[SOLVED]Install a Relay Mail Host on pfSense (postfix)
-
Despite the fact that is not recommended, anyone can help installing postfix on a pfsense box?
I´ve been googling around, and I have tested the following solutions found
1.- Download tar.gz, uncompressed it and then try "make", and make command not found…
2.- I tried with pkg_add -r ftp://www.freebsd.org/blah-blah, .. and seeems to install, after a couple of simple questions but when I try telnet localhost 25 no asnwer received
I also check top and pid is missing. But if i run "postfix start" it returns a postfix already running
Any help would be much apreciated
Thanks -
Whats is the purpose of this???
You want to use pfsense as a mail server? Your relay is located at your ISP….
-
Easy there, I think he already knows what he is doing is not approved of by all.
There are a few reasons to want an smtp agent on the firewall. Whether they are good reasons is open to debate. I would love to have the ability to email logs or alerts. You also might want to pass smtp traffic from the lan to a relay host, etc. In my opinion, postfix is overkill. There are much simpler (and limited, in a good way) options out there. I can't find my notes, but I would encourage you to look around for something small and secure that does only what you need it to. I remember finding a handful of promising programs from ports or in php. -
I have postfix installed and running on a few pfSense machines - mainly so I can get email alerts from monit. My postfix config file only allows connections from localhost.
I think I had to modify the /usr/local/etc/rc.d/postfix script to get it started properly. Here is what my startup script looks like:
#!/bin/sh # # $FreeBSD: ports/mail/postfix/files/postfix.sh.in,v 1.6 2007/02/21 05:00:56 rafan Exp $ # # PROVIDE: postfix mail # REQUIRE: LOGIN cleanvar # KEYWORD: shutdown # # Add the following lines to /etc/rc.conf to enable postfix: # postfix_enable (bool): Set it to "YES" to enable postfix. # Default is "NO". # postfix_pidfile (path): Set full path to master.pid. # Default is "/var/spool/postfix/pid/master.pid". # postfix_procname (command): Set command that start master. Used to verify if # postfix is running. # Default is "/usr/local/libexec/postfix/master". # postfix_flags (str): Flags passed to postfix-script on startup. # Default is "". # . /etc/rc.subr name="postfix" rcvar=${name}_enable load_rc_config $name : ${postfix_enable="YES"} : ${postfix_pidfile="/var/spool/postfix/pid/master.pid"} : ${postfix_procname="/usr/local/libexec/postfix/master"} : ${postfix_flags=""} start_cmd=${name}_start stop_cmd=${name}_stop extra_commands="reload" pidfile=${postfix_pidfile} procname=${postfix_procname} postfix_start() { /usr/local/sbin/postfix ${postfix_flags} start } postfix_stop() { /usr/local/sbin/postfix ${postfix_flags} stop } run_rc_command "$1"Let me know if you need more help.
-
Forgot to add, here is a thread that describes what is necessary to lock down postfix to only listen to localhost:
http://www.unix.com/ip-networking/87068-configuring-postfix-receive-emails-only-localhost.html
-
You do not need a full blown MTA installed to send out e-mail. That is just dangerous and unnecessary.
Check out the code in 2.0 for sending e-mail notifications, it's a relatively small set of PHP code.
-
Hello All,
And first of all many thanks for your answers.
Just to kill your curiousity, as ever, here is the key: "budget" and as easy as it was for kids… that´s the reason I have been required to install and configure a pfsense box, who has to be firewall, proxy, relay mail, and DNS forwarding for unknown hosts. Everybody has to point to a unique address for all services (default gateway, dns, relay etc...) No dhcp is permitted
I know that this is a special case and scared concerning security, and shouldn't be done in a firewall, but customer is customer
Thanks again, I will post if solution is reached with your help.
-
Why do you need to 'relay' mail for internal clients?
If you have an external e-mail server to which all mail must be sent, you can use NAT redirects (port forwards) to make that happen no matter what server they are trying to reach.
If you local postfix install is directly contacting other mail servers to send mail, then it's really not helping anyone. It may eventually end up on a blacklist – especially if it's a dynamic IP.
-
rkelleyrtp, I checked my postfix file, and is the same as yours. Telneting the 25 port is unsuccessfull
I found nothing at var/spool/postfix/pid/ , no master.pid file found
How did you installed it? Did you use pkg_add -r ftp://ftp.freebsd.org….
Thanks
-
Some questions:
-
What does, "ps aux" give you?
-
How are you trying to start postfix?
-
What does your postfix main.cf file have?
-
How are you trying to connect using telnet? From the local machine or from a machine on your LAN?
-
-
You do not need a full blown MTA installed to send out e-mail. That is just dangerous and unnecessary.
Check out the code in 2.0 for sending e-mail notifications, it's a relatively small set of PHP code.
Hey Jim,
I searched high and low for a stripped-down MTA for pfSense 1.2.3-RELEASE and came up empty handed. A few threads on the forum had some ideas but no one ever came up with a good solution (only suggestions). This is why I installed Postfix. Do you have a good suggestion for 1.2.3?
-
My suggestion is that you don't use an MTA on pfSense at all under any circumstances :-)
If you want e-mail notifications, there are some PHP modules out there which can just send mail only, not receive.
