{"id":17139,"date":"2026-02-28T11:15:51","date_gmt":"2026-02-28T05:45:51","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=17139"},"modified":"2026-02-28T11:15:54","modified_gmt":"2026-02-28T05:45:54","slug":"install-and-configure-email-filter-appliance","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/install-and-configure-email-filter-appliance","title":{"rendered":"Install and Configure Email Filter Appliance (E.F.A) in 2026"},"content":{"rendered":"\n<p><strong>To install and configure Email Filter Appliance (E.F.A)<\/strong>, deploy the E.F.A image\/ISO on a Linux compatible VM, assign a static public IP and rDNS, run the setup wizard, add your accepted domains, set your internal mail server as the relay\/destination, update policies (SpamAssassin\/ClamAV), and publish correct DNS (MX, SPF, DKIM, DMARC) for production mail flow.<\/p>\n\n\n\n<p>This step by step guide shows how to install and configure Email Filter Appliance (E.F.A) in 2026, from planning and deployment to DNS, routing, security, and policy tuning. Whether you\u2019re replacing an aging gateway or hardening a new mail stack, this tutorial makes E.F.A a proven open source spam and virus filter, production ready.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\" \/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-e-f-a-and-how-it-works\">What is E.F.A and How it Works?<\/h2>\n\n\n\n<p><strong>Email Filter Appliance (E.F.A) is<\/strong> an open source email security gateway built around Postfix (MTA) with filtering engines such as MailScanner, SpamAssassin, and ClamAV, plus a web UI (MailWatch) for quarantine and reports.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1280\" height=\"720\" src=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2026\/02\/What-is-E.F.A-and-How-it-Works.jpg\" alt=\"Install and Configure Email Filter Appliance\" class=\"wp-image-18719\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2026\/02\/What-is-E.F.A-and-How-it-Works.jpg 1280w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2026\/02\/What-is-E.F.A-and-How-it-Works-150x84.jpg 150w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><\/figure>\n\n\n\n<p>It sits between the internet and your mail server (Microsoft Exchange, M365 hybrid, Zimbra, Postfix\/Dovecot), scanning inbound and outbound messages for spam, phishing, and malware.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Inbound:<\/strong> Internet \u2192 E.F.A (filter) \u2192 Your mail server<\/li>\n\n\n\n<li><strong>Outbound:<\/strong> Your mail server \u2192 E.F.A (policy) \u2192 Internet\/Smart host<\/li>\n\n\n\n<li><strong>Key features:<\/strong> RBLs\/URIBLs, SPF\/DKIM\/DMARC checks, antivirus, quarantine, greylisting, rate limiting<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\" \/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"prerequisites-and-planning-2026-ready\">Prerequisites and Planning (2026 Ready)<\/h2>\n\n\n\n<p>Before you deploy E.F.A, plan for network, DNS, OS lifecycle, and mail routing. This avoids loops, deliverability issues, and weak security posture.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"hardware-vm-requirements\">Hardware\/VM Requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>2\u20134 vCPU, 4\u20138 GB RAM for 500\u20132,000 users (scale up with load)<\/li>\n\n\n\n<li>60\u2013120 GB SSD storage (log retention\/quarantine volume dependent)<\/li>\n\n\n\n<li>1x NIC, static IPv4; IPv6 if your mail environment supports it<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"network-and-dns\">Network &amp; DNS<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Static public IP with reverse DNS (PTR) mapping to a valid hostname (e.g., mailgw.example.com)<\/li>\n\n\n\n<li><strong>Firewall:<\/strong> allow TCP 25 (SMTP), 465\/587 (if providing secured submission), 80\/443 (ACME\/Let\u2019s Encrypt and UI)<\/li>\n\n\n\n<li>Time sync (NTP) and accurate time zone for DKIM\/DMARC validity<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"operating-system-and-image\">Operating System &amp; Image<\/h3>\n\n\n\n<p>Download the latest stable E.F.A build\/ISO from the official project site or mirror. Verify checksums and read the current release notes. If the build targets an older Enterprise Linux base, place the VM behind a firewall, apply all security updates, and plan for future migration when the project releases a newer base.