• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Postfix - antispam and relay package

Scheduled Pinned Locked Moved pfSense Packages
855 Posts 136 Posters 1.1m Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    biggsy
    last edited by Sep 27, 2014, 7:29 AM

    @pyrodex:

    Any chance of getting this to work in 2.2?

    Are you talking about Postfix forwarder on 2.2?  I have had some problems with that.

    Installing postfix on 2.2 (with a config restored from 2.1.5) I'm getting the following:

    postfix/postfix-script[56365]: fatal: no Postfix daemon directory /usr/local/libexec/postfix!
    
    

    and

    
    php-fpm[7873]: /pkg_mgr_install.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory'
    php-fpm[7873]: /pkg_mgr_install.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory'
    
    

    Then the following repeats about 5 or 6 times:

    php-fpm[8074]: /pkg_edit.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory'
    php-fpm[8074]: /pkg_edit.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory'
    
    

    All this could be due to the restored config but I don't know.

    1 Reply Last reply Reply Quote 0
    • F
      FlashPan
      last edited by Sep 27, 2014, 8:52 AM

      Thanks Bismark and biggsy,

      I do have zen.spamhaus.org, bl.spamcop.net, dnsbl.sorbs.net set in my RBL list and the threshold is set to 2 already.  These options have been set for months.  On my firewall I'm set the automatic nat outbound rule generation so none of the rbl servers should be blocked to interogate.

      Postfix is set the listen on LAN, WAN and loopback (quite a while back I only had Lan or Wan selected - if I remember correctly I think a version upgrade stop mail flowing through and only using all 3 got it working again).

      Access Lists > Header:

      /^Subject:/ WARN
      /^From:/ HOLD
      /^To:.*@MyDomain.co.uk/ HOLD

      Antispam > Header verifiction: set to basic as when set to string alot of legit emails do not make it through.

      Antispam > After greeting tests: all selected

      In the Mailscanner app under AntiSpam > Spamchecks the only element I have selected is "Spam Checks (yes)"  Nothing else is selected or have a value entered.  Could that be causing some sort of clash?

      Mailscanner > AntiSpam > Spam Assassin > Features:  All is selected except for Include Binary Attachments and Wait during bayes rebuild

      Am still at a loss :)

      One other thing I have noticed is that with the Postfix widget I only see values for Sent, nothing for Rejected etc. - actually I have never seen anything except for Sent.

      Emails are being rejected as when I use the Search mail feature I can see entries like this:

      Sep 26 10:12:00 wing@cybercatinc.com steve@XXXX.co.uk reject
      Sep 26 09:22:16 tejedas@embarq.com steve@XXXX.co.uk reject
      Sep 26 09:22:16 tejedas@embarq.com j6g05dt3po6rorq@XXXX.co.uk reject

      (the top 2 recipients are valid the 3rd recipient does not exist)

      Apologies now, as before I did not give much detail on my setup and now I could be overloading with all the wrong info.  :P

      Cheers again all and thanks once again for your help.

      1 Reply Last reply Reply Quote 0
      • B
        Bismarck
        last edited by Oct 1, 2014, 12:34 PM Sep 27, 2014, 9:59 AM

        First in Search Mail > Message Fields: mark all and search again, this will show you much more information. Or even better you login via putty/ssh and watch the logs live:

        tail -f /var/log/maillog
        

        Access Lists > Header:
        /^Subject:/ WARN
        /^From:/ HOLD
        /^To:.*@MyDomain.co.uk/ HOLD

        scratch that, you have just c&p the example stuff there, this would be a valid list:

        #Remove sensitive information from email headers
        /^Received: from MTA.LOCAL*/ IGNORE
        /^Received:.*with ESMTPS/ IGNORE
        /^X-Originating-IP:/ IGNORE
        /^User-Agent:/ IGNORE
        # SPAM
        /^Received:.*rev.sfr.net / REJECT 
        /^From:.*@bt.com/ REJECT
        /^Subject:.*(Important - BT Digital File):/ REJECT 
        # HAM
        /^From:.*@XXXX.co.uk / OK
        

