OpenEFA v1.6

[jgiversen]

Hi, I have now installed v1.6.1 and have come a bit further.
Most of the install issues are gone now and SSL is working on https port, but port 5500 is no longer responding as ajmind mentions, not sure if that is by design. Furthermore I get this in the GUI if I push user messages “Error loading quarantine: 1054 (42S22): Unknown column 'ea.sender_domain' in 'SELECT”. Besides that, all incoming mails are deferred by postfix and not passed on to relay host. It seems to be some database issue. The incoming mails are not stored in the database and therefore not seen in the GUI.
This is from maillog:

2025-12-09T19:30:33.697920+01:00 openefa postfix/master[2324]: daemon started -- version 3.8.6, configuration /etc/postfix
2025-12-09T19:35:33.735431+01:00 openefa postfix/qmgr[2332]: 88DD6E1AC5: from=<mymail@gmail.com>, size=3687, nrcpt=1 (queue active)
2025-12-09T19:35:34.112033+01:00 openefa email_filter_init: Notification service initialized
2025-12-09T19:35:34.149889+01:00 openefa email_filter_init: Redis libraries loaded
2025-12-09T19:35:34.186517+01:00 openefa email_filter_init: Real authentication libraries loaded
2025-12-09T19:35:34.212858+01:00 openefa email_filter_init: GeoIP2 libraries loaded
2025-12-09T19:35:34.212978+01:00 openefa email_filter_init: Loaded 1 trusted domains from trust_policy.json (0 wildcards)
2025-12-09T19:35:34.213006+01:00 openefa email_filter_init: No trusted_esps.json found at /opt/spacyserver/config/trusted_esps.json
2025-12-09T19:35:34.213034+01:00 openefa email_filter_init: Total 1 exact trusted domains + 0 wildcards loaded
2025-12-09T19:35:34.213057+01:00 openefa email_filter_init: Auth policy: require=True, min_methods=1
2025-12-09T19:35:34.215219+01:00 openefa email_filter_init: Loaded 2 processed domains from database
2025-12-09T19:35:34.215273+01:00 openefa email_filter_init: giversen.net -> 192.168.152.10:25
2025-12-09T19:35:34.215307+01:00 openefa email_filter_init: giversen.online -> 192.168.152.10:25
2025-12-09T19:35:34.215745+01:00 openefa email_filter_init: Loaded relay config: 192.168.152.10:25
2025-12-09T19:35:34.216539+01:00 openefa email_filter_init: Redis queue connected
2025-12-09T19:35:34.217194+01:00 openefa email_filter_init: Spam result cache initialized (Redis DB 2)
2025-12-09T19:35:34.219197+01:00 openefa email_filter_init: MySQL database connected for blocking rules
2025-12-09T19:35:34.220679+01:00 openefa email_filter_init: GeoIP2 database loaded for country blocking
2025-12-09T19:35:34.221208+01:00 openefa email_filter_init: Module otp_detector loaded
2025-12-09T19:35:34.884905+01:00 openefa email_filter_init: Module entity_extraction loaded
2025-12-09T19:35:34.886516+01:00 openefa email_filter_init: 2025-12-09 19:35:34,885 - email_dns - INFO - Using system default DNS
2025-12-09T19:35:34.887735+01:00 openefa email_filter_init: 2025-12-09 19:35:34,887 - email_dns - INFO - Redis DNS cache initialized successfully
2025-12-09T19:35:34.888401+01:00 openefa email_filter_init: 2025-12-09 19:35:34,888 - email_dns - INFO - Loaded 10 domains from DNS whitelist config
2025-12-09T19:35:34.891528+01:00 openefa email_filter_init: 2025-12-09 19:35:34,891 - email_dns - INFO - Found 0 unique high-volume domains for DNS pre-warming
2025-12-09T19:35:34.891605+01:00 openefa email_filter_init: 2025-12-09 19:35:34,891 - email_dns - WARNING - No domains to pre-warm
