Postfix - antispam and relay package

mschiek01 · Nov 14, 2014, 4:02 PM

I've installed the Postfix package and all seems to be working fine. I then installed the Postfix widget and, while the PF widget bar shows up on the dashboard, there's no data displayed at all.

What did I do wrong?

Thanx,
GarthK

Got to services/postfix/general at the bottom of the page
Widgets set

garthk · Nov 18, 2014, 10:33 AM

Thanx for the reply. I did what you suggested and even waited three days just to see if that would make a diff but no luck. The Postfix bar is there but no data is displayed. I also reinstalled it but no change.

Anything else I need to do?

marcelloc · Nov 18, 2014, 11:00 PM

Widget works when you set logs to /var/log/maillog

garthk · Nov 21, 2014, 2:48 PM

That took care of it!

Thanx Much,
Garth

sbillmann · Nov 26, 2014, 11:24 AM

Hi guys,

I am using this package for a few days now and am very happy with it because the amount of spam was reduced drastically.

So first of all thank you for your work here, marcelloc.

I just encountered two problems which I couldn't solve for myself.

1. The "Search mail" function doesn't work for me. Probably because postfix can't find a sqlite database. Reinstallation of postfix didn't help.

2. Some mails take a very long time to get delivered to my actual mail server. I guess this is because some bigger companies with multiple mail servers send mails out through a different server once the message isn't accpeted instantly by postfix. (gmail or hrs for example)
Is there a way to accept e-mails faster even if the initial sender ip differs from the current sender ip in postfix?

And again thank you (in advance)

Many apologies if this has been asked and answered before.

garthk · Nov 26, 2014, 2:28 PM

Works great but I have a question. There is a company sending us email with a single MX record, say mail.company.com, but the email is actually being sent by one of multiple servers, mail1.company.com, mail2.company.com, and so on. None of these servers has a DNS record so can not be found by PF after the RCPT TO: is received. This causes the email to be rejected, correctly IMHO, but I need to figure out how to let this email thru. Can I whitelist these servers and, if so, how?

Thanx,
Garth

garthk · Nov 26, 2014, 3:07 PM

Sorry to reply to my own post but… the initial HELO is from mail.company.com and is resolvable. Prob is, that's not the server that actually sends the email and those servers are not resolvable.

Thanx,
Garth

biggsy · Nov 27, 2014, 6:31 AM

If you can tell whether they're in the same subnet you can whitelist that subnet under Access Lists > CIDR

Like:

10.20.30.0/24 permit

Bismarck · Nov 27, 2014, 6:54 AM

@garthk:

Sorry to reply to my own post but… the initial HELO is from mail.company.com and is resolvable. Prob is, that's not the server that actually sends the email and those servers are not resolvable.

Thanx,
Garth

https://forum.pfsense.org/index.php?topic=40622.msg428403#msg428403

Bismarck · Nov 27, 2014, 6:55 AM

@sbillmann:

2. Some mails take a very long time to get delivered to my actual mail server. I guess this is because some bigger companies with multiple mail servers send mails out through a different server once the message isn't accpeted instantly by postfix. (gmail or hrs for example)
Is there a way to accept e-mails faster even if the initial sender ip differs from the current sender ip in postfix?

And again thank you (in advance)

Many apologies if this has been asked and answered before.

https://forum.pfsense.org/index.php?topic=40622.msg425790#msg425790

azekiel · Dec 2, 2014, 9:58 AM

Is the postscreen cache now persistent (normally it would be deleted after a restart of the service)?

If not, why not use postgrey then? This one works the same way as postscreen does and the persistent cache does work!

Greets

azekiel · Dec 6, 2014, 11:37 PM

another question: how to disable the recipient check? i remove the part from smtpd_recipient_restrictions but is there a way in the gui?

dene14 · Dec 8, 2014, 12:07 PM

Pretty nice module! Thanks for your great work…

+1 for CertManager's certificate support for STARTTLS... It looks a bit strange when you have to generate SelfSigned with certmanager, download cert + key, and upload them by scp to router... Also this conf doesn't survives reinstalls from backup :(

However it seems I've found a bug in current version:
when I select "listen on all Interfaces/IPs"
this line appears in main.cf. unfortunately, it isn't valid
"inet_interfaces = "

to fix that we need to bind that selection to
"inet_interfaces = all"

Thanks!

sandroditommaso · Dec 23, 2014, 4:45 PM

Hi, I'm using this nice package for a few months without major problems.
Just one thing…
Every day I find some incoming emails in the "incoming" state that are not delivered .
Why?

