Postfix - antispam and relay package
-
I have been going a little nuts trying to get a simple mail relay (smart host) up and running for my local subnet, which is just about the easiest thing to do in Postfix. I was getting stuck on error messages such as "no mechanism available" and "No worthy mechs found" trying to authenticate against my ISP's relay.
In addition to linking libspf2, libpcre, and libsasl2 from /usr/pbi/postfix-amd64/local/lib, you also need to link the mechanism libraries found in /usr/pbi/postfix-amd64/local/lib/sasl2. If I knew more about FreeBSD, I would suggest updating ld.so.conf with these paths or setting a LD_LIBRARY_PATH in the environment instead of creating symlinks all over the filesystem. Alternatively, you can just install the required libraries directly from FreeBSD, which is what I did, with the following command:
pkg install libspf2 pcre cyrus-sasl
Restart Postfix Forwarder in the webConfigurator and you should be good to go. I've been using System > Advanced > Notifications > Test SMTP to test it. Make sure to set your email server to localhost, port to 25, From (e.g. admin@yourhost.example.com), Notification (e.g. your personal email address), and leave everything else blank/default.
Here's my "custom main.cf options" (for the time being, I'm going to try to lock it down and enable TLS now that I've got it working):
relayhost = [smtp.comcast.net]:587 smtp_sasl_auth_enable = yes smtp_sasl_security_options = smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
UPDATE: TLS was pretty easy to turn on (following the pfSense documentation) after solving the above issues. Here's my final config:
relayhost = [smtp.comcast.net]:587 smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous, noplaintext smtp_sasl_tls_security_options = noanonymous smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd smtp_tls_security_level = secure smtp_tls_CAfile = /etc/ssl/cert.pem smtp_tls_loglevel = 1
Apr 11 20:15:06 cerberus postfix/smtp[13917]: Verified TLS connection established to smtp.comcast.net[68.87.20.6]:587: TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits)
See the screenshots for the rest of my "smart host" configuration. The most important part is to set it to "Listen on" loopback and your LAN interface(s), and to set MyNetworks in Access Lists to the loopback subnet and your local subnet(s). I also dumbed down the antispam settings but I'm not sure if is necessary; SMTP clients in MyNetworks might not be subject to antispam rules.
UPDATE 2: The update from 2.2.1 to 2.2.2 blew away my sasl_passwd file (I uninstalled all my packages before the update and reinstalled everything afterwards), but that was easy enough to regenerate. I moved it to /etc/postfix to prevent it from happening in the future. Everything else seems to still work fine (except for the known sqlite2/3 issue).
![Notifications screenshot.png](/public/imported_attachments/1/Notifications screenshot.png)
![Notifications screenshot.png_thumb](/public/imported_attachments/1/Notifications screenshot.png_thumb)
![Access Lists screenshot.png](/public/imported_attachments/1/Access Lists screenshot.png)
![Access Lists screenshot.png_thumb](/public/imported_attachments/1/Access Lists screenshot.png_thumb)
![Postfix Antispam screenshot.png](/public/imported_attachments/1/Postfix Antispam screenshot.png)
![Postfix Antispam screenshot.png_thumb](/public/imported_attachments/1/Postfix Antispam screenshot.png_thumb) -
Hello. Am I understanding correctly, this package is not working?
-
MadCatZA,
from my experience with the package, it works only on pfSense Version 2.1.5 or older. As far as I remember, the author has written in this forum about it.
Regards
yarick123 -
MadCatZA,
from my experience with the package, it works only on pfSense Version 2.1.5 or older. As far as I remember, the author has written in this forum about it.
Regards
yarick123Appreciated, I have setup a 2.1.5 box and indeed it is working as compared to 2.2.2 which is not without manual modifications. What a shame :(
-
any change to update to postfix 2.11 without waiting for pfsense 2.3?
I want to implement dnssec and dane…//edit: mah... openssl 0.9.8 is a bummer, too.
-
Any news on a fix for this?
-
The author of this package said, maybe it will fixed in pfSense version 2.3 with pkgng.
https://redmine.pfsense.org/projects/pfsense/roadmap#2.3
So don't hold you breath, it can take some time…
-
it's pretty easy to get it running with the current version without the sqlite/db thing… just search through the forum.
-
Uhhh, if this package is broken, why is it still listed in pfSense 2.2?
My pfSense shows this:
Postfix Forwarder Release 2.4.2
platform: 2.2 2.2.999Or is this some automatic thing, with the 2.2.999 meaning it has not been officially tested?
