Postfix - antispam and relay package

marcelloc · May 18, 2012, 2:30 PM

zlyzwy,

I'm not getting this error, but I'll try it on a clean install on vm.

Are you using pfsense 32 or 64 bits

att,
Marcello Coutinho

zlyzwy · May 18, 2012, 2:40 PM

zlyzwy,

I'm not getting this error, but I'll try it on a clean install on vm.

Are you using pfsense 32 or 64 bits

att,
Marcello Coutinho

Hi Marcello,
Version:

2.0.1-RELEASE (i386) 
built on Mon Dec 12 18:24:17 EST 2011

I have some other pkgs installed:
freeradius2
Pfblocker
Unbound
bandwidthd

Thanks.
Zlyzwy

RobinGill · May 19, 2012, 7:48 PM

Hi Marcello,

Many thanks for this package - great addition to pfSense.

I've just set a box up that I was hoping to set this box up using LDAP to import list of users. The two issues I have are:

1. I tried running /usr/sbin/pkg_add -r p5-perl-ldap but I get the error unable to fetch ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.1-release/Latest/p5-perl-ldap.tbz. In fact it appears the whole packages-8.1-release directory has been depreciated.

2. If it is possible to get this running, is there any way to import user information using LDAP from multiple servers?

Also I was wondering if there are plans to add SMTP authentication in the future?

marcelloc · May 20, 2012, 2:25 AM

@RobinGill:

1. I tried running /usr/sbin/pkg_add -r p5-perl-ldap but I get the error unable to fetch ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.1-release/Latest/p5-perl-ldap.tbz. In fact it appears the whole packages-8.1-release directory has been depreciated.

get it from my personal repo
http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-perl-ldap-0.4300.tbz

@RobinGill:

2. If it is possible to get this running, is there any way to import user information using LDAP from multiple servers?

It's already on the package code, just click on "+" button to add the other servers.
Note that this ldap fetch code was fetched from postfix website to run with active directory, I did no teste with openldap.

@RobinGill:

Also I was wondering if there are plans to add SMTP authentication in the future?

Plans: yes, time to do it: almost none :)

nahid · May 20, 2012, 8:01 PM

Hay all,

I have a question related with WebClient of SMTP Server. I have configured postfix with pfsense as my spam filter. Everything is working well except when I want send email from webclient of my Mail server it gives me error with "SMTP Authenticaion Error" while I can send email from other webclient like mail2web.

Is there any config error from where I could give the access my webclient to send mails through email server?

Nahid

nahid · May 20, 2012, 10:30 PM

I figure out the problem that I am facing.

If I choose my mail server as local internal server ip 10.10.1.5 in outlook then it works with no problem. However, when I choose the External IP 94.55.x.x or the domain name of my mailserver from my home it is unable to connect with the server.

When I remove postfix it works but after putting the postfix it works only locally. How could I solve this problem?

RobinGill · May 20, 2012, 10:34 PM

Many thanks for the help Marcello, I managed to install it using the link you provided :)

I noticed I was getting errors due to already having a version of Perl installed - I'm guessing Open VMware tools installed perl-5.10.1_3.

Anyway, I wiped it and started again this time just pfSense and Postfix, p5-perl-ldap installed this time without errors.

However I noticed once I configured a domain on the Domains tab which should correspond with the LDAP server, postfix would accept emails to invalid users at that domain. This didn't change if I added or removed @domain.com from Custom Valid recipients on the Recipients tab.

Then I wiped it again and only installed pfSense and postfix and not p5-perl-ldap. Again once I've configured a domain, even without adding the domain to Custom Valid recipients, it accepts emails for any user at the configured domain. The relay_recipients file is empty.

Checking this with another other install, if I configure a domain on the Domains tab but don't enter the domain under Custom Valid recipients, there I get 550 5.1.1 anyuser@domain.com: Recipient address rejected: User unknown in relay recipient table.

The only difference I can think of is that the new installation is brand new installed today while the old one was installed a few months ago and only upgraded to latest version a few days ago.

Any ideas on where to look for problems would be very much appreciated./anyuser@domain.com

marcelloc · May 21, 2012, 1:04 AM

RobinGill,

check the difference from postfix config file from old verison to this latest version.

The Custom Valid recipients need an OK at end of email addresses.

What antispam settings did you selected on both installs?

