Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Postfix - antispam and relay package

    Scheduled Pinned Locked Moved pfSense Packages
    855 Posts 136 Posters 1.1m Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcellocM
      marcelloc
      last edited by

      The problem is that /var is ram drive and /usr is read only on nanobsd.

      you can symlink postfix folder to /usr but you will need to leave /usr writable all the time.

      Treinamentos de Elite: http://sys-squad.com

      Help a community developer! ;D

      1 Reply Last reply Reply Quote 0
      • F
        fogelholk
        last edited by

        @marcelloc:

        The problem is that /var is ram drive and /usr is read only on nanobsd.

        you can symlink postfix folder to /usr but you will need to leave /usr writable all the time.

        Alright, thanks for your answer.

        Would it be possible to give it more ram or increase the size of /var or something? The tiny beast has 2GB of total ram, and currently about 11% in use.

        1 Reply Last reply Reply Quote 0
        • N
          nahid
          last edited by

          Marcello,

          My SMTP Test report as follows:
          EHLO please-read-policy.mxtoolbox.com
          250-firewall.sesric.org
          250-PIPELINING
          250-SIZE 10240000
          250-ETRN
          250-ENHANCEDSTATUSCODES
          250-8BITMIME
          250 DSN [187 ms]
          MAIL FROM: supertool@mxtoolbox.com250 2.1.0 Ok [203 ms]
          RCPT TO: test@example.com554 5.7.1 test@example.com: Relay access denied [187 ms]
          QUIT
          221 2.0.0 Bye [203 ms]

          I want to convert the local address (red marked) to mail2.sesric.org.
          Is there any way to solve this.

          Best regards,
          Nahid/test@example.com/test@example.com/supertool@mxtoolbox.com

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            Nahid,

            I think you just need to add

            myhostname=mail2.sesric.org
            smtp_helo_name=mail2.sesric.org

            to genereal -> custom main.cf options

            att,
            Marcello Coutinho

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • N
              nahid
              last edited by

              Mercello,

              In that case I got the following log that shows the messages were bounced and it doesn't deliver.

              May 26 12:10:19 nahid05@gmail.com anhuda@sesric.org 0.63 bounced (mail for [10.10.1.5] loops back to myself)
              May 26 12:09:23 nashanahid@yahoo.com anhuda@sesric.org 0.69 bounced (mail for [10.10.1.5] loops back to myself)

              Best regards,
              Nahid

              1 Reply Last reply Reply Quote 0
              • R
                RobinGill
                last edited by

                @marcelloc:

                RobinGill,

                all working now? I was trying to reproduce your no valid recipients check you've posted today.
                The reinstall did the trick?

                att,
                Marcello Coutinho

                Hi Marcello,

                Yes it's all working now that I've reinstalled. Strange thing is I tried a few times until I got it working. If I can figure out how to reproduce the problem I had I will let you know.

                Also it's no major deal, but I'm wondering if on the next update it may be worth modifying the package to add quote marks to allow ldap authentication with a username with a space in it. I tried adding the quote marks in the gui but they are automatically removed.

                1 Reply Last reply Reply Quote 0
                • marcellocM
                  marcelloc
                  last edited by

                  @RobinGill:

                  but I'm wondering if on the next update it may be worth modifying the package to add quote marks to allow ldap authentication with a username with a space in it. I tried adding the quote marks in the gui but they are automatically removed.

                  I leave only letters and number to avoid code on the field.

                  Treinamentos de Elite: http://sys-squad.com

                  Help a community developer! ;D

                  1 Reply Last reply Reply Quote 0
                  • N
                    nahid
                    last edited by

                    "Mercello,

                    In that case I got the following log that shows the messages were bounced and it doesn't deliver.

                    May 26 12:10:19  nahid05@gmail.com  anhuda@sesric.org  0.63  bounced  (mail for [10.10.1.5] loops back to myself)
                    May 26 12:09:23  nashanahid@yahoo.com  anhuda@sesric.org  0.69  bounced  (mail for [10.10.1.5] loops back to myself)

                    Best regards,
                    Nahid"

                    Marcello,

                    Is there any way to solve this?

                    Nahid

                    1 Reply Last reply Reply Quote 0
                    • Z
                      zlyzwy
                      last edited by

                      Hi Marcelloc,

                      I have one question, some mail server is continuing sending spam email to my server.
                      It brings me a lot of useless log in Search Mail(NOQUEUE).

                      May 28 15:41:58	xxx@xxx.com	aaa@aaa.cn	reject
                      May 28 15:42:58	xxx@xxx.com	aaa@aaa.cn	reject
                      May 28 15:43:58	xxx@xxx.com	aaa@aaa.cn	reject
                      May 28 15:44:58	xxx@xxx.com	aaa@aaa.cn	reject
                      May 28 15:45:58	xxx@xxx.com	aaa@aaa.cn	reject
                      May 28 15:46:58	xxx@xxx.com	aaa@aaa.cn	reject
                      May 28 15:47:58	xxx@xxx.com	aaa@aaa.cn	reject
                      

                      I add the rule in Access List –> Sender

                      xxx@xxx.com RJECT
                      bbb.com REJECT
                      

                      But I found I still can see these log in Search Mail.

