Is there an email spam filter?
-
Use a cloud provider for email SPAM filtering - host your email domain with gmail, or subscribe to a spam filtering host. I use mailroute for our business email accounts. But, do it in the cloud! This is NOT something you want to run yourself, too maintenance-heavy and time consuming.
https://medium.com/buildbuilds/how-to-hook-up-a-custom-domain-email-to-your-free-gmail-account-ead660884d11
https://gsuite.google.com/products/gmail/
https://www.mailroute.net/
Jeff
-
Thanks for the replies.
I have a physical server running email software so I'm not migrating to the cloud at this time.
My current firewall has spam filtering but need to go to a different brand.
I'll look at different spam blockers then.
-
Ok, then find a cloud hosted email spam filter service. Then, if they are any good, they can forward all the clean messages to your internal mail server.
Like I said, this is how we do it at work. Only difference is that I donโt run our mail server in-house, itโs hosted someplace outside.
Jeff
-
Is all here, and working excellent.
https://github.com/marcelloc/Unofficial-pfSense-packages/tree/master/pkg-postfix
https://github.com/marcelloc/Unofficial-pfSense-packages/tree/master/pkg-mailscanner
There are a bunch auf official packages, which on your logic should not run on a firewall, but in real life there are plenty of Firewall distros and commercial products which do spam filtering. So this is just your opinion and thats okay.
-
If you want to negatively impact the security and integrity of your firewall, that is your opinion, and it's not actually OK.
Don't do that.
Just because you can, doesn't mean you should.
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
Can you tell me the exact numbers of pfSense firewalls which had been compromised, because of running a spam filter?
-
That is wholly irrelevant. It is not just about what has happened, but what can happen.
Also, adding packages to your firewall from an untrusted third-party repository is even worse for security. You have no idea what was compiled into those binaries.
It's ludicrous to suggest that could be in any way a viable practice from a security standpoint.
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
Those binaries are coming from official freebsd repo. So you don't have any facts to backup your statement, its just an opinion which I do respect.
-
@Bismarck said in Is there an email spam filter?:
Those binaries are coming from official freebsd repo. So you don't have any facts to backup your statement, its just an opinion which I do respect.
Clearly you did not do your homework. That link tells you to add this package repo:
FreeBSD: { enabled: no } Unofficial: { url: "pkg+https://github.com/marcelloc/Unofficial-pfSense-packages/raw/master/repo/${ABI}", mirror_type: "srv", enabled: yes}Which pulls binaries from that github repo, NOT FreeBSD. For example: https://github.com/marcelloc/Unofficial-pfSense-packages/tree/master/repo/FreeBSD:11:amd64
Did he copy those binaries from FreeBSD? Maybe? Who knows. If his github was compromised, they could be swapped out and you'd never know. There is also no signing setup there to verify the packages.
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp said in Is there an email spam filter?:
LOL you did just one luck punch, my binaries are from the official repo because I've installed them by myself, marcelloc must have changed this 3 days ago.
Jimp, you should not take this this so much personally.
I've setup my pfSense firewall, it was my decision to install and run 3rd party packages, its my responsibility. I do understand your concern, but in my case the benefits outweigh the risks.
-
I take the security of everyone's firewalls seriously, and I don't like when people recommend things that will compromise that severely. I know you feel justified in what you've done, but it's not something that should be done, and should not be recommended to anyone.
The instructions for that repo have changed recently but even before then, they included an install script that still pulled the binaries from his personal repo, not FreeBSD.
If you want to do it, you do you, but don't spread the infection.
