Postfix forwarder - modify SMTP banner?
-
This doesn't seem to have worked:
smtpd_banner = $myhostname host.domain.com
host.domain.com replaced with the details consistent with my reverse DNS… I tried rebooting pfsense as well, but postfix forwarder is still dishing out domain.com rather than host.domain.com.
-
Awesome, thank you!
I've been browsing these forums quite a bit and noticed a screenshot in one of Marcello's posts that seems to show stats re: postfix forwarder… numbers of emails rejected, accepted, etc. I can't seem to find that screen in my pfsense, but I'm probably looking in the wrong places.
I'm also curious about how I can see more detail about the messages or mail servers postfix forwarder is rejecting and why. I see postfix forwarder information in the pfsense system log, but nothing related to spam/server scoring... mostly the service starting and stopping.
I think you are refering to the widget on the dashboard. Click the "+" sign under the pfsense dashboard and add it then make sure to save it.
-
I tried that earlier and I just have a blue bar that says "Postfix"… it's expanded, but there is nothing there. The other widgets seem to be working fine. I left all the logging stuff default, so I don't think I managed to mangle something so soon. But I don't put anything past me.
-
This doesn't seem to have worked:
smtpd_banner = $myhostname host.domain.com
host.domain.com replaced with the details consistent with my reverse DNS… I tried rebooting pfsense as well, but postfix forwarder is still dishing out domain.com rather than host.domain.com.
You made the change then saved the configuation correct?, after which you only should have had to restart postfix. Where are you seeing it reply with the wrong host name?
-
I tried that earlier and I just have a blue bar that says "Postfix"… it's expanded, but there is nothing there. The other widgets seem to be working fine. I left all the logging stuff default, so I don't think I managed to mangle something so soon. But I don't put anything past me.
You have it enabled on the general screen "enable postfix" checked. In services it shows running?
It sounds as if it in not running. If you haven't changed the config you can look at the log in /var/log/maillog to see if it is starting properly.
-
This doesn't seem to have worked:
smtpd_banner = $myhostname host.domain.com
host.domain.com replaced with the details consistent with my reverse DNS… I tried rebooting pfsense as well, but postfix forwarder is still dishing out domain.com rather than host.domain.com.
You made the change then saved the configuation correct?, after which you only should have had to restart postfix. Where are you seeing it reply with the wrong host name?
Yes… I'm using http://mxtoolbox.com/ to check it. I know postfix forwarder is running, because I'm seeing the wrong information in the banner, as opposed to when I telnet to port 25 on my internal mail server which shows me the correct information. I'm getting email fine so at least the communication between postfix forwarder and my mail server is working. ;)
Just based on the last hour or so, I think postfix forwarder is working pretty good... I just haven't found any stats or logs that would allow me to see in some detail what it's doing.
-
I tried that earlier and I just have a blue bar that says "Postfix"… it's expanded, but there is nothing there. The other widgets seem to be working fine. I left all the logging stuff default, so I don't think I managed to mangle something so soon. But I don't put anything past me.
You have it enabled on the general screen "enable postfix" checked. In services it shows running?
It sounds as if it in not running. If you haven't changed the config you can look at the log in /var/log/maillog to see if it is starting properly.
Yes, in services it shows "postfix Not available. Running"
-
This doesn't seem to have worked:
smtpd_banner = $myhostname host.domain.com
host.domain.com replaced with the details consistent with my reverse DNS… I tried rebooting pfsense as well, but postfix forwarder is still dishing out domain.com rather than host.domain.com.
You made the change then saved the configuation correct?, after which you only should have had to restart postfix. Where are you seeing it reply with the wrong host name?
Yes… I'm using http://mxtoolbox.com/ to check it. I know postfix forwarder is running, because I'm seeing the wrong information in the banner, as opposed to when I telnet to port 25 on my internal mail server which shows me the correct information. I'm getting email fine so at least the communication between postfix forwarder and my mail server is working. ;)
Just based on the last hour or so, I think postfix forwarder is working pretty good... I just haven't found any stats or logs that would allow me to see in some detail what it's doing.
go to /var/log/maillog and you will see exactly what it is doing. I am not sure it is even processing your mail from the way it sounds. It sound like the firewall is passing traffic directly to your smtp server. You need to postfix in the middle.
Check to listen interface in postfix and set it to the loopback then create a rule to the loopback on the wan interface
TCP * * 127.0.0.1 25 (SMTP) * none
Then on the second tab on post fix specify the domain or domains and the internal ip address of the smtp server.