Bismarck · Jan 24, 2015, 7:58 AM

Hello marcelloc, will

/usr/sbin/pkg_add -r p5-perl-ldap

still work with 2.2/10.1? If I remember right there is no pkg_add anymore with FreeBSD 10.1 and what wil happen with packages that have been installed via pkg_add on 8.3 FreeBSD and upgraded to FreeBSD 10.1, will they sill work?

Thanks for all.

marcelloc · Jan 24, 2015, 12:13 PM

@Bismarck:

Hello marcelloc, will

/usr/sbin/pkg_add -r p5-perl-ldap

still work with 2.2/10.1?

On freebsd 10, use pkg add instead of pkg_add

Bismarck · Jan 24, 2015, 1:02 PM

Thanks marcelloc, always appreciated.

https://doc.pfsense.org/index.php/Installing_FreeBSD_Packages#pfSense_2.2

hrtraveler · Jan 24, 2015, 10:11 PM

Having problems with Postfix Forwarder after upgrading to pfSense 2.2 (worked fine on 2.15 immediately before upgrading).

Mail no longer goes out, and client give a time out message. Testing though WebGui > Diagnostics > Test Port I can make a connection on port 25 and I don't see anything in the firewall log that would make me believe that this is a firewall issue, therefore I'm left with Postfix.

Upon restarting Postfix I get the following in the log.

Jan 24 16:54:33	postfix/postfix-script[55658]: stopping the Postfix mail system
Jan 24 16:54:33	postfix/master[81995]: terminating on signal 15
Jan 24 16:54:35	postfix/postfix-script[87134]: warning: not owned by root: /var/spool/postfix
Jan 24 16:54:35	postfix/postfix-script[91266]: starting the Postfix mail system
Jan 24 16:54:35	postfix/master[96254]: daemon started -- version 2.11.3, configuration /usr/local/etc/postfix
Jan 24 16:54:35	postfix/master[96254]: warning: process /usr/local/libexec/postfix/pickup pid 96570 exit status 1
Jan 24 16:54:35	postfix/master[96254]: warning: /usr/local/libexec/postfix/pickup: bad command startup -- throttling
Jan 24 16:54:35	postfix/master[96254]: warning: process /usr/local/libexec/postfix/qmgr pid 96714 exit status 1
Jan 24 16:54:35	postfix/master[96254]: warning: /usr/local/libexec/postfix/qmgr: bad command startup -- throttling

and then the following appears in the log on an ongoing basis (every minute or so)

Jan 24 16:57:35	postfix/master[96254]: warning: process /usr/local/libexec/postfix/pickup pid 50520 exit status 1
Jan 24 16:57:35	postfix/master[96254]: warning: /usr/local/libexec/postfix/pickup: bad command startup -- throttling
Jan 24 16:57:35	postfix/master[96254]: warning: process /usr/local/libexec/postfix/qmgr pid 50792 exit status 1
Jan 24 16:57:35	postfix/master[96254]: warning: /usr/local/libexec/postfix/qmgr: bad command startup -- throttling

Finally when I connect on port 25 is see the following

Jan 24 17:00:22	postfix/master[96254]: warning: process /usr/local/libexec/postfix/smtpd pid 94067 exit status 1
Jan 24 17:00:22	postfix/master[96254]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling

I've tried reinstalling the package, though that didn't resolve the issue. Postfix is the only package I have installed.

Thanks for your help.

marcelloc · Jan 24, 2015, 10:51 PM

May be related to pfsense 2.2 security sysctrl option to do not allow non root users to listen on low ports.

Try to listen postfix on a high port(>1024) and nat 25 to it.(similar procedure while using carp).

It was fixed some weeks ago on squid package but it looks like something has changed or I've missed something on my tests.

hrtraveler · Jan 24, 2015, 11:42 PM

I moved to port 1050, but no change:

Jan 24 18:41:43	postfix/master[4057]: warning: process /usr/local/libexec/postfix/pickup pid 84681 exit status 1
Jan 24 18:41:43	postfix/master[4057]: warning: /usr/local/libexec/postfix/pickup: bad command startup -- throttling
Jan 24 18:41:43	postfix/master[4057]: warning: process /usr/local/libexec/postfix/qmgr pid 84757 exit status 1
Jan 24 18:41:43	postfix/master[4057]: warning: /usr/local/libexec/postfix/qmgr: bad command startup -- throttling
Jan 24 18:41:50	postfix/master[4057]: warning: process /usr/local/libexec/postfix/smtpd pid 84802 exit status 1
Jan 24 18:41:50	postfix/master[4057]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling

Same thing if I connect directly to port 1050 or via the NAT rule from port 25.