        Antispam > After greeting tests: all selected

        You may take this into account. (thanks biggsy)

        Emails are being rejected as when I use the Search mail feature I can see entries like this:
        Sep 26 10:12:00 wing@cybercatinc.com steve@XXXX.co.uk reject
        Sep 26 09:22:16 tejedas@embarq.com steve@XXXX.co.uk reject
        Sep 26 09:22:16 tejedas@embarq.com j6g05dt3po6rorq@XXXX.co.uk reject
        (the top 2 recipients are valid the 3rd recipient does not exist)

        Postfix  > Access Lists > MyNetworks

        Your IPs should be listed here, like:

        192.168.0.7 # internal mailhost
        192.168.0.1 # pfs lan
        127.0.0.1   # pfs loopback
        

        and enable Postfix  > Recipients > AD etc..

        Cheers!  ;)

        1 Reply Last reply Reply Quote 0
        • F
          FlashPan
          last edited by Sep 28, 2014, 9:06 AM

          Thanks for all the info Bismarck.  At the moment I'm not using the options uner #SPAM as I'm still; liking to get this tuff generally blocked without manual intervention…great info though for me in the future.

          Am not sure why I would want to whitelist google servers?  Surely that is only going to effect email coming in from google/gmail and nothing else?

          I've added my ip's under Postfix  > Access Lists > MyNetworks

          Have been sending through some test spam/virus emials but it look like my logs have now randomly corrupted I think as when I search for anything the results are blank or give something starting with Warning: sqlite_query(): no such column: mail_status.info in /usr/local/www/postfix.php on line 606 Warning:

          For Postfix  > Recipients I've set Custom Valid recipients as I've not installed the p5-perl-ldap package yet.

          Cheers again  :D

          1 Reply Last reply Reply Quote 0
          • Y
            yaboc
            last edited by Sep 28, 2014, 4:39 PM

            my postfix service doesn't stop from the services page and even when i disable the forwarder and rebbot pfsense it seems to be running. im on the current version (pf + package). any ideas why? can i kill it from cli?

            1 Reply Last reply Reply Quote 0
            • J
              jaredadams
              last edited by Sep 30, 2014, 3:36 PM

              Can someone enlighten me as to which setting(s) in the configuration causes this check?

              NOQUEUE: reject: RCPT from unknown[X.X.X.X]: 550 5.7.1 Client host rejected: cannot find your hostname, [X.X.X.x]; from= email@domain.comto= email@mycompany.comproto=ESMTP helo=<[X.X.X.X]>/email@mycompany.com/email@domain.com

              1 Reply Last reply Reply Quote 0
              • B
                Bismarck
                last edited by Sep 30, 2014, 6:07 PM

                @jaredadams:

                Can someone enlighten me as to which setting(s) in the configuration causes this check?

                NOQUEUE: reject: RCPT from unknown[X.X.X.X]: 550 5.7.1 Client host rejected: cannot find your hostname, [X.X.X.x]; from= email@domain.comto= email@mycompany.comproto=ESMTP helo=<[X.X.X.X]>/email@mycompany.com/email@domain.com

                Postfix > Antispam

                Helo Hostname

                Default: Checked

                Reject unknow helo hostname during smtp communication.

                1 Reply Last reply Reply Quote 0
                • F
                  FlashPan
                  last edited by Oct 1, 2014, 8:50 PM

                  Hi,

                  Well after some reinstall (well many) and different configs I think I've mainly got this working to block spam (mainly).

                  I found this website http://www.crynwr.com/spam/ and from here you can send yourself test emails which should trigger a block etc and then this site will email you the conversation/outcome.