This file should have all valid recipients fetched from ldap as well from custom field.
/usr/local/etc/postfix/relay_recipients

run /usr/local/bin/php -q /usr/local/www/postfix_recipients.php on console/ssh and check if there are running erros.

att,
Marcello Coutinho

nahid · May 21, 2012, 10:01 AM

This is the log that I getting while want to send emails through Webclient:

May 21 13:00:33 pfsense postfix/postscreen[55796]: CONNECT from [127.0.0.1]:27215
May 21 13:00:33 pfsense postfix/postscreen[55796]: PASS OLD [127.0.0.1]:27215
May 21 13:00:33 pfsense postfix/smtpd[55803]: connect from localhost[127.0.0.1]
May 21 13:00:33 pfsense postfix/smtpd[55803]: lost connection after AUTH from localhost[127.0.0.1]
May 21 13:00:33 pfsense postfix/smtpd[55803]: disconnect from localhost[127.0.0.1]
May 21 13:00:36 pfsense postfix/postscreen[55796]: CONNECT from [209.85.217.170]:64486
May 21 13:00:36 pfsense postfix/postscreen[55796]: PASS OLD [209.85.217.170]:64486

SMTP error is attached.

nahid · May 21, 2012, 10:19 AM

But when I connect from other webclient like http://www.mail2web.com I got the following logs:

May 21 13:17:09 pfsense postfix/postscreen[55796]: CONNECT from [168.144.250.170]:36591
May 21 13:17:15 pfsense postfix/postscreen[55796]: NOQUEUE: reject: RCPT from [168.144.250.170]:36591: 450 4.3.2 Service currently unavailable; from=networkadmin@sesric.org, to=anhuda@sesric.org, proto=SMTP, helo= <xsmtp07.mail2web.com>May 21 13:17:16 pfsense postfix/postscreen[55796]: PASS NEW [168.144.250.170]:36591
May 21 13:17:16 pfsense postfix/postscreen[55796]: DISCONNECT [168.144.250.170]:36591
May 21 13:17:21 pfsense postfix/postscreen[55796]: CONNECT from [168.144.250.170]:36739
May 21 13:17:21 pfsense postfix/postscreen[55796]: PASS OLD [168.144.250.170]:36739
May 21 13:17:22 pfsense postfix/smtpd[55803]: connect from xsmtp07.mail2web.com[168.144.250.170]
May 21 13:17:22 pfsense postfix/smtpd[55803]: 7E2BFBFEB82: client=xsmtp07.mail2web.com[168.144.250.170]
May 21 13:17:22 pfsense postfix/cleanup[4869]: 7E2BFBFEB82: hold: header Received: from xsmtp07.mail2web.com (xsmtp07.mail2web.com [168.144.250.170])??by pfsense.localdomain (Postfix) with ESMTP id 7E2BFBFEB82??for anhuda@sesric.org; Mon, 21 May 2012 13:17:22 +0300 (EEST from xsmtp07.mail2web.com[168.144.250.170]; from= networkadmin@sesric.orgto= anhuda@sesric.orgproto=ESMTP helo= <xsmtp07.mail2web.com>May 21 13:17:22 pfsense postfix/cleanup[4869]: 7E2BFBFEB82: message-id=380-22012512110189682@M2W107.mail2web.com

So the problem is when I want to send mail from my webclient it gives me the error with SMTP Authentication error. But I am not using any TLS/SASL protocol.</xsmtp07.mail2web.com>/anhuda@sesric.org /networkadmin@sesric.org /anhuda@sesric.org</xsmtp07.mail2web.com>/anhuda@sesric.org /networkadmin@sesric.org

marcelloc · May 21, 2012, 1:38 PM

@nahid:

But when I connect from other webclient like http://www.mail2web.com I got the following logs:

This log means that you are using postscreen and he is doing his job, first connect of each ip after service start(on boot for example) will be rejected, next connections from this ip will be accepted.

att,
Marcello Coutinho

marcelloc · May 21, 2012, 1:40 PM

@nahid:

This is the log that I getting while want to send emails through Webclient:
May 21 13:00:33 pfsense postfix/smtpd[55803]: lost connection after AUTH from localhost[127.0.0.1]

I did not included any authentication feature to this package yet. If you have this config on other server, just paste postfix authentication options on custom field at gui.

att,
Marcello Coutinho

nahid · May 21, 2012, 1:45 PM

Marcello,

I am getting emails through my Internal Mail Server IP and unable to get those emails through external email server such as 94.55.59.130 or mail2.sesric.org. When I configure Outlook with local mail server ip with 10.10.1.5 it works but it doesn't worh with external ip. Thats the problem I am facing. I can only get email in office but unable to get them at home.

best regards,
Nahid

marcelloc · May 21, 2012, 2:05 PM

nahid,

This package is just a mail forwarder with antispam features, it will not replace your internal server, if you need external access to your internal server, use a nat rule for it on another ip/port and leave postfix filtering messages from internet to your internal server.

att,
Marcello Coutinho

nahid · May 21, 2012, 2:23 PM

Marcello,

My problem is that I can access from Webclient like mail2web and send mail via my mailserver but unable to connect through mail my external outgoing mail server. Thats problem I am getting. My incoming and outgoing server is same. Thats why I cant change to access from external through another IP.

best regards
Nahid

marcelloc · May 21, 2012, 2:27 PM

@nahid:

My incoming and outgoing server is same. Thats why I cant change to access from external through another IP.