-
The only workaround I found for this is
-
install package from pfsense gui
-
go to console, remove pbi packages(not the gui)
-
Install postfix package via pkg ng
The main postfix binary works fine but all other sub process it starts die with missing libs.
I don't know if writing a guide to use pkg ng will help or add a lot of extra problems.
The main problem with this(and many others) package is that pbi messes up bin and lib location. I have the gui fixed for sqlite2 /sqlite3 but for now, just removing pbi and installing postfix pkg will keep postfix working on 2.2
If I push the gui fix for 2.2 on github, it will broke package gui on 2.1 -
-
To get postfix working on pfSense 2.2, follow these steps:
Remember, do it at your own risk ;)
fetch -o /usr/local/www/postfix.php http://e-sac.siteseguro.ws/px22/postfix.txt fetch -o /usr/local/www/widgets/widgets/postfix.widget.php http://e-sac.siteseguro.ws/px22/postfix.widget.txt pbi_delete postfix-2.11.3_2-amd64 rm -rf /usr/pbi/bin/libexec/postfix rm -rf /usr/local/etc/postfix rm -rf /var/spool/postfix rm -rf /var/mail/postfix rm -rf /var/db/postfix pkg install postfix libspf2
fix postfix.inc file with this patch via system patcher package
add this patch via package system patcher
**description:**postfix_inc
patch:--- postfix.orig.inc 2015-08-18 08:15:00.000000000 +0000 +++ postfix.inc 2015-08-18 08:18:10.000000000 +0000 @@ -36,11 +36,11 @@ require_once("globals.inc"); $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); -if ($pfs_version == "2.1" || $pfs_version == "2.2") { - define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")); -} else { +//if ($pfs_version == "2.1" || $pfs_version == "2.2") { +// define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")); +//} else { define('POSTFIX_LOCALBASE','/usr/local'); -} +//} $uname=posix_uname(); if ($uname['machine']=='amd64')
directory:/usr/local/pkg/
-
Hello,
What is the stable version of pfSense where Postfix Forwarder works perfectly?I'm tryna the pfSense 2.2.4-RELEASE (amd64) with Postfix 2.4.2 Forwarder, but not this cool not.
Hugs.
-
look at the post above yours…
-
Hello,
I saw it, I do not want is to have to do this!
What version of pfsense and postfix stable so I do not have to do what Marcello recommend?
Grateful. -
2.1
but you can savely do that.
-
The only workaround I found for this is
-
install package from pfsense gui
-
go to console, remove pbi packages(not the gui)
-
Install postfix package via pkg ng
The main postfix binary works fine but all other sub process it starts die with missing libs.
I don't know if writing a guide to use pkg ng will help or add a lot of extra problems.
The main problem with this(and many others) package is that pbi messes up bin and lib location. I have the gui fixed for sqlite2 /sqlite3 but for now, just removing pbi and installing postfix pkg will keep postfix working on 2.2
If I push the gui fix for 2.2 on github, it will broke package gui on 2.1first of all, great work =)
so… 2.1 is old/out of production already, right?
-
-
so… 2.1 is old/out of production already, right?
pfsense 2.1, yes but the package is working on both(2.1 normal install and on 2.2 with the fix above).
-
pfsense 2.1, yes but the package is working on both(2.1 normal install and on 2.2 with the fix above).
Marcelloc, why not to make on the contrary - on pfsense 2.2 normal install, and on pfsense 2.1 with the fix?
It will move more people to update to version 2.2 -
Marcelloc, why not to make on the contrary - on pfsense 2.2 normal install, and on pfsense 2.1 with the fix?
It will move more people to update to version 2.2 -
To get postfix working on pfSense 2.2, follow these steps:
Remember, do it at your own risk ;)
fetch -o /usr/local/www/postfix.php http://e-sac.siteseguro.ws/px22/postfix.txt fetch -o /usr/local/www/widgets/widgets/postfix.widget.php http://e-sac.siteseguro.ws/px22/postfix.widget.txt pbi_delete postfix-2.11.3_2-amd64 rm -f /usr/pbi/bin/libexec/postfix rm -f /usr/local/etc/postfix rm -f /var/spool/postfix rm -f /var/mail/postfix rm -f /var/db/postfix pkg install postfix
I tried the above in 2.2.4 but I had no luck. Can anybody confirm this is working in the latest version of pfSense?