Postfix - antispam and relay package

pf-disa

Hello marcelloc,

thank you for your work and this package… Is there any documentation on how to enable postfix as smarthost and to relay via gmail smtp?

I'm trying to configure it as the old package (in pfsense 2.2x) that was working as smarthost for the internal lan, with relay via my gmail account: the only instruction I've found are http://ghanima.net/doku.php?id=wiki:pfsense:postfixmailrelay but I can't make it work (different paths) and various errors in /var/log/system.log

Apr  7 17:42:38 pfSense0 php-fpm[64394]: /pkg_edit.php: Writing out configuration
Apr  7 17:42:40 pfSense0 php-fpm[64394]: /pkg_edit.php: Writing rc_file
Apr  7 17:42:41 pfSense0 php-fpm[64394]: /pkg_edit.php: Stopping postfix
Apr  7 17:42:41 pfSense0 postfix/postfix-script[73787]: fatal: the Postfix mail system is not running
Apr  7 17:42:42 pfSense0 php-fpm[64394]: /pkg_edit.php: The command  stop' returned exit code '1', the output was ''
…
Apr  7 17:45:43 pfSense0 php-fpm[67433]: /pkg_edit.php: Writing out configuration
Apr  7 17:45:45 pfSense0 php-fpm[67433]: /pkg_edit.php: Writing rc_file
Apr  7 17:45:46 pfSense0 php-fpm[67433]: /pkg_edit.php: Reloading/starting postfix
Apr  7 17:45:46 pfSense0 postfix/postfix-script[98918]: fatal: the Postfix mail system is not running
Apr  7 17:45:47 pfSense0 php-fpm[67433]: /pkg_edit.php: Postfix setup completed
Apr  7 17:45:58 pfSense0 postfix/smtp[70787]: fatal: SASL library initialization
Apr  7 17:46:59 pfSense0 postfix/smtp[3068]: fatal: SASL library initialization
Apr  7 17:48:00 pfSense0 postfix/smtp[24940]: fatal: SASL library initialization

Executing via ssh the command "/usr/local/etc/rc.d/postfix.sh start" gives the following output:

kern.ipc.nmbclusters: 379268
sysctl: kern.ipc.nmbclusters=65536: Invalid argument
kern.ipc.somaxconn: 16384 -> 16384
kern.maxfiles: 131072 -> 131072
kern.maxfilesperproc: 104856 -> 104856
kern.threads.max_threads_per_proc: 4096 -> 4096
postfix: Postfix is running with backwards-compatible default settings
postfix: See http://www.postfix.org/COMPATIBILITY_README.html for details
postfix: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
postfix/postfix-script: fatal: the Postfix mail system is already running

What can I check? Thank you for your time…
Riccardo.

marcelloc

New pkg version includes postwhite integration  8)

Thanks for Postwhite, spf-tools projects and Bismarck

Bismarck

@pf-disa - you could try (untested but would make sense)

cd /root

fetch https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-postfix/files/install_postfix_23.sh

nano install_postfix_23.sh

go down to line 81 and edit like this:

Install postfix package

pkg install postfix**-sasl** libspf2 opendkim libmilter py27-postfix-policyd-spf-python p5-perl-ldap

and then

sh ./install_postfix_23.sh

to get rid of the compatibility warning add

smtputf8_enable=yes
compatibility_level=2

to the custom main.cf options

@marcelloc

This package is getting in a really beautiful shape, its so sad that its not be in the official repo.  :'(

Anyway excellent work!  :)

marcelloc

I'll include the sasl option in the install. The idea of this package is to give sysadmins an excellent smtp layer 7 filtering /proxy.

pf-disa

Hello,

@Bismark thanks for the info now everything works as desired!  8)

In /var/log/system.log remain the fatal error, even if all works…

Apr  9 12:26:55 pfSense0 pkg: postfix-3.1.4,1 deinstalled
Apr  9 12:26:56 pfSense0 pkg: pkg reinstalled: 1.10.1 -> 1.10.1 
Apr  9 12:27:00 pfSense0 pkg: postfix-sasl-3.1.4,1 installed
Apr  9 12:27:01 pfSense0 pkg: tiff-4.0.7_1 installed
...
Apr  9 12:28:45 pfSense0 php-fpm[47768]: /pkg_edit.php: Writing out configuration
Apr  9 12:28:47 pfSense0 php-fpm[47768]: /pkg_edit.php: Writing rc_file
Apr  9 12:28:48 pfSense0 php-fpm[47768]: /pkg_edit.php: Reloading/starting postfix
Apr  9 12:28:48 pfSense0 postfix/postfix-script[17508]: fatal: the Postfix mail system is not running
Apr  9 12:28:49 pfSense0 php-fpm[47768]: /pkg_edit.php: Postfix setup completed

Excellent work @Marcelloc, thank you!
Riccardo.

marcelloc

The fatal maybe related to a restart call to a process that is not ruining.

Good to see that this package is useful for community.

n3by

I just update my install on 2.3.2-p1 with your new script without any problems ( with sasl changes from Bismark ).

Thank you all.

marcelloc

These changes will be merged soon.

There are other improvements that will be merged soon.

