Postfix forwarder - modify SMTP banner?

doktornotor

Afraid the postfix package is broken - gethostname() not working. Otherwise, you'd get "pfsense.domain.com" in the smtpd_banner. You can try to add

myhostname = host.domain.com

to custom configuration and see if it helps.

dreadnought

@doktornotor:

Afraid the postfix package is broken - gethostname() not working. Otherwise, you'd get "pfsense.domain.com" in the smtpd_banner. You can try to add

myhostname = host.domain.com

to custom configuration and see if it helps.

Is it possible the RBL lookups are broken as well?  I think postfix forwarder is reducing the volume of spam (though this is just anecdotal, I don't see any useful logs in the GUI), but the first spam I received this morning came from an IP address that should have been blocked by the postfix forwarder RBL lookup.

doktornotor

Well, if basic things like resolution of local hostname are broken, then obviously yes, DNSBLs which rely on DNS records may be broken as well. Would need the whole postconf output (without -n) to see what's really configured in the end.

mschiek01

@dreadnought:

@doktornotor:

Afraid the postfix package is broken - gethostname() not working. Otherwise, you'd get "pfsense.domain.com" in the smtpd_banner. You can try to add

myhostname = host.domain.com

to custom configuration and see if it helps.

Is it possible the RBL lookups are broken as well?  I think postfix forwarder is reducing the volume of spam (though this is just anecdotal, I don't see any useful logs in the GUI), but the first spam I received this morning came from an IP address that should have been blocked by the postfix forwarder RBL lookup.

I have been running it for months on multiple boxes. As far as I know nothing is broken as long as it intstalled correctly.

First you NEED to look at the log.

1. Do this, go into the first page general configuration, second heading "Logging"  it should say "/var/log/maillog"  if not use the down arrow and select it and save the configuration.

2. Go into services and restart postfix.

3. you can do this anyway you want.  You said you tried to use edit file which is fine, use it browse to var/log/maillog and open it what does it say?  Post the log here

Again I do not think postfix is actually receiving your mail.  It needs to be in the middle between pfsense and your smtp server.  If you see it running in services then it probably is.

Were you running an smtp server without it before? If so did you modify your firewall route to pass the mail to postfix first.  Just installing it will not do this.

This is very easy to test.  
1. Stop your SMTP server NOT postfix.
2. Run a test with mxtoolbox
3. Do you get a responce
3a No -> postfix is not in the middle and IS not processing mail for you.
3b Yes -> postfix is in the middle.

dreadnought

I have been running it for months on multiple boxes. As far as I know nothing is broken as long as it intstalled correctly.

First you NEED to look at the log.

1. Do this, go into the first page general configuration, second heading "Logging"  it should say "/var/log/maillog"  if not use the down arrow and select it and save the configuration.

2. Go into services and restart postfix.

3. you can do this anyway you want.  You said you tried to use edit file which is fine, use it browse to var/log/maillog and open it what does it say?  Post the log here

Again I do not think postfix is actually receiving your mail.  It needs to be in the middle between pfsense and your smtp server.  If you see it running in services then it probably is.

Were you running an smtp server without it before? If so did you modify your firewall route to pass the mail to postfix first.  Just installing it will not do this.

This is very easy to test.  
1. Stop your SMTP server NOT postfix.
2. Run a test with mxtoolbox
3. Do you get a responce
3a No -> postfix is not in the middle and IS not processing mail for you.
3b Yes -> postfix is in the middle.

Ok, logging was set for "System log" - I changed it to "/var/log/maillog".

I don't see a way to restart Postfix, so I went into Services/Postfix Forwarder, unchecked "Enable Postfix" then saved and then rechecked it then saved.

From the command prompt on the Netgate firewall I tried "cat /var/log/maillog" but nothing happened.

If I go to "System Activity" I see:

42792 postfix    64   20 87216K 50644K nanslp  2   0:02  0.00% perl5.12.4
32099 postfix    64   20 87216K 50520K nanslp  1   0:02  0.00% perl5.12.4
51351 postfix    64   20 87216K 50644K nanslp  1   0:02  0.00% perl5.12.4
59513 postfix    64   20 87216K 50644K nanslp  2   0:02  0.00% perl5.12.4
2313 postfix    64   20 87216K 50644K nanslp  2   0:02  0.00% perl5.12.4

Regarding the firewall rule… there is a postfix forwarder option for "Domains to Forward" and I put my mail server's IP in there along with the domains.  If this didn't create a firewall rule, then it sounds like that's where I screwed up and I may have misinterpreted the mxtoolbox results.

Actually, I'm still getting email from my mail server... so that doesn't make sense.  I'll go back and read your posts again.

