Outbound reports to other domains?

Bugs in eFa 4
Post Reply
User avatar
bikertrash
Posts: 49
Joined: 03 Feb 2016 12:53
Location: San Diego, CA
Contact:

Outbound reports to other domains?

Post by bikertrash »

Not sure why, but my filter is trying to send out mail message like this:

Report Domain: e.online.att-mail.com Submitter: "mydomain".com Report-ID: e.online.att-mail.com-1573908807@"mydomain".com

Where "mydomain" is actually MY domain...

These look like they're probably DMARK / DKIM reports coming from "no-reply@mydomain.com" but I'm not sure where to got to turn that off....

I just deployed the v4 appliance Monday morning... and still tinkering to get things going smooth... so please forgive my ignorance here. :)
"If it ain't broke, it needs a lot more fix'n."
User avatar
bikertrash
Posts: 49
Joined: 03 Feb 2016 12:53
Location: San Diego, CA
Contact:

Re: Outbound reports to other domains?

Post by bikertrash »

Well... I've had to give up on this for a while because as of last night, nothing it getting through it at all. MX Toolbox reports that it's fine... but nothing is getting through... and I have no idea why yet...
"If it ain't broke, it needs a lot more fix'n."
User avatar
bikertrash
Posts: 49
Joined: 03 Feb 2016 12:53
Location: San Diego, CA
Contact:

Re: Outbound reports to other domains?

Post by bikertrash »

Hahaha...

Please ignore ALL of the above... have it all sorted out now.
:D
"If it ain't broke, it needs a lot more fix'n."
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Outbound reports to other domains?

Post by shawniverson »

:whistle:
User avatar
bikertrash
Posts: 49
Joined: 03 Feb 2016 12:53
Location: San Diego, CA
Contact:

Re: Outbound reports to other domains?

Post by bikertrash »

:lol:

Yeah... just bumbled around through the config... but sorted it out.... this new version has a lot of stuff goin on under the hood... :D
"If it ain't broke, it needs a lot more fix'n."
ManFarang
Posts: 16
Joined: 06 Jan 2020 10:22

Re: Outbound reports to other domains?

Post by ManFarang »

Hi,
I'm a newbie on efa-project but I really like it and it definitely seems to fit my needs.

@bikertrash: I have the same problem that you mentioned and would like to solve it.

Any hints where to do what?
Help is very much appreciated :-)

Thx
User avatar
bikertrash
Posts: 49
Joined: 03 Feb 2016 12:53
Location: San Diego, CA
Contact:

Re: Outbound reports to other domains?

Post by bikertrash »

@ManFarang, I'm currently on the Beta version but still haven't figured out why the outgoing mail queue is attempting to send dmarc reports out to other domains. I do know that my DNS records are configured to have other domains send reports back to me but not the other way around. So still a little confused as to what's going on. For me it's just a low priority.

I can tell you this though, I've been using the EFA Project vm for at least 8 years though and it's been doing a phenomenal job of protecting us from Spam, Phishing attacks, viruses and Trojans...
"If it ain't broke, it needs a lot more fix'n."
ManFarang
Posts: 16
Joined: 06 Jan 2020 10:22

Re: Outbound reports to other domains?

Post by ManFarang »

@bikertrash
thanks for your quick answer. I totally agree that efa project is absolutely great. I can say that even after using the VM only for two weeks now.

Maybe I (or you ;-)) will find a way to solve the remaining problems with it. CMF...

best rgds
User avatar
bikertrash
Posts: 49
Joined: 03 Feb 2016 12:53
Location: San Diego, CA
Contact:

Re: Outbound reports to other domains?

Post by bikertrash »

Interestingly enough, it still seems to be sending out reports to other domains... coming from "no-reply@<mydomain.com>" and no idea how to turn that off.

My SPF record IS set up to request that reports get sent back to ME (and they do), but I never set anything anywhere to have it send reports OUT to other domains... at least not that I am ware of.
"If it ain't broke, it needs a lot more fix'n."
chrisbruce
Posts: 9
Joined: 12 Feb 2020 22:37

Re: Outbound reports to other domains?

Post by chrisbruce »

It doesn't appear that a resolution/instructions have been posted in this thread. I am having this same thing occur. It appears to be DMARC reports triggered daily by a cron job.

Job: /etc/cron.daily/eFa-Daily-DMARC

Is there a way to toggle this job off?
chrisbruce
Posts: 9
Joined: 12 Feb 2020 22:37

Re: Outbound reports to other domains?

Post by chrisbruce »

I found another thread on this Board dealing with these "DMARC Aggregation Reports"

viewtopic.php?f=14&t=4092

No solution/toggle as of 12FEB2020 4pm PST.

However, as a band-aid until a solution is found, I inserted these extra couple of lines into the middle of /usr/sbin/eFa-Daily-DMARC
rm -f ${HISTDIR}/${HISTFILE}.dat
touch ${HISTDIR}/${HISTFILE}.dat

So the daily bash script just processes an empty file.

Another alternative is to block port 25 outbound on the firewall from the eFa source IP.
User avatar
bikertrash
Posts: 49
Joined: 03 Feb 2016 12:53
Location: San Diego, CA
Contact:

Re: Outbound reports to other domains?

Post by bikertrash »

I may give that a whirl... fortunately they do all go out eventually. But as the poster of that thread you linked to, I was a little concerned about getting flagged as a Spammer as well but so far no issues with that... yet (at least not according to MX Toolbox).

As for blocking outbound SMTP... no... in my case the appliance filers both in and outbound mail... just in case an internal machine gets whacked and starts trying to spew out Spam before I can catch and stop it. Highly unlikely with all the internal protection I'm running but one never be to sure... :P
"If it ain't broke, it needs a lot more fix'n."
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Outbound reports to other domains?

Post by shawniverson »

DMARC reporting is a good thing, and you won't be classified as a spammer for sending them, as most relays send them now. You aren't sending those reports without permission...

DMARC reports go out of the eFa when a domain has published a DMARC DNS record that explicitly asks for reports.

A domain that asks for DMARC reports typically wants to know a few things, such as:

Is my domain relaying mail correctly to you (are my SPF and DKIM records okay)?
Are there spammers out there that are using my domain to try to spoof me when emailing you?
What IP addresses are these spammers using?

Oh, by the way, option 16 in eFa-Configure disables this (duh, I forgot myself! :lol: )
User avatar
bikertrash
Posts: 49
Joined: 03 Feb 2016 12:53
Location: San Diego, CA
Contact:

Re: Outbound reports to other domains?

Post by bikertrash »

Then in that case... NO... I will NOT disable it!! :lol:

My DMARC record is set that way for a reason as well, so I guess had BETTER be returning the favor. :whistle:
"If it ain't broke, it needs a lot more fix'n."
e-d-i-t
Posts: 94
Joined: 27 Apr 2016 19:28
Contact:

Re: Outbound reports to other domains?

Post by e-d-i-t »

Then why does it send out empty zipped reports?...
I don't like that type of reporting...
So it's going off for me.
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Outbound reports to other domains?

Post by pdwalker »

Because if your system has a lot of reports, the message could get quite large. Why not compress it to save time and space?

Also, if you are uncomfortable with the zipped reports, extract one of the zip files and see what the contents are for yourself.

Remember, EFA can be use to scan outgoing mail as well.
Post Reply