Postfix - antispam and relay package

danjeman

Just noticed on the Access Lists page I couldn't edit sender, MIME or body filters and spotted the 'a' tag was still open… Line 109 of /usr/local/pkg/postfix_acl.xml is missing the closing tag

<description>PCRE filters [that are applied to initial message helo info. Hint:
[/code]

Should be
[code]<description>PCRE filters</description>](http://www.postfix.org/pcre_table.5.html) [that are applied to initial message helo info.](http://www.postfix.org/pcre_table.5.html) Hint:
[/code][/code]</description>

marcelloc

@danjeman:

Just noticed on the Access Lists page I couldn't edit sender, MIME or body filters and spotted the 'a' tag was still open… Line 109 of /usr/local/pkg/postfix_acl.xml is missing the closing tag

Fixed. Thanks for the feedback

marcelloc

@danjeman:

Ok so widget crashed now due to memory allocation error…

I've updated the widget file to allow more php memory use.

marcelloc

@danjeman:

Was not getting any sqllite db's from the logs despite all settings being correct then found an old post referencing an issue if you have other characters in the hostname (- for instance

I've changed the preg_match from (\w+) to (\S+)

https://github.com/marcelloc/Unofficial-pfSense-packages/commit/0893d4a2e523688ccd56d419ff1d7c8be5c51cd2

danjeman

@marcelloc:

I've changed the preg_match from (\w+) to (\S+)

https://github.com/marcelloc/Unofficial-pfSense-packages/commit/0893d4a2e523688ccd56d419ff1d7c8be5c51cd2

Re- ran the installer and all looks good so far, thanks! :)

danjeman

Noticed that the options for 'SPF lookup HELO' and 'SPF lookup Mail From' are missing 'Fail' option..

Looks like option Null for 'HELO' has value Fail set as well as option Fail so 'Fail' never displays (also would mean selecting Null didn't do what you expect).

For 'Mail From' option Null shouldn't be an option (according to the commented policyd-spf.conf) so removing this will correct the available options.

marcelloc

@danjeman:

Noticed that the options for 'SPF lookup HELO' and 'SPF lookup Mail From' are missing 'Fail' option..

Looks like option Null for 'HELO' has value Fail set as well as option Fail so 'Fail' never displays (also would mean selecting Null didn't do what you expect).

For 'Mail From' option Null shouldn't be an option (according to the commented policyd-spf.conf) so removing this will correct the available options.

thanks for the pull request on github  :)

n3by

Widget start to display strange data…


marcelloc

Are you waiting first refresh?

Bismarck

Looks good so far here. :)

marcelloc postfwd pkg is missing in the setup script? I've installed it manually and set postfwd.cf and the port to 10045 in the rc file, now its running.


marcelloc

@Bismarck:

Looks good so far here. :)

marcelloc postfwd pkg is missing in the setup script? I

I'll check but I remember including it on install script. Maybe I forgot to push it to GitHub repo

marcelloc

@marcelloc:

I'll check but I remember including it on install script. Maybe I forgot to push it to GitHub repo

Gui creates the file when there are rules on it. what's the behavior on your box?

Bismarck

@marcelloc:

@marcelloc:

I'll check but I remember including it on install script. Maybe I forgot to push it to GitHub repo

Gui creates the file when there are rules on it. what's the behavior on your box?

I had to manually install postfix-postfwd-1.35_1 to make it run and listen on 127.0.0.1:10045, otherwise postfix will give warnings about it.

Apr 21 16:40:16 zonk postfix/smtpd[4740]: warning: connect to 127.0.0.1:10045: Operation timed out
Apr 21 16:40:16 zonk postfix/smtpd[4740]: warning: problem talking to server 127.0.0.1:10045: Operation timed out

marcelloc

@Bismarck:

I had to manually install postfix-postfwd-1.35_1 to make it run and listen on 127.0.0.1:10045, otherwise postfix will give warnings about it.

