eFa v4 Story

Important news
Locked
User avatar
shawniverson
Posts: 2610
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

eFa v4 Story

Post by shawniverson » 19 Aug 2018 22:45

Although it may seem very quiet over here at eFa, I have been very busy on something very important for v4.

MailScanner

In order to ensure a long term viability for eFa, MailScanner, the core piece of software that is integrated into eFa, must be maintained.

Without MailScanner, nothing else really matters. If it doesn't stay maintained, you can kiss eFa goodbye. So, I have jumped into the swimming pool, again :D

There is an age old battle between MailScanner and Postfix that has been waging on for centuries (ok, I'm exaggerating, its a decade old...)

A little history...

tl;dr

MailScanner was created during a time in the early 2000's when spam started inundating the Internet.

A man, named Julian Field, created MailScanner to address this problem. He created MailScanner, what I consider the original mail filter.

MailScanner worked great and many organizations adopted it, but eventually, postfix learned about how MailScanner was interacting with postfix and based on what I know, Julien and Wietse had a debate about whether MailScanner was a supported solution for postfix. (Wietse Venema https://en.wikipedia.org/wiki/Wietse_Venema). Wietse would not budge, and Julian was shocked since interacting any other way at the time would have severely impacted the performance of MailScanner.

Julian stopped maintaining MailScanner after about 2009. Many organizations moved away from MailScanner...

Around that time ESVA was alive and well, created by a guy called Andy Mac. This was a decent implementation of MailScanner and the old MailWatch that saved my bacon back in the day.

Unfortunately, ESVA died, and global-domination.org went dark.

ESVA had some serious problems, and many folks moved on. ESVA even appeared in a CVE for its lack of security, specifically in handling of cgi-bin.

Things were really uncertain for a while, then darky83 and I met on the Internet. We both loved ESVA and he had been working on an early replacement. I decided to jump in and help.

Sometime around then, a gentleman by the handle of jcbenton picked up MailScanner and gratuitously updated it to v5.

Also, around the same time, another gentleman by the handle of endelwar picked up MailWatch.

So, the planets aligned, and eFa 3 was born!

Things were looking great and updates were happening (and hiccups along the way, but the community was very supportive)...

Then a notification came in from a https://security-assessment.com/ that eFa was vulnerable. Specifically the MailWatch software had some holes.

We were given about 60 days to rectify the issue before it was made public.

I pinged endelwar and frantically started working on a fix. This could of been the end of eFa and MailWatch.

This is the commit that saved both eFa and MailWatch, with over 1,000 lines of code changes:

https://github.com/mailwatch/MailWatch/ ... df8206056d

I think this is also where I earned my php badge :ugeek:

So Mailwatch and eFa were saved and I still didn't have a princess, but oh well....back to work

There's still a problem. MailScanner is not postfix compliant and unsupported.

Which brings us to the present, and I am happy to announce the MailScanner Milter, a postfix compatible interface for MailScanner!

https://github.com/shawniverson/v5/comm ... 18msmilter

Currently in testing, it will be included with eFa v4.

This is where I earn my perl badge :ugeek:

About Me:

I am now a proud supporter and developer of:

eFa
MailScanner
MailWatch
Version 3.0.2.6 released! Update now to keep your eFa secure!

Locked