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"mail-flow-design\">Mail Flow Design<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Inbound: <\/strong>Internet \u2192 E.F.A \u2192 Internal mail server(s)<\/li>\n\n\n\n<li><strong>Outbound: <\/strong>Internal mail server(s) \u2192 E.F.A \u2192 Internet or ISP smart host<\/li>\n\n\n\n<li><strong>Recipient validation: <\/strong>LDAP\/AD or local list to reject unknown users at SMTP time<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\" \/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"step-by-step-installation\">Step-by-Step Installation<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"1-prepare-the-vm\">1) Prepare the VM<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create a new VM on Proxmox, VMware, Hyper-V, or KVM<\/li>\n\n\n\n<li>Attach the E.F.A ISO\/OVA and a 60\u2013120 GB virtual disk<\/li>\n\n\n\n<li>Assign static IP, gateway, DNS resolvers; reserve the IP in your router\/DHCP<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"2-install-the-os-e-f-a-base\">2) Install the OS\/E.F.A Base<\/h3>\n\n\n\n<p>Boot from the ISO and follow the installer prompts. Use a strong root\/admin password, set the proper timezone, and configure disk partitioning with room for logs and quarantine. After installation, reboot and log in via console or SSH.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Set a fully qualified hostname\nhostnamectl set-hostname mailgw.example.com\n\n# Configure static IP (example; adapt to your distro tooling)\nnmcli con mod eth0 ipv4.addresses 203.0.113.25\/29\nnmcli con mod eth0 ipv4.gateway 203.0.113.29\nnmcli con mod eth0 ipv4.dns \"1.1.1.1 9.9.9.9\"\nnmcli con mod eth0 ipv4.method manual\nnmcli con up eth0\n\n# Update packages\nyum update -y || dnf upgrade -y<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"3-run-the-e-f-a-bootstrap-wizard\">3) Run the E.F.A Bootstrap\/Wizard<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Accept the license and initialize required components (Postfix, MailScanner, SpamAssassin, ClamAV, MailWatch)<\/li>\n\n\n\n<li>Set admin credentials for the web UI<\/li>\n\n\n\n<li>Enter system hostname and primary domain<\/li>\n\n\n\n<li>Enable automatic updates and signatures for antivirus\/antispam<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"4-verify-services\">4) Verify Services<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status postfix\nsystemctl status mailscanner\nsystemctl status clamd\nsystemctl status httpd  # or nginx, depending on build\nspamassassin -V         # confirm SA version<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"initial-web-ui-configuration\">Initial Web UI Configuration<\/h2>\n\n\n\n<p>Access https:\/\/mailgw.example.com\/ (or the IP) and log in with the admin account created earlier. Navigate the dashboard to finish baseline policies.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Add accepted\/local domains (example.com, example.org)<\/li>\n\n\n\n<li>Set destination mail server(s) for inbound routing (e.g., exchange.internal:25)<\/li>\n\n\n\n<li>Enable quarantine and notifications; configure digest schedules<\/li>\n\n\n\n<li>Choose and enable DNSBLs\/URIBLs carefully (avoid over aggressive lists)<\/li>\n\n\n\n<li>Set maximum message size and attachment policies<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\" \/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"publish-dns-mx-spf-dkim-dmarc-and-rdns\">Publish DNS: MX, SPF, DKIM, DMARC, and rDNS<\/h2>\n\n\n\n<p>Correct DNS is non negotiable for deliverability. Point MX to E.F.A, validate sending identity with SPF\/DKIM, and enforce DMARC policy.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"1-mx-record\">1) MX Record<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>; In your public DNS zone\n@     3600  IN  MX   10 mailgw.example.com.\nmailgw 3600  IN  A    203.0.113.25<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"2-spf-record\">2) SPF Record<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>; Authorize E.F.A's IP and any other legitimate senders\n@ 3600 IN TXT \"v=spf1 ip4:203.0.113.25 include:_spf.your-saas-mailer.com -all\"<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"3-dkim-key-and-dns\">3) DKIM Key and DNS<\/h3>\n\n\n\n<p>Generate a DKIM keypair on E.F.A or your downstream mail server (keep private key on the signer). Publish the public key in DNS:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>; Example selector \"m365\" or \"efa\"\nm365._domainkey 3600 IN TXT \"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0B...IDAQAB\"<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"4-dmarc-policy\">4) DMARC Policy<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>_dmarc 3600 IN TXT \"v=DMARC1; p=quarantine; rua=mailto:dmarc-aggregate@example.com; ruf=mailto:dmarc-forensic@example.com; adkim=s; aspf=s; pct=100\"<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"5-reverse-dns-ptr\">5) Reverse DNS (PTR)<\/h3>\n\n\n\n<p>Ask your ISP\/cloud provider to set the PTR of 203.0.113.25 to mailgw.example.com. HELO\/EHLO must match a forward confirmed reverse DNS for best reputation.