🚀 OpenEFA v1.2.0 Released: Relay Host Management & Enhanced Email Viewing

[adrastosefa]

Install or Update Now
curl -sSL http://install.openefa.com/install.sh | sudo bash

---

Major New Features:

Automatic Relay Host Management
Configure different relay servers for each domain with zero manual Postfix configuration! The system automatically:

[*]Stores relay host (IP or hostname) per domain in database
[*]Generates and updates /etc/postfix/transport automatically
[*]Compiles transport hash and reloads Postfix on every domain change
[*]Works seamlessly for MSP and multi-tenant deployments

Perfect for routing client domains to their own mail servers after security filtering!

Enhanced Email Viewing
New email detail view includes:

[*]Authentication Headers:[/b] SPF, DKIM, and DMARC results displayed prominently
[*]Full Headers Access:[/b] View complete MIME headers on-demand
[*]Email Actions:[/b] Release, Whitelist, Mark as Spam, Delete - all with one click
[*]Collapsible Content:[/b] Better performance with expandable email body sections
[*]Brief Previews:[/b] Quarantine view shows 3-5 line previews instead of full content

UI Improvements

Domain indicator in whitelist management (no more guessing which domain you're managing!)
[*]User creation form defaults to "Select Domain" to prevent accidental wrong assignments
[*]Improved quarantine interface with better content organization
---
Technical Highlights:

Database: Added relay_host column + authentication header columns
Backend: Automatic Postfix transport file generation and reload
Security: Proper file permissions + sudoers configuration for passwordless Postfix reload
Installer: All features included - fresh installs get everything automatically

Testing:
Fully tested with both local and GitHub curl installations
All features working on production systems
Automatic updates handle schema migrations seamlessly

---

Use Cases:

Route each client to their own mail server after filtering
Multi-Tenant: Different departments with separate mail infrastructure
Migrations: Gradually move domains to new servers while maintaining security

---

Read the full announcement:
https://openefa.com/blog/relay-host-man ... lease.html Relay Host Management & Enhanced Email Viewing

GitHub Repository:
https://github.com/openefaadmin/openefa-installer]openefaadmin/openefa-installer

---

Questions or issues? Post them here!

[Carl Brunning]

as the ssl is broken right now please use this cmd which is for the git server

curl -sSL https://raw.githubusercontent.com/opene ... otstrap.sh | sudo bash

tested and working
sll will be fixed later today

[adrastosefa]

Updated the certificate. Please try the install again.

curl -sSL http://install.openefa.com/install.sh | sudo bash

as the ssl is broken right now please use this cmd which is for the git server

curl -sSL https://raw.githubusercontent.com/opene ... otstrap.sh | sudo bash

tested and working
sll will be fixed later today

[Carl Brunning]

so if you using ubuntu 22.04 and min install
make sure you do the following first

openssl s_client -connect install.openefa.com:443 -servername install.openefa.com < /dev/null
apt install iputils-ping

then the following command will work

curl -sSL http://install.openefa.com/install.sh | sudo bash

[Woger]

Chrome is giving me an "ERR_SSL_PROTOCOL_ERROR" error on opening the page on port 5500.

Syslog:

2025-10-16T13:30:29.281997+02:00 s3 spacyweb[1257]: 2025-10-16 13:30:29,281 - werkzeug - ERROR - 84.29.166. - - [16/Oct/2025 13:30:29] code 400, message Bad request version ('\x00\x12\x00\x10\x04\x03\x08\x04\x04\x01\x05\x03\x08\x05\x05\x01\x08\x06\x06\x01\x00\x12\x00\x00\x00\x05\x00\x05\x01\x00\x00\x00\x00DÍ\x00\x05\x00\x03\x02h2ÿ\x01\x00\x01\x00\x00-\x00\x02\x01\x01\x00')
2025-10-16T13:30:29.282416+02:00 s3 spacyweb[1257]: 2025-10-16 13:30:29,282 - werkzeug - INFO - 84.29.166. - - [16/Oct/2025 13:30:29] "#033[31m#033[1m\x16\x03\x01\x06Ô\x01\x00\x06Ð\x03\x03\x8dK\x80\x99euÑÐÛ]½G<\x9c4|Í6j\x0eE\x8b°H/ð.\x1bQó¹Ò ¾\x1dZ¯\x06Fíu4¬\x02P²ÛVjÆ_¹ÑP\x1c\x1c©Ö\x81%¼\x1bbIW\x00 êê\x13\x01\x13\x02\x13\x03À+À/À,À0̨̩À\x13À\x14\x00\x9c\x00\x9d\x00/\x005\x01\x00\x06g**\x00\x00þ\x0d\x00Ú\x00\x00\x01\x00\x01)\x00 2\x1eÑIÂ\x87R9©J¨A)¦\x9aü,\x0bgK¤h\x99ÛÔv>­¶*\x1d\x15\x00°\x91ÄZ&Ú\x04\x83`öu\x94B\x18\x80Ê«üSÁñ\x84e<À\x882ÌóV\x9e.rõcvìÎPH\x19¿xY\x04ï`bo\x1fÍ\x88YÅè\x9fY+\x91\x86&·æDA\x8cM¸b\x8f\x0b\x8f\x93î\x9fÑ\x07\x19Ò%\x85G\x15²fg&\x80ñµ~Ã\x93\x0d\x8c²Tõ\x13Ò\x8bnº1\x8e§É2ÕÏqôÐ\x89¯#\x17\x01ð\x8fÛñß}ÿô¬$7J¨:ã&,Ó6\x17Ox\x98¹Nä¿Wc\x0bÑ\x8b<\x8f\x12T\x9eÈ+¬ózh¢zÿ\x95è\x06¤µIg<\x04ªëëÌ\x00\x1b\x00\x03\x02\x00\x02\x00\x00\x00\x10\x00\x0e\x00\x00\x0bs3.domein.nl\x00\x17\x00\x00\x00\x10\x00\x0e\x00\x0c\x02h2\x08http/1.1\x00\x0b\x00\x02\x01\x00\x00\x0d\x00\x12\x00\x10\x04\x03\x08\x04\x04\x01\x05\x03\x08\x05\x05\x01\x08\x06\x06\x01\x00\x12\x00\x00\x00\x05\x00\x05\x01\x00\x00\x00\x00DÍ\x00\x05\x00\x03\x02h2ÿ\x01\x00\x01\x00\x00-\x00\x02\x01\x01\x00#033[0m" 400 -
2025-10-16T13:30:29.319214+02:00 s3 spacyweb[1257]: 2025-10-16 13:30:29,318 - werkzeug - ERROR - 84.29.166. - - [16/Oct/2025 13:30:29] code 400, message Bad request version ('iôÇ^ɳA²W\x9f\x14\x19')
2025-10-16T13:30:29.319326+02:00 s3 spacyweb[1257]: 2025-10-16 13:30:29,319 - werkzeug - INFO - 84.29.166. - - [16/Oct/2025 13:30:29] "#033[31m#033[1m\x16\x03\x01\x06Ô\x01\x00\x06Ð\x03\x03\x1dñ ¾Ñ(ëqñ\x80\x8b\x9dE\x80W\x07BiXÃ=:Þ\x1b2È.\x92Ã(<\x81 iôÇ^ɳA²W\x9f\x14\x19#033[0m" 400 -
2025-10-16T13:30:29.323424+02:00 s3 spacyweb[1257]: 2025-10-16 13:30:29,323 - werkzeug - ERROR - 84.29.166. - - [16/Oct/2025 13:30:29] code 400, message Bad HTTP/0.9 request type ('\x16\x03\x01\x06ô\x01\x00\x06ð\x03\x030³')
2025-10-16T13:30:29.323561+02:00 s3 spacyweb[1257]: 2025-10-16 13:30:29,323 - werkzeug - INFO - 84.29.166. - - [16/Oct/2025 13:30:29] "#033[31m#033[1m\x16\x03\x01\x06ô\x01\x00\x06ð\x03\x030³\x0co»\x11#033[0m" 400 -

[Carl Brunning]

you have to allow chrome to have access as it not full ssl on install
as you will need to do that later with you certs

and change the https to http will help you to get in

[MauriceW67]

Did a fresh install and everything looks ok now. I can access the dashboard and see the relay domain that I configured during setup.

When I send a test mail from my local network, the message is accepted and relayed to my Exchange server where it arrives in the correct mailbox.

However, none of the test mails show up in the dashboard under Recent messages or All messages.

What could be wrong here?

[mattch]

Got the fresh install on Ubuntu 24.04 using that link. Super smooth install. Kudos on the web interface!

Havent gotten too far inside yet but couple things I noticed so far:

end of install screen has these \033

Code: Select all

\033[0;32m╔════════════════════════════════════════════════════════════════╗
║                  INSTALLATION SUCCESSFUL!                      ║
╚════════════════════════════════════════════════════════════════╝\033[0m

\033[0;36mOpenEFA Email Security System is now running!\033[0m

\033[1;37mAccess Information:\033[0m
  • SpacyWeb Dashboard: https://openefa:5500
  • Admin Username: admin
  • Admin Email: <>

\033[1;37mProtected Domain:\033[0m
  • <>

\033[1;37mServices Running:\033[0m
  • Postfix (Mail Server)
  • spacy-db-processor (Database Queue)
  • SpacyWeb (Dashboard - Port 5500)
  • Release API (Port 5001)
  • Whitelist API (Port 5002)
  • Block API (Port 5003)