2025-12-09T19:35:34.891634+01:00 openefa email_filter_init: Module email_dns loaded
2025-12-09T19:35:34.892564+01:00 openefa email_filter_init: Module email_phishing loaded
2025-12-09T19:35:35.110863+01:00 openefa email_filter_init: Module email_sentiment loaded
2025-12-09T19:35:35.117872+01:00 openefa email_filter_init: Module email_language loaded
2025-12-09T19:35:35.118243+01:00 openefa email_filter_init: Module email_obfuscation loaded
2025-12-09T19:35:35.119628+01:00 openefa email_filter_init: Module marketing_spam_filter loaded with 2 functions
2025-12-09T19:35:35.120740+01:00 openefa email_filter_init: DEBUG: Warning: Typosquatting detector not available
2025-12-09T19:35:35.120806+01:00 openefa email_filter_init: Module bec_detector loaded
2025-12-09T19:35:35.120842+01:00 openefa email_filter_init: Module brand_impersonation loaded
2025-12-09T19:35:35.121652+01:00 openefa email_filter_init: Module enhanced_analysis loaded with 3 functions
2025-12-09T19:35:35.122366+01:00 openefa email_filter_init: Module toad_detector loaded
2025-12-09T19:35:35.201294+01:00 openefa email_filter_init: Module pdf_analyzer loaded
2025-12-09T19:35:35.201970+01:00 openefa email_filter_init: Module html_attachment_analyzer loaded
2025-12-09T19:35:35.202542+01:00 openefa email_filter_init: Module fraud_funding_detector loaded
2025-12-09T19:35:35.203071+01:00 openefa email_filter_init: Module url_reputation loaded
2025-12-09T19:35:35.469885+01:00 openefa email_filter_init: Module behavioral_baseline loaded
2025-12-09T19:35:35.470857+01:00 openefa email_filter_init: Module rbl_checker loaded
2025-12-09T19:35:35.473170+01:00 openefa email_filter_init: Module antivirus_scanner loaded
2025-12-09T19:35:35.485353+01:00 openefa email_filter_init: Module attachment_inspector not available: No module named 'py7zr'
2025-12-09T19:35:35.486123+01:00 openefa email_filter_init: Module header_forgery_detector loaded
2025-12-09T19:35:35.486710+01:00 openefa email_filter_init: Module received_chain_analyzer loaded
2025-12-09T19:35:35.487461+01:00 openefa email_filter_init: Module html_body_analyzer loaded
2025-12-09T19:35:35.488219+01:00 openefa email_filter_init: Module display_name_spoofing loaded
2025-12-09T19:35:35.488737+01:00 openefa email_filter_init: Module onmicrosoft_impersonation loaded
2025-12-09T19:35:35.489056+01:00 openefa email_filter: Queue ID from Postfix: mymail@gmail.com
2025-12-09T19:35:35.489123+01:00 openefa email_filter: Envelope sender from Postfix: mymail@giversen.online
2025-12-09T19:35:35.489158+01:00 openefa email_filter: Email size: 3662 bytes
2025-12-09T19:35:35.491354+01:00 openefa email_filter: Email parsed successfully
2025-12-09T19:35:35.494705+01:00 openefa email_filter: Found 1 total unique recipients
2025-12-09T19:35:35.494780+01:00 openefa email_filter: Processing 1 recipients from our domains: mymail@giversen.online
2025-12-09T19:35:35.495691+01:00 openefa email_filter: Early blocking check database error: 1054 (42S22): Unknown column 'br.is_global' in 'WHERE'
2025-12-09T19:35:35.496118+01:00 openefa email_filter: Found 1 total unique recipients
2025-12-09T19:35:35.496182+01:00 openefa email_filter: Processing 1 recipients from our domains: mymail@giversen.online
2025-12-09T19:35:35.496510+01:00 openefa email_filter: Sender domain: gmail.com