Fixed the install script to include the pkg add, Thanks again  :)

I'll push it to repo soon

n3by

Hi,

Is this re-instalation completed successfully as I also see in /root ?

drwxr-xr-x   5 root  wheel        512 Apr 25 17:07 spf-tools-master

/root: sh ./install_postfix_23.sh
Message from syslogd@fwpl at Apr 25 17:05:19 ...
fwpl php-fpm[61287]: /index.php: Successful loginsh ./install_postfix_23.sh                                                                 fetching  /usr/local/bin/adexport.pl from github
fetching  /usr/local/pkg/postfix.inc from github
fetching  /usr/local/pkg/postfix.xml from github
fetching  /usr/local/pkg/postfix_acl.xml from github
fetching  /usr/local/pkg/postfix_antispam.xml from github
fetching  /usr/local/pkg/postfix_domains.xml from github
fetching  /usr/local/pkg/postfix_recipients.xml from github
fetching  /usr/local/pkg/postfix_sync.xml from github
fetching  /usr/local/share/pfSense-pkg-postfix/info.xml from github
fetching  /usr/local/www/postfix.php from github
fetching  /usr/local/www/postfix_about.php from github
fetching  /usr/local/www/postfix_queue.php from github
fetching  /usr/local/www/postfix_recipients.php from github
fetching  /usr/local/www/postfix_search.php from github
fetching  /usr/local/www/postfix_view_config.php from github
fetching  /usr/local/www/shortcuts/pkg_postfix.inc from github
fetching  /usr/local/www/widgets/widgets/postfix.widget.php from github
fetching  /usr/local/pkg/postfix_dkim.inc from github
fetching  /usr/local/www/vendor/datatable/se-1.2.0.zip from github
fetching  /usr/local/www/vendor/datatable/css/jquery.dataTables.min.css from github
fetching  /usr/local/www/vendor/datatable/js/jquery.dataTables.min.js from github
fetching  /usr/local/www/postfix.sql.php from github
fetching  /usr/local/bin/postwhite from github
fetching  /usr/local/pkg/postfix_postwhite.template from github
Updating FreeBSD repository catalogue...
Fetching meta.txz: 100%    944 B   0.9kB/s    00:01    
Fetching packagesite.txz: 100%    6 MiB   3.0MB/s    00:02    
Processing entries: 100%
FreeBSD repository update completed. 26278 packages processed.
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
Fetching meta.txz: 100%    944 B   0.9kB/s    00:01    
Child process pid=77716 terminated abnormally: Segmentation fault
fetch: https://github.com/jsarenik/spf-tools/archive/master.zip: size of remote file is not known
master.zip                                              49 kB  195 kBps 00m01s
Archive:  master.zip
d spf-tools-master
replace spf-tools-master/.gitignore? [y]es, [n]o, [A]ll, [N]one, [r]ename: y
 extracting: spf-tools-master/.gitignore  
replace spf-tools-master/.simplecov? [y]es, [n]o, [A]ll, [N]one, [r]ename: A
 extracting: spf-tools-master/.simplecov  
 extracting: spf-tools-master/.travis.yml  
 extracting: spf-tools-master/AUTHORS  
 extracting: spf-tools-master/LICENSE  
 extracting: spf-tools-master/README.md  
 extracting: spf-tools-master/circle.yml  
 extracting: spf-tools-master/cloudflare.sh  
 extracting: spf-tools-master/compare.sh  
 extracting: spf-tools-master/despf.sh  
 extracting: spf-tools-master/genspfzone.sh  
d spf-tools-master/include
 extracting: spf-tools-master/include/despf.inc.sh  
 extracting: spf-tools-master/include/global.inc.sh  
 extracting: spf-tools-master/include/isincidrange.sh  
 extracting: spf-tools-master/iprange.sh  
d spf-tools-master/misc
 extracting: spf-tools-master/misc/ci-runtest.sh  
 extracting: spf-tools-master/misc/ci-setup.sh  
 extracting: spf-tools-master/misc/tmpl  
 extracting: spf-tools-master/mkblocks.sh  
 extracting: spf-tools-master/mkzoneent.sh  
 extracting: spf-tools-master/normalize.sh  
 extracting: spf-tools-master/route53.sh  
 extracting: spf-tools-master/runspftools.sh  
 extracting: spf-tools-master/shippable.yml  
 extracting: spf-tools-master/simplify.sh  
d spf-tools-master/tests
d spf-tools-master/tests/a24
 extracting: spf-tools-master/tests/a24/cmd  
 extracting: spf-tools-master/tests/a24/in  
 extracting: spf-tools-master/tests/a24/out  
d spf-tools-master/tests/brokendns
 extracting: spf-tools-master/tests/brokendns/cmd  
 extracting: spf-tools-master/tests/brokendns/in  
 extracting: spf-tools-master/tests/brokendns/out  
d spf-tools-master/tests/cname
 extracting: spf-tools-master/tests/cname/cmd  
 extracting: spf-tools-master/tests/cname/in  
 extracting: spf-tools-master/tests/cname/out  
