We're excited to announce that OpenEFA is approaching a major stable release after weeks of
intensive testing, bug fixes, and security hardening. The system is now rock-solid and
ready for production deployments!
What is OpenEFA?
OpenEFA is a next-generation, AI-powered email security appliance built as the modern
successor to the discontinued EFA Project. It combines traditional email filtering with
cutting-edge machine learning to provide enterprise-grade email protection.
---
Key Features & Capabilities
Advanced Threat Detection:
- Business Email Compromise (BEC) Detection - AI-powered detection of CEO fraud and
impersonation attacks
- Brand Impersonation & Typosquatting - Identifies domain lookalike attacks targeting your
organization
- AI/NLP Spam Analysis - 12 integrated analysis modules using SpaCy NLP for superior
detection
- ClamAV Virus Scanning - Real-time malware detection with 2M+ signatures
- TOAD Detection - Identifies telephone-oriented attack documents (PDF scams)
- Behavioral Baseline Analysis - Detects account compromise via anomaly detection
- URL Reputation & Homograph Detection - Identifies malicious links and Unicode attacks
Intelligent Learning System:
- Conversation Learning - Reduces false positives by learning legitimate email patterns
- Thread Awareness - Automatically recognizes legitimate replies in ongoing conversations
- Adaptive Scoring - Dynamic spam scoring based on sender history and behavior
Multi-Tenant & MSP-Ready:
- Role-Based Access Control - Admin, Domain Admin, and Client user roles
- Multi-Domain Management - Single installation protects unlimited domains
- Domain-Scoped Permissions - Users only see emails for their authorized domains
- Self-Service Portal - Clients manage their own whitelist/blacklist rules
Modern Web Interface (SpacyWeb):
- Real-Time Dashboard - Email statistics, threat alerts, and system health
- Quarantine Management - Release, delete, or train on quarantined emails
- AI Assistant - Natural language interface for email management ("Show me spam from
today")
- Bulk Operations - Process multiple emails with one click
- Whitelist/Blacklist Management - Self-service sender management
- Comprehensive Reporting - Filter effectiveness, volume trends, and learning statistics
Notification & Alerting:
- SMS Notifications - Real-time alerts via ClickSend for phishing, BEC, and viruses
- System Health Monitoring - Automated alerts for service issues, disk space, mail queue
- Daily Summary Reports - Email processing statistics delivered daily
- Rate-Limited Alerts - Intelligent cooldown prevents notification spam
Enterprise Security:
- CSRF Protection - All endpoints protected against cross-site attacks
- Content Security Policy (CSP) - Prevents XSS and injection attacks
- Rate Limiting - API throttling prevents abuse
- Audit Logging - Complete change tracking for compliance
- Session Management - Configurable timeout (easily adjustable for testing/production)
- SQL Injection Protection - Parameterized queries throughout
---
Recent Stability Improvements
We've been laser-focused on stability and security:
Comprehensive Security Audit (Nov 7, 2025) - Complete system hardening DatabasePerformance Optimization - Proper indexing for fast queries
Permission System Refinement- Rock-solid multi-tenant access control
Email Processing Timeout Fixes - Handles largeemails reliably
CSRF Protection - Implemented across all endpoints Rate Limiting -Protection against API abuse
UI/UX Polish - Improved visibility, toast notifications, andresponsiveness
Session Management - Configurable timeouts for different use cases---
Perfect for EFA Users
If you're familiar with MailScanner EFA, you'll feel right at home. However, OpenEFA's
interface is completely redesigned with modern concepts:
- "User Messages" - Shows quarantined/suspicious emails requiring user action (similar to
EFA quarantine)
- "All Emails" - Complete email history with advanced filtering (available to Domain
Admins)
- Unified Interface - All email management from one clean, modern dashboard
- Better Performance - MySQL backend with optimized indexes for speed
---
Quick Installation
One-line install:
curl -sSL http://install.openefa.com/install.sh | sudo bash
System Requirements:
- Ubuntu 24.04 LTS or 22.04 LTS
- 2 GB RAM minimum (4 GB recommended)
- 20 GB disk space
- Static IP with ports 25, 443, 5500 accessible
---
What's Next?
The stable release will include:
- Complete documentation
- Migration guide from EFA
- Community support forums
- Regular security updates
---
Try It Today!
When released.... the build will be production-ready and stable. Install it, test it, and let us know what
you think! We've put thousands of hours into making this the best open-source email
security solution available.
Questions? Issues? Feedback?Post them here or open an issue on GitHub. We're here to help!
Thank you to everyone who has tested, provided feedback, and contributed to making OpenEFA
a reality.
---
OpenEFA Team