EFA: nice and free spam filter virtual appliance

0 Flares Twitter 0 Facebook 0 LinkedIn 0 Email -- 0 Flares ×

Some years ago, many customers were used to keep their email services inside their local infrastructures. Not only the big enterprises with thousands of mailboxes, but also the small ones. That were the days when Microsoft Exchange was at the 2003 version, or at most 2007. Both were known for the complete lack of any mail protection systems, if not for some simple SPF filtering (in an era where SPF was never configured on DNS servers…). Along with Exchange Server, every customer had to deploy an antispam solution to keep their emails clean and safe.

For many small customers, the price of commercial antispam solutions was too much, and there was no “cloud” antispam solution available. I discovered many years ago ESVA, and I was very pleased with it. I used it for many years because of three main advantages: it “was” free, it was available as an OVF appliance ready to be deployed on your VI3/vSphere environment, and it had a nice and easy web interface to administer everything, and that was useful both for me to have it deployed quickly, and most of all for the customer afterwards. Surely it was mainly a nice assembly of open source softwares I could have configured myself from scratch (postifix + clamav + spamassassin + mailwatch), but this pre-configured appliance always saved me hours.

At some point, the ESVA team decided to remove the free version and started to sell it. For some time, the old and free ESVA 2.x was “good enough” to keep up with new spam techniques, but lately it started to “show its age”.

Here comes EFA

Needless to say, many ESVA users were really disappointed by the end of the free version of ESVA, also because it was mainly made with open source components, so they were basically asking for money for packaging them. Some users with “above the average” skills decided if was time for a revamp of the free project, and created EFA (Email Filtering Appliance), by updating and integrating all the components once available in ESVA. I discovered EFA only recently, so I decided to test it at a customer, to see if it was a good replacement for ESVA.

You can get the OVF appliance in the download page, and is available for both VMware and Hyper-V. You can even use the build script on a CentOS machine if you need to run EFA on a physical server on in another hypervisor.

Once you downloaded the appliance, the deployment is easy as any other OVF appliance: you are basically only asked if you want to use a thin or thick disk, and in the latter case, it’s going to use only 30 Gb:

Efa 01

The appliance is based on CentOS, and once is deployed it uses a small amount of resources. Also, it’s configured with virtual hardware 7: the activity it has to do does not require the latest and greates virtual hardware, but with v7 it can be deployed on any VMware cluster from 4.0 up:

Efa Virtual Hardware

Once th VM is deployed, you can use the console to run the initial configuration. It’s going to ask you the usual parameters, like IP addresses, hostname, informations to create the self-signed certificate, and others. All the software installed in EFA is covered by the GPL license. For those additional components that are not redistributable, like the opensource VM tools, the wizard downloads them for you and automatically configures them:

Efa installs Open VM Tools

The most important part of the wizard is the Mail Server configuration: here, you simply configure the IP server of your internal mail server where EFA have to forward clean emails:

Efa local mail server

Once you add the DNS domains EFA has to accept mail, the wizard completes and the antispam system is ready.

Easy Management

There are two main interfaces for management: and IT admin can reach the shell by logging in with the “admin” users, and he’s offered a short menu to configure several settings:

Efa Administration Menu

You can choose your preferred settings about Greylisting, Auto Update (this is a really nice feature, so your antispam is always using all the latest version of any software it’s made of), and the Mail and Spam settings.

Depending on your daily traffic, the system is going to ingest some amount of inbound emails, and you will start to see it working in the Mailwatch interface. Here is where you can see the last messages, check the spam queue, and release a mail if it has been stopped by mistake.

Efa 09

Final Notes

I’ve always liked ESVA, and EFA is a great successor: it uses the same powerful softwares, but at their latest versions. The best part of EFA is you do not really need to tune anything, its default settings are good for the vast majority of every environment, and you will find out, after few days, that you will leave it working without checking the spam queue every hour.

Let’s only hope the EFA team will not end up closing this project like ESVA did. For this reason, if you think this project is valuable, as in any open source project, think about making a donation; after all, you would have paid much much more for a commercial product.

5 thoughts on “EFA: nice and free spam filter virtual appliance

  1. very fine! But these are the days even medium sized (for italian standards) companies are moving to cloud solutions for their mailboxes… and mine (about 2.000 mailboxes on exchange 2010 at the moment) is migrating everything on ‘google for business’ while i’m writing.

    One of the reasons is the high costs of commercial antispam solutions: maybe something like EFA could have changed the balance? Who knows 🙂

  2. Good to know!
    … it’s look like a good solution for our small custumers too (100-1000 mail boxes)!
    Thank you Luca, I will try it soon.

  3. Finally “up and running”, very very nice Pr0j3ct, fast and easy to deploy and mantainance!

  4. The product has become tiresome in latest updates.. there is a problem with the HTML parse engine that flags part the messages as “MailScanner was attacked by a Denial Of Service attack, and has therefore deleted this part of the message. Please contact your e-mail providers for more information if you need it, giving them the whole of this report.” and then strips the message contents.. with a Link to the message contents in the message.. but the message store does not have that message either.. I would not consider this a stable release EFA- While searching for solutions the only thing everyone wants to push is more CPU or Memory however when the system is not even using 1/3 of either resource this would not be the case.. I had even set the CPU and Memory to double but made no difference either. Seems to be a problem around the Perl HTMLParser crashing. Good luck to you.

Comments are closed.