-
go to /var/log/maillog and you will see exactly what it is doing. I am not sure it is even processing your mail from the way it sounds. It sound like the firewall is passing traffic directly to your smtp server. You need to postfix in the middle.
Check to listen interface in postfix and set it to the loopback then create a rule to the loopback on the wan interface
TCP * * 127.0.0.1 25 (SMTP) * none
Then on the second tab on post fix specify the domain or domains and the internal ip address of the smtp server.
I'm on an appliance and am not sure how to get to /var/log/maillog… I tried the "Edit File" function, but no luck finding /var/log/maillog.
I'm pretty sure postfix forwarder is running, because I woke up without a single spam... which is very (very!) unusual. I just can't figure out where useful logs and stats are and why "smtpd_banner = $myhostname host.domain.com" in "custom main.cf options" is not working. I used mxtoolbox again this morning and postfix forwarder is still serving up "domain.com" rather than "host.domain.com."
-
I don't understand what you are doing there? So what's your hostname on the pfsense box?
-
I don't understand what you are doing there? So what's your hostname on the pfsense box?
It's domain.com… as opposed to host.domain.com. I'm trying to get the SMTP banner for postfix forwarder to say host.domain.com.
-
I am asking about your pfsense box hostname (forget postfix)… Is it domain.com? ???
-
I am asking about your pfsense box hostname (forget postfix)… Is it domain.com? ???
Yes.
I just got a spam and found that its IP address is blocked by both RBLs (zen.spamhaus.org, b.barracudacentral.org) I have configured under "RBL Server List." Apparently my RBL functionality is not working. Maybe the GUI is broken or I'm being stupid. I'm sure postfix forwarder is running because if I telnet from the outside in on port 25 I'm getting a banner served up by postfix forwarder, not the banner I get from the mail server I actually get my mail from which I have postfix forwarder forwarding to.
I checked main.cf using "View Postfix configuration files" and it appears its being modified properly by the GUI… I see these lines in there:
smtpd_banner = $myhostname host.domain.com (with my host and domain)
postscreen_dnsbl_sites=zen.spamhaus.org, b.barracudacentral.org
postscreen_dnsbl_threshold=1I'll reboot the appliance again, but that hasn't seemed to work and as far as I understand it's not necessary.
-
Huh? Why is your hostname empty??? Did you set myhostname = domain.com somewhere or what? That is the whole problem, there is absolutely no need to mess with anything normally; postfix uses gethostname() by default; and smtpd_banner is $myhostname ESMTP $mail_name by default.
-
Huh? Why is your hostname empty??? Did you set myhostname = domain.com somewhere or what? That is the whole problem, there is absolutely no need to mess with anything normally; postfix uses gethostname() by default; and smtpd_banner is $myhostname ESMTP $mail_name by default.
My pfsense "General Setup" is set for hostname = "pfsense" and domain = "domain.com".
Maybe I should start over. I'm not sure where postfix forwarder is getting the host/domain (well, in my case, just domain) it's serving up in the SMTP banner. The SMTP banner simply says "domain.com" and I would like it to say "host.domain.com" which would match my MX record.
-
As said, it should use gethostname(). What's the output of
postconf -n hostname
???
-
As said, it should use gethostname(). What's the output of
postconf -n hostname
???
In () are my redactions/comments:
$ postconf -n
access_map_defer_code = 451
access_map_reject_code = 554
config_directory = /usr/local/etc/postfix
default_process_limit = 100
disable_vrfy_command = yes
local_recipient_maps =
message_size_limit = 25600000
mydestination =
mynetworks = /usr/local/etc/postfix/mynetwork_table
mynetworks_style = host
postscreen_access_list = permit_mynetworks, cidr:/usr/local/etc/postfix/cal_cidr
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org, b.barracudacentral.org
postscreen_dnsbl_threshold = 1
relay_domains = (My first email domain) (My second email domain)
smtpd_banner = $myhostname (My host.domain.com)
smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination, check_client_access pcre:/usr/local/etc/postfix/cal_pcre, check_client_access cidr:/usr/local/etc/postfix/cal_cidr, reject_unknown_client_hostname, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, check_client_access pcre:/usr/local/etc/postfix/cal_pcre, check_client_access cidr:/usr/local/etc/postfix/cal_cidr, check_sender_access hash:/usr/local/etc/postfix/sender_access, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_multi_recipient_bounce, reject_unverified_recipient, reject_spf_invalid_sender, permit
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
strict_rfc821_envelopes = yes
transport_maps = hash:/usr/local/etc/postfix/transport
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unverified_recipient_reject_code = 550$ hostname
pfsense.domain.com (My domain) -
Afraid the postfix package is broken - gethostname() not working. Otherwise, you'd get "pfsense.domain.com" in the smtpd_banner. You can try to add
myhostname = host.domain.com
to custom configuration and see if it helps.