Long life for community contributors  :D

Bismarck

Noticed 3 little things,

1.  postfix_postwhite.template isn't copied to /usr/local/etc/postwhite.conf

		//save file
		$postwhite_domains = preg_replace("/\s+/"," ",$domains);
		include("/usr/local/pkg/postfix_postwhite.template");
		file_put_contents($postwhite_conf , POSTFIX_LOCALBASE . "/etc/postwhite.conf" , LOCK_EX);

2. additional domains don't get added to postwhite.conf, maybe because of 1.

3. postwhite is looking for postwhite.conf in a different place anyway

# Read config file options
if [ -s /etc/postwhite.conf ] ; then
	printf "\nReading options from /etc/postwhite.conf...\n"
	source /etc/postwhite.conf
else
	printf "\nCan't find /etc/postwhite.conf. Exiting.\n\n"
	exit 1
fi

and I had a cronjob for this every morning, cant see where postwhite is executed here?

Thanks. :)

/edit

We need policyd-spf_time_limit = 3600 in main.cf if SPF Lookup is enabled or we get a lot of those lines in maillog:

Mar  5 14:03:26 mail postfix/spawn[57894]: warning: /usr/local/bin/policyd-spf: process id 58877: command time limit exceeded
Mar  5 14:32:21 mail postfix/spawn[57894]: warning: /usr/local/bin/policyd-spf: process id 60423: command time limit exceeded
Mar  5 15:13:00 mail postfix/spawn[62387]: warning: /usr/local/bin/policyd-spf: process id 62501: command time limit exceeded
Mar  5 15:30:07 mail postfix/spawn[62387]: warning: /usr/local/bin/policyd-spf: process id 63269: command time limit exceeded

Igor Filth

Great job! Package works fine.
Thank you very much guys!

I found a little mistake.
On "Access Lists" page, when i click on field "Sender" and "MIME" i'm redirected to http://www.postfix.org/pcre_table.5.html page  :)

n3by

Another bug ??

I found that widget is not displaying correct status.

I have configured postfix as backup relay MX2 on Site2 - it receive external mail from WAN if primary mail server MX1 on Site1 is unreachable and it store and forward all email by VPN Site - to - Site.
I also receive all emails from Site2 - from all LANs - and forward them to primary email server on Site1 by VPN Site - to - Site.

But until it receive a email from WAN ( Update Sqlite was on 1h and now is on 10 min), widget is not display anything for that day; emails from LAN are not showed;
As you can see it is missing day 10 and day 11 was displayed only if I blocked primary mail server to receive emails from WAN and email was delivered to MX2 and then forwarded to MX1…

p.s.
I just found also this one in log probably related to Postwhite:

postfix/postscreen[34560]: error: open /usr/local/etc/postfix/postscreen_spf_whitelist.cidr: No such file or directory

Bismarck

@ecfx:

p.s.
I just found also this one in log probably related to Postwhite:

postfix/postscreen[34560]: error: open /usr/local/etc/postfix/postscreen_spf_whitelist.cidr: No such file or directory

Because you need to run /usr/local/bin/postwhite manually first, can't find any code atm in the package, which would trigger it automatically.

Just running Postfix as a Mail Proxy and my widget stats are very accurate.

n3by

no luck:

/usr/local/bin: ./postwhite
./postwhite: Permission denied.
...
/usr/local/bin: ls -la post*
-rw-r--r--  1 root  wheel  9789 Apr  9 14:59 postwhite
/usr/local/bin: chmod 755 postwhite
/usr/local/bin: ls -la post*
-rwxr-xr-x  1 root  wheel  9789 Apr  9 14:59 postwhite
/usr/local/bin: ./postwhite
./postwhite: Command not found.

Bismarck

nano /usr/local/bin/postwhite

1 line change from

#! /bin/bash

to

#! /usr/local/bin/bash

next

fetch -q -o /usr/local/etc/postwhite.conf https://raw.githubusercontent.com/stevejenkins/postwhite/master/postwhite.conf

and

ln -s /usr/local/etc/postwhite.conf /etc/postwhite.conf

nano /usr/local/etc/postwhite.conf

edit paths

# FILE PATHS
spftoolspath=/usr/local/bin/spf-tools
postfixpath=/usr/local/etc/postfix
postfixbinarypath=/usr/local/sbin
whitelist=postscreen_spf_whitelist.cidr
blacklist=postscreen_spf_blacklist.cidr
yahoo_static_hosts=/usr/local/etc/postfix/yahoo_static_hosts.txt

now run

/usr/local/bin/postwhite

Good luck!

n3by

Thank you but is exactly the same as before.
I can live without postwhite and widget as before…

marcelloc

@ecfx:

Thank you but is exactly the same as before.
I can live without postwhite and widget as before…

fixed postwhite config file creation and etc path call

Bismarck

Thanks, the widget shortcuts are handy.  :)

Igor Filth

Can I run "install_postfix_23.sh" script again or I must remove all installed packages first  ::)

Bismarck

@Igor:

Can I run "install_postfix_23.sh" script again or I must remove all installed packages first  ::)

As far as I can see, it should not be a issue, just run the script again.

marcelloc

Included postfwd functions to limit messages per user and time based on package.

To use this funcion you must run the install cpan modules script from pkg-mailscanner

https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-mailscanner/files/install_cpan_modules_23.sh

Fist time implementation, not used to run postfwd, so feedbacks are always welcome.