d spf-tools-master/tests/despf
 extracting: spf-tools-master/tests/despf/cmd  
 extracting: spf-tools-master/tests/despf/in  
 extracting: spf-tools-master/tests/despf/out  
d spf-tools-master/tests/despf_chain
 extracting: spf-tools-master/tests/despf_chain/cmd  
 extracting: spf-tools-master/tests/despf_chain/in  
 extracting: spf-tools-master/tests/despf_chain/out  
d spf-tools-master/tests/despf_help
 extracting: spf-tools-master/tests/despf_help/cmd  
 extracting: spf-tools-master/tests/despf_help/in  
 extracting: spf-tools-master/tests/despf_help/out  
d spf-tools-master/tests/despf_qualifier
 extracting: spf-tools-master/tests/despf_qualifier/cmd  
 extracting: spf-tools-master/tests/despf_qualifier/in  
 extracting: spf-tools-master/tests/despf_qualifier/out  
d spf-tools-master/tests/despf_qualifier2
 extracting: spf-tools-master/tests/despf_qualifier2/cmd  
 extracting: spf-tools-master/tests/despf_qualifier2/in  
 extracting: spf-tools-master/tests/despf_qualifier2/out  
d spf-tools-master/tests/despf_skip
 extracting: spf-tools-master/tests/despf_skip/cmd  
 extracting: spf-tools-master/tests/despf_skip/in  
 extracting: spf-tools-master/tests/despf_skip/out  
d spf-tools-master/tests/despf_skip_t
 extracting: spf-tools-master/tests/despf_skip_t/cmd  
 extracting: spf-tools-master/tests/despf_skip_t/in  
 extracting: spf-tools-master/tests/despf_skip_t/out  
d spf-tools-master/tests/despf_torn
 extracting: spf-tools-master/tests/despf_torn/cmd  
 extracting: spf-tools-master/tests/despf_torn/in  
 extracting: spf-tools-master/tests/despf_torn/out  
d spf-tools-master/tests/despf_upper_case
 extracting: spf-tools-master/tests/despf_upper_case/cmd  
 extracting: spf-tools-master/tests/despf_upper_case/in  
 extracting: spf-tools-master/tests/despf_upper_case/out  
d spf-tools-master/tests/fix_32
 extracting: spf-tools-master/tests/fix_32/cmd  
 extracting: spf-tools-master/tests/fix_32/in  
 extracting: spf-tools-master/tests/fix_32/out  
d spf-tools-master/tests/mkblocks-help
 extracting: spf-tools-master/tests/mkblocks-help/cmd  
 extracting: spf-tools-master/tests/mkblocks-help/in  
 extracting: spf-tools-master/tests/mkblocks-help/out  
d spf-tools-master/tests/mkblocks-start
 extracting: spf-tools-master/tests/mkblocks-start/cmd  
 extracting: spf-tools-master/tests/mkblocks-start/in  
 extracting: spf-tools-master/tests/mkblocks-start/out  
d spf-tools-master/tests/mkblocks
 extracting: spf-tools-master/tests/mkblocks/cmd  
 extracting: spf-tools-master/tests/mkblocks/in  
 extracting: spf-tools-master/tests/mkblocks/out  
d spf-tools-master/tests/mx20
 extracting: spf-tools-master/tests/mx20/cmd  
 extracting: spf-tools-master/tests/mx20/in  
 extracting: spf-tools-master/tests/mx20/out  
d spf-tools-master/tests/mx20_upper_case
 extracting: spf-tools-master/tests/mx20_upper_case/cmd  
 extracting: spf-tools-master/tests/mx20_upper_case/in  
 extracting: spf-tools-master/tests/mx20_upper_case/out  
d spf-tools-master/tests/norm_ignore
 extracting: spf-tools-master/tests/norm_ignore/cmd  
 extracting: spf-tools-master/tests/norm_ignore/in  
 extracting: spf-tools-master/tests/norm_ignore/out  
d spf-tools-master/tests/normalize
 extracting: spf-tools-master/tests/normalize/cmd  
 extracting: spf-tools-master/tests/normalize/in  
 extracting: spf-tools-master/tests/normalize/out  
d spf-tools-master/tests/normalize_empty
 extracting: spf-tools-master/tests/normalize_empty/cmd  
 extracting: spf-tools-master/tests/normalize_empty/in  
 extracting: spf-tools-master/tests/normalize_empty/out  
d spf-tools-master/tests/nospf
 extracting: spf-tools-master/tests/nospf/cmd  
 extracting: spf-tools-master/tests/nospf/in  
 extracting: spf-tools-master/tests/nospf/out  
d spf-tools-master/tests/redirect
 extracting: spf-tools-master/tests/redirect/cmd  
 extracting: spf-tools-master/tests/redirect/in  
unzip: skipping non-regular entry 'spf-tools-master/tests/redirect/out'
d spf-tools-master/tests/simplify
 extracting: spf-tools-master/tests/simplify/cmd  
 extracting: spf-tools-master/tests/simplify/in  
 extracting: spf-tools-master/tests/simplify/out  
 extracting: spf-tools-master/tests/test-shell.sh  
 extracting: spf-tools-master/tests/test-subdirs.sh  
 extracting: spf-tools-master/tests/test-unit.sh  
 extracting: spf-tools-master/xsel.sh  
mv: rename spf-tools-master to /usr/local/bin/spf-tools/spf-tools-master: Directory not empty