                  Sadly though I still seem to have a couple of issues .  My widget still does not show up anything but the Sent stats.  In Search Mail, No Queue, I can see emails being rejected (eg sent to a non existant emails address).  Ideas anyone?

                  I think I've found another issue as well.  I read this on another forum but I think it may have been quite old so not sure if still valid and of course I cannot find the page again as I did not save it.

                  Anyhow below you will see an email header that came into to me to day.  Go through Postfix and Mailsanner with no flags.

                  I think I read it correctly but postfix cannot block email if it passes through or relays through multiple email servers.

                  Anyone seen or aware of this type of thing?

                  As always of tip my cap to you call and thank  you very much for your help past, present and future :)

                  Cheers

                  Received: from xxx.xxx.co.uk (192.168.100.4) by xxx.xxx.corp
                  (192.168.xxx.xxx) with Microsoft SMTP Server id 14.3.210.2; Wed, 1 Oct 2014
                  13:17:22 +0100
                  Received: from ns5.lucidity.ie (ns5.lucidity.ie [69.36.8.164]) by
                  xxx.xxx.co.uk (Postfix) with ESMTP id 0C678696B for xxxx@xxxx.co.uk;
                  Wed,  1 Oct 2014 13:17:10 +0100 (BST)
                  Received: from fieldandstream.ie ([::ffff:109.229.186.118])  (AUTH: LOGIN
                  mick@fieldandstream.ie)  by ns5.lucidity.ie with esmtp; Wed, 01 Oct 2014
                  13:11:58 +0100  id 0017605C.542BEF8E.00006496
                  Received: from rly04.hottestmile.com ([Wed, 01 Oct 2014 16:11:00 +0400]) by
                  smtp.doneohx.com with ESMTP; Wed, 01 Oct 2014 16:11:00 +0400
                  Received: from [42.30.29.127] by mail.webhostings4u.com with SMTP; Wed, 01 Oct
                  2014 16:06:05 +0400
                  Received: from relay.2yahoo.com ([200.137.192.220]) by mtu67.syds.piswix.net
                  with SMTP; Wed, 01 Oct 2014 15:50:57 +0400
                  Received: from relay37.vosimerkam.net ([Wed, 01 Oct 2014 15:43:37 +0400]) by
                  mailout.endmonthnow.com with ASMTP; Wed, 01 Oct 2014 15:43:37 +0400
                  Received: from unknown (HELO public.micromail.com.au) (Wed, 01 Oct 2014
                  15:41:09 +0400) by smtp18.yenddx.com with ESMTP; Wed, 01 Oct 2014 15:41:09
                  +0400
                  Message-ID: 7D9E9F4C.AEEB6E0F@fieldandstream.ie
                  Date: Wed, 1 Oct 2014 15:41:09 +0400
                  Reply-To: "Barclays@email.barclays.co.uk" mick@fieldandstream.ieFrom: "Barclays@email.barclays.co.uk" mick@fieldandstream.ieMIME-Version: 1.0
                  To: steve@sueandsteves.co.ukCC: steve@suej.co.uk, steve@suffolk.gov.uk, steve@suffolk.police.uk,
                  steve@suffolkcartlodges.co.uk, steve@suffolkfada.co.uk,
                  xxxx@xxxx.co.uk, steve@sugarhouse.co.uk, steve@sumarts.co.uk,
                  steve@sumlock.co.uk, steve@summe.co.uk, steve@summerbreak.co.uk,
                  steve@summerleaze.co.uk, steve@summerlin.co.uk, steve@summitbikes.co.ukSubject: =?ISO-8859-1?B?VHJhbnNhY3Rpb24gbm90IGNvbXBsZXRl?=
                  Content-Type: text/plain; charset="us-ascii"
                  Content-Transfer-Encoding: 7bit
                  X-sufu-MailScanner-Information: Please contact the ISP for more information
                  X-sufu-MailScanner-ID: 0C678696B.A7F57
                  X-sufu-MailScanner: Found to be clean
                  X-sufu-MailScanner-From: mick@fieldandstream.ie
                  X-Spam-Status: No
                  Return-Path: mick@fieldandstream.ie
                  X-MS-Exchange-Organization-AuthSource: xxx.xxx.corp
                  X-MS-Exchange-Organization-AuthAs: Anonymous/steve@summitbikes.co.uk/steve@summerlin.co.uk/steve@summerleaze.co.uk/steve@summerbreak.co.uk/steve@summe.co.uk/steve@sumlock.co.uk/steve@sumarts.co.uk/steve@sugarhouse.co.uk/xxxx@xxxx.co.uk/steve@suffolkfada.co.uk/steve@suffolkcartlodges.co.uk/steve@suffolk.police.uk/steve@suffolk.gov.uk/steve@suej.co.uk/steve@sueandsteves.co.uk/mick@fieldandstream.ie/mick@fieldandstream.ie/xxxx@xxxx.co.uk

