Email server behind pfSense
-
Now the problem is how can I configure Postfix forwarder with MailScanner. I came through a post by you where you mentioned that port 25 NAT should be removed and all traffic should be sent to Wan Address. In my case my WAN Address is not my Email Server IP. So what will be the solution here.
If the ip address is one of virtual ips assigned to your pfsense, listen postfix on localhost and forward virtual ip port 25 to 127.0.0.1 instead of internal server.
The postfix needs to be between internet and your internal server to fiter email, just like podilarius posted.
att,
Marcello Coutinho -
Another question,
Under Serach email tab in Postfix forwarder Sqlite files are empty. Is my configuration is wrong or I have made something error.
-
One more question how can choose localhost as the interface in Postfix? Appending a line in main config file or some thing else.
The second task that I am going to perform is that I will make a port forward on 25 from my external mail server ip to localhost. But question is my internal mail server ip is 10.10.1.5 and how will I connect this with external mail server. I mean how will the email traffic will receive and send between them?
-
Or is it the thing that my local mail server ip is the localhost in postfix forward? Is that so then in domain tab which server ip I am going to provide: local or external email server ip.
Please consider me as a beginner thats why I am asking so many questions.
-
Another question,
Under Serach email tab in Postfix forwarder Sqlite files are empty. Is my configuration is wrong or I have made something error.
set log Destination to /var/log/maillog and Update Sqlite to every minute on general tab.
-
Marcelo,
Please look at the screen shots of my Postfix Forwarder. I have done what you say about the sqlite but still it is empty.
-
what you get on
tail -f /var/log/maillog?
and
/usr/local/bin/php -q /usr/local/www/postfix.php 01min -
[2.0.1-RELEASE][root@pfsense.localdomain]/root(1): tail -f /var/log/maillog
May 18 12:35:10 pfsense MailScanner[19799]: Using locktype = flock
May 18 12:35:13 pfsense MailScanner[31018]: Connected to Processing Attempts Database
May 18 12:35:13 pfsense MailScanner[31018]: Found 0 messages in the Processing Attempts Database
May 18 12:35:13 pfsense MailScanner[31018]: Using locktype = flock
May 18 12:35:19 pfsense MailScanner[37752]: Connected to Processing Attempts Database
May 18 12:35:19 pfsense MailScanner[37752]: Found 0 messages in the Processing Attempts Database
May 18 12:35:19 pfsense MailScanner[37752]: Using locktype = flock
May 18 12:35:24 pfsense MailScanner[41484]: Connected to Processing Attempts Database
May 18 12:35:24 pfsense MailScanner[41484]: Found 0 messages in the Processing Attempts Database
May 18 12:35:24 pfsense MailScanner[41484]: Using locktype = flock[2.0.1-RELEASE][root@pfsense.localdomain]/root(1): /usr/local/bin/php -q /usr/local/www/postfix.php 01min
/usr/bin/grep '^May 18 17:59.*(MailScanner|postfix.cleanup|postfix.smtp|postfix.error|postfix.qmgr)' /var/log/maillog
writing to database…writing to database...24[2.0.1-RELEASE][root@pfsense.localdomain]/root(2):this are the execution data I got.
"The second task that I am going to perform is that I will make a port forward on 25 from my external mail server ip to localhost. But question is my internal mail server ip is 10.10.1.5 and how will I connect this with external mail server. I mean how will the email traffic will receive and send between them?" – How I solve this?
Thanks a lot for your reply.
-
94.55.x.x will be an virtual ip on your pfsense?
if so,
just change 94.55.x.x on postfix gui to 10.10.1.5Internet –--> 94.55.x.x pfsense--->10.10.1.5 internal mail server
You will have sqlite databases when you have mail traffic on logs
-
Marcelo,
I have changed following way:
-
On port forward, create a nat rule from virtual ip 94.55.x.x to 127.0.0.1
The port forward will create the rule you need on wan interface
O postfix config, choose loopback and lan interface.
-
Dear Marcello,
Do I have to disable those port forward on 25 from ExternalMailServer to InternalMailServer or they will be there as like as they are?
-
recent status of the config:
-
Do I have to disable those port forward on 25 from ExternalMailServer to InternalMailServer or they will be there as like as they are?
yes, all external traffic must go to postfix (rdr from virtual ip to 127.0.0.1 with associated rule applied)
-
Hurrah!!!
