Postfix - antispam and relay package
-
You can configure smart relay options, but I think it's not a good idea as postfix will accept any email, including relay atempts and your internal server will miss the external IP address to do spam checks.
-
You can configure smart relay options, but I think it's not a good idea as postfix will accept any email, including relay atempts and your internal server will miss the external IP address to do spam checks.
Ok, but is it possible to add the domains just like the valid recipients? e.g. a txt file from an external url?
-
Ok, but is it possible to add the domains just like the valid recipients? e.g. a txt file from an external url?
I think it's not a good idea as this setup may forward many open relay attempts to your internal server and it will not be able to test external ip as you 'proxied' connection with postifx ip.
-
Sorry if this has been covered in the many pages before; I took a skim through and didn't find anything. I want to intercept all SMTP traffic (port 25) from the LAN side and redirect it to my own remote mail server, which requires SMTP authentication.
So I guess two parts here; doing a redirect from the actual SMTP server to my local Postfix which is installed via this package, and then getting Postfix to talk to the remote server and send the mail on.
I guess part one can be done with outbound NAT? For part two everything I see online for a relayhost with SMTP authentication requires additional files and encryption libraries. Is it possible with this package?
Thanks a lot if anyone can help.
-
Hi all,
Postfix compilation on x64 now includes cyrus-SASL2 and TLS.
who need or want to test it, reinstall or remove/install postfix package.
No changes in gui for this option. Include all your SASL and/or TLS config in custom main.cf options
att,
Marcello CoutinhoHi marcelloc,
First, thanks for your great work.
Do you have any guide or sample what should I include in main.cf to support TLS?
I am sorry I can't find any reference in these posts.
Thanks!
Zlyzwy
-
Hi all,
All emails appears in status "hold" in the search mail option.
Is it normal ?
Yet I receive all emails…Does it mean that a copy of all emails is kept in postfix ?
If yes, the disk might be full soon...In the "third party antispam settings" of postfix, the message hold mode is "auto mode".
Is it a recommended configuration ?
What the advantage of manual mode ? And what should we put in ACL headers in such a mode (I'm a newbie)?Thanks
-
Do you have any guide or sample what should I include in main.cf to support TLS?
Paste postfix config for TLS on custom options at gui.
As I did not implemented SASL/TLS yet, I don't know how to help you, but google does ;)
-
@ics:
All emails appears in status "hold" in the search mail option.
Is it normal ?It should only happens when you have select mailscanner integration but did not configured,installed or started mailscanner daemon
@ics:
Does it mean that a copy of all emails is kept in postfix ?
No, it means that messages will stay on disk until mailscanner finishes his job on these messages.
@ics:
In the "third party antispam settings" of postfix, the message hold mode is "auto mode".
Is it a recommended configuration ?
What the advantage of manual mode ? And what should we put in ACL headers in such a mode (I'm a newbie)?I use manual mode as I can do some tests or choose the way I hold messages to mailscanner
-
Sorry if this has been covered in the many pages before; I took a skim through and didn't find anything. I want to intercept all SMTP traffic (port 25) from the LAN side and redirect it to my own remote mail server, which requires SMTP authentication.
Not implemented on this package. All features were included to act as an inbound smtp server to protect your exchange/internal server.
-
hello,
i entered some sender restritions like
ymail.com REJECT
dengediksiyon_seti@yahoo.com REJECT
best_tanitim_sektorel@rocketmail.com REJECTin access lits>>sender section of the postfix package.
But can't see these settings on main.cf ?any sync problem between this section of the postfix package and main.cf?
here is part of my main.cf
local_recipient_maps =
mydestination =
mynetworks_style = host
message_size_limit = 15728640
default_process_limit = 100
#Just reject after helo,sender,client,recipient tests
smtpd_delay_reject = yesDon't talk to mail systems that don't know their own hostname.
smtpd_helo_required = yes
smtpd_helo_restrictions =smtpd_sender_restrictions = reject_unknown_sender_domain,
permit -
On current config, sender restrictions are applied on sender_access
smtpd_recipient_restrictions = permit_mynetworks,
check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
reject_invalid_helo_hostname,
reject_unknown_recipient_domain,
reject_non_fqdn_helo_hostname,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
check_sender_access hash:/usr/local/etc/postfix/sender_access,
reject_spf_invalid_sender,
permit -
marcelloc i don't see in my main.cf sender_access ,any mistake in my config?
here is my cf.
Allow connections from specified local clients and rbl check everybody else if rbl check are set.
smtpd_client_restrictions = check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
permitWhitelisting: local clients may specify any destination domain.
#,
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination,
permitpostscreen_disable_vrfy_command = yes
postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_action = enforce
postscreen_pipelining_enable = yes
postscreen_pipelining_action = enforce
postscreen_bare_newline_enable = yes
postscreen_bare_newline_action = enforce
postscreen_greet_action = enforce
postscreen_access_list = permit_mynetworks,
cidr:/usr/local/etc/postfix/cal_cidr
postscreen_dnsbl_action= enforce
postscreen_blacklist_action= enforce
postscreen_dnsbl_sites=b.barracudacentral.org,zen.spamhaus.org,bl.spamcop.net
postscreen_dnsbl_threshold=1 -
Did you checked antipam settings on postfix gui? Your config looks short
-
i'm using Header verification in basic mode,
-
marcelloc any way to change position of the lines ?
smtpd_recipient_restrictions = permit_mynetworks,
check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
reject_invalid_helo_hostname,
reject_unknown_recipient_domain,
reject_non_fqdn_helo_hostname,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
check_sender_access hash:/usr/local/etc/postfix/sender_access,
reject_spf_invalid_sender,
permitsmtpd_recipient_restrictions = permit_mynetworks,
check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
check_sender_access hash:/usr/local/etc/postfix/sender_access,
reject_invalid_helo_hostname,
reject_unknown_recipient_domain,
reject_non_fqdn_helo_hostname,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
reject_spf_invalid_sender,
permit -
Yes, it could be done but don't you think it will reduce security if you config for example @hotmail.com on sender_access?
All forged emails from @hotmail.com will be accepted.
Maybe two fields, one to be on top, with no sender restrictions and another after header spam checks.
-
I've pushed an update without version change putting sender_check above other tests.
Postfix docs says:
Be sure to specify check_sender_access and check_policy_service AFTER reject_unauth_destination or else your system could become an open mail relay., so I did configure reject_unauth_destination on top to prevent open relay configs. -
marcelloc,i'm going fetch recipients from zimbra ldap,but as described on web gui to enable ldap fetch p5-perl-ldap package must be installed.
when i tried install p5-perl-ldap package from console i'm getting this error:Error: Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.1-release/Latest/p5-perl-ldap.tbz: File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.1-release/Latest/p5-perl-ldap.tbz' by URLany idea?
-
any idea?
try from my repo:
pkg_add -r http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-perl-ldap-0.4300.tbz
-
i get this output ,is this normal?
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-perl-ldap-0.4300.tbz… Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-XML-NamespaceSupport-1.11.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-XML-SAX-0.96.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-XML-Filter-BufferText-1.01.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-XML-SAX-Writer-0.53.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-GSSAPI-0.28.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-Net-SSLeay-1.42.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-IO-Socket-SSL-1.53.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-URI-1.59.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-Digest-HMAC-1.03.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-Authen-SASL-2.15.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-Convert-ASN1-0.22.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