-
My suggestion is that you don't use an MTA on pfSense at all under any circumstances :-)
If you want e-mail notifications, there are some PHP modules out there which can just send mail only, not receive.
Cool, can you point me to such PHP modules I can install in 1.2.3-RELEASE? I would be more than happy to install them as I don't need the potential security risks of a full-blown MTA on my firewall. Essentially, I just need to be able to send email from the monit application installed on my firewall(s) to receive alerts, etc.
-
I don't know if there is a full-blown sendmail work-alike done in PHP, but someone could use the smtp.inc file from pfSense 2.0 and write a small front-end to it that takes the message and sends it where it needs to go:
http://redmine.pfsense.org/repositories/entry/pfsense/etc/inc/smtp.inc
The whole notification system had a lot of work done in 2.0
You see how the SMTP settings are done here:
http://redmine.pfsense.org/repositories/entry/pfsense/usr/local/www/system_advanced_notifications.php
Not sure how much of that would work on 1.2.3 since it only has PHP 4.x and pfSense 2.0 is on PHP 5.x
You may just have to google around for a PHP sendmail drop-in or work-alike and see what turns up.
-
Sorry for my arrogant attitude…........:(
-
- What does, "ps aux" give you?
ps aux does not show anything relaled to postfix…
- How are you trying to start postfix?
I made the following from the beginning
1.- pkg_add -r postfix.tbz from (ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-stable/Latest/postfix.tbz)
2.- edited /usr/local/etc/rc.d/postfix, just to change :${postfix_enable="YES"}
3.- cp /usr/local/etc/rc.d/postfix /usr/local/etc/rc.d/postfix.sh
4.- Added postfix_enable="YES" into /boot/loader.conf
5.- Reboot- What does your postfix main.cf file have?
I´ve got 2, but i didn´t changed anything yet in those files
/usr/local/etc/postfix/main.cf
/usr/local/etc/libexec/postfix/main.cf- How are you trying to connect using telnet? From the local machine or from a machine on your LAN?
From both (obviously using localhost from pfsense, and LAN interface ip from LAN)
Thanks a lot!!!
-
If i try to stop / start postfix, this is the output
#postfix stop postfix/postfix-scrcipt: stopping the Postfix mail system sed: pid/master.pid: No such file or directory usage: kill [-s signal_name] pid ... kill -l [exit_status] kill -signal_name pid ... kill -signal_number pid ... /libexec/ld-elf.so.1: /usr/local/libexec/postfix/master: Undefined symbol "close from" postfix/postfix-script: waiting for the Postfix mail system to terminate /libexec/ld-elf.so.1: /usr/local/libexec/postfix/master: Undefined symbol "close from" postfix/postfix-script: waiting for the Postfix mail system to terminate /libexec/ld-elf.so.1: /usr/local/libexec/postfix/master: Undefined symbol "close from" postfix/postfix-script: waiting for the Postfix mail system to terminate /libexec/ld-elf.so.1: /usr/local/libexec/postfix/master: Undefined symbol "close from" postfix/postfix-script: waiting for the Postfix mail system to terminate /libexec/ld-elf.so.1: /usr/local/libexec/postfix/master: Undefined symbol "close from" postfix/postfix-script: waiting for the Postfix mail system to terminate /libexec/ld-elf.so.1: /usr/local/libexec/postfix/master: Undefined symbol "close from" postfix/postfix-script: waiting for the Postfix mail system to terminate postfix/postfix-script: warning: stopping the Postfix mail system with force awk: can´t open file pid/master.pid source line number 1 # postfix start postfix/postfix-script: fatal: the Postfix mail system is already running # -
ok. News.
I installed a fresh postfix on pfSense Box for FreeBSD 7.2 (postfix-current-2.6.20090212,4.tbz)
PostFix is running now (at least 25 port is opened), and ps -aux shows 2 processes running for postfix (pickup and qmgr) but now I got the following message in system log:
postfix/smtpd: fatal open database /etc/aliases.db: No such file or directory
if I search for aliases i found
/etc/aliases (which is a link to mail/aliases) (/etc/mail/ is empty)
/usr/local/etc/postfix/dist/aliases
/usr/local/etc/postfix/aliasesThanks
-
Great, you are almost there!
To get the /etc/aliases.db file created, edit the /etc/aliases file and make any necessary changes. For me, I changed the "root: you" to "root: rkelley@abcxyz.com" then ran /usr/local/bin/newaliases to build the /etc/aliases.db file.
Also, getting the /usr/local/postfix/main.cf file tuned properly is very important! Here is what I have in mine:
undisclosed_recipients_header = To:rkelley@abcxyz.com queue_directory = /var/spool/postfix command_directory = /usr/local/sbin daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix mail_owner = postfix myorigin = <domain_name>unknown_local_recipient_reject_code = 550 mynetworks_style = host relayhost = <pfsense_lan_ip>debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/local/sbin/sendmail newaliases_path = /usr/local/bin/newaliases mailq_path = /usr/local/bin/mailq setgid_group = maildrop html_directory = no manpage_directory = /usr/local/man sample_directory = /usr/local/etc/postfix readme_directory = no</pfsense_lan_ip></domain_name>Make sure to put in the correct information for your relayhost, undisclosed_recipients_header, and myorigin. Once done, simply restart postfix and send yourself an email.
Let me know how you make out…
-