e-f-a / v3 Goto Github PK

the layout get a bit 'mixed up' when adding more than 10 domains, going over more than 100 it get even worse.

might need to split it up in sections or so? need to think about it..

These tests seem to depend on DNS responses upstream. opendns sends a reply to unknown addresses. This causes NetAddr-IP to fail the below tests.

At home, no reply on the below fake DNS names occurs because no opendns forwarders are involved.

So, anyone relying on opendns may have issues building EFA.

Solution is to ignore DHCP assigned DNS servers during build. Will fix.

#       The following 8 tests involve resolving (hopefully)
#       non-existant names. This may take a while.

#   Failed test 'not defined ->new(default.neveranydomainlikethis)'
#   at t/v4-wnew.t line 20.

#   Failed test 'not defined ->new(nohostlikethis.default)'
#   at t/v4-wnew.t line 20.

#   Failed test 'not defined ->new(any.neveranydomainlikethis)'
#   at t/v4-wnew.t line 20.

#   Failed test 'not defined ->new(nohostlikethis.any)'
#   at t/v4-wnew.t line 20.

#   Failed test 'not defined ->new(broadcast.neveranydomainlikethis)'
#   at t/v4-wnew.t line 20.

#   Failed test 'not defined ->new(nohostlikethis.broadcast)'
#   at t/v4-wnew.t line 20.

#   Failed test 'not defined ->new(loopback.neveranydomainlikethis)'
#   at t/v4-wnew.t line 20.

#   Failed test 'not defined ->new(nohostlikethis.loopback)'
#   at t/v4-wnew.t line 20.
# Looks like you failed 8 tests of 12.

Provide a frontend for postfix mail queue stats

In environments with multiple E.F.A. systems working together, having the same watermark secret improves message handling, especially if the message passes through multiple E.F.A. systems.

MailWatch has a typo in lists.php on line 156...

 $todomain1 = strtolower($url_domain);

This code should read...

 $todomain = strtolower($url_domain);

pyzor: check failed: util: cannot fork: Can't fork at /usr/local/share/perl5/Mail/SpamAssassin/Util.pm line 1451. at /usr/local/share/perl5/Mail/SpamAssassin/Util.pm line 1454.

Checking into this...

less /var/log/EFA/EFA-SA-Update.log

'''
The sizes do not match (local 172670) -- retrieving.

--2014-01-20 16:51:16-- http://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf
Reusing existing connection to www.pccc.com:80.
HTTP request sent, awaiting response... 200 OK
Length: 176487 (172K) [text/plain]
Saving to: “KAM.cf”

 0K .......... .......... .......... .......... .......... 29%  283K 0s
50K .......... .......... .......... .......... .......... 58%  383K 0s

100K .......... .......... .......... .......... .......... 87% 561K 0s
150K .......... .......... .. 100% 540K=0.4s

2014-01-20 16:51:17 (394 KB/s) - “KAM.cf” saved [176487/176487]

It completed okay.
Reloading MailScanner workers:
MailScanner: [FAILED]
Outgoing postfix: [ OK ]
--2014-01-21 04:03:44-- http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf
Resolving www.peregrinehw.com... 38.124.232.177
'''

running manually from console and it seems to work...

The 3.0.0.1 update broke learn-msg.cgi. It resets the efa database password

May need to modify EFA-Configure to automatically disable the sig notification in this situation.

Allow 443 inbound

config options to turn on ssl, redirect 80 to 443 or turn off 80 modify sig and spam report reports

It is likely due to Spamassassin running as a script.

Spamassassin is not daemonized in this version of E.F.A. (3.0.0.0)

Consider daemonizing Spamassassin in the next update.

With any spam not delivered mail send by mailscanner we seem to have double signatures:

Wondering if there is a way to disable the signature if mail's are send from the system itself.

<snap>
If you are satisfied that this message is not spam, you can release it from quarantine
by clicking http://HOSTNAME/cgi-bin/release-msg.cgi?datenumber=20140120&id=<ID>&token=<TOKEN>
Note that if this mail has been send to multiple recipients you will release this mail to all users.

-- 
<COMPANYNAME>
http://www.efa-project.org

-- 
This message has been scanned for viruses and dangerous content by E.F.A. Project, and 
is believed to be clean. Click here to report this message as spam. 
http://<HOSTNAME>/cgi-bin/learn-msg.cgi?id=BD9932007D.AAAAA 

The last part should not be there as it might confuse users...