                  1 Reply Last reply Reply Quote 0
                  • B
                    Bismarck
                    last edited by Oct 1, 2014, 9:41 PM

                    @FlashPan:

                    Anyhow below you will see an email header that came into to me to day.  Go through Postfix and Mailsanner with no flags.

                    I think I read it correctly but postfix cannot block email if it passes through or relays through multiple email servers.

                    X-sufu-MailScanner-Information: Please contact the ISP for more information
                    X-sufu-MailScanner-ID: 0C678696B.A7F57
                    X-sufu-MailScanner: Found to be clean
                    X-sufu-MailScanner-From: mick@fieldandstream.ie
                    X-Spam-Status: No

                    Return-Path: mick@fieldandstream.ie
                    X-MS-Exchange-Organization-AuthSource: xxx.xxx.corp
                    X-MS-Exchange-Organization-AuthAs: Anonymous

                    Looks okay for me, this mail passed postfix and mailscanner.

                    1 Reply Last reply Reply Quote 0
                    • B
                      biggsy
                      last edited by Oct 2, 2014, 8:19 AM

                      @FlashPan:

                      I think I read it correctly but postfix cannot block email if it passes through or relays through multiple email servers.

                      I don't think you read that correctly.  Do you have a reference?

                      A lot of email will pass through multiple email servers en route - say, for example, from my mail server to my ISP's mail server to my friend's ISP's mail server and then to his mail server.  We both run postfix forwarder on pfSense.

                      1 Reply Last reply Reply Quote 0
                      • F
                        FlashPan
                        last edited by Oct 2, 2014, 10:24 AM

                        Sadly no I cannot find the webpage again.

                        My suspicions arose just because of so many relays and the content was definitley spam (trying to make you think it was from Barclays bank- with a non Barclays bank weblink to click on) plus the sender emails address was poorly made to look like it was from the bank as well.

                        1 Reply Last reply Reply Quote 0
                        • P
                          pyrodex
                          last edited by Oct 2, 2014, 12:26 PM

                          @biggsy:

                          @pyrodex:

                          Any chance of getting this to work in 2.2?

                          Are you talking about Postfix forwarder on 2.2?  I have had some problems with that.

                          Installing postfix on 2.2 (with a config restored from 2.1.5) I'm getting the following:

                          postfix/postfix-script[56365]: fatal: no Postfix daemon directory /usr/local/libexec/postfix!
                          
                          

                          and

                          
                          php-fpm[7873]: /pkg_mgr_install.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory'
                          php-fpm[7873]: /pkg_mgr_install.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory'
                          
                          

                          Then the following repeats about 5 or 6 times:

                          php-fpm[8074]: /pkg_edit.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory'
                          php-fpm[8074]: /pkg_edit.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory'
                          
                          

                          All this could be due to the restored config but I don't know.

                          Yup this is the same problem I had and I had the same issue on a fresh install too trying everything to get it to work.

