Postfix - antispam and relay package
-
Any chance of getting this to work in 2.2?
Are you talking about Postfix forwarder on 2.2? I have had some problems with that.
Installing postfix on 2.2 (with a config restored from 2.1.5) I'm getting the following:
postfix/postfix-script[56365]: fatal: no Postfix daemon directory /usr/local/libexec/postfix!and
php-fpm[7873]: /pkg_mgr_install.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory' php-fpm[7873]: /pkg_mgr_install.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory'Then the following repeats about 5 or 6 times:
php-fpm[8074]: /pkg_edit.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory' php-fpm[8074]: /pkg_edit.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory'All this could be due to the restored config but I don't know.
-
Thanks Bismark and biggsy,
I do have zen.spamhaus.org, bl.spamcop.net, dnsbl.sorbs.net set in my RBL list and the threshold is set to 2 already. These options have been set for months. On my firewall I'm set the automatic nat outbound rule generation so none of the rbl servers should be blocked to interogate.
Postfix is set the listen on LAN, WAN and loopback (quite a while back I only had Lan or Wan selected - if I remember correctly I think a version upgrade stop mail flowing through and only using all 3 got it working again).
Access Lists > Header:
/^Subject:/ WARN
/^From:/ HOLD
/^To:.*@MyDomain.co.uk/ HOLDAntispam > Header verifiction: set to basic as when set to string alot of legit emails do not make it through.
Antispam > After greeting tests: all selected
In the Mailscanner app under AntiSpam > Spamchecks the only element I have selected is "Spam Checks (yes)" Nothing else is selected or have a value entered. Could that be causing some sort of clash?
Mailscanner > AntiSpam > Spam Assassin > Features: All is selected except for Include Binary Attachments and Wait during bayes rebuild
Am still at a loss :)
One other thing I have noticed is that with the Postfix widget I only see values for Sent, nothing for Rejected etc. - actually I have never seen anything except for Sent.
Emails are being rejected as when I use the Search mail feature I can see entries like this:
Sep 26 10:12:00 wing@cybercatinc.com steve@XXXX.co.uk reject
Sep 26 09:22:16 tejedas@embarq.com steve@XXXX.co.uk reject
Sep 26 09:22:16 tejedas@embarq.com j6g05dt3po6rorq@XXXX.co.uk reject(the top 2 recipients are valid the 3rd recipient does not exist)
Apologies now, as before I did not give much detail on my setup and now I could be overloading with all the wrong info. :P
Cheers again all and thanks once again for your help.
-
First in Search Mail > Message Fields: mark all and search again, this will show you much more information. Or even better you login via putty/ssh and watch the logs live:
tail -f /var/log/maillogAccess Lists > Header:
/^Subject:/ WARN
/^From:/ HOLD
/^To:.*@MyDomain.co.uk/ HOLDscratch that, you have just c&p the example stuff there, this would be a valid list:
#Remove sensitive information from email headers /^Received: from MTA.LOCAL*/ IGNORE /^Received:.*with ESMTPS/ IGNORE /^X-Originating-IP:/ IGNORE /^User-Agent:/ IGNORE # SPAM /^Received:.*rev.sfr.net / REJECT /^From:.*@bt.com/ REJECT /^Subject:.*(Important - BT Digital File):/ REJECT # HAM /^From:.*@XXXX.co.uk / OKAntispam > After greeting tests: all selected
You may take this into account. (thanks biggsy)
Emails are being rejected as when I use the Search mail feature I can see entries like this:
Sep 26 10:12:00 wing@cybercatinc.com steve@XXXX.co.uk reject
Sep 26 09:22:16 tejedas@embarq.com steve@XXXX.co.uk reject
Sep 26 09:22:16 tejedas@embarq.com j6g05dt3po6rorq@XXXX.co.uk reject
(the top 2 recipients are valid the 3rd recipient does not exist)Postfix > Access Lists > MyNetworks
Your IPs should be listed here, like:
192.168.0.7 # internal mailhost 192.168.0.1 # pfs lan 127.0.0.1 # pfs loopbackand enable Postfix > Recipients > AD etc..
Cheers! ;)
-
Thanks for all the info Bismarck. At the moment I'm not using the options uner #SPAM as I'm still; liking to get this tuff generally blocked without manual intervention…great info though for me in the future.
Am not sure why I would want to whitelist google servers? Surely that is only going to effect email coming in from google/gmail and nothing else?
I've added my ip's under Postfix > Access Lists > MyNetworks
Have been sending through some test spam/virus emials but it look like my logs have now randomly corrupted I think as when I search for anything the results are blank or give something starting with Warning: sqlite_query(): no such column: mail_status.info in /usr/local/www/postfix.php on line 606 Warning:
For Postfix > Recipients I've set Custom Valid recipients as I've not installed the p5-perl-ldap package yet.