edit:
deleted /usr/local/bin/spf-tools/spf-tools-master
and retry the install and now it looks ok

ccnet

Yesterday, a fresh Pfsense 2.3.3 install. 64bits version, on a vm (esx) with 2Go ram. This Pfsense is not used as firewall, the purpose is testing Pfsense + Postfix package as mail gateway. Runing install from scrip as provide on github. No error except if i miss something.
Setting a few parameters in Postfix and i can start it.
Now the problems.
In    SystemPackage ManagerInstalled Packages :  There are no packages currently installed.

The only way i find to acces Posrfix setup is via Status / Services and clicj icon Related settings.
Postfix don(t appear in menu Services. Is this normal ?

In my actual Postfix gateway (5/6 clients with it) i use access lists for denied domain : one list for domain and another one with regular expresion. In main.cf I have :

smtpd_client_restrictions = permit_mynetworks
                            permit_sasl_authenticated                   
		            check_client_access cidr:/etc/postfix/access_cidr
                            check_client_access hash:/etc/postfix/access_client
		            check_client_access regexp:/etc/postfix/access_client_regexp
			    reject_rbl_client zen.spamhaus.org

I'm not sure to understand howto implement cidr:/etc/postfix/access_cidr and hash:/etc/postfix/access_client.
etc/postfix/access_cidr is something like

offrecadeau.ovh         REJECT spammeur

hash:/etc/postfix/access_client is like

243.200.171.0/24		REJECT Spammeur

This package is a great job. Thanks.

marcelloc

@ccnet:

In    SystemPackage ManagerInstalled Packages :  There are no packages currently installed.

That's right. As an Unofficial package, It will not be there.

@ccnet:

The only way i find to acces Posrfix setup is via Status / Services and clicj icon Related settings.
Postfix don(t appear in menu Services. Is this normal ?

try to install cron package for example. Install process includes postfix on service menu but for some reason, on some boxes, you may need to install a package. I suggest system patches or cron.

@ccnet:

This package is a great job. Thanks.

Thanks  :)

ccnet

Thanks Marcelloc,

installing the cron package solve the problem about smtp in menu Services. Postfix Forwarder is now visible.

ccnet

I thing an access client list is missing for denying a domains list such as

diglobaltoday.com REJECT

When looking at configuration i have :

smtpd_client_restrictions = permit_mynetworks,
				reject_unauth_destination,
				check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
				check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
				reject_unknown_client_hostname,
				reject_unauth_pipelining,
				reject_multi_recipient_bounce,
				permit

I thing it will be nice to have one more line with :

check_client_access hash:/usr/local/etc/postfix/cal_hash,

I have 3900 domains rejected at command connect (smtpd_client_restrictions) in my ClearOS Gateway.

marcelloc

Just add a // between domains you have on pcre field.

/\.dsl\./ REJECT DSLs not allowed [HS001]
/\.dynamic\./ REJECT DSLs not allowed[HS003]
/mkt/ REJECT Spam is not marketing [HS007]

TABLE FORMAT
      The general form of a PCRE table is:

/pattern/flags result
              When pattern matches the input  string,  use  the  corresponding
              result value.

!/pattern/flags result
              When  pattern  does  not  match the input string, use the corre-
              sponding result value.