                          1 Reply Last reply Reply Quote 0
                          • B
                            Bismarck
                            last edited by Oct 2, 2014, 1:46 PM

                            FlashPan you definitely need to fine tune your rbl list:

                            Received: from fieldandstream.ie ([::ffff:109.229.186.118])

                            Summary information for 109.229.186.118/32
                            Note: Times shown are for the latest entry only!
                            Found 2 network entries and 0 host/domain entries.

                            Problem Entries, (listings will cause email problems.)
                            1 "Hacked" entries [04:29:20 13 Sep 2011 GMT+00].
                            6 "Spam" entries [17:17:17 30 Aug 2014 GMT+00].

                            http://www.anti-abuse.org/multi-rbl-check-results/?host=109.229.186.118

                            And how often do you update your spamassassin rule subscriptions?

                            1 Reply Last reply Reply Quote 0
                            • F
                              FlashPan
                              last edited by Oct 2, 2014, 2:21 PM

                              Sigh  ???  this is what I am not understanding ;)

                              My options under Antispam > RBL Server List all seem correct.

                              zen.spamhaus.org*2, bl.spamcop.net, dnsbl.sorbs.net

                              As for spamassassin, you just gave me an answer in antoehr threas but think I may have borked the package as now it will not star for some reason.

                              Getting very close to pulling hair out time :)

                              Thanks Bismark you are going above and beyond here.

                              1 Reply Last reply Reply Quote 0
                              • B
                                Bismarck
                                last edited by Oct 2, 2014, 3:37 PM

                                Try this:

                                recent.spam.dnsbl.sorbs.net2, zen.spamhaus.org, bl.spamcop.net, dnsbl.sorbs.net, b.barracudacentral.org, dnsbl-1.uceprotect.net, ix.dnsbl.manitu.net, bl.spameatingmonkey.net, list.dnswl.org-5

                                And set RBL threshold 2.

                                This should keep the most nasty stuff away, you can add how many you like/fit your needs…

                                Watch it with

                                tail -f /var/log/maillog
                                

                                BTW don't use google DNS as your system DNS, use those from your ISP.

                                http://blog.clairelogic.net/?p=67

                                cheers!

                                1 Reply Last reply Reply Quote 0
                                • F
                                  FlashPan
                                  last edited by Oct 2, 2014, 5:47 PM

                                  Thanks for that,

                                  Yep I had my 3 rbls and threshold set to 2.

                                  Have updated to the rbls you've given but still no joy now.  Before MailScanner died on me emails were blocked from http://www.crynwr.com/spam.  Now MailScanner has gone these emails are getting through.

                                  Sadly from Saturday I am away for the next 2 weeks.  I think I need to step back from this and completely remove postfix and mailscanner and re-install them from scratch (if only for my own sanity  :P)

                                  I'm very sorry about this especially to you Bismarck as you have tried very hard to help me and I really do appreciate all your input and help.

                                  Before I depart though I know that simply uninstalling both packages will not remove the config settings I've made.  I've been scouting around but from where would I find these configs to delete directly?  As I said want to start with a clean sheet.

                                  So if I get the 2 packages removed expect me back here in about 2.5 weeks crying again :)

                                  Cheers all

                                  1 Reply Last reply Reply Quote 0
                                  • F
                                    FlashPan
                                    last edited by Oct 3, 2014, 2:47 PM

                                    Well this will be my last reply before I disappear for the next couple of weeks.

                                    My postfix is now working and the rbls are blocking as they should.  Removed postfix, removed anything left behind after uninstall and re-installed.  (My original config was still intact though - would still be nice to find out where that is stored?)

                                    I also discovered a misprint for an acl section

                                    Access Lists > MIME:

                                    The example says to use    /^name=[^>](com …........etc to block certain file extensions.  For me this does not work.  I've used /name=[^>](com …........etc    remove the ^ and loose the text after /REJECT

                                    I've tested this by emailing myself a test file with a safe extension like .bit  Added .bit into the string and that email does not get to me and a bounce back is received to the sender.

