but my filter is trying to send out mail message like this:

Report Domain: e.online.att-mail.com Submitter: "mydomain".com Report-ID: e.online.att-mail.com-1573908807@"mydomain".com

Where "mydomain" is actually MY domain...

These look like they're probably DMARK / DKIM reports coming from "no-reply@mydomain.com" but I'm not sure where to got to turn that off....

I just deployed the v4 appliance Monday morning... and still tinkering to get things going smooth... so please forgive my ignorance here.

Well... I've had to give up on this for a while because as of last night, nothing it getting through it at all. MX Toolbox reports that it's fine... but nothing is getting through... and I have no idea why yet...

Hahaha...

Please ignore ALL of the above... have it all sorted out now.

Yeah... just bumbled around through the config... but sorted it out.... this new version has a lot of stuff goin on under the hood...

Hi,
I'm a newbie on efa-project but I really like it and it definitely seems to fit my needs.

@bikertrash: I have the same problem that you mentioned and would like to solve it.

Any hints where to do what?
Help is very much appreciated

Thx

@ManFarang, I'm currently on the Beta version but still haven't figured out why the outgoing mail queue is attempting to send dmarc reports out to other domains. I do know that my DNS records are configured to have other domains send reports back to me but not the other way around. So still a little confused as to what's going on. For me it's just a low priority.

I can tell you this though, I've been using the EFA Project vm for at least 8 years though and it's been doing a phenomenal job of protecting us from Spam, Phishing attacks, viruses and Trojans...

@bikertrash
thanks for your quick answer. I totally agree that efa project is absolutely great. I can say that even after using the VM only for two weeks now.

Maybe I (or you ) will find a way to solve the remaining problems with it. CMF...

best rgds

Interestingly enough, it still seems to be sending out reports to other domains... coming from "no-reply@<mydomain.com>" and no idea how to turn that off.

My SPF record IS set up to request that reports get sent back to ME (and they do), but I never set anything anywhere to have it send reports OUT to other domains... at least not that I am ware of.

It doesn't appear that a resolution/instructions have been posted in this thread. I am having this same thing occur. It appears to be DMARC reports triggered daily by a cron job.

Job: /etc/cron.daily/eFa-Daily-DMARC

Is there a way to toggle this job off?

I found another thread on this Board dealing with these "DMARC Aggregation Reports"

viewtopic.php?f=14&t=4092

No solution/toggle as of 12FEB2020 4pm PST.

However, as a band-aid until a solution is found, I inserted these extra couple of lines into the middle of /usr/sbin/eFa-Daily-DMARC
rm -f ${HISTDIR}/${HISTFILE}.dat
touch ${HISTDIR}/${HISTFILE}.dat

So the daily bash script just processes an empty file.

Another alternative is to block port 25 outbound on the firewall from the eFa source IP.

I may give that a whirl... fortunately they do all go out eventually. But as the poster of that thread you linked to, I was a little concerned about getting flagged as a Spammer as well but so far no issues with that... yet (at least not according to MX Toolbox).

As for blocking outbound SMTP... no... in my case the appliance filers both in and outbound mail... just in case an internal machine gets whacked and starts trying to spew out Spam before I can catch and stop it. Highly unlikely with all the internal protection I'm running but one never be to sure...

DMARC reporting is a good thing, and you won't be classified as a spammer for sending them, as most relays send them now. You aren't sending those reports without permission...

DMARC reports go out of the eFa when a domain has published a DMARC DNS record that explicitly asks for reports.

A domain that asks for DMARC reports typically wants to know a few things, such as:

Is my domain relaying mail correctly to you (are my SPF and DKIM records okay)?
Are there spammers out there that are using my domain to try to spoof me when emailing you?
What IP addresses are these spammers using?

Oh, by the way, option 16 in eFa-Configure disables this (duh, I forgot myself! )

Then in that case... NO... I will NOT disable it!!

My DMARC record is set that way for a reason as well, so I guess had BETTER be returning the favor.

Then why does it send out empty zipped reports?...
I don't like that type of reporting...
So it's going off for me.

Because if your system has a lot of reports, the message could get quite large. Why not compress it to save time and space?

Also, if you are uncomfortable with the zipped reports, extract one of the zip files and see what the contents are for yourself.

Remember, EFA can be use to scan outgoing mail as well.