Create a nat from external port 587 redirecting it to your internal server. This way you can use auth to send email to your internal server.

att,
Marcello Coutinho

nahid · May 21, 2012, 2:32 PM

This is the log when I choose my external mail server ip:

May 21 17:33:33 pfsense postfix/postscreen[16712]: CONNECT from [127.0.0.1]:7002
May 21 17:33:39 pfsense postfix/postscreen[16712]: PASS OLD [127.0.0.1]:7002
May 21 17:33:39 pfsense postfix/smtpd[30639]: connect from localhost[127.0.0.1]
May 21 17:33:39 pfsense postfix/smtpd[30639]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.7.1 <abunaser>: Helo command rejected: Host not found; from= anhuda@sesric.orgto= networkadmin@sesric.orgproto=ESMTP helo= <abunaser>May 21 17:33:39 pfsense postfix/smtpd[30639]: disconnect from localhost[127.0.0.1]
May 21 17:34:39 pfsense postfix/postscreen[16712]: CONNECT from [127.0.0.1]:58545
May 21 17:34:39 pfsense postfix/postscreen[16712]: PASS OLD [127.0.0.1]:58545
May 21 17:34:39 pfsense postfix/smtpd[30639]: connect from localhost[127.0.0.1]
May 21 17:34:39 pfsense postfix/smtpd[30639]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.7.1 <abunaser>: Helo command rejected: Host not found; from= anhuda@sesric.orgto= networkadmin@sesric.orgproto=ESMTP helo= <abunaser>May 21 17:34:39 pfsense postfix/smtpd[30639]: disconnect from localhost[127.0.0.1]

Even I couldn't send between my networks.

Nahid</abunaser>/networkadmin@sesric.org /anhuda@sesric.org</abunaser></abunaser>/networkadmin@sesric.org /anhuda@sesric.org</abunaser>

nahid · May 21, 2012, 2:38 PM

Marcello,

I will try with 587 port. But could you please look over the logs I posted. Even I want to send emails between my network it rejected as "Helo command rejected: Host not found; from= anhuda@sesric.orgto= networkadmin@sesric.orgproto=ESMTP helo=<abunaser>"

But my domain is sesric.org. Even I have passed my network by given 10.10.1.0/24 to my client access list. ıs there anything wrong with the config?

Nahid</abunaser>/networkadmin@sesric.org /anhuda@sesric.org

nahid · May 21, 2012, 4:22 PM

Marcello,

When I uncheck "Use SMTP Authentication" I get the following logs:

May 21 19:23:28 pfsense postfix/postscreen[8009]: CONNECT from [127.0.0.1]:29580
May 21 19:23:28 pfsense postfix/postscreen[8009]: PASS OLD [127.0.0.1]:29580
May 21 19:23:28 pfsense postfix/smtpd[3010]: connect from localhost[127.0.0.1]
May 21 19:23:28 pfsense postfix/smtpd[3010]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.7.1 <sesric.org?[10.10.1.254]>: Helo command rejected: Host not found; from= networkadmin@sesric.orgto= anhuda@sesric.orgproto=ESMTP helo= <sesric.org?[10.10.1.254]>May 21 19:23:28 pfsense postfix/smtpd[3010]: lost connection after RCPT from localhost[127.0.0.1]
May 21 19:23:28 pfsense postfix/smtpd[3010]: disconnect from localhost[127.0.0.1]

And I think it is something wrong with my config that is not going to accept my domain name. Because here also I just tried to send mail inside my domain.

Best regards,
Nahid</sesric.org?[10.10.1.254]>/anhuda@sesric.org /networkadmin@sesric.org</sesric.org?[10.10.1.254]>

marcelloc · May 21, 2012, 6:42 PM

@nahid:

Helo command rejected: Host not found; from= networkadmin@sesric.orgto= anhuda@sesric.orgproto=ESMTP helo=<sesric.org?[10.10.1.254]>/anhuda@sesric.org /networkadmin@sesric.org

This is your error.

Change your client helo info to a valid dns name(internal or external).

If you want, you can disable the helo check on antispam settings too.(I do not recomend, but in some cases this is the easier way to workaround misconfigured servers)

att,
Marcello Coutinho