                                    "Server refused mail at END OF DATA - 550 5.7.1 message content rejected"

                                    If I didn't make the changes above the email and attachment would still come through.

                                    Hope this helps someone :)

                                    My Mailscanner is still shot, something to do with perl and EN language settings I think???  But that's for the other thread and when I get back.

                                    Cheers

                                    1 Reply Last reply Reply Quote 0
                                    • A
                                      ApolloDS
                                      last edited by Oct 6, 2014, 7:50 AM

                                      If you need TLS Config you have to put the following into the "custom main.cf options" Field:

                                      # 20141006 Add TLS
                                      #
                                      # SMTPD
                                      #
                                      smtpd_tls_cert_file = /cf/conf/cert.crt
                                      smtpd_tls_key_file = /cf/conf/cert.key
                                      smtpd_tls_CAfile = /etc/ssl/cert.pem
                                      smtpd_tls_security_level = may
                                      # SMTP Client
                                      smtp_tls_security_level = may
                                      smtp_tls_CAfile = /etc/ssl/cert.pem
                                      # SSL-Certificate - Generate logfile entries
                                      #
                                      smtpd_tls_received_header = yes
                                      smtp_tls_loglevel = 1
                                      smtpd_tls_loglevel = 1
                                      

                                      You need to upload the Cert Files to /cf/conf.
                                      I hope this path is upgrade-save, I couldn't test it yet.

                                      Maybe someday we can use the Cert Manager Certs of pfSense in Postfix Forwarder Package?  ;)

                                      Best regards,
                                      Peter

                                      1 Reply Last reply Reply Quote 0
                                      • B
                                        BenKenobe
                                        last edited by Oct 12, 2014, 10:36 PM Oct 12, 2014, 6:20 PM

                                        What am I doing wrong.

                                        I found my first issue - my port 25 was still NAT'd …

                                        However I now have another issue users in the list of 'custom valid recipients' are getting bounced - the Postfix is saying that the 'recipient address' is rejected, unverified address.

                                        postfix/smtpd[17570]: NOQUEUE: reject: RCPT from mail-qg0-f52.google.com[209.85.192.52]: 450 4.1.1 <@.co.uk>: Recipient address rejected: unverified address: connect to ...[...]:25: Operation timed out; from=*******@gmail.com to=<@.co.uk> proto=ESMTP helo= <mail-qg0-f52.google.com>why ? (there are no indications on the mail server that postfix has even tried)</mail-qg0-f52.google.com>

                                        1 Reply Last reply Reply Quote 0
                                        • B
                                          Bismarck
                                          last edited by Oct 13, 2014, 6:56 AM

                                          @BenKenobe:

                                          What am I doing wrong.

                                          I found my first issue - my port 25 was still NAT'd …

                                          However I now have another issue users in the list of 'custom valid recipients' are getting bounced - the Postfix is saying that the 'recipient address' is rejected, unverified address.

                                          postfix/smtpd[17570]: NOQUEUE: reject: RCPT from mail-qg0-f52.google.com[209.85.192.52]: 450 4.1.1 <@.co.uk>: Recipient address rejected: unverified address: connect to ...[...]:25: Operation timed out; from=*******@gmail.com to=<@.co.uk> proto=ESMTP helo= <mail-qg0-f52.google.com>why ? (there are no indications on the mail server that postfix has even tried)</mail-qg0-f52.google.com>

                                          Check in Postfix > View config > relay_recipients if you can see your recipients get bounced are in there or not, if not you need to check the Valid recipients config in the recipients tab.

                                          Your server should just accept mail for valid recipients, which makes pretty sense.

                                          1 Reply Last reply Reply Quote 0
                                          483 out of 855
                                          • First post
                                            483/855
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received