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\" \/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"configure-inbound-and-outbound-routing\">Configure Inbound and Outbound Routing<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"inbound-internet-e-f-a-mail-server\">Inbound (Internet \u2192 E.F.A \u2192 Mail Server)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Set your internal mail server as the destination\/relay in E.F.A (host:port)<\/li>\n\n\n\n<li>Enable recipient verification (VRFY\/RCPT) via LDAP\/AD to reject invalid users at SMTP time<\/li>\n\n\n\n<li>Test by sending a message from an external mailbox and verify logs\/quarantine<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"outbound-mail-server-e-f-a-internet\">Outbound (Mail Server \u2192 E.F.A \u2192 Internet)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Point your internal mail server\u2019s smart host to E.F.A (mailgw.example.com:25 or 587)<\/li>\n\n\n\n<li>In E.F.A, set permitted sender IPs or SMTP AUTH for outbound<\/li>\n\n\n\n<li>If your ISP requires a relay, configure E.F.A to route outbound via that smart host with credentials<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Example Postfix outbound on your internal mail server\nrelayhost = &#091;mailgw.example.com]:25\nsmtp_tls_security_level = may<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"enable-directory-ldap-recipient-validation\">Enable Directory\/LDAP Recipient Validation<\/h3>\n\n\n\n<p>Validating recipients against AD\/LDAP blocks invalid addresses early, cutting spam and saving CPU.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Configure LDAP server (ldaps:\/\/dc1.example.com:636)<\/li>\n\n\n\n<li><strong>Bind DN:<\/strong> CN=ldap-reader,OU=Service,DC=example,DC=com<\/li>\n\n\n\n<li><strong>Base DN:<\/strong> DC=example,DC=com<\/li>\n\n\n\n<li><strong>Filter: <\/strong>search for proxyAddresses\/mail attributes<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>(|(mail=%s)(proxyAddresses=smtp:%s)(proxyAddresses=SMTP:%s))<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\" \/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"tune-spam-and-virus-policies\">Tune Spam and Virus Policies<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable ClamAV with frequent signature updates<\/li>\n\n\n\n<li><strong>Turn on sane RBLs\/URIBLs:<\/strong> Spamhaus (Data Query Service), Abuse.ch, etc.<\/li>\n\n\n\n<li><strong>Greylisting:<\/strong> useful for small orgs; evaluate impact for high volume mail<\/li>\n\n\n\n<li><strong>Quarantine thresholds: <\/strong>set low false positive rate; notify users with daily digests<\/li>\n\n\n\n<li>Use custom rules for brand impersonation, executable attachments, and language based patterns<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># \/etc\/mail\/spamassassin\/local.cf (example)\nrequired_score 5.0\nrewrite_header Subject ***** SPAM *****\nreport_contact security@example.com\nuse_bayes 1\nbayes_auto_learn 1\n\n# Raise score for executable attachments\nheader   EXE_ATTACH Content-Type =~ \/application\\\/(x-msdownload|x-exe|x-dosexec)\/i\nscore    EXE_ATTACH 3.5\ndescribe EXE_ATTACH Executable attachment type detected<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\" \/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"tls-certificates-and-secure-smtp\">TLS, Certificates, and Secure SMTP<\/h2>\n\n\n\n<p>Use valid certificates for SMTP and the admin UI to prevent downgrade and MITM risks. Automate renewal with Let\u2019s Encrypt if possible.