Postfix - antispam and relay package
-
i'm using Header verification in basic mode,
-
marcelloc any way to change position of the lines ?
smtpd_recipient_restrictions = permit_mynetworks,
check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
reject_invalid_helo_hostname,
reject_unknown_recipient_domain,
reject_non_fqdn_helo_hostname,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
check_sender_access hash:/usr/local/etc/postfix/sender_access,
reject_spf_invalid_sender,
permitsmtpd_recipient_restrictions = permit_mynetworks,
check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
check_sender_access hash:/usr/local/etc/postfix/sender_access,
reject_invalid_helo_hostname,
reject_unknown_recipient_domain,
reject_non_fqdn_helo_hostname,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
reject_spf_invalid_sender,
permit -
Yes, it could be done but don't you think it will reduce security if you config for example @hotmail.com on sender_access?
All forged emails from @hotmail.com will be accepted.
Maybe two fields, one to be on top, with no sender restrictions and another after header spam checks.
-
I've pushed an update without version change putting sender_check above other tests.
Postfix docs says:
Be sure to specify check_sender_access and check_policy_service AFTER reject_unauth_destination or else your system could become an open mail relay., so I did configure reject_unauth_destination on top to prevent open relay configs. -
marcelloc,i'm going fetch recipients from zimbra ldap,but as described on web gui to enable ldap fetch p5-perl-ldap package must be installed.
when i tried install p5-perl-ldap package from console i'm getting this error:Error: Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.1-release/Latest/p5-perl-ldap.tbz: File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.1-release/Latest/p5-perl-ldap.tbz' by URLany idea?
-
any idea?
try from my repo:
pkg_add -r http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-perl-ldap-0.4300.tbz
-
i get this output ,is this normal?
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-perl-ldap-0.4300.tbz… Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-XML-NamespaceSupport-1.11.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-XML-SAX-0.96.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-XML-Filter-BufferText-1.01.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-XML-SAX-Writer-0.53.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-GSSAPI-0.28.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-Net-SSLeay-1.42.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-IO-Socket-SSL-1.53.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-URI-1.59.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-Digest-HMAC-1.03.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-Authen-SASL-2.15.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-Convert-ASN1-0.22.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt -
are you on amd64 or i386?
-
2.0.1-RELEASE (amd64)
built on Mon Dec 12 18:43:51 EST 2011
FreeBSD 8.1-RELEASE-p6 -
I've never seen this error during package install.
check if pkg_info return two postfix installs or something.
EDIT:
Let me know if this feature works with zimbra ldap.
It's written for Active directory ldap search.att,
Marcello Coutinho -
by the way i can't see postfix package describtion propoerly,see attached screeshot
bsdinstaller-2.0.2011.0913 BSD Installer mega-package
cyrus-sasl-2.1.25_1 RFC 2222 SASL (Simple Authentication and Security Layer)
daq-0.6.2 Data Acquisition abstraction library for snort 2.9+
gettext-0.18.1.1 GNU gettext package
libdnet-1.11_3 A simple interface to low level networking routines
libiconv-1.13.1_1 A character set conversion library
libnet11-1.1.2.1_3,1 A C library for creating IP packets
libpcap-1.1.1_1 Ubiquitous network traffic capture library
libspf2-1.2.9_1 Sender Rewriting Scheme 2 C Implementation
mysql-client-5.1.53 Multithreaded SQL database (client)
p5-Authen-SASL-2.15 Perl5 module for SASL authentication
p5-Convert-ASN1-0.22 Perl5 module to encode and decode ASN.1 data structures
p5-Digest-HMAC-1.03 Perl5 interface to HMAC Message-Digest Algorithms
p5-GSSAPI-0.28 Perl extension providing access to the GSSAPIv2 library
p5-IO-Socket-SSL-1.53 Perl5 interface to SSL sockets
p5-Net-SSLeay-1.42 Perl5 interface to SSL
p5-URI-1.59 Perl5 interface to Uniform Resource Identifier (URI) refere
p5-XML-Filter-BufferText-1.01 Filter to put all characters() in one event
p5-XML-NamespaceSupport-1.11 A simple generic namespace support class
p5-XML-SAX-0.96 Simple API for XML
p5-XML-SAX-Writer-0.53 SAX2 XML Writer
p5-perl-ldap-0.4300 A Client interface to LDAP (includes Net::LDAP)
pcre-8.21_1 Perl Compatible Regular Expressions library
perl-5.12.4_3 Practical Extraction and Report Language
perl-threaded-5.10.1_3 Practical Extraction and Report Language
pkg_info: the package info for package 'postfix-2.8.7,1' is corrupt
snort-2.9.0.5 Lightweight network intrusion detection system
-
That's the corrupt info you see on pkg_add.