Cheers again :D
-
my postfix service doesn't stop from the services page and even when i disable the forwarder and rebbot pfsense it seems to be running. im on the current version (pf + package). any ideas why? can i kill it from cli?
-
Can someone enlighten me as to which setting(s) in the configuration causes this check?
NOQUEUE: reject: RCPT from unknown[X.X.X.X]: 550 5.7.1 Client host rejected: cannot find your hostname, [X.X.X.x]; from= email@domain.comto= email@mycompany.comproto=ESMTP helo=<[X.X.X.X]>/email@mycompany.com/email@domain.com
-
Can someone enlighten me as to which setting(s) in the configuration causes this check?
NOQUEUE: reject: RCPT from unknown[X.X.X.X]: 550 5.7.1 Client host rejected: cannot find your hostname, [X.X.X.x]; from= email@domain.comto= email@mycompany.comproto=ESMTP helo=<[X.X.X.X]>/email@mycompany.com/email@domain.com
Postfix > Antispam
Helo Hostname
Default: Checked
Reject unknow helo hostname during smtp communication.
-
Hi,
Well after some reinstall (well many) and different configs I think I've mainly got this working to block spam (mainly).
I found this website http://www.crynwr.com/spam/ and from here you can send yourself test emails which should trigger a block etc and then this site will email you the conversation/outcome.
Sadly though I still seem to have a couple of issues . My widget still does not show up anything but the Sent stats. In Search Mail, No Queue, I can see emails being rejected (eg sent to a non existant emails address). Ideas anyone?
I think I've found another issue as well. I read this on another forum but I think it may have been quite old so not sure if still valid and of course I cannot find the page again as I did not save it.
Anyhow below you will see an email header that came into to me to day. Go through Postfix and Mailsanner with no flags.
I think I read it correctly but postfix cannot block email if it passes through or relays through multiple email servers.
Anyone seen or aware of this type of thing?
As always of tip my cap to you call and thank you very much for your help past, present and future :)
Cheers
Received: from xxx.xxx.co.uk (192.168.100.4) by xxx.xxx.corp
(192.168.xxx.xxx) with Microsoft SMTP Server id 14.3.210.2; Wed, 1 Oct 2014
13:17:22 +0100
Received: from ns5.lucidity.ie (ns5.lucidity.ie [69.36.8.164]) by
xxx.xxx.co.uk (Postfix) with ESMTP id 0C678696B for xxxx@xxxx.co.uk;
Wed, 1 Oct 2014 13:17:10 +0100 (BST)
Received: from fieldandstream.ie ([::ffff:109.229.186.118]) (AUTH: LOGIN
mick@fieldandstream.ie) by ns5.lucidity.ie with esmtp; Wed, 01 Oct 2014
13:11:58 +0100 id 0017605C.542BEF8E.00006496
Received: from rly04.hottestmile.com ([Wed, 01 Oct 2014 16:11:00 +0400]) by
smtp.doneohx.com with ESMTP; Wed, 01 Oct 2014 16:11:00 +0400
Received: from [42.30.29.127] by mail.webhostings4u.com with SMTP; Wed, 01 Oct
2014 16:06:05 +0400
Received: from relay.2yahoo.com ([200.137.192.220]) by mtu67.syds.piswix.net
with SMTP; Wed, 01 Oct 2014 15:50:57 +0400
Received: from relay37.vosimerkam.net ([Wed, 01 Oct 2014 15:43:37 +0400]) by
mailout.endmonthnow.com with ASMTP; Wed, 01 Oct 2014 15:43:37 +0400
Received: from unknown (HELO public.micromail.com.au) (Wed, 01 Oct 2014
15:41:09 +0400) by smtp18.yenddx.com with ESMTP; Wed, 01 Oct 2014 15:41:09
+0400
Message-ID: 7D9E9F4C.AEEB6E0F@fieldandstream.ie
Date: Wed, 1 Oct 2014 15:41:09 +0400
Reply-To: "Barclays@email.barclays.co.uk" mick@fieldandstream.ieFrom: "Barclays@email.barclays.co.uk" mick@fieldandstream.ieMIME-Version: 1.0
To: steve@sueandsteves.co.ukCC: steve@suej.co.uk, steve@suffolk.gov.uk, steve@suffolk.police.uk,
steve@suffolkcartlodges.co.uk, steve@suffolkfada.co.uk,
xxxx@xxxx.co.uk, steve@sugarhouse.co.uk, steve@sumarts.co.uk,
steve@sumlock.co.uk, steve@summe.co.uk, steve@summerbreak.co.uk,
steve@summerleaze.co.uk, steve@summerlin.co.uk, steve@summitbikes.co.ukSubject: =?ISO-8859-1?B?VHJhbnNhY3Rpb24gbm90IGNvbXBsZXRl?=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-sufu-MailScanner-Information: Please contact the ISP for more information
