Postfix - antispam and relay package
-
I am also experiencing the same problem as hrtraveler after upgrading to 2.2.
-
I've updated database log integration from sqlite2 to sqlite3 but if I send a pull request for it then postfix will not work on 2.1.
So until we find a way to fix it on current pfsense 2.2 pbi, I suggest to use postfix on 2.1(as a server for exemple on virtual machine)
-
Having excactly the same problem on a brand new installation. I was looking for a substitute for the Endian Comunnity FW and pfsense certainly looks very promising, but wihout postfix it will not be very usefull to me. Is there any chance this problem will be fixed in the near future?
-
Ran into this today… Really need a quick and dirty fix until it can be fixed fully.
I can't roll back to the old version, as the FW is 8000 Miles away from me :(
-
Ran into this today… Really need a quick and dirty fix until it can be fixed fully.
I can't roll back to the old version, as the FW is 8000 Miles away from me :(
I was able to get it running by installing the standard FreeBSD package > 'pkg install Postfix' or 'pkg install postfix-tls'.
Couple things to keep in mind; this places the configuration files in a different location and therefore the webGUI tools for editing the configuration no longer work, nor do the monitoring tools as far as I can tell, in addition the pfsense pkg has Cyrus SASL compiled in so if you fix the dependencies and add the missing libraries it will allow you to forward mail through google (for example), or any server which requires such and encrypted connection, neither of the standard packages for FreeBSD have this compiled in, so it won't work.
If you need Cyrus SASL you can download the latest postfix-tls source to a FreeBSD 10.1 development machine and compile it in.
-
Any news for 2.2 support or is this still broken?
-
@The:
Any news for 2.2 support or is this still broken?
Not yet. Pbi is the worst place to find and fix issues. It needs both Pfsense team and package developed free time to check build options,dependencies, lib dirs,etc…
-
@The:
Any news for 2.2 support or is this still broken?
I have the same problem. Is there a plan, where is the bug fixed?
-
I just had a co-worker upgrade to 2.2 on a production machine and encountered this issue. I've suggested rolling back to a snapshot, assuming he has one. if this isn't fixed yet, does anyone have a workaround? I assume that the spool NEEDS to be owned by postfix and not root, and that changing permissions on the spool file will just make things worse?
-
I was able to get it running by installing the standard FreeBSD package > 'pkg install Postfix' or 'pkg install postfix-tls'.
Couple things to keep in mind; this places the configuration files in a different location and therefore the webGUI tools for editing the configuration no longer work, nor do the monitoring tools as far as I can tell, in addition the pfsense pkg has Cyrus SASL compiled in so if you fix the dependencies and add the missing libraries it will allow you to forward mail through google (for example), or any server which requires such and encrypted connection, neither of the standard packages for FreeBSD have this compiled in, so it won't work.
If you need Cyrus SASL you can download the latest postfix-tls source to a FreeBSD 10.1 development machine and compile it in.
pkg install Postfix
cd /usr/local/etc/postfix
ln -fs /usr/pbi/postfix/etc/postfix/ <conf files="">It seems to work!I cannot test mailscanner cause I've trouble with php after the upgrade:
[18-Feb-2015 13:17:51 Europe/Rome] PHP Fatal error: Cannot redeclare platform_booting() (previously declared in /etc/inc/globals.inc:168) in /etc/inc/globals.inc on line 176_function platform_booting($on_console = false) {
global $g;if ($g['booting'] || file_exists("{$g['varrun_path']}/booting"))
if ($on_console == false || php_sapi_name() != 'fpm-fcgi')
return true;return false;
}_the mailscanner pkg istallation stops itself with this error.
Giaco</conf>
-
found this:
https://github.com/pfsense/pfsense-packages/commit/e8f9ffe9459a922375e43472d13246d3d356e60e
I am now able to remove and reinstall mailscanner.Giaco
-
Argh… upgraded to 2.2, postfix forwarder down in flames along with our email. Not a trivial matter.
Tried (trying?) to restore a full 2.1.5 backup and the GUI is a mess and things (including postfix forwarder) still seem broken.
Selecting OpenVPN results in:
Fatal error: Call-time pass-by-reference has been removed in /usr/local/www/vpn_openvpn_server.php on line 333
Selecting postfix forwarder results in:
Fatal error: Call-time pass-by-reference has been removed in /usr/local/www/pkg_edit.php on line 143
Main page shows 2.1.5-RELEASE (amd64) as well as the "Packages are currently being reinstalled in the background." which doesn't seem to actually mean anything.
Has anyone been successful restoring a full backup (2.1.5?) after encountering the borked postfix forwarder on 2.2?
-
When I try to reboot our Netgate chimes as if it's going to reboot, but then this appears:
Fatal error: Call-time pass-by-reference has been removed in /etc/inc/shaper.inc on line 395
So it seems as if we can't reboot either.
