OpenEFA

Posted: **Mon Dec 08, 2025 7:48 am**

We're excited to announce the release of OpenEFA version 1.6.0, a major update to the email security system.

Key Highlights

- EFA Collective - Shared spam intelligence across OpenEFA installations
- VIP Alerts - SMS notifications via ClickSend for high-priority threats
- Security Hardening - fail2ban now installed by default (SSH/Postfix protection)
- New Detection Modules - Enhanced threat detection including attachment inspection, domain entropy analysis, header forgery detection, and
more
- Improved Web Interface - New dashboards, user preferences, and quarantine digest notifications

Installation

Fresh install on Ubuntu 22.04/24.04:
curl -sSL http://install.openefa.com/install.sh | sudo bash

Existing installations can update via the OpenSpacyMenu.

Full changelog and documentation available on GitHub.

Questions or issues? Post here or open an issue on GitHub.

---
The OpenEFA Team

P.S. I am looking forward to your testing and reporting. I have completed a fairly thorough round of testing and looking forward to your testing. sb

Posted: **Tue Dec 09, 2025 7:28 am**

Thanks for the report. I will get right on these. Some are items that I don't really use in my operational environment any longer, but will get to work on them. In the past, I used openspacy menu a lot, but sort of forgot about it. I will look at it again and update it. I am sure the whitelist portion in the openspacy menu isn't valid. The whitelist process and many of the other options have been moved over to the database instead of the json files.

Thanks for the detailed report. I will get these fixed quickly. sb

Posted: **Tue Dec 09, 2025 8:11 am**

Hi,
Great news!

Could you please let me know when EFA will be available for other Linux distributions?
I’d like to understand whether installation will be possible on systems other than Ubuntu, or if Ubuntu will remain the only supported option.

Thank you.

Posted: **Tue Dec 09, 2025 8:55 am**

Great, I look forward to the update. Regarding OS I prefer either Debian or a RHEL clone over Ubuntu
/Jørgen

Posted: **Tue Dec 09, 2025 9:22 am**

jgiversen wrote: Tue Dec 09, 2025 8:55 am Great, I look forward to the update. Regarding OS I prefer either Debian or a RHEL clone over Ubuntu
/Jørgen

I hear ya! We actually started on the centos9 installer version, but backed away to clean up the ubuntu version first. I run centos9, 3 debian boxes, and a bunch of ubuntu. So, I wont mind getting things up on redhat version. Probably wont see a debian, but I guess it is possible. Maybe there is someone in the OpenEFA community that will jump in with us.

Posted: **Tue Dec 09, 2025 9:24 am**

jgiversen wrote: Tue Dec 09, 2025 6:47 am Hi, first thank you very much for providing this release, and continuing the development of efa. I have been using efa for about 4 years now and before that a combination of MS and MailWatch.

I have installed OpenEFA v1.6.0 on proxmox vm. Using a clean install of ubuntu 24.04.3 LTS minimized, as the OS, with 8CPU, 40Gb disk and 8Gb RAM. I have made the following observations.

IPv6 is disabled by default in the postfix configuration, why is that? I have been running a dual stack on efa for years now.
It seems that most log files are not created from the start or you might have missed that logging is now handled by systemd (journalctl).
For fail2ban the following files are missing. /var/log/auth.log, /var/log/mail.log and /var/log/spacyweb/access.log, but /var/log/spacyweb/auth.log is present, even though [spacyweb] is disabled, the other jails will not work as is.

Checking the configuration before trial run with /opt/spacyserver/tools/OpenSpacyMenu
I get some errors when using the “Validate & Fix JSON Configuration” utility /opt/spacyserver/tools/OpenSpacyMenu: line 134: jq: command not found
Errors in bec_config.json:
Errors in module_config.json:
Errors in email_filter_config.json:
Errors in authentication_config.json:
When running the “Check File Permissions” 4 files have wrong owners and permission from the start, but the tool seems to be able to fix it.
However, one file is missing “File not found: /opt/spacyserver/config/threshold_config.json”
Running the DNS check I get the following information, ”Testing SPF with Python:
DNS library not available for detailed check”
Not sure if that is deliberate or it is just not installed by design.

I have currently not tested other things in the “OpenSpacyMenu” tool
I have a ssl certificate (not letsencrypt) that I would like to use both in the GUI and the postfix configuration, well the postfix configuration is not a problem, but have not been able to find a way to use https with the GUI.