X-sufu-MailScanner-ID: 0C678696B.A7F57
X-sufu-MailScanner: Found to be clean
X-sufu-MailScanner-From: mick@fieldandstream.ie
X-Spam-Status: No
Return-Path: mick@fieldandstream.ie
X-MS-Exchange-Organization-AuthSource: xxx.xxx.corp
X-MS-Exchange-Organization-AuthAs: Anonymous/steve@summitbikes.co.uk/steve@summerlin.co.uk/steve@summerleaze.co.uk/steve@summerbreak.co.uk/steve@summe.co.uk/steve@sumlock.co.uk/steve@sumarts.co.uk/steve@sugarhouse.co.uk/xxxx@xxxx.co.uk/steve@suffolkfada.co.uk/steve@suffolkcartlodges.co.uk/steve@suffolk.police.uk/steve@suffolk.gov.uk/steve@suej.co.uk/steve@sueandsteves.co.uk/mick@fieldandstream.ie/mick@fieldandstream.ie/xxxx@xxxx.co.uk -
Anyhow below you will see an email header that came into to me to day. Go through Postfix and Mailsanner with no flags.
I think I read it correctly but postfix cannot block email if it passes through or relays through multiple email servers.
X-sufu-MailScanner-Information: Please contact the ISP for more information
X-sufu-MailScanner-ID: 0C678696B.A7F57
X-sufu-MailScanner: Found to be clean
X-sufu-MailScanner-From: mick@fieldandstream.ie
X-Spam-Status: No
Return-Path: mick@fieldandstream.ie
X-MS-Exchange-Organization-AuthSource: xxx.xxx.corp
X-MS-Exchange-Organization-AuthAs: AnonymousLooks okay for me, this mail passed postfix and mailscanner.
-
I think I read it correctly but postfix cannot block email if it passes through or relays through multiple email servers.
I don't think you read that correctly. Do you have a reference?
A lot of email will pass through multiple email servers en route - say, for example, from my mail server to my ISP's mail server to my friend's ISP's mail server and then to his mail server. We both run postfix forwarder on pfSense.
-
Sadly no I cannot find the webpage again.
My suspicions arose just because of so many relays and the content was definitley spam (trying to make you think it was from Barclays bank- with a non Barclays bank weblink to click on) plus the sender emails address was poorly made to look like it was from the bank as well.
-
Any chance of getting this to work in 2.2?
Are you talking about Postfix forwarder on 2.2? I have had some problems with that.
Installing postfix on 2.2 (with a config restored from 2.1.5) I'm getting the following:
postfix/postfix-script[56365]: fatal: no Postfix daemon directory /usr/local/libexec/postfix!and
php-fpm[7873]: /pkg_mgr_install.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory' php-fpm[7873]: /pkg_mgr_install.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory'Then the following repeats about 5 or 6 times:
php-fpm[8074]: /pkg_edit.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory' php-fpm[8074]: /pkg_edit.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory'All this could be due to the restored config but I don't know.
Yup this is the same problem I had and I had the same issue on a fresh install too trying everything to get it to work.
-
FlashPan you definitely need to fine tune your rbl list:
Received: from fieldandstream.ie ([::ffff:109.229.186.118])
Summary information for 109.229.186.118/32
Note: Times shown are for the latest entry only!
Found 2 network entries and 0 host/domain entries.Problem Entries, (listings will cause email problems.)
1 "Hacked" entries [04:29:20 13 Sep 2011 GMT+00].
6 "Spam" entries [17:17:17 30 Aug 2014 GMT+00].http://www.anti-abuse.org/multi-rbl-check-results/?host=109.229.186.118
And how often do you update your spamassassin rule subscriptions?
-
Sigh ??? this is what I am not understanding ;)
My options under Antispam > RBL Server List all seem correct.
zen.spamhaus.org*2, bl.spamcop.net, dnsbl.sorbs.net
As for spamassassin, you just gave me an answer in antoehr threas but think I may have borked the package as now it will not star for some reason.
Getting very close to pulling hair out time :)
Thanks Bismark you are going above and beyond here.