                      Can I just block these mail address somewhere? Or maybe there will have a filter for log?

                      Thanks for your great work!
                      Zlyzwy

                      1 Reply Last reply Reply Quote 0
                      • marcellocM
                        marcelloc
                        last edited by

                        The noqueue log means that the message was rejected before mail data.

                        To do not receive this error, you will need to configure a firewall rule for these ips.

                        att,
                        Marcello Coutinho

                        Treinamentos de Elite: http://sys-squad.com

                        Help a community developer! ;D

                        1 Reply Last reply Reply Quote 0
                        • Z
                          zlyzwy
                          last edited by

                          @marcelloc:

                          The noqueue log means that the message was rejected before mail data.

                          To do not receive this error, you will need to configure a firewall rule for these ips.

                          att,
                          Marcello Coutinho

                          In fact, I has tried this method already, however it seems it doesn't work.
                          I have pfBlocker installed, I put the spam ip into the Custom list, eg:

                          111.222.333.444/32  #xxx@xxx.com
                          

                          Then I still see the NOQUEUE log…

                          1 Reply Last reply Reply Quote 0
                          • marcellocM
                            marcelloc
                            last edited by

                            @zlyzwy:

                            In fact, I has tried this method already, however it seems it doesn't work.
                            I have pfBlocker installed, I put the spam ip into the Custom list, eg:
                            111.222.333.444/32  #xxx@xxx.com

                            can you check on diagnostics table if this ip is listed on pfblocker alias?
                            what action did you selected on pfblocker?

                            pfBlocker is a nice package  ;), but for this rule, you need just an alias and a rule on wan.

                            att,
                            Marcello Coutinho

                            Treinamentos de Elite: http://sys-squad.com

                            Help a community developer! ;D

                            1 Reply Last reply Reply Quote 0
                            • Z
                              zlyzwy
                              last edited by

                              can you check on diagnostics table if this ip is listed on pfblocker alias?

                              Yes, it's.

                              what action did you selected on pfblocker?

                              Deny Inbound

                              I can see the packets which has been blocked by PFblocker from Dashboard..

                              1 Reply Last reply Reply Quote 0
                              • marcellocM
                                marcelloc
                                last edited by

                                Check the log, it may be coming from more than one ip.

                                Treinamentos de Elite: http://sys-squad.com

                                Help a community developer! ;D

                                1 Reply Last reply Reply Quote 0
                                • Z
                                  zlyzwy
                                  last edited by

                                  @marcelloc:

                                  Check the log, it maybe comming from more then one ip.

                                  You are right… there are three ips from one address.

                                  I blocked them all and it's now OK~

                                  Thanks for your help~

                                  1 Reply Last reply Reply Quote 0
                                  • I
                                    ics
                                    last edited by

                                    Hi,

                                    In Postfix, is it possible to forward emails to specific servers depending on the recipient email address (not only on the domain) ?

                                    Thank you

                                    1 Reply Last reply Reply Quote 0
                                    • marcellocM
                                      marcelloc
                                      last edited by

                                      not yet.  :(

                                      Treinamentos de Elite: http://sys-squad.com

                                      Help a community developer! ;D

                                      1 Reply Last reply Reply Quote 0
                                      • Z
                                        zlyzwy
                                        last edited by

                                        Hi Marcelloc,

                                        Can I add the NOQUEUE email address to Whitelist?
                                        Some of mail server can't pass 'Helo Hostname' check….

                                        As my understanding, the "access lists" will only work with QUEUE email address.

                                        Thanks in advance~

                                        Zlyzwy

                                        1 Reply Last reply Reply Quote 0
                                        • marcellocM
                                          marcelloc
                                          last edited by

                                          The noqueue info in log file are for messages that failed during header check.

                                          to workaround it,you can:

                                          • unselect the helo check on config gui

                                          • add the host hello info to /etc/hosts (check if pfsense boot process does not clean this file)

                                          • if you really trust the remote domain, add it to mynetworks.

                                          But the best way is to ask remote site admin to fix his smtp configuration.

                                          Treinamentos de Elite: http://sys-squad.com

                                          Help a community developer! ;D

                                          1 Reply Last reply Reply Quote 0
                                          • I
                                            ics
                                            last edited by

                                            Hi,

                                            In Search Mail some emails have status "sent" even if it's detected as spam (maillog).
                                            And for some other emails status "spam" is obviously correct. :)

                                            Any explanation ?

                                            Another question :
                                            the subject displayed is the original subject of the email. Is it possible to view the modified subject also ?

                                            Thanks

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.