2025-12-09T19:35:35.496591+01:00 openefa email_filter: No existing authentication found, performing real validation
2025-12-09T19:35:35.497159+01:00 openefa email_filter: Recipient domains from email headers (fallback): ['giversen.online']
2025-12-09T19:35:35.497231+01:00 openefa email_filter: Envelope sender (Return-Path): mymail@gmail.com
2025-12-09T19:35:35.497273+01:00 openefa email_filter: SPF will check domain: gmail.com (not gmail.com)
2025-12-09T19:35:35.497311+01:00 openefa email_filter: First Received header: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6f8b0:4864:20::429])#011by openefa (Postfix) with ESMTPS id 88DD6E1AC5#011for <mymail@giversen.online>; Tue, 9 Dec 2025 17:54:05 +0000 (UTC
2025-12-09T19:35:35.497351+01:00 openefa email_filter: Could not extract IP from first Received header
2025-12-09T19:35:35.497391+01:00 openefa email_filter: Real authentication error: list index out of range
2025-12-09T19:35:35.497424+01:00 openefa email_filter: Auth completed, generating headers...
2025-12-09T19:35:35.497714+01:00 openefa email_filter: Headers added, extracting text content...
2025-12-09T19:35:35.499376+01:00 openefa email_filter: Extracted text from HTML-only email (49 chars)
2025-12-09T19:35:35.499460+01:00 openefa email_filter: Text extracted: 49 chars
2025-12-09T19:35:35.499691+01:00 openefa email_filter: Auth abuse detection - Score: 0.0, Reasons: []
2025-12-09T19:35:35.537206+01:00 openefa email_filter: Enhanced thread analysis: trust_level=none, verified=False, internal=False
2025-12-09T19:35:35.537929+01:00 openefa email_filter: CACHE HIT: Jørgen Giversen <mymail@gmail.com> - test
2025-12-09T19:35:35.538002+01:00 openefa email_filter: Cache lookup error: 'PerformanceMonitor' object has no attribute 'log_event'
2025-12-09T19:35:35.538034+01:00 openefa email_filter: Sender domain: gmail.com, Trusted: False
2025-12-09T19:35:35.709842+01:00 openefa email_filter: DNS module completed - score: +0.0
2025-12-09T19:35:35.710375+01:00 openefa email_filter: RBL check skipped - no sender IP found
2025-12-09T19:35:35.722757+01:00 openefa email_filter: Enhanced thread analysis: trust_level=none, verified=False, internal=False
2025-12-09T19:35:35.771940+01:00 openefa email_filter: Sentiment module completed - polarity: 0.0, subjectivity: 0.0
2025-12-09T19:35:36.163552+01:00 openefa email_filter: Language module completed - detected: da (0.93), penalty: 20.0
2025-12-09T19:35:36.163701+01:00 openefa email_filter: Obfuscation module completed - score: 1.5
2025-12-09T19:35:36.164199+01:00 openefa email_filter: Marketing module completed - score: +0.0 (capped from 0.0)
2025-12-09T19:35:36.164353+01:00 openefa email_filter: BEC module completed - confidence: 0.00, score: +0.5
2025-12-09T19:35:36.177585+01:00 openefa email_filter: HTML attachment module completed - score: +0.0, attachments: 0
2025-12-09T19:35:36.182194+01:00 openefa email_filter: HTML body analysis completed - clean
2025-12-09T19:35:36.182279+01:00 openefa email_filter: Header Forgery Detector module error: detect_header_forgery() takes from 1 to 2 positional arguments but 3 were given
2025-12-09T19:35:36.185044+01:00 openefa email_filter: Received Chain Analysis completed - 2 hops, clean
2025-12-09T19:35:37.976404+01:00 openefa email_filter: NER Entities found: 2
2025-12-09T19:35:37.976696+01:00 openefa email_filter: NER module completed - entities: 2, topics: 0