Now to some testing of mail flow with IPv6. OpenEFA will not process the incoming mails I get the following issues from the log files (/opt/spacyserver/logs/notifications.log).
2025-12-09 06:35:20,904 - NotificationService - WARNING - ClickSend client library not installed. Run: pip install clicksend-client
2025-12-09 06:35:21,672 - email_dns - INFO - Redis DNS cache initialized successfully
2025-12-09 06:35:21,672 - email_dns - INFO - Loaded 10 domains from DNS whitelist config
2025-12-09 06:35:21,675 - email_dns - INFO - Found 0 unique high-volume domains for DNS pre-warming
2025-12-09 06:35:21,675 - email_dns - WARNING - No domains to pre-warm
2025-12-09 06:35:22,519 - email_dns - WARNING - MX lookup failed for mail-vk1-xa33.google.com: The DNS response does not contain an answer to the question: mail-vk1-xa33.google.com. IN MX
2025-12-09 06:35:22,567 - email_dns - WARNING - SPF lookup failed for mail-vk1-xa33.google.com: The DNS response does not contain an answer to the question: mail-vk1-xa33.google.com. IN TXT
2025-12-09 06:35:22,653 - email_dns - WARNING - DMARC lookup failed for mail-vk1-xa33.google.com: The DNS query name does not exist: _dmarc.mail-vk1-xa33.google.com.
2025-12-09 06:35:22,654 - email_dns - INFO - Google multi-domain architecture: gmail.com / mail-vk1-xa33.google.com
2025-12-09 06:35:22,654 - email_dns - INFO - Legitimate multi-domain architecture - no spoofing
2025-12-09 06:35:22,670 - behavioral_baseline - ERROR - Failed to initialize database: name 'os' is not defined
2025-12-09 06:35:22,708 - email_sentiment - INFO - Sentiment analysis: neutral (polarity: 0.000)
2025-12-09 06:35:23,128 - toad_detector - INFO - TOAD analysis complete: risk_score=0.0, detected=False
2025-12-09 06:35:23,134 - received_chain_analyzer - WARNING - Trust policy file not found: /opt/spacyserver/config/trust_policy.json, using defaults
2025-12-09 06:35:23,134 - received_chain_analyzer - WARNING - Could not load GeoIP database: [Errno 2] No such file or directory: b'/opt/spacyserver/data/GeoLite2-City.mmdb'
2025-12-09 06:35:24,937 - antivirus_scanner - INFO - Successfully connected to ClamAV daemon
2025-12-09 06:35:24,962 - modules.spam_learner - ERROR - Error getting learned weights: 1146 (42S02): Table 'spacy_email_db.spam_pattern_weights' doesn't exist

I have stoped testing until the above issues have been fixed.
/Jørgen

Updated and OpenEFA v1.6.1 Hotfix - Release Notes

Based on community testing feedback on Ubuntu 24.04.3 LTS minimal

Bug Fixes

1. Missing packages on Ubuntu 24.04 minimal
- Added rsyslog - Ubuntu minimal uses journalctl only, rsyslog needed for traditional log files (/var/log/mail.log, /var/log/auth.log)
- Added jq - JSON processor required by scripts
2. Python venv not being used
- Fixed OpenSpacyMenu to use venv python (/opt/spacyserver/venv/bin/python3) instead of system python3
- This caused "DNS library not available" and other module import errors
3. Missing import in behavioral_baseline.py
- Added missing import os statement
4. Missing database table
- Added spam_pattern_weights table to schema
5. Missing GeoIP database
- Added GeoLite2-City.mmdb download (was only downloading Country database)
6. Missing Python package
- Added clicksend-client to pip packages for VIP SMS alerts
7. Stale install state detection
- Installer now validates that critical files/directories exist before skipping steps
- Prevents failed installs when running installer multiple times with partial cleanup
8. Banner display
- Fixed version display to show actual version (was hardcoded to 1.0.0)
- Changed "GPL Licensed" to "GPL v3 Licensed"

New Features

1. Apache reverse proxy with SSL
- Installer now sets up Apache as reverse proxy for SpacyWeb
- SSL options: Let's Encrypt, self-signed certificate, custom certificate, or skip
2. DNS server selection
- New prompt during install to select DNS server
- Options: System default, Google (8.8.8.8), Cloudflare (1.1.1.1), or custom
3. VIP Alerts setup warning
- VIP Alerts page now shows clear setup instructions when ClickSend is not configured
- Step-by-step guide for configuring API credentials

Deprecation Notices

- OpenSpacyMenu items 1-2 (BEC Sender/Domain Whitelist via bec_config.json) now show deprecation warnings
- Users directed to use SpacyWeb for whitelist management
- Full removal planned for v1.7.0released version 1.6.1. Here are some of the changes:

Posted: **Tue Dec 09, 2025 10:01 am**

Wow that was quick. I will try apply the hot fix later today or tommorow.
Thanks for the effort.
/Jørgen

Posted: **Tue Dec 09, 2025 3:25 pm**

Started today with fresh Ubuntu 24.04. minimal server VM install with test domain.

I could reach after the installer script and reboot the WebGUI at <ip>:443
But not <ip>:5500

I am not familar with ubuntu, so maybe a firewall issue? ufw/iptables not installed?

BR Andreas

Posted: **Tue Dec 09, 2025 5:34 pm**

no the port 5500 should work
i've check and it not so have reported it
it may just be logic as you done the self sign or ssl it may have turn it off

anyway we wait to see if it a bug or normal

OpenEFA

OpenEFA 1.6.0

OpenEFA 1.6.0

Re: OpenEFA v1.6.0 Released

Re: OpenEFA v1.6.0 Released

Re: OpenEFA v1.6.0 Released

Re: OpenEFA v1.6.0 Released

Re: OpenEFA v1.6.0 Released

Re: OpenEFA v1.6.0 Released

Re: OpenEFA v1.6.0 Released

Re: OpenEFA v1.6.0 Released