Does EFA reject incoming emails at all?

General eFa discussion
Post Reply
maxkmv
Posts: 52
Joined: 28 Apr 2015 14:40

Does EFA reject incoming emails at all?

Post by maxkmv »

I have recently switched from old version of EFA 3 to latest version of EFA 4. I did not do any migration, just started fresh with default installation.. Previously I would receive something like 2000 emails per day of which around 80% were spam and 20% were legitimate.

Now, the very first thing I noticed is that I am receving a lot fewer emails. Only around 1000 per day. At the same time users are not complaining that anything they expect to receive is not received, so all seems to be good. However, that doesn't explain why I am receiving a lot fewer spam emails. I have a feeling that some incoming emails are simply rejected and don't appear in "Recent Messages" dashboard. Particularly those where I have added IP subnets into "Blocklist". Since recently I started to add IP addresses in the form of X.X.X (i.e. omitting the last number, for example: 163.172.227 - in the hopes that this would block entire subnets used by spammers). And I noticed when attack is ongoing as soon as I add the subnet to Blocklist I stop receiving any spam emails sent from that subnet..

In EFA 3 it would show all blocked emails with black background (marked Blacklisted)... However it is suspicios why EFA 4 just don't show them at all the moment I add the IP subnet to blocklist..

Am I talking nonsense? Can someone confirm if those emails are rejected at the time of SMTP session/connection? As this is not the desirable behaviour at all,- I still need to see what is Blocklisted instead of rejecting it.
maxkmv
Posts: 52
Joined: 28 Apr 2015 14:40

Re: Does EFA reject incoming emails at all?

Post by maxkmv »

And sorry I forgot to mention Greylisting is DISABLED.
User avatar
dangsite
Posts: 15
Joined: 08 Sep 2018 15:03

Re: Does EFA reject incoming emails at all?

Post by dangsite »

Have you review your postfix mail log?
maxkmv
Posts: 52
Joined: 28 Apr 2015 14:40

Re: Does EFA reject incoming emails at all?

Post by maxkmv »

Yes, I have reviewed - this is what I found in maillog:

Jan 22 03:55:23 EFA postfix/cleanup[381474]: 4NzzsQ5pM3z5BB9L: milter-reject: END-OF-MESSAGE from unknown[45.137.22.186]: 5.7.1 Message Blacklisted; from=<cw4826878@gmail.com> to=<sales@xxxxxxxx.co.uk> proto=ESMTP helo=<hosted-by.rootlayer.net>

EFA Dashboard aka Recent Messages does not show me this email at all... Does it mean it was rejected hence I do not see it?
P.S. The IP address 45.137.22.186 is currently in my Blocklist, but the email address cw4826878@gmail.com is not.

Any idea please? I really need to be able to see EVERYTHING that EFA has blacklisted to know if anything legitimate was blocked by mistake.
maxkmv
Posts: 52
Joined: 28 Apr 2015 14:40

Re: Does EFA reject incoming emails at all?

Post by maxkmv »

I think I have found it, so answering my own question.

In MailScanner.conf there is this, by default it says yes, if I change it to no - any new emails that arrive and blacklisted will become visible in EFA. Sure it doesn't reject those email any more, but they are blocklisted and I can see them in my reports.

# If using the milter/msmail, this setting will activate
# the milter scanner, which will reject mail that meets
# certain criteria (i.e. blacklisted)
Milter Scanner = no
Post Reply