...looks like the tarball landed into here instead of in /usr/src/EFA.

1. correct build.bash
2. send out a cleanup task for existing EFAs

Some organizations may want to delete emails that meet this criteria, for example, as some of the most offending spam is flagged as high spam. Add a disclaimer to this option.

It appears that when an email has a virus, it is automatically delivered with the virus removed and bypasses spam checks.

May need to disable this option

1. Add support to MCPMessage.pm to allow custom actions in MCP Actions and High MCP Actions config variables.

2. Create a Custom Action to remove offensive content in subject and body

This is important in organizations (such as schools) where certain kinds of content, such as sexual references, tasteless content, threats, etc. must be removed prior to message storage and delivery.

For a future release it might be an idea to implement some sort of automatic backup item.

for example an automatic backup of:

• Mysql DB's
• postfix settings
• /etc/EFA-Config
• IP settings
• users..

/etc/cron.daily/clean.quarantine

Just noticed we never enabled the quarantine cleanup script so disks might fillup.
disabled = 1; should be changed to disabled=0;

#!/usr/bin/perl


#
# IMPORTANT NOTE:
#
# Change the next line to 0 instead of 1 to enable this script.
# By default it will be disabled and will not do anything.
#

$disabled = 1;

Create a configuration option to define trusted networks so that outsiders cannot submit spam inadvertently.on email replies.

Libre ESVA uses this approach.

Modify SQL query in quarantine_report.php to report only on spam.

In my opinion its a useless page :)

Recommend dumping mailscanner's clean.quarantine and letting mailwatch handle quarantine cleanup from quarantine_maint.php exclusively.

This will simplify clean up and allow the days to keep be configurable in just one location.

by default postfix allows mails up to 10MB
we might want to add an section so users can change it to something else..

message_size_limit in postfix main.cf`*by default not set so default is used (10MB)

Jan 24 17:57:56 efa postfix/smtpd[28495]: sql_select option missing
Jan 24 17:57:56 efa postfix/smtpd[28495]: auxpropfunc error no mechanism available

Mysql leaves behind a socket file if the system crashes or power is lost.

After the system comes back up, mysqld fails to load.

We may want to add a mysql recovery option to EFA-Configure.

This would be a helpful feature. Not sure how to accomplish it, but hey, why not?

If E.F.A. is also the outbound relay, remove the learn-msg.cgi script line, if present, before delivery. Possibly pass outbound mail through a sanitation script.

mailscanner.conf
default Highlight Phishing Fraud = yes

this is the: MailScanner has detected a possible fraud attempt from… text..

some users might want to disable this so option in EFA-Configure should be usefull..

When I try to add something as spam by clicking the link at the bottom of the email I get this.
Error in id or token syntax at /var/www/cgi-bin/learn-msg.cgi line 83

As soon as a token=$token is add to an inline signature, the entire line disappears from the signature.

Make the number of days to report a configurable option.

If you add a whole bunch of domain's to the transport list with efa-configure after a while the 'number selection' breaks

'''
Error "5" is not an option...
'''

Allow users to change the default spam score setting

/etc/MailScanner/MailScanner.conf
Required SpamAssassin Score = 5

add option to EFA-Configure to modify the amount of day's mail's are kept:

/etc/cron.daily/clean.quarantine
$days_to_keep = 30;

note we use 30 day's by default (mailwatch default) esva had 180 day's by default, might think about that..

Arch dependent binaries in noarch package

Opt out domains is being ignored. Greylisting of domain occurs despite opt out.

The regex in release-msg.cgi checks the 'to' variable.

However when an message is send to multiple people at once then the to variable from mailwatch is in the context of:

"[email protected], [email protected], [email protected], [email protected]"

Multiple to's currently break the release-msg.cgi validation check.

My image is broken :(

Create a user import tool.

200K may need to be increased in some cases. I have increased mine to 1024K.

So that users can specify non-standard ports to relay mail to.

Very useful in school environments. Mailwatch can be extended to show high spam for admins and domain admins to review, but hide it from reports etc. for regular users.

High Spam tends to contain a lot of suggestive emails.

Alternative to deleting high spam.

May make sense to have the option to filter out high spam in the recent messages list if desired for regular users, especially if the option to delete high spam is enabled.

Create configuration options to enable and configure MCP.

Create a ruleset for MCP to block obvious MCP violations.

Not something we have to tackle right now, but might be helpful in the release version.