-
Afraid the postfix package is broken - gethostname() not working. Otherwise, you'd get "pfsense.domain.com" in the smtpd_banner. You can try to add
myhostname = host.domain.com
to custom configuration and see if it helps.
Is it possible the RBL lookups are broken as well? I think postfix forwarder is reducing the volume of spam (though this is just anecdotal, I don't see any useful logs in the GUI), but the first spam I received this morning came from an IP address that should have been blocked by the postfix forwarder RBL lookup.
-
Well, if basic things like resolution of local hostname are broken, then obviously yes, DNSBLs which rely on DNS records may be broken as well. Would need the whole postconf output (without -n) to see what's really configured in the end.
-
Afraid the postfix package is broken - gethostname() not working. Otherwise, you'd get "pfsense.domain.com" in the smtpd_banner. You can try to add
myhostname = host.domain.com
to custom configuration and see if it helps.
Is it possible the RBL lookups are broken as well? I think postfix forwarder is reducing the volume of spam (though this is just anecdotal, I don't see any useful logs in the GUI), but the first spam I received this morning came from an IP address that should have been blocked by the postfix forwarder RBL lookup.
I have been running it for months on multiple boxes. As far as I know nothing is broken as long as it intstalled correctly.
First you NEED to look at the log.
1. Do this, go into the first page general configuration, second heading "Logging" it should say "/var/log/maillog" if not use the down arrow and select it and save the configuration.
2. Go into services and restart postfix.
3. you can do this anyway you want. You said you tried to use edit file which is fine, use it browse to var/log/maillog and open it what does it say? Post the log here
Again I do not think postfix is actually receiving your mail. It needs to be in the middle between pfsense and your smtp server. If you see it running in services then it probably is.
Were you running an smtp server without it before? If so did you modify your firewall route to pass the mail to postfix first. Just installing it will not do this.
This is very easy to test.
1. Stop your SMTP server NOT postfix.
2. Run a test with mxtoolbox
3. Do you get a responce
3a No -> postfix is not in the middle and IS not processing mail for you.
3b Yes -> postfix is in the middle. -
I have been running it for months on multiple boxes. As far as I know nothing is broken as long as it intstalled correctly.
First you NEED to look at the log.
1. Do this, go into the first page general configuration, second heading "Logging" it should say "/var/log/maillog" if not use the down arrow and select it and save the configuration.
2. Go into services and restart postfix.
3. you can do this anyway you want. You said you tried to use edit file which is fine, use it browse to var/log/maillog and open it what does it say? Post the log here
Again I do not think postfix is actually receiving your mail. It needs to be in the middle between pfsense and your smtp server. If you see it running in services then it probably is.
Were you running an smtp server without it before? If so did you modify your firewall route to pass the mail to postfix first. Just installing it will not do this.
This is very easy to test.
1. Stop your SMTP server NOT postfix.
2. Run a test with mxtoolbox
3. Do you get a responce
3a No -> postfix is not in the middle and IS not processing mail for you.
3b Yes -> postfix is in the middle.Ok, logging was set for "System log" - I changed it to "/var/log/maillog".
I don't see a way to restart Postfix, so I went into Services/Postfix Forwarder, unchecked "Enable Postfix" then saved and then rechecked it then saved.
From the command prompt on the Netgate firewall I tried "cat /var/log/maillog" but nothing happened.
If I go to "System Activity" I see:
42792 postfix 64 20 87216K 50644K nanslp 2 0:02 0.00% perl5.12.4
32099 postfix 64 20 87216K 50520K nanslp 1 0:02 0.00% perl5.12.4
51351 postfix 64 20 87216K 50644K nanslp 1 0:02 0.00% perl5.12.4
59513 postfix 64 20 87216K 50644K nanslp 2 0:02 0.00% perl5.12.4
2313 postfix 64 20 87216K 50644K nanslp 2 0:02 0.00% perl5.12.4Regarding the firewall rule… there is a postfix forwarder option for "Domains to Forward" and I put my mail server's IP in there along with the domains. If this didn't create a firewall rule, then it sounds like that's where I screwed up and I may have misinterpreted the mxtoolbox results.
Actually, I'm still getting email from my mail server... so that doesn't make sense. I'll go back and read your posts again.