Marcelo,
I can send emails but can't receive. Is there anything wrong?
-
these are log fıles:
2.0.1-RELEASE][root@pfsense.localdomain]/root(1): tail -f /var/log/maillog
May 18 22:04:28 pfsense postfix/postscreen[2216]: DISCONNECT [158.36.63.136]:234 25
May 18 22:04:28 pfsense postfix/postscreen[2216]: CONNECT from [158.36.63.136]:2 4689
May 18 22:04:28 pfsense postfix/postscreen[2216]: PASS OLD [158.36.63.136]:24689
May 18 22:04:29 pfsense postfix/smtpd[21666]: warning: 158.36.63.136: hostname e x1-stud.diastud.corp verification failed: hostname nor servname provided, or not known
May 18 22:04:29 pfsense postfix/smtpd[21666]: connect from unknown[158.36.63.136 ]
May 18 22:04:30 pfsense postfix/postscreen[2216]: NOQUEUE: reject: RCPT from [20 9.85.160.42]:36545: 450 4.3.2 Service currently unavailable; from=<tllkrmn+caf_= ="" akaraman="sesric.org@gmail.com">, to=akaraman@sesric.org, proto=ESMTP, helo= <mai ="" l-pb0-f42.google.com="">May 18 22:04:30 pfsense postfix/postscreen[2216]: PASS NEW [209.85.160.42]:36545
May 18 22:04:30 pfsense postfix/postscreen[2216]: DISCONNECT [209.85.160.42]:365 45
May 18 22:04:36 pfsense postfix/smtpd[21666]: NOQUEUE: reject: RCPT from unknown [158.36.63.136]: 554 5.7.1 centre@sesrtcic.org: Relay access denied; from= <cla ="" im@euromillionersdraw.com="">to= centre@sesrtcic.orgproto=ESMTP helo= <post.diast ="" ud.corp="">May 18 22:04:46 pfsense postfix/smtpd[21666]: disconnect from unknown[158.36.63. 136]
May 18 22:08:07 pfsense postfix/anvil[21898]: statistics: max connection rate 1/60s for (smtpd:158.36.63.136) at May 18 22:04:29
May 18 22:08:07 pfsense postfix/anvil[21898]: statistics: max connection count 1 for (smtpd:158.36.63.136) at May 18 22:04:29
May 18 22:08:07 pfsense postfix/anvil[21898]: statistics: max cache size 1 at May 18 22:04:29
May 18 22:09:42 pfsense postfix/postscreen[10615]: CONNECT from [91.102.231.30]:19466
May 18 22:09:49 pfsense postfix/postscreen[10615]: NOQUEUE: reject: RCPT from [91.102.231.30]:19466: 450 4.3.2 Service currently unavailable; from=y.owadnqb@yahoo.com, to=webmaster@sesrtcic.org, proto=SMTP, helo= <freedom>May 18 22:09:49 pfsense postfix/postscreen[10615]: HANGUP after 0.48 from [91.102.231.30]:19466 in tests after SMTP handshake
May 18 22:09:49 pfsense postfix/postscreen[10615]: PASS NEW [91.102.231.30]:19466
May 18 22:09:49 pfsense postfix/postscreen[10615]: DISCONNECT [91.102.231.30]:19466</freedom>/webmaster@sesrtcic.org/y.owadnqb@yahoo.com</post.diast >/centre@sesrtcic.org</cla >/centre@sesrtcic.org</mai >/akaraman@sesric.org</tllkrmn+caf_= > -
this is the log that email didn't receive.
May 18 22:12:02 pfsense postfix/postscreen[10615]: NOQUEUE: reject: RCPT from [209.85.213.42]:33824: 450 4.3.2 Service currently unavailable; from=nahid05@gmail.com, to=anhuda@sesric.org, proto=ESMTP, helo= <mail-yw0-f42.google.com></mail-yw0-f42.google.com>/anhuda@sesric.org/nahid05@gmail.com
-
If you have enabled the postscreen, the first communication for each ip will be rejected. Just like the spamd feature
-
Marcelo,
so what you recommend? If I disable the postscreen I will receive emails. Or there is any other solution.
-
That means 2nd time sender will work properly. Am I right?
