OpenEFA October 2025 Updates: Three Major Features

Published: October 13, 2025 | Category: Product Updates | Author: OpenEFA Team

🎉 What's New

We're excited to announce three significant updates to OpenEFA that make deployment easier, email relay more reliable, and updates safer. These features were developed in response to community feedback and real-world deployment needs.

1. Multi-Domain Installation Support

What Changed?

Previously, you could only configure one domain during installation. Additional domains required manual configuration in three separate locations:

• Postfix configuration (relay_domains, transport maps, virtual domains)
• Database (client_domains table)
• SpacyWeb (HOSTED_DOMAINS array)

Now, the installer prompts you to add as many domains as needed, and configures all three locations automatically!

How It Works

During installation, after entering your primary domain, you'll see:

Enter the primary domain to protect: openefa.org
Primary domain: openefa.org
Is this correct? (y/n): y

You can add additional domains to protect now, or add them later via SpacyWeb.

Add another domain? (y/n): y
Enter domain name: example.com
✓ Added example.com

Add another domain? (y/n): y
Enter domain name: client-domain.com
✓ Added client-domain.com

Add another domain? (y/n): n

Domains to configure (3 total):
  • openefa.org
  • example.com
  • client-domain.com

Benefits

No Limit!

The installer uses a loop that continues until you answer "no" to "Add another domain?" - so you can literally add hundreds of domains if needed. The only practical limit is the time it takes to type them in!

2. ARC (Authenticated Received Chain) Support

The Problem

When emails are forwarded through multiple mail servers (like OpenEFA → MailGuard → Final Server), traditional SPF/DKIM/DMARC validation fails because the sender IP changes at each hop. This causes legitimate forwarded emails to be incorrectly flagged or rejected.

The Solution: ARC

ARC (Authenticated Received Chain) is a newer email authentication protocol that preserves the original authentication results through forwarding hops. Major email providers like Microsoft, Google, and Yahoo already use ARC extensively.

What OpenEFA Does Now

When processing emails from supported domains, OpenEFA:

1. Detects ARC-Authentication-Results headers
2. If ARC shows the original authentication passed, trusts it
3. Skips redundant SPF/DKIM/DMARC validation (which would fail)
4. Sets validation_method='arc_trusted' with high auth score (10.0)

Supported Domains

• Microsoft: outlook.com, hotmail.com, live.com, office365.com
• Google: gmail.com, google.com, googlemail.com, googlegroups.com
• Yahoo: yahoo.com, yahoo.co.uk, yahoo.ca, ymail.com, rocketmail.com

Real-World Impact

This was developed in response to a customer request: "Relaying is quite bad with gmail and outlook as recipients. I have it working now, but with ARC enabled."

With ARC support, OpenEFA can now properly relay emails from these major providers through downstream servers (like MailGuard/EFA) without authentication failures.

3. Smart Update Mechanism

Why This Matters

OpenEFA is under active development with frequent improvements:

• Bug fixes and security patches
• New security modules
• Performance improvements
• Feature enhancements

Before today, updating meant manually editing files or reinstalling - neither is acceptable for a production system.

One-Line Update

curl -sSL http://install.openefa.com/install.sh | sudo bash

That's it! The update script automatically:

1. ✅ Creates timestamped backup (files + database)
2. ✅ Downloads latest version from GitHub
3. ✅ Updates code files (email_filter, modules, services, web, APIs)
4. ✅ Preserves all your configurations
5. ✅ Restarts services
6. ✅ Validates everything works
7. ✅ Offers rollback if anything fails

Safety Features

Update Modes

# Standard update
sudo ./update.sh

# Preview changes without applying (dry run)
sudo ./update.sh --dry-run

# Update specific component only
sudo ./update.sh --component email_filter
sudo ./update.sh --component modules
sudo ./update.sh --component web

# Create backup without updating
sudo ./update.sh --backup-only

# Restore from backup
sudo ./update.sh --rollback

What Gets Updated

• email_filter.py - Main email processing engine
• modules/* - All security modules
• services/* - Background services (db_processor, APIs)
• web/* - SpacyWeb dashboard
• scripts/* and tools/* - Utility scripts

What Gets Preserved

• config/*.json - All user configurations
• config/.my.cnf - Database credentials
• config/.app_config.ini - Flask secret key
• logs/* - Log files
• Database content - All your data

VERSION Tracking

After first update, OpenEFA creates /opt/spacyserver/VERSION:

VERSION=1.0.0
INSTALLED=2025-10-13
UPDATED=2025-10-13
COMMIT=872b1b0

This helps you track what version you're running and when it was last updated.

Testing & Validation

All three features have been thoroughly tested on Ubuntu 24.04 LTS:

• Multi-Domain: Successfully tested with 2 domains (openefa.org + seguelogic.com)
• ARC Support: Production-tested with Gmail, Outlook, and Yahoo emails
• Update Script: Validated with dry-run and full update on test server

All services validated after updates:

• ✅ spacy-db-processor
• ✅ spacy-release-api (port 5001)
• ✅ spacy-whitelist-api (port 5002)
• ✅ spacy-block-api (port 5003)
• ✅ spacyweb (port 5500)

Getting Started

New Installation

The installer now includes all three features:

curl -sSL http://install.openefa.com/install.sh | sudo bash

You'll be prompted to configure multiple domains during setup!

Existing Installation

Update your existing OpenEFA installation to get ARC support and the update mechanism:

curl -sSL http://install.openefa.com/install.sh | sudo bash

This will:

• Backup your current installation
• Update to latest code (including ARC support)
• Install the update.sh script for future updates
• Preserve all your configurations

Documentation

Complete documentation available:

• README: Installation & Update Guide
• GitHub: openefa-installer repository
• Forum: Community Support

What's Next?

With these foundational features in place, we're focused on:

• ClamAV Integration: Antivirus scanning (critical for EFA parity)
• Enhanced Quarantine: Better quarantine management UI
• End-User Portal: Self-service for email users
• Let's Encrypt: Automatic SSL certificate management
• Multi-Server Clustering: High availability deployments

Community Impact

These updates are critical as OpenEFA moves from private development to public release:

• Multi-Domain: Makes OpenEFA practical for MSPs and enterprise deployments
• ARC Support: Ensures reliable email relay with major providers
• Update Mechanism: Enables rapid iteration without user disruption

The update mechanism is especially important - it gives users confidence to stay current as the project evolves rapidly during these early public months.

Get Involved

Try It Today

Ready to deploy AI-powered email security with multi-domain support?

Tags: Release Notes, Multi-Domain, ARC, Updates, Email Security, MSP

Questions? Comments? Join the discussion on our community forum or GitHub.