Postfix forwarder - modify SMTP banner?
-
Awesome, thank you!
I've been browsing these forums quite a bit and noticed a screenshot in one of Marcello's posts that seems to show stats re: postfix forwarder… numbers of emails rejected, accepted, etc. I can't seem to find that screen in my pfsense, but I'm probably looking in the wrong places.
I'm also curious about how I can see more detail about the messages or mail servers postfix forwarder is rejecting and why. I see postfix forwarder information in the pfsense system log, but nothing related to spam/server scoring... mostly the service starting and stopping.
I think you are refering to the widget on the dashboard. Click the "+" sign under the pfsense dashboard and add it then make sure to save it.
-
I tried that earlier and I just have a blue bar that says "Postfix"… it's expanded, but there is nothing there. The other widgets seem to be working fine. I left all the logging stuff default, so I don't think I managed to mangle something so soon. But I don't put anything past me.
-
This doesn't seem to have worked:
smtpd_banner = $myhostname host.domain.com
host.domain.com replaced with the details consistent with my reverse DNS… I tried rebooting pfsense as well, but postfix forwarder is still dishing out domain.com rather than host.domain.com.
You made the change then saved the configuation correct?, after which you only should have had to restart postfix. Where are you seeing it reply with the wrong host name?
-
I tried that earlier and I just have a blue bar that says "Postfix"… it's expanded, but there is nothing there. The other widgets seem to be working fine. I left all the logging stuff default, so I don't think I managed to mangle something so soon. But I don't put anything past me.
You have it enabled on the general screen "enable postfix" checked. In services it shows running?
It sounds as if it in not running. If you haven't changed the config you can look at the log in /var/log/maillog to see if it is starting properly.
-
This doesn't seem to have worked:
smtpd_banner = $myhostname host.domain.com
host.domain.com replaced with the details consistent with my reverse DNS… I tried rebooting pfsense as well, but postfix forwarder is still dishing out domain.com rather than host.domain.com.
You made the change then saved the configuation correct?, after which you only should have had to restart postfix. Where are you seeing it reply with the wrong host name?
Yes… I'm using http://mxtoolbox.com/ to check it. I know postfix forwarder is running, because I'm seeing the wrong information in the banner, as opposed to when I telnet to port 25 on my internal mail server which shows me the correct information. I'm getting email fine so at least the communication between postfix forwarder and my mail server is working. ;)
Just based on the last hour or so, I think postfix forwarder is working pretty good... I just haven't found any stats or logs that would allow me to see in some detail what it's doing.
-
I tried that earlier and I just have a blue bar that says "Postfix"… it's expanded, but there is nothing there. The other widgets seem to be working fine. I left all the logging stuff default, so I don't think I managed to mangle something so soon. But I don't put anything past me.
You have it enabled on the general screen "enable postfix" checked. In services it shows running?
It sounds as if it in not running. If you haven't changed the config you can look at the log in /var/log/maillog to see if it is starting properly.
Yes, in services it shows "postfix Not available. Running"
-
This doesn't seem to have worked:
smtpd_banner = $myhostname host.domain.com
host.domain.com replaced with the details consistent with my reverse DNS… I tried rebooting pfsense as well, but postfix forwarder is still dishing out domain.com rather than host.domain.com.
You made the change then saved the configuation correct?, after which you only should have had to restart postfix. Where are you seeing it reply with the wrong host name?
Yes… I'm using http://mxtoolbox.com/ to check it. I know postfix forwarder is running, because I'm seeing the wrong information in the banner, as opposed to when I telnet to port 25 on my internal mail server which shows me the correct information. I'm getting email fine so at least the communication between postfix forwarder and my mail server is working. ;)
Just based on the last hour or so, I think postfix forwarder is working pretty good... I just haven't found any stats or logs that would allow me to see in some detail what it's doing.
go to /var/log/maillog and you will see exactly what it is doing. I am not sure it is even processing your mail from the way it sounds. It sound like the firewall is passing traffic directly to your smtp server. You need to postfix in the middle.
Check to listen interface in postfix and set it to the loopback then create a rule to the loopback on the wan interface
TCP * * 127.0.0.1 25 (SMTP) * none
Then on the second tab on post fix specify the domain or domains and the internal ip address of the smtp server.
-
go to /var/log/maillog and you will see exactly what it is doing. I am not sure it is even processing your mail from the way it sounds. It sound like the firewall is passing traffic directly to your smtp server. You need to postfix in the middle.
Check to listen interface in postfix and set it to the loopback then create a rule to the loopback on the wan interface
TCP * * 127.0.0.1 25 (SMTP) * none
Then on the second tab on post fix specify the domain or domains and the internal ip address of the smtp server.
I'm on an appliance and am not sure how to get to /var/log/maillog… I tried the "Edit File" function, but no luck finding /var/log/maillog.
I'm pretty sure postfix forwarder is running, because I woke up without a single spam... which is very (very!) unusual. I just can't figure out where useful logs and stats are and why "smtpd_banner = $myhostname host.domain.com" in "custom main.cf options" is not working. I used mxtoolbox again this morning and postfix forwarder is still serving up "domain.com" rather than "host.domain.com."
-
I don't understand what you are doing there? So what's your hostname on the pfsense box?
-
I don't understand what you are doing there? So what's your hostname on the pfsense box?
It's domain.com… as opposed to host.domain.com. I'm trying to get the SMTP banner for postfix forwarder to say host.domain.com.
-
I am asking about your pfsense box hostname (forget postfix)… Is it domain.com? ???
-
I am asking about your pfsense box hostname (forget postfix)… Is it domain.com? ???