if you want to try, this is the cmd to force postfix package reinstall
pkg_add -rf http://files.pfsense.org/packages/amd64/8/All/postfix-2.8.7%2c1.tbz
-
thank you marcelloc,
i will try it after operational hours. -
but it seems perl ldap installed?am i right?
-
but it seems perl ldap installed?am i right?
yes.
p5-perl-ldap-0.4300 A Client interface to LDAP (includes Net::LDAP)
I saw you have two perl versions installed
perl-5.12.4_3 Practical Extraction and Report Language
perl-threaded-5.10.1_3 Practical Extraction and Report LanguageIf you have missing modules messages on this function, you will need to force a perl version on first line of the script.
-
Hi,
I received the following error in Search mail.
Message:Status: hold
Log type:NOQUEUEWarning: sqlite_query(): no such column: mail_status.info in /usr/local/www/postfix.php on line 599 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603
Any idea how this will happen?
-
zlyzwy,
I'll try to include this check on next release.
NOQUEUE logs only messages that was rejected duing header receive, so it will not have hold status.
att,
Marcello Coutinho -
Hi,
at first thank you for this postfix-package!
I updated the postfix-package from v.2.3.3_1 to v.2.3.4.
After update each client could only sent to email-domains which was included in the "Domains to Forward". No mails to other domains was possibility. The error-message is 571 Relay denied.
I looked in the main.cf and found the different to the v.2.3.3_1:
v.2.3.3_1
smtpd_client_restrictions = check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
permitv.2.3.4
smtpd_client_restrictions = reject_unauth_destination,
check_sender_access hash:/usr/local/etc/postfix/sender_access,
check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
check_client_access cidr:/usr/local/etc/postfix/cal_cidr
permitAfter i added permit_mynetworks to smtpd_client_restrictions and restarted postfix on the commandline our clients could send Mails again.
Is this a bug in the v.2.3.4 or a feature, or forgot i to enter something in a new web-field? I yet added in "Access-List -> Client Access List -> MyNetworks 192.168.0.0/16 in the v.2.3.3-1, is there now a addional field in the webinterface to insert this to? I can't found any new fields.
To edit some fields with the webinterface and not lose the change for smtpd_client_restrictions, i added permit_my_networks in the /usr/local/pkg/postfix.inc
smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination,
check_sender_access hash:/usr/local/etc/postfix/sender_access,
check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
check_client_access cidr:/usr/local/etc/postfix/cal_cidr
RBLRBLRBL
Regards
GerdP.S. Sorry for my bad english!
-
Sensible,
Thanks for your detailed feedback,
I'll check it as soon as possible.
att,
Marcello Coutinho -
Hi,
there is an other little mistake in the postfix-Package.
In the tab "Recioients" is something wrong with the field "Frequency".
If I add 5m (for five minutes) and look in the crontab, there is the following entry:* * * */5 * root /usr/local/bin/php -q /usr/local/www/postfix_recipients.php
but it should be
*/5 * * * * root /usr/local/bin/php -q /usr/local/www/postfix_recipients.php
Please, can you check this too?
Thanks
Gerd