2025-12-09T19:35:37.976738+01:00 openefa email_filter: Using domain for compliance check: None
2025-12-09T19:35:37.978322+01:00 openefa email_filter: Antivirus scan clean - no threats detected
2025-12-09T19:35:37.979393+01:00 openefa email_filter: Display name check passed - no spoofing detected
2025-12-09T19:35:37.980013+01:00 openefa email_filter: OnMicrosoft check passed - no brand impersonation detected
2025-12-09T19:35:37.980050+01:00 openefa email_filter: Modules run: dns, sentiment, language, obfuscation, marketing, bec, html_attachment, html_body_analyzer, received_chain_analyzer, funding_spam, ner, antivirus, display_name_spoofing, onmicrosoft_impersonation
2025-12-09T19:35:37.980073+01:00 openefa email_filter: Combined spam score: 22.00
2025-12-09T19:35:37.980851+01:00 openefa email_filter: CACHED: Jørgen Giversen <mymail@gmail.com> - test (TTL: 2h)
2025-12-09T19:35:37.981037+01:00 openefa email_filter: DEBUG: bypass_aggressive_checks=False
2025-12-09T19:35:37.981065+01:00 openefa email_filter: DEBUG: Entering fake_reply detection block
2025-12-09T19:35:37.988194+01:00 openefa email_filter: DEBUG: fake_reply_boost=0.0
2025-12-09T19:35:38.003383+01:00 openefa email_filter: Database query error for domain whitelist: 1054 (42S22): Unknown column 'br.is_global' in 'SELECT'
2025-12-09T19:35:38.007467+01:00 openefa email_filter: Making disposition decision - spam_score: 22.00
2025-12-09T19:35:38.007773+01:00 openefa email_filter: Error checking quarantine settings: 1054 (42S22): Unknown column 'quarantine_enabled' in 'SELECT'
2025-12-09T19:35:38.007846+01:00 openefa email_filter: Thread trust low: adjusted threshold to 7.0
2025-12-09T19:35:38.011042+01:00 openefa email_filter: QUARANTINE: Spam score 22.00 exceeds threshold 7.0
2025-12-09T19:35:38.011105+01:00 openefa email_filter: Decision: quarantined (high_spam_score)
2025-12-09T19:35:38.014662+01:00 openefa email_filter: Failed to store email with disposition: 1054 (42S22): Unknown column 'sender_domain' in 'INSERT INTO'
2025-12-09T19:35:38.014744+01:00 openefa email_filter: Storage failed - deferring email for retry
2025-12-09T19:35:38.014779+01:00 openefa email_filter: Performance: 2.53s total
2025-12-09T19:35:38.014806+01:00 openefa email_filter: Modules run: dns, sentiment, language, obfuscation, marketing, bec, html_attachment, html_body_analyzer, received_chain_analyzer, funding_spam, ner, antivirus, display_name_spoofing, onmicrosoft_impersonation
2025-12-09T19:35:38.014833+01:00 openefa email_filter: Headers added: 30
2025-12-09T19:35:38.014871+01:00 openefa email_filter: Memory: 164.0MB → 880.1MB
2025-12-09T19:35:38.985954+01:00 openefa postfix/pipe[3741]: 88DD6E1AC5: to=<mymail@giversen.online>, relay=spacyfilter, delay=2493, delays=2488/0.01/0/5.2, dsn=4.3.0, status=deferred (temporary failure. Command output: DNS Analysis: reputation=2, trusted=True, spoofing=False, spam_score=0.00 DEBUG: Heavy spam penalty (15.0) for non-allowed language: da DEBUG: Additional penalty (+5.0) for high-risk language/domain combination DEBUG: Language detection: da (0.93) via langdetect DEBUG: Language risk indicators: Non-English/Spanish language: da DEBUG: Sender gmail.com is legitimate google PDF analysis libraries not available: No module named 'cv2' Error calculating legitimacy: invalid literal for int() with base 10: '745d16838a837d73' Database connection closed )