Yes.
I just got a spam and found that its IP address is blocked by both RBLs (zen.spamhaus.org, b.barracudacentral.org) I have configured under "RBL Server List." Apparently my RBL functionality is not working. Maybe the GUI is broken or I'm being stupid. I'm sure postfix forwarder is running because if I telnet from the outside in on port 25 I'm getting a banner served up by postfix forwarder, not the banner I get from the mail server I actually get my mail from which I have postfix forwarder forwarding to.
I checked main.cf using "View Postfix configuration files" and it appears its being modified properly by the GUI… I see these lines in there:
smtpd_banner = $myhostname host.domain.com (with my host and domain)
postscreen_dnsbl_sites=zen.spamhaus.org, b.barracudacentral.org
postscreen_dnsbl_threshold=1I'll reboot the appliance again, but that hasn't seemed to work and as far as I understand it's not necessary.
-
Huh? Why is your hostname empty??? Did you set myhostname = domain.com somewhere or what? That is the whole problem, there is absolutely no need to mess with anything normally; postfix uses gethostname() by default; and smtpd_banner is $myhostname ESMTP $mail_name by default.
-
Huh? Why is your hostname empty??? Did you set myhostname = domain.com somewhere or what? That is the whole problem, there is absolutely no need to mess with anything normally; postfix uses gethostname() by default; and smtpd_banner is $myhostname ESMTP $mail_name by default.
My pfsense "General Setup" is set for hostname = "pfsense" and domain = "domain.com".
Maybe I should start over. I'm not sure where postfix forwarder is getting the host/domain (well, in my case, just domain) it's serving up in the SMTP banner. The SMTP banner simply says "domain.com" and I would like it to say "host.domain.com" which would match my MX record.
-
As said, it should use gethostname(). What's the output of
postconf -n hostname???
-
As said, it should use gethostname(). What's the output of
postconf -n hostname???
In () are my redactions/comments:
$ postconf -n
access_map_defer_code = 451
access_map_reject_code = 554
config_directory = /usr/local/etc/postfix
default_process_limit = 100
disable_vrfy_command = yes
local_recipient_maps =
message_size_limit = 25600000
mydestination =
mynetworks = /usr/local/etc/postfix/mynetwork_table
mynetworks_style = host
postscreen_access_list = permit_mynetworks, cidr:/usr/local/etc/postfix/cal_cidr
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org, b.barracudacentral.org
postscreen_dnsbl_threshold = 1
relay_domains = (My first email domain) (My second email domain)
smtpd_banner = $myhostname (My host.domain.com)
smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination, check_client_access pcre:/usr/local/etc/postfix/cal_pcre, check_client_access cidr:/usr/local/etc/postfix/cal_cidr, reject_unknown_client_hostname, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, check_client_access pcre:/usr/local/etc/postfix/cal_pcre, check_client_access cidr:/usr/local/etc/postfix/cal_cidr, check_sender_access hash:/usr/local/etc/postfix/sender_access, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_multi_recipient_bounce, reject_unverified_recipient, reject_spf_invalid_sender, permit
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
strict_rfc821_envelopes = yes
transport_maps = hash:/usr/local/etc/postfix/transport
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unverified_recipient_reject_code = 550$ hostname
pfsense.domain.com (My domain) -
Afraid the postfix package is broken - gethostname() not working. Otherwise, you'd get "pfsense.domain.com" in the smtpd_banner. You can try to add
myhostname = host.domain.comto custom configuration and see if it helps.
-
Afraid the postfix package is broken - gethostname() not working. Otherwise, you'd get "pfsense.domain.com" in the smtpd_banner. You can try to add
myhostname = host.domain.comto custom configuration and see if it helps.
Is it possible the RBL lookups are broken as well? I think postfix forwarder is reducing the volume of spam (though this is just anecdotal, I don't see any useful logs in the GUI), but the first spam I received this morning came from an IP address that should have been blocked by the postfix forwarder RBL lookup.
-
Well, if basic things like resolution of local hostname are broken, then obviously yes, DNSBLs which rely on DNS records may be broken as well. Would need the whole postconf output (without -n) to see what's really configured in the end.
-
Afraid the postfix package is broken - gethostname() not working. Otherwise, you'd get "pfsense.domain.com" in the smtpd_banner. You can try to add
myhostname = host.domain.comto custom configuration and see if it helps.
Is it possible the RBL lookups are broken as well? I think postfix forwarder is reducing the volume of spam (though this is just anecdotal, I don't see any useful logs in the GUI), but the first spam I received this morning came from an IP address that should have been blocked by the postfix forwarder RBL lookup.
I have been running it for months on multiple boxes. As far as I know nothing is broken as long as it intstalled correctly.
First you NEED to look at the log.
1. Do this, go into the first page general configuration, second heading "Logging" it should say "/var/log/maillog" if not use the down arrow and select it and save the configuration.
2. Go into services and restart postfix.
3. you can do this anyway you want. You said you tried to use edit file which is fine, use it browse to var/log/maillog and open it what does it say? Post the log here
Again I do not think postfix is actually receiving your mail. It needs to be in the middle between pfsense and your smtp server. If you see it running in services then it probably is.
Were you running an smtp server without it before? If so did you modify your firewall route to pass the mail to postfix first. Just installing it will not do this.
This is very easy to test.
1. Stop your SMTP server NOT postfix.
2. Run a test with mxtoolbox
3. Do you get a responce
3a No -> postfix is not in the middle and IS not processing mail for you.
3b Yes -> postfix is in the middle.