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Install certbot (example; adjust for your distro)\n<a href=\"https:\/\/www.youstable.com\/blog\/install-yum-on-linux\">yum install<\/a> -y certbot || dnf install -y certbot\ncertbot certonly --standalone -d mailgw.example.com --agree-tos -m admin@example.com --non-interactive\n\n# Postfix TLS settings\npostconf -e \"smtpd_tls_cert_file=\/etc\/letsencrypt\/live\/mailgw.example.com\/fullchain.pem\"\npostconf -e \"smtpd_tls_key_file=\/etc\/letsencrypt\/live\/mailgw.example.com\/privkey.pem\"\npostconf -e \"smtpd_tls_security_level=may\"\npostconf -e \"smtp_tls_security_level=may\"\nsystemctl reload postfix<\/code><\/pre>\n\n\n\n<p>Optionally publish MTA-STS and TLS-RPT to enforce modern SMTP security and get reports.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>_smtp._tls 3600 IN TXT \"v=TLSRPTv1; rua=mailto:tlsrpt@example.com\"<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\" \/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"high-availability-backup-and-updates\">High Availability, Backup, and Updates<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>HA:<\/strong> Deploy two E.F.A nodes behind a TCP <a href=\"https:\/\/www.youstable.com\/blog\/create-load-balancer-on-linux-server\">load balancer<\/a> or DNS based load with equal MX priorities; share policy via config management<\/li>\n\n\n\n<li>Avoid secondary MX with weaker filtering, it invites spam bypass<\/li>\n\n\n\n<li><strong>Back up:<\/strong> MailWatch DB, Postfix\/MailScanner\/SpamAssassin configs, DKIM keys, and custom rules<\/li>\n\n\n\n<li><strong>Patch cadence: <\/strong>OS updates weekly; signature\/rules daily; E.F.A releases per project guidance<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"monitoring-and-logs\">Monitoring and Logs<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>MailWatch dashboard:<\/strong> top senders, rejected counts, quarantine trends<\/li>\n\n\n\n<li><strong>System logs:<\/strong> \/var\/log\/maillog, \/var\/log\/maillog.1, web server logs<\/li>\n\n\n\n<li><strong>Alerting:<\/strong> integrate with Syslog\/SIEM and email alerts for service failures<\/li>\n\n\n\n<li><strong>Rate limits:<\/strong> watch for compromised accounts blasting outbound spam<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>tail -f \/var\/log\/maillog | egrep -i \"reject|blocked|error|clam|spam\"<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"troubleshooting-common-issues\">Troubleshooting Common Issues<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Mail loop: <\/strong>MX points to E.F.A but E.F.A relays back to itself. Fix destination host to your internal mail server IP\/hostname.<\/li>\n\n\n\n<li><strong>Cannot send outbound:<\/strong> Blocked on port 25 by ISP\/cloud. Use 587 to an authenticated smart host or request port 25 unblocking.<\/li>\n\n\n\n<li><strong>DKIM fails:<\/strong> Wrong selector or stale key. Regenerate and republish DNS; verify alignment with From domain.<\/li>\n\n\n\n<li><strong>High false positives:<\/strong> Lower SpamAssassin scores, whitelist trusted senders, tune RBLs, leverage per user training.<\/li>\n\n\n\n<li><strong>Greylisting delays: <\/strong>Disable for VIP domains or enable auto whitelist for reputable senders.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"security-hardening-checklist\">Security Hardening Checklist<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Restrict SSH to management IPs; key based auth only<\/li>\n\n\n\n<li><a href=\"https:\/\/www.youstable.com\/blog\/what-is-fail2ban-on-linux-server\">Fail2ban<\/a> or equivalent on SMTP and web UI<\/li>\n\n\n\n<li>Disable unused services and default accounts<\/li>\n\n\n\n<li>Set HELO\/EHLO to FCrDNS matching hostname<\/li>\n\n\n\n<li>Block known bad countries\/networks if appropriate<\/li>\n\n\n\n<li>Enable DMARC enforcement (p=quarantine or p=reject) after monitoring<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\" \/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"run-e-f-a-on-youstable-optional\">Run E.F.A on YouStable (Optional)<\/h2>\n\n\n\n<p>If you need clean IP reputation, rDNS setup, and guaranteed ports, deploy E.F.A on a <strong><a href=\"https:\/\/www.youstable.com\/\">YouStable VPS or Dedicated Server<\/a><\/strong>. Our managed firewall, 24\u00d77 monitoring, and SLA backed networking help you keep mail deliverability high while you focus on policy, not plumbing.