[MrBero]

Started today with fresh Ubuntu 24.04. minimal server VM install with test domain.

I could reach after the installer script and reboot the WebGUI at <ip>:443
But not <ip>:5500

I am not familar with ubuntu, so maybe a firewall issue? ufw/iptables not installed?

BR Andreas

same here

In my case, the script installed everything, but after the installation finished I’m unable to access https://mx.mydomain.com
. It doesn’t open at all. Only http://mx.mydomain.com
loads, and it shows the default Ubuntu Apache page.
Also, <ip>:5500 does not open at all.
p.s. I’m not sure if it’s related, but during the installation I skipped the SSL certificate setup.

[Carl Brunning]

all been report
so hope for the fixes soon

[jgiversen]

Hi, I found another possible bug. When hitting the "Rule Mangement" I get this error: "Error loading rules management: 1054 (42S22): Unknown column 'is_global' in 'SELECT'" when I try one of the domains.

[philippe07]

Hello

i've installed the latest release and seems nice. However, i have an issue when i click on "User Message" :

Error loading quarantine: 1054 (42S22): Unknown column 'ea.sender_domain' in 'SELECT'

also is there a translation possibility through file or database records or else ?

Regards

Philippe

[mattch]

Hi Everyone!! I ran

Code: Select all

curl -sSL https://install.openefa.com/update.sh | sudo bash

met with log. Haven't had much time to dig. Ill see what else I can find out later this evening. Wasn't thinking and didn't make a snapshot 'doh. If nothing else Ill do fresh install.

Code: Select all

matt@openefa:~$ tail -F /var/log/syslog
2025-12-11T16:08:56.090099-05:00 openefa systemd[1]: spacyweb.service: Main process exited, code=exited, status=1/FAILURE
2025-12-11T16:08:56.090312-05:00 openefa systemd[1]: spacyweb.service: Failed with result 'exit-code'.
2025-12-11T16:09:06.299901-05:00 openefa systemd[1]: spacyweb.service: Scheduled restart job, restart counter is at 17.
2025-12-11T16:09:06.308929-05:00 openefa systemd[1]: Started spacyweb.service - SpacyWeb Dashboard.
2025-12-11T16:09:06.790890-05:00 openefa spacyweb[1691]: Traceback (most recent call last):
2025-12-11T16:09:06.790992-05:00 openefa spacyweb[1691]:   File "/opt/spacyserver/web/app.py", line 9, in <module>
2025-12-11T16:09:06.791047-05:00 openefa spacyweb[1691]:     from flask_compress import Compress
2025-12-11T16:09:06.791080-05:00 openefa spacyweb[1691]: ModuleNotFoundError: No module named 'flask_compress'

[Woger]

ModuleNotFoundError: No module named 'flask_compress'

You can probably add it by using: pip install flask

[adrastosefa]

We've just pushed v1.6.2 with important bug fixes and improvements:

Database Schema Fixes
- Fixed missing columns in email_analysis table (sender_domain, attachment_count, and others)
- Fixed missing columns in trusted_entities table (trust_level, scope, recipient_domain)
- Added quarantine_enabled to client/hosted domains tables

Module Fixes
- Fixed "KeyError: should_quarantine" error in behavioral analysis
- Fixed "detect_header_forgery() takes 2 positional arguments but 3 were given" error

Installer Improvements
- SSL option 4 (skip) now properly creates HTTP reverse proxy config
- Let's Encrypt setup now prompts for email and falls back to self-signed if it fails
- fail2ban is now optional (was blocking some VPN/Tailscale connections)
- IPv6 enabled by default in Postfix

Postfix Fixes
- Fixed transport file ownership (was causing "not owned by root" warnings)
- Uninstall backups now go to /var/backups/openefa/ to prevent nested backup directories

Update Instructions
cd /opt/openefa-installer && git pull && ./update.sh

Or fresh install:
curl -sSL http://install.openefa.com/install.sh | sudo bash

[adrastosefa]

Please update to OpenEFA v1.6.2.