Over the period of time, I have been experimenting with SPAM solutions in my lab. Obviously not paid solutions like ProofPoint, Mimecast, Symantec, Spam Experts or other top companies as this is just a lab, but I came across an email filter appliance called eFA.
This runs on Linux and having some Linux background, it was not difficult to navigate and get installed. Putting eFa in front of Exchange and doing extensive tests, I can say I have achieved the following:
a. Block Spam emails.
b. Block emails with double extension such as .exe.pdf for example.
c. Block emails that are spoofed. (this is a big one in my books)
I do have SPF, DMARC and DKIM setup and yes stuff still manages to get through but I would say 1%, the rest gets blocked.
Spoofing my email address didn’t make it through as the Spam Assassin Plugin made sure the email couldn’t get through.
You can get the steps to download from here:
I used the first and second method, both work, here is a snippet of the first command:
- curl -sSL https://install.efa-project.org | bash
Some tips on this. When you installing CentOS 8 (that is what I am testing on), make sure that you do the following:
a) Download the stream version
b) Ensure you choose a minimum installation of CentOS 8 or higher
c) GUI version does not seem to work with CentOS 8 (3 installations later 🙂 )
d) Do not lock down CentOS 8 until after your installation of eFA
If everything is successful which is should be, you should end up with a few questions once installation is complete and these include:
b) Domain Name
c) IP Address
Once the system reboots, you should see a window like this after login:
In the window above, I worked through numbers 5,6,7,8,10,15,16,17,18 and 19.
Step 5,6,8,16,17,18 and 19 are simple enough to understand based on the questions they ask.
In Step 7 (Mail Settings), you need to configure your Outbound mail relay and Transport settings as shown below:
In the above window, step 4 is where you list your accepted domain and then specify the Exchange Server it is going to.
If you have DKIM in place, I found that step 16 caused some confusion externally so I disabled it but if you don’t have DKIM you can enable this.
Step 10 and 15 work hand-in-hand. The apache settings (Step 10) you need to enable port 443 and also enable port forwarding from port 80 to 443. Once that is done you can head over to 15 (Let’s encrypt).
In Step 4 where you defined your IP settings, name etc. You need to add this name to your external DNS as Step 15 (Let’s Encrypt) will fail to say it cannot resolve the name.
Once you have that done and you enable Step 15, I found that it gave an error but after reboot, I was able to access the URL with the correct certificate from R3. Once all you configuration is done and reboots are done, you can then go to the URL and you will see a page similar to the below:
One thing to highlight here is that Grey-listing seems to block all email and give you that delay of 5 minutes. I turned this off and mail-flow was instant.
On the Exchange side of things, I enabled the option on my Send Connector to route through a Smarthost and put in the eFa appliance IP.
On your External DNS, you will need to update your MX record to point to your Public IP of the eFA appliance and also update your SPF record to include the name and IP as well.
When you send and receive email now, it should flow through eFa and you can see what is blocked as SPAM, Bad content, Blocklisted etc. Below is a sample of what it looks like:
Shawn from eFA is very active on the forums and questions I had were answered pretty quickly with a solution. I registered on the forums because I want to contribute and give feedback but also be able to open up a case if something is not working. The URL for this can be found here:
If you looking for something for your small business, I would give this a try. It does what it says and they adding new features in all the time.
Please note this is my personal view on the product.
Hope it helps.