Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mail Relay versus port forwarding

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      barmyarmy
      last edited by

      So I'm looking to move my existing linux firewall/mail box behind a pfsense router, if only so I can physically relocate this rather large box, and replace with something smaller and quieter.

      I could just port-forward SMTP to the box behind the FW, or I could install the postfix mail-relay and have it pass the mail on, optionally adding some spam filtering.

      Has anyone installed DSPAM or anysort of grey listing software onto a pfsense unit ?

      Should I just do simple RBS lookups and save spamassassin and DSPAM for the real mail machine ?

      Do I gain anything from having some spam filtering/grey listing on the firewall meaning snort can potentially parse those logs ?

      I appreciate there may be some firmly held religious beliefs on how/wether a firewall should handle mail. I intend only to relay for a real mailserver behind the firewall.

      BA

      1 Reply Last reply Reply Quote 0
      • P
        pete35
        last edited by

        The prefered inbound mail chain would be:  Pfsense nat on port 25 to - SPAM Filter - smtp to -  Mail Server . Each one on there own VM or Box.

        Addtional Pfblocker on Pfsense to exclude some Geo Areas. Pfsense should block all other ports to the spam filter.

        For the SPAM Filter you may check an appliance "EFA project" : https://efa-project.org/ .

        <a href="https://carsonlam.ca">bintang88</a>
        <a href="https://carsonlam.ca">slot88</a>

        1 Reply Last reply Reply Quote 0
        • B
          biggsy
          last edited by

          I agree with pete35.  I used to run the postfix package on the firewall but there are some good reasons not to do that.

          Putting postfix in its own VM and port forwarding to to it has some additional advantages:

          • more flexible postfix configuration

          • allows me to run fail2ban against the postfix logs

          • fail2ban uses openbgpd to block offenders at the firewall

          The DNSBL and "PREGREET" detection capabilities of postfix prevent 99% of the spam ever reaching the mail server.

          1 Reply Last reply Reply Quote 0
          • B
            barmyarmy
            last edited by

            @biggsy:

            I agree with pete35.  I used to run the postfix package on the firewall but there are some good reasons not to do that.

            What are the good reasons out of interest ?

            BA

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.