-
For the benefit of others running into this issue… rebooting and halting the system did not work, even though they triggered the reboot and halt chimes on our Netgate running pfsense. After a hard reboot (and some praying) our services, including postfix forwarder and OpenVPN, began working again under the restored 2.1.5.
-
Found out the hard way that this is intended to relay mail to an internal server and not a hosted server (host monster, Bluehost)
Because of SPF and the fact that this package cant do SRS.
-
I'm, kind of, discovering pfSense in prod :-[
Now that I've migrated to pfSense, and although I do understand that from guru's standpoint, pfSense acts as firewall and should only be used as firewall ;) I would like to run some additional "embedded" services. I know this is not theoretically correct but this is however the most convenient way to provide services locally.This said, I'm also facing issues while trying to run Postfix relay on 2.2. So, for the time being and waiting for fix, I'm not relaying but forward packets to mail server on DMZ :-\
Unless I misunderstand the way it works, once this package will be fixed, there is one feature that will still prevent me to use it as a relay. Let me try to explain:
- for fail-over purpose, I'm relying on 2 different ISP, meaning 2 WAN, 2 IP
- I've one single domain managed by third provider. Using this provider's web interface, I'm able to customize public DNS for this domain, including MX, SPF
- each ISP permits to customize PTR
So far so good but… if I want to use pfSense Postfix relay (assuming issues with 2.2 are fixed) it will not work for some senders in case sender performs SMTP Reverse DNS control because this package doesn't permit to customize banner per listening IP from GUI.
I may find a way to customize master.cf and hard-code the right banner here for each interface but it would be nice to have this capability directly from GUI. Or is there something is misunderstand?
PS: I know that state-of-the-art implementation if I need complete fail-over would be to deploy 2 different MTA behind 2 différent FW, furthermore having each FW made of highly available pfSense using CARP.... but this is totally over-kill and I will end up with more problems due to complexity than real improved levle of service. What I would like to handle is WAN fail-over, with only one single pfSense cluster. Does it make sense ?
-
Just set the PTR record for both IP address to be the same!
-
Just set the PTR record for both IP address to be the same!
This doesn't work, at least for me, and I'll try to explain why :)
I'm relying on 3 different providers:
- two ISP owing each one of my two public IP
- another (different) provider registering my domain.
In term of DNS management, it means that I'm dealing with PTR records through interfaces provided by each ISP while I manage (public) DNS content from my domain provider's web interface.
So far so good :-) but in order to achieve what you suggest, it would means that I have to configure 2 different A records (one for each public IP) with same hostname. This can be done, although somewhat strange.
Problem is that when customizing PTR, I'm facing an issue with at least one ISP because interface used to customize PTR checks if PTR you set matches IP address. This does make sense but as my DNS contains 2 different IPs for same hostname, it resolves this hostname (round-robin mode) with different IP thus PTR customization is not allowed.From my standpoint, such control from ISP makes sense. It help ensuring consistency between PTR and IP/hostnames.
The right approach, unless I'm wrong, it to set up one banner per public IP.
I did it with my previous Postfix implementation using this syntax:1.1.1.1:smtp inet n - - - - smtpd -o myhostname=host1.domain.com 2.2.2.2:smtp inet n - - - - smtpd -o myhostname=host2.domain.comThis obviously works as expected ;D
Then I do realize that I'm total pfSense noob: I still don't know how to customize master.cf so that content is not erased when configuration is changed using GUI :-[
On top of that, I need to improve my understanding of postscreen => smtpd is then listening on local port only isn't it? -
Replying to myself ;D but hopping it may help other users:
For what I understand, having spent some time reading Postfix and postscreen documentation, unless it can be significantly customized, Postfix forwarder package will not fit with what I'm trying to achieve. It would mean, for each external interface, one postscreen line in master.cf passing to one smtpd defined with its own mailhost and banner.
Nothing really complex from Postfix standpoint but definitely not the way it works for the time being, even aside 2.2 related bugs.Something like:
1.1.1.1:smtp inet n - n - 1 postscreen -o smtpd_service_name=smtpd1 -o postscreen_greet_banner=whatever...... -o user=postfix -o soft_bounce=yes smtpd1 pass - - n - - smtpd -o myhostname=host1.domain.com -o smtpd_banner=host1.domain.com-xxxxxx 2.2.2.2:smtp inet n - n - 1 postscreen -o smtpd_service_name=smtpd2 -o postscreen_greet_banner=whatever2...... -o user=postfix -o soft_bounce=yes smtpd2 pass - - n - - smtpd -o myhostname=host2.domain.com -o smtpd_banner=host2.domain.com-xxxxxx -
Two pf machines reverted to 2.1.5 after all + postfix upgraded to 2.2 Postfix failed in exactly the fashion mentioned in #525 this thread. Running in two KVM VM's 64 bit.
Was this ever tested before the release? Did it ever work? What configurations were tested that worked? I waited to upgrade only a few days ago, thought it would be all good.. but not so much. No emails forwarded whatever.