Edit: Now I see none of my NAT or firewall rules related to SMTP were updated by the installation of postfix forwarder.  Combination of misinterpreting mxtoolbox output and a slow spam night doomed me while I was troubleshooting.  Fixing the rules now.  Thanks for the help!

mschiek01

@dreadnought:

I have been running it for months on multiple boxes. As far as I know nothing is broken as long as it intstalled correctly.

First you NEED to look at the log.

1. Do this, go into the first page general configuration, second heading "Logging"  it should say "/var/log/maillog"  if not use the down arrow and select it and save the configuration.

2. Go into services and restart postfix.

3. you can do this anyway you want.  You said you tried to use edit file which is fine, use it browse to var/log/maillog and open it what does it say?  Post the log here

Again I do not think postfix is actually receiving your mail.  It needs to be in the middle between pfsense and your smtp server.  If you see it running in services then it probably is.

Were you running an smtp server without it before? If so did you modify your firewall route to pass the mail to postfix first.  Just installing it will not do this.

This is very easy to test.  
1. Stop your SMTP server NOT postfix.
2. Run a test with mxtoolbox
3. Do you get a responce
3a No -> postfix is not in the middle and IS not processing mail for you.
3b Yes -> postfix is in the middle.

Ok, logging was set for "System log" - I changed it to "/var/log/maillog".

I don't see a way to restart Postfix, so I went into Services/Postfix Forwarder, unchecked "Enable Postfix" then saved and then rechecked it then saved.

From the command prompt on the Netgate firewall I tried "cat /var/log/maillog" but nothing happened.

If I go to "System Activity" I see:

42792 postfix    64   20 87216K 50644K nanslp  2   0:02  0.00% perl5.12.4
32099 postfix    64   20 87216K 50520K nanslp  1   0:02  0.00% perl5.12.4
51351 postfix    64   20 87216K 50644K nanslp  1   0:02  0.00% perl5.12.4
59513 postfix    64   20 87216K 50644K nanslp  2   0:02  0.00% perl5.12.4
2313 postfix    64   20 87216K 50644K nanslp  2   0:02  0.00% perl5.12.4

Regarding the firewall rule… there is a postfix forwarder option for "Domains to Forward" and I put my mail server's IP in there along with the domains.  If this didn't create a firewall rule, then it sounds like that's where I screwed up and I may have misinterpreted the mxtoolbox results.

Actually, I'm still getting email from my mail server... so that doesn't make sense.  I'll go back and read your posts again.

With postfix running just stop your mail server and run the test with mxtoolbox.  If you receive a reply it is configured correctly if you do not receive a reply it is not.  Let me know the results.

dreadnought

With postfix running just stop your mail server and run the test with mxtoolbox.  If you receive a reply it is configured correctly if you do not receive a reply it is not.  Let me know the results.

With my mail server shut down, I got a timeout from mxtoolbox.  The firewall rule I used on the WAN interface after I re-read your posts was:

TCP * * 127.0.0.1 25 (SMTP) * none

And I changed Listen interface(s) in postfix forwarder to loopback.

I must be doing something wrong with the firewall rules because it appears postfix forwarder IS running, just not answering.

I have tried having the rule above enabled both with my previous rule for my internal server enabled and disabled, but either way postfix forwarder doesn't answer on port 25.

Update:

I've been reading through http://forum.pfsense.org/index.php/topic,40622.msg217539.html#msg217539, particularly:

"remove nat from port 25
create a wan rule to permit smtp traffic to wan address
check enable postfix option
choose at least wan loopback interfaces
fill your domain/internal smtp info"

I follow this except for the "at least" part… maybe I need to try using the WAN interface instead of loopback.

mschiek01

@dreadnought:

With postfix running just stop your mail server and run the test with mxtoolbox.  If you receive a reply it is configured correctly if you do not receive a reply it is not.  Let me know the results.

With my mail server shut down, I got a timeout from mxtoolbox.  The firewall rule I used on the WAN interface after I re-read your posts was:

TCP * * 127.0.0.1 25 (SMTP) * none

And I changed Listen interface(s) in postfix forwarder to loopback.

I must be doing something wrong with the firewall rules because it appears postfix forwarder IS running, just not answering.

I have tried having the rule above enabled both with my previous rule for my internal server enabled and disabled, but either way postfix forwarder doesn't answer on port 25.

Update:

I've been reading through http://forum.pfsense.org/index.php/topic,40622.msg217539.html#msg217539, particularly:

"remove nat from port 25
create a wan rule to permit smtp traffic to wan address
check enable postfix option
choose at least wan loopback interfaces
fill your domain/internal smtp info"

I follow this except for the "at least" part… maybe I need to try using the WAN interface instead of loopback.