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"end-to-end-validation-checklist\">End to End Validation Checklist<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Inbound:<\/strong> External test email arrives; spam is tagged or quarantined<\/li>\n\n\n\n<li><strong>Outbound: <\/strong>Test message passes SPF, DKIM, and DMARC alignment<\/li>\n\n\n\n<li><strong>DNS: <\/strong>MX\/SPF\/DKIM\/DMARC\/PTR verified via MXToolbox or open source tools<\/li>\n\n\n\n<li><strong>TLS:<\/strong> STARTTLS offered; modern ciphers; TLS-RPT delivered<\/li>\n\n\n\n<li><strong>Recipient validation:<\/strong> Nonexistent user rejected at RCPT TO<\/li>\n\n\n\n<li><strong>Reports: <\/strong>Daily quarantine digests and dashboard statistics visible<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\" \/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs\">FAQs<\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1770869208290\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"is-e-f-a-still-a-good-choice-in-2026\">Is E.F.A still a good choice in 2026?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes, E.F.A remains a practical, open source email security gateway when properly maintained. Ensure you run the latest community supported build, apply OS and signature updates, and harden the VM. If you need commercial support or clustering, compare with alternatives like Proxmox Mail Gateway or cloud email security services.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1770869217629\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"what-ports-must-be-open-for-e-f-a\">What ports must be open for E.F.A?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Open TCP 25 for SMTP, 80\/443 for ACME and the web UI, and optionally 465\/587 if you provide secure submission. Restrict SSH (22) to management IPs only. Outbound 25\/80\/443 are required for sending mail and fetching updates.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1770869224769\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"do-i-point-mx-to-e-f-a-or-my-mail-server\">Do I point MX to E.F.A or my mail server?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Point MX to E.F.A. E.F.A then relays clean mail to your internal server. This ensures all inbound mail is scanned before delivery, improving security and reducing load on your mailbox servers.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1770869232622\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-prevent-false-positives\">How do I prevent false positives?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Start with conservative SpamAssassin scores (e.g., 5.0), enable per user whitelists, and fine tune RBL usage. Monitor quarantines, release and train ham\/spam, and adjust custom rules. Review language and attachment filters to avoid blocking legitimate workflows.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1770869240011\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"should-i-run-a-secondary-mx\">Should I run a secondary MX?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Avoid a weaker secondary MX; spammers often target it. If you need redundancy, deploy two E.F.A nodes behind a load balancer or use equal priority MX records with identical filtering and policies to prevent bypass.<\/p>\n<p>With the steps above, you can install and configure Email Filter Appliance (E.F.A) confidently in 2026. Build on this baseline with continuous monitoring, rule tuning, and secure operations to maintain top tier deliverability and protection against evolving email threats.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>To install and configure Email Filter Appliance (E.F.A), deploy the E.F.A image\/ISO on a Linux compatible VM, assign a static [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":19150,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350],"tags":[],"class_list":["post-17139","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2026\/02\/Install-and-Configure-Email-Filter-Appliance-E.F.A.jpg","author_info":{"display_name":"Sanjeet Chauhan","author_link":"https:\/\/www.youstable.com\/blog\/author\/sanjeet"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/17139","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=17139"}],"version-history":[{"count":10,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/17139\/revisions"}],"predecessor-version":[{"id":19151,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/17139\/revisions\/19151"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/19150"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=17139"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=17139"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=17139"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}