Edit: Now I see none of my NAT or firewall rules related to SMTP were updated by the installation of postfix forwarder. Combination of misinterpreting mxtoolbox output and a slow spam night doomed me while I was troubleshooting. Fixing the rules now. Thanks for the help!
-
I have been running it for months on multiple boxes. As far as I know nothing is broken as long as it intstalled correctly.
First you NEED to look at the log.
1. Do this, go into the first page general configuration, second heading "Logging" it should say "/var/log/maillog" if not use the down arrow and select it and save the configuration.
2. Go into services and restart postfix.
3. you can do this anyway you want. You said you tried to use edit file which is fine, use it browse to var/log/maillog and open it what does it say? Post the log here
Again I do not think postfix is actually receiving your mail. It needs to be in the middle between pfsense and your smtp server. If you see it running in services then it probably is.
Were you running an smtp server without it before? If so did you modify your firewall route to pass the mail to postfix first. Just installing it will not do this.
This is very easy to test.
1. Stop your SMTP server NOT postfix.
2. Run a test with mxtoolbox
3. Do you get a responce
3a No -> postfix is not in the middle and IS not processing mail for you.
3b Yes -> postfix is in the middle.Ok, logging was set for "System log" - I changed it to "/var/log/maillog".
I don't see a way to restart Postfix, so I went into Services/Postfix Forwarder, unchecked "Enable Postfix" then saved and then rechecked it then saved.
From the command prompt on the Netgate firewall I tried "cat /var/log/maillog" but nothing happened.
If I go to "System Activity" I see:
42792 postfix 64 20 87216K 50644K nanslp 2 0:02 0.00% perl5.12.4
32099 postfix 64 20 87216K 50520K nanslp 1 0:02 0.00% perl5.12.4
51351 postfix 64 20 87216K 50644K nanslp 1 0:02 0.00% perl5.12.4
59513 postfix 64 20 87216K 50644K nanslp 2 0:02 0.00% perl5.12.4
2313 postfix 64 20 87216K 50644K nanslp 2 0:02 0.00% perl5.12.4Regarding the firewall rule… there is a postfix forwarder option for "Domains to Forward" and I put my mail server's IP in there along with the domains. If this didn't create a firewall rule, then it sounds like that's where I screwed up and I may have misinterpreted the mxtoolbox results.
Actually, I'm still getting email from my mail server... so that doesn't make sense. I'll go back and read your posts again.
With postfix running just stop your mail server and run the test with mxtoolbox. If you receive a reply it is configured correctly if you do not receive a reply it is not. Let me know the results.
-
With postfix running just stop your mail server and run the test with mxtoolbox. If you receive a reply it is configured correctly if you do not receive a reply it is not. Let me know the results.
With my mail server shut down, I got a timeout from mxtoolbox. The firewall rule I used on the WAN interface after I re-read your posts was:
TCP * * 127.0.0.1 25 (SMTP) * none
And I changed Listen interface(s) in postfix forwarder to loopback.
I must be doing something wrong with the firewall rules because it appears postfix forwarder IS running, just not answering.
I have tried having the rule above enabled both with my previous rule for my internal server enabled and disabled, but either way postfix forwarder doesn't answer on port 25.
Update:
I've been reading through http://forum.pfsense.org/index.php/topic,40622.msg217539.html#msg217539, particularly:
"remove nat from port 25
create a wan rule to permit smtp traffic to wan address
check enable postfix option
choose at least wan loopback interfaces
fill your domain/internal smtp info"I follow this except for the "at least" part… maybe I need to try using the WAN interface instead of loopback.
-
With postfix running just stop your mail server and run the test with mxtoolbox. If you receive a reply it is configured correctly if you do not receive a reply it is not. Let me know the results.
With my mail server shut down, I got a timeout from mxtoolbox. The firewall rule I used on the WAN interface after I re-read your posts was:
TCP * * 127.0.0.1 25 (SMTP) * none
And I changed Listen interface(s) in postfix forwarder to loopback.
I must be doing something wrong with the firewall rules because it appears postfix forwarder IS running, just not answering.
I have tried having the rule above enabled both with my previous rule for my internal server enabled and disabled, but either way postfix forwarder doesn't answer on port 25.
Update:
I've been reading through http://forum.pfsense.org/index.php/topic,40622.msg217539.html#msg217539, particularly:
"remove nat from port 25
create a wan rule to permit smtp traffic to wan address
check enable postfix option
choose at least wan loopback interfaces
fill your domain/internal smtp info"I follow this except for the "at least" part… maybe I need to try using the WAN interface instead of loopback.