You can do it as above.  However do not use the rule I gave you.  Instead use the rule above and change the listening interface to the wan and loopback.  Just use the control key to select both.  Then save the configuration.  Then rerun the mxtoolbox test with your smtp server stopped but postfix enabled and running.  you should get a responce.

dreadnought

I follow this except for the "at least" part… maybe I need to try using the WAN interface instead of loopback.

That seems to have worked… I changed the rule to:

TCP * * WAN address 25 (SMTP) * none

And now postfix forwarder is answering... and emails are getting to my internal mail server.

mschiek01

Good.  :)

You still should go to /var/log/maillog

And take a look and see what postfix is doing and see if there are any other problems.

mschiek01

@dreadnought:

I follow this except for the "at least" part… maybe I need to try using the WAN interface instead of loopback.

That seems to have worked… I changed the rule to:

TCP * * WAN address 25 (SMTP) * none

And now postfix forwarder is answering... and emails are getting to my internal mail server.

It should be answering now with whatever you put in smtpd_banner = $myhostname

dreadnought

@mschiek01:

Good.  :)

You still should go to /var/log/maillog

And take a look and see what postfix is doing and see if there are any other problems.

I thought I replied to this but don't see it… anyway, I changed the postfix forwarder logging option to /var/log/maillog.  This file is 0 bytes when I download it from the pfsense GUI.  The Postfix dashboard widget is also just a blue bar that says Postfix.  This was the case before and after my changing the logging from System logs to /var/log/maillog.  Confused!  It appears email is being processed fine as I'm receiving it from my internal mail server and the headers mention my pfsense.domain.com.

mschiek01

Try rebooting the box.  Then take a look at the log and see if it is logging properly.

dreadnought

@mschiek01:

Try rebooting the box.  Then take a look at the log and see if it is logging properly.

When all else fails… yeah, that worked.  After rebooting I can now download and view /var/log/maillog and there are stats in the Postfix dashboard widget.

It will be nice not having any more spam from Dr. Oz.  Not that you guys would know about that, because you've been blocking his mail.  And now I am too.  ;)

mschiek01

@dreadnought:

@mschiek01:

Good.  :)

You still should go to /var/log/maillog

And take a look and see what postfix is doing and see if there are any other problems.

I thought I replied to this but don't see it… anyway, I changed the postfix forwarder logging option to /var/log/maillog.  This file is 0 bytes when I download it from the pfsense GUI.  The Postfix dashboard widget is also just a blue bar that says Postfix.  This was the case before and after my changing the logging from System logs to /var/log/maillog.  Confused!  It appears email is being processed fine as I'm receiving it from my internal mail server and the headers mention my pfsense.domain.com.

Also did you configure the tabs in postfix  "access lists" and "antispam"

dreadnought

Also did you configure the tabs in postfix  "access lists" and "antispam"

Antispam yes… access lists no.  In terms of the "Client Access List", I force users to connect to the LAN via VPN to send mail.  So I don't think I need to let postfix forwarder know about clients allowed to relay, because no one is?

dreadnought

Any idea where the Postfix dashboard widget gets its data?  It currently shows:

Postfix
2013-08-16
Sent
2

But I can see from /var/log/maillog (and from my inbox) that a lot more stuff has happened… e.g. rejections.

mschiek01

@dreadnought:

Also did you configure the tabs in postfix  "access lists" and "antispam"

Antispam yes… access lists no.  In terms of the "Client Access List", I force users to connect to the LAN via VPN to send mail.  So I don't think I need to let postfix forwarder know about clients allowed to relay, because no one is?

You are thinking the wrong direction.  the ACL is what postfix uses to process the email.  The key word being accept as in "INBOUND" mail.  Not outbound as it does not have any thing to do with outbound mail.

What you are seeing in the dashboard is correct.  The Sent actually refers to received.  So it received 2 emails from x and forwarded it to you smtp server.

Are you using mailscanner?

dreadnought

@mschiek01:

@dreadnought:

Also did you configure the tabs in postfix  "access lists" and "antispam"

Antispam yes… access lists no.  In terms of the "Client Access List", I force users to connect to the LAN via VPN to send mail.  So I don't think I need to let postfix forwarder know about clients allowed to relay, because no one is?

You are thinking the wrong direction.  the ACL is what postfix uses to process the email.  The key word being accept as in "INBOUND" mail.  Not outbound as it does not have any thing to do with outbound mail.

What you are seeing in the dashboard is correct.  The Sent actually refers to received.  So it received 2 emails from x and forwarded it to you smtp server.

Are you using mailscanner?

Oh… I think I get it now.  So the ACL is to whitelist my computers in case they send spammy-looking email, they won't be blocked by postfix forwarder?  I think I'll leave the entire set of options in that tab empty for now.

I thought the dashboard would show rejections, but it looks like it does not... I just have #s for sent and bounced, but I know many more messages are being rejected from looking at /var/log/maillog.

mschiek01

you are correct.