Postfix - antispam and relay package
-
Hello,
I'm trying to modify this part of the main.cf to remove the reject_unknown_sender_domain
–--------------
smtpd_sender_restrictions = reject_unknown_sender_domain,
permitMy server is using a remote DNS so I cannot add a A or MX record for some of my local servers so I need to remove this option (or add a permit_mynetworks above it).
I cannot seem to do this anyway in the gui. I can do it manually but it seems to be overwritten shortly after.
Any ideas?
Thanks
M
-
Madas,
Include your hosts on my network acl.
-
I have. The reject_unknown_sender_domain seems to be bouncing the message before the network ACL's are checked.
-
I have. The reject_unknown_sender_domain seems to be bouncing the message before the network ACL's are checked.
It will work if you create this dummy domain on your internal dns and point pfsense to use it.
-
My firewall points directly to the ISP's DNS. I don't run a local one that is accessible from my firewall. I just want to remove that restriction
-
Finally set this up today and have read through the thread.
I seem to be missing something in the basic configuration.
Notes: I disabled the port 25 NAT and associated rule.
A new rule to allow port 25 to WAN Address is in place and is logged.
I let it run for 15+min.My Port 25 Rules block 1k spam connects/hour. I find I've grown attached to them. /notes
Problem:
If I bind to Postfix to WAN, Postfix receives and passes mail correctly; but Port 25 Rules are ignored.
When I bind to loopback-only, I don't see any indication that any mail is reaching Postfix.In both cases, the Rule Logs show traffic being passed to the WAN address.
What am I missing?
-
Hi linuxtracker,
When you listen postfix on loopback only, you need a Nat rule to forward traffic from wan address to localhost.
In both cases, you need to put block rules before allow rules on firewall tab.
-
In both cases, you need to put block rules before allow rules on firewall tab.
Crap. That is exactly what I did. I know better too.
Now I have to go wear the hat for the rest of the day.
-
No intention to call you dunce, I was just posting full info to solve your problem.
Sorry. :( -
No intention to call you dunce, I was just posting full info to solve your problem.
Sorry.I wasn't irritated with you. I was poking fun at myself for making a rookie mistake.
If you hadn't set me straight, I'd probably still be banging my head against it.
So - Thank you.
-
Is it possible to forward all incoming domains to another mail server after the email address had been checked?
So * to ip x.x.x.x -
You can configure smart relay options, but I think it's not a good idea as postfix will accept any email, including relay atempts and your internal server will miss the external IP address to do spam checks.
-
You can configure smart relay options, but I think it's not a good idea as postfix will accept any email, including relay atempts and your internal server will miss the external IP address to do spam checks.
Ok, but is it possible to add the domains just like the valid recipients? e.g. a txt file from an external url?
-
Ok, but is it possible to add the domains just like the valid recipients? e.g. a txt file from an external url?
I think it's not a good idea as this setup may forward many open relay attempts to your internal server and it will not be able to test external ip as you 'proxied' connection with postifx ip.
-
Sorry if this has been covered in the many pages before; I took a skim through and didn't find anything. I want to intercept all SMTP traffic (port 25) from the LAN side and redirect it to my own remote mail server, which requires SMTP authentication.
So I guess two parts here; doing a redirect from the actual SMTP server to my local Postfix which is installed via this package, and then getting Postfix to talk to the remote server and send the mail on.
I guess part one can be done with outbound NAT? For part two everything I see online for a relayhost with SMTP authentication requires additional files and encryption libraries. Is it possible with this package?
Thanks a lot if anyone can help.
-
Hi all,
Postfix compilation on x64 now includes cyrus-SASL2 and TLS.
who need or want to test it, reinstall or remove/install postfix package.
No changes in gui for this option. Include all your SASL and/or TLS config in custom main.cf options
att,
Marcello CoutinhoHi marcelloc,
First, thanks for your great work.
Do you have any guide or sample what should I include in main.cf to support TLS?
I am sorry I can't find any reference in these posts.
Thanks!
Zlyzwy
-
Hi all,
All emails appears in status "hold" in the search mail option.
Is it normal ?
Yet I receive all emails…Does it mean that a copy of all emails is kept in postfix ?
If yes, the disk might be full soon...In the "third party antispam settings" of postfix, the message hold mode is "auto mode".
Is it a recommended configuration ?
What the advantage of manual mode ? And what should we put in ACL headers in such a mode (I'm a newbie)?Thanks
-
Do you have any guide or sample what should I include in main.cf to support TLS?
Paste postfix config for TLS on custom options at gui.
As I did not implemented SASL/TLS yet, I don't know how to help you, but google does ;)
-
@ics:
All emails appears in status "hold" in the search mail option.
Is it normal ?It should only happens when you have select mailscanner integration but did not configured,installed or started mailscanner daemon
@ics:
Does it mean that a copy of all emails is kept in postfix ?
No, it means that messages will stay on disk until mailscanner finishes his job on these messages.
@ics:
In the "third party antispam settings" of postfix, the message hold mode is "auto mode".
Is it a recommended configuration ?
What the advantage of manual mode ? And what should we put in ACL headers in such a mode (I'm a newbie)?I use manual mode as I can do some tests or choose the way I hold messages to mailscanner
-
Sorry if this has been covered in the many pages before; I took a skim through and didn't find anything. I want to intercept all SMTP traffic (port 25) from the LAN side and redirect it to my own remote mail server, which requires SMTP authentication.
Not implemented on this package. All features were included to act as an inbound smtp server to protect your exchange/internal server.