-
Try this:
recent.spam.dnsbl.sorbs.net2, zen.spamhaus.org, bl.spamcop.net, dnsbl.sorbs.net, b.barracudacentral.org, dnsbl-1.uceprotect.net, ix.dnsbl.manitu.net, bl.spameatingmonkey.net, list.dnswl.org-5
And set RBL threshold 2.
This should keep the most nasty stuff away, you can add how many you like/fit your needs…
Watch it with
tail -f /var/log/maillogBTW don't use google DNS as your system DNS, use those from your ISP.
http://blog.clairelogic.net/?p=67
cheers!
-
Thanks for that,
Yep I had my 3 rbls and threshold set to 2.
Have updated to the rbls you've given but still no joy now. Before MailScanner died on me emails were blocked from http://www.crynwr.com/spam. Now MailScanner has gone these emails are getting through.
Sadly from Saturday I am away for the next 2 weeks. I think I need to step back from this and completely remove postfix and mailscanner and re-install them from scratch (if only for my own sanity :P)
I'm very sorry about this especially to you Bismarck as you have tried very hard to help me and I really do appreciate all your input and help.
Before I depart though I know that simply uninstalling both packages will not remove the config settings I've made. I've been scouting around but from where would I find these configs to delete directly? As I said want to start with a clean sheet.
So if I get the 2 packages removed expect me back here in about 2.5 weeks crying again :)
Cheers all
-
Well this will be my last reply before I disappear for the next couple of weeks.
My postfix is now working and the rbls are blocking as they should. Removed postfix, removed anything left behind after uninstall and re-installed. (My original config was still intact though - would still be nice to find out where that is stored?)
I also discovered a misprint for an acl section
Access Lists > MIME:
The example says to use /^name=[^>](com …........etc to block certain file extensions. For me this does not work. I've used /name=[^>](com …........etc remove the ^ and loose the text after /REJECT
I've tested this by emailing myself a test file with a safe extension like .bit Added .bit into the string and that email does not get to me and a bounce back is received to the sender.
"Server refused mail at END OF DATA - 550 5.7.1 message content rejected"
If I didn't make the changes above the email and attachment would still come through.
Hope this helps someone :)
My Mailscanner is still shot, something to do with perl and EN language settings I think??? But that's for the other thread and when I get back.
Cheers
-
If you need TLS Config you have to put the following into the "custom main.cf options" Field:
# 20141006 Add TLS # # SMTPD # smtpd_tls_cert_file = /cf/conf/cert.crt smtpd_tls_key_file = /cf/conf/cert.key smtpd_tls_CAfile = /etc/ssl/cert.pem smtpd_tls_security_level = may # SMTP Client smtp_tls_security_level = may smtp_tls_CAfile = /etc/ssl/cert.pem # SSL-Certificate - Generate logfile entries # smtpd_tls_received_header = yes smtp_tls_loglevel = 1 smtpd_tls_loglevel = 1You need to upload the Cert Files to /cf/conf.
I hope this path is upgrade-save, I couldn't test it yet.Maybe someday we can use the Cert Manager Certs of pfSense in Postfix Forwarder Package? ;)
Best regards,
Peter -
What am I doing wrong.
I found my first issue - my port 25 was still NAT'd …
However I now have another issue users in the list of 'custom valid recipients' are getting bounced - the Postfix is saying that the 'recipient address' is rejected, unverified address.
postfix/smtpd[17570]: NOQUEUE: reject: RCPT from mail-qg0-f52.google.com[209.85.192.52]: 450 4.1.1 <@.co.uk>: Recipient address rejected: unverified address: connect to ...[...]:25: Operation timed out; from=*******@gmail.com to=<@.co.uk> proto=ESMTP helo= <mail-qg0-f52.google.com>why ? (there are no indications on the mail server that postfix has even tried)</mail-qg0-f52.google.com>
-
What am I doing wrong.
I found my first issue - my port 25 was still NAT'd …
However I now have another issue users in the list of 'custom valid recipients' are getting bounced - the Postfix is saying that the 'recipient address' is rejected, unverified address.
postfix/smtpd[17570]: NOQUEUE: reject: RCPT from mail-qg0-f52.google.com[209.85.192.52]: 450 4.1.1 <@.co.uk>: Recipient address rejected: unverified address: connect to ...[...]:25: Operation timed out; from=*******@gmail.com to=<@.co.uk> proto=ESMTP helo= <mail-qg0-f52.google.com>why ? (there are no indications on the mail server that postfix has even tried)</mail-qg0-f52.google.com>
Check in Postfix > View config > relay_recipients if you can see your recipients get bounced are in there or not, if not you need to check the Valid recipients config in the recipients tab.
Your server should just accept mail for valid recipients, which makes pretty sense.