You can do it as above. However do not use the rule I gave you. Instead use the rule above and change the listening interface to the wan and loopback. Just use the control key to select both. Then save the configuration. Then rerun the mxtoolbox test with your smtp server stopped but postfix enabled and running. you should get a responce.
-
I follow this except for the "at least" part… maybe I need to try using the WAN interface instead of loopback.
That seems to have worked… I changed the rule to:
TCP * * WAN address 25 (SMTP) * none
And now postfix forwarder is answering... and emails are getting to my internal mail server.
-
Good. :)
You still should go to /var/log/maillog
And take a look and see what postfix is doing and see if there are any other problems.
-
I follow this except for the "at least" part… maybe I need to try using the WAN interface instead of loopback.
That seems to have worked… I changed the rule to:
TCP * * WAN address 25 (SMTP) * none
And now postfix forwarder is answering... and emails are getting to my internal mail server.
It should be answering now with whatever you put in smtpd_banner = $myhostname
-
Good. :)
You still should go to /var/log/maillog
And take a look and see what postfix is doing and see if there are any other problems.
I thought I replied to this but don't see it… anyway, I changed the postfix forwarder logging option to /var/log/maillog. This file is 0 bytes when I download it from the pfsense GUI. The Postfix dashboard widget is also just a blue bar that says Postfix. This was the case before and after my changing the logging from System logs to /var/log/maillog. Confused! It appears email is being processed fine as I'm receiving it from my internal mail server and the headers mention my pfsense.domain.com.
-
Try rebooting the box. Then take a look at the log and see if it is logging properly.
-
Try rebooting the box. Then take a look at the log and see if it is logging properly.
When all else fails… yeah, that worked. After rebooting I can now download and view /var/log/maillog and there are stats in the Postfix dashboard widget.
It will be nice not having any more spam from Dr. Oz. Not that you guys would know about that, because you've been blocking his mail. And now I am too. ;)
-
Good. :)
You still should go to /var/log/maillog
And take a look and see what postfix is doing and see if there are any other problems.
I thought I replied to this but don't see it… anyway, I changed the postfix forwarder logging option to /var/log/maillog. This file is 0 bytes when I download it from the pfsense GUI. The Postfix dashboard widget is also just a blue bar that says Postfix. This was the case before and after my changing the logging from System logs to /var/log/maillog. Confused! It appears email is being processed fine as I'm receiving it from my internal mail server and the headers mention my pfsense.domain.com.
Also did you configure the tabs in postfix "access lists" and "antispam"
-
Also did you configure the tabs in postfix "access lists" and "antispam"
Antispam yes… access lists no. In terms of the "Client Access List", I force users to connect to the LAN via VPN to send mail. So I don't think I need to let postfix forwarder know about clients allowed to relay, because no one is?
-
Any idea where the Postfix dashboard widget gets its data? It currently shows:
Postfix
2013-08-16
Sent
2But I can see from /var/log/maillog (and from my inbox) that a lot more stuff has happened… e.g. rejections.
-
Also did you configure the tabs in postfix "access lists" and "antispam"
Antispam yes… access lists no. In terms of the "Client Access List", I force users to connect to the LAN via VPN to send mail. So I don't think I need to let postfix forwarder know about clients allowed to relay, because no one is?
You are thinking the wrong direction. the ACL is what postfix uses to process the email. The key word being accept as in "INBOUND" mail. Not outbound as it does not have any thing to do with outbound mail.
What you are seeing in the dashboard is correct. The Sent actually refers to received. So it received 2 emails from x and forwarded it to you smtp server.
Are you using mailscanner?
-
Also did you configure the tabs in postfix "access lists" and "antispam"
Antispam yes… access lists no. In terms of the "Client Access List", I force users to connect to the LAN via VPN to send mail. So I don't think I need to let postfix forwarder know about clients allowed to relay, because no one is?
You are thinking the wrong direction. the ACL is what postfix uses to process the email. The key word being accept as in "INBOUND" mail. Not outbound as it does not have any thing to do with outbound mail.
What you are seeing in the dashboard is correct. The Sent actually refers to received. So it received 2 emails from x and forwarded it to you smtp server.
Are you using mailscanner?
Oh… I think I get it now. So the ACL is to whitelist my computers in case they send spammy-looking email, they won't be blocked by postfix forwarder? I think I'll leave the entire set of options in that tab empty for now.
I thought the dashboard would show rejections, but it looks like it does not... I just have #s for sent and bounced, but I know many more messages are being rejected from looking at /var/log/maillog.
-
you are correct.