\033[0;31m⚠️  CRITICAL - If using MailGuard/EFA downstream:\033[0m
  \033[1;33mDeploy SpamAssassin rules to your MailGuard/EFA server:\033[0m

  cd /opt/spacyserver/installer/templates/spamassassin
  scp *.cf root@YOUR_EFA_SERVER_IP:/etc/mail/spamassassin/
  ssh root@YOUR_EFA_SERVER_IP "spamassassin --lint && systemctl restart mailscan                                                                                                             ner"

  \033[1;37mWithout this, MailGuard will IGNORE OpenEFA's analysis!\033[0m
  See: /opt/spacyserver/docs/EFA_SPAMASSASSIN_INTEGRATION.md

The Authentication page 404

Code: Select all

Oct 16 14:27:34 openefa spacyweb[14198]: 2025-10-16 14:27:34,132 - werkzeug - INFO - 192.168.3.11 - - [16/Oct/2025 14:27:34] "GET /config/reports HTTP/1.1" 200 -
Oct 16 14:27:34 openefa spacyweb[14198]: 2025-10-16 14:27:34,153 - werkzeug - INFO - 192.168.3.11 - - [16/Oct/2025 14:27:34] "GET /static/openefa-theme.css HTTP/1.1" 304 -
Oct 16 14:27:36 openefa spacyweb[14198]: 2025-10-16 14:27:36,395 - werkzeug - INFO - 192.168.3.11 - - [16/Oct/2025 14:27:36] "GET /config/authentication HTTP/1.1" 404 -
Oct 16 14:27:43 openefa spacyweb[14198]: 2025-10-16 14:27:43,785 - werkzeug - INFO - 192.168.3.11 - - [16/Oct/2025 14:27:43] "GET /config/domains HTTP/1.1" 200 -
Oct 16 14:27:43 openefa spacyweb[14198]: 2025-10-16 14:27:43,818 - werkzeug - INFO - 192.168.3.11 - - [16/Oct/2025 14:27:43] "GET /static/openefa-theme.css HTTP/1.1" 304 -
Oct 16 14:27:45 openefa spacyweb[14198]: 2025-10-16 14:27:45,665 - werkzeug - INFO - 192.168.3.11 - - [16/Oct/2025 14:27:45] "GET /config/authentication HTTP/1.1" 404 -

[adrastosefa]

Yes, working on tightening up the end of the install page.
Finalizing the spam, quarantine, clean, and release or store decision tree now. Also adding in more detailed permissions. Giving the admin the ability to assign admin privileges by domain. Users roles will be Admin, Domain Admin, User.

We are considering having a Google Meet session in the near future talk about the future, product design, things people want to see, etc. Would you be interested?

sb

[Woger]

you have to allow chrome to have access as it not full ssl on install
as you will need to do that later with you certs

and change the https to http will help you to get in

Sorry, I thought it was about the SSL cert of the github server. I have access now. However a test email sent through the server gives this error:
2025-10-16T19:13:32.185383+02:00 s3 postfix/pipe[5199]: 89A18C1815: to=<info@nedport.net>, relay=spacyfilter, delay=47, delays=16/0.01/0/31, dsn=5.3.0, status=bounced (Command died with status 1: "/opt/spacyserver/email_filter.py". Command output: Redis libraries loaded Real authentication libraries loaded Loaded 18 trusted domains from /opt/spacyserver/config/trusted_domains.json Loaded 3 processed domains from database Loaded relay config: 83.96.252.135:25 Redis queue connected Module otp_detector loaded Module entity_extraction not available: No module named 'spacy' Module email_dns loaded Module email_phishing loaded WARNING:root:TextBlob not available. Install with: pip3 install textblob WARNING:email_sentiment:Sentiment analysis disabled - TextBlob not available Module email_sentiment loaded Module email_language loaded Module email_obfuscation loaded Module marketing_spam_filter not available: No module named 'utils' DEBUG: Warning: Typosquatting detector not available Module bec_detector loaded Module enhanced_analysis not available: No module named 'utils' Module toad_detector loaded Module pdf_analyzer loaded Module fraud_funding_detector loaded Module url_reputation loaded Module behavioral_baseline loaded Module rbl_checker loaded Module antivirus_scanner loaded [19:13:01] === EMAIL FILTER WITH TIMEOUT HANDLING START === GeoIP2 not available. Install with: pip install geoip2 Blocking database initialized Redis cache connected PDF analysis libraries not available: No module named 'fitz' [THREAD-WARNING] Alias config not found at /opt/spacyserver/config/alias_mappings.json, using defaults DNS Analysis: reputation=0, trusted=True, spoofing=False, spam_score=0.00 [THREAD-WARNING] Alias config not found at /opt/spacyserver/config/alias_mappings.json, using defaults DEBUG: Language detection: en (0.50) via default [THREAD-WARNING] Alias config not found at /opt/spacyserver/config/alias_mappings.json, usin