Is there an email spam filter?

Susan341

I want to use this for an internet connection with an email server.

Is there any spam filtering in pfsense?

This link says you can add a spamhaus blacklist to block spam? #2 in the link.
https://turbofuture.com/computers/The-Best-pfSense-Packages

How is the functionality if the spamhaus list can be used?

Thanks

jimp

No. pfSense is a firewall, not a mail server or spam filter.

While you could use address lists with something like pfBlocker, that's at a firewall level, it wouldn't inspect mail headers or contents.

akuma1x

Use a cloud provider for email SPAM filtering - host your email domain with gmail, or subscribe to a spam filtering host. I use mailroute for our business email accounts. But, do it in the cloud! This is NOT something you want to run yourself, too maintenance-heavy and time consuming.

https://medium.com/buildbuilds/how-to-hook-up-a-custom-domain-email-to-your-free-gmail-account-ead660884d11

https://gsuite.google.com/products/gmail/

https://www.mailroute.net/

Jeff

Susan341

Thanks for the replies.

I have a physical server running email software so I'm not migrating to the cloud at this time.

My current firewall has spam filtering but need to go to a different brand.

I'll look at different spam blockers then.

akuma1x

Ok, then find a cloud hosted email spam filter service. Then, if they are any good, they can forward all the clean messages to your internal mail server.

Like I said, this is how we do it at work. Only difference is that I don’t run our mail server in-house, it’s hosted someplace outside.

Jeff

Bismarck

@Susan341

Is all here, and working excellent.

https://github.com/marcelloc/Unofficial-pfSense-packages/tree/master/pkg-postfix

https://github.com/marcelloc/Unofficial-pfSense-packages/tree/master/pkg-mailscanner

@jimp

There are a bunch auf official packages, which on your logic should not run on a firewall, but in real life there are plenty of Firewall distros and commercial products which do spam filtering. So this is just your opinion and thats okay.

jimp

If you want to negatively impact the security and integrity of your firewall, that is your opinion, and it's not actually OK.

Don't do that.

Just because you can, doesn't mean you should.

Bismarck

@jimp

Can you tell me the exact numbers of pfSense firewalls which had been compromised, because of running a spam filter?

jimp

That is wholly irrelevant. It is not just about what has happened, but what can happen.

Also, adding packages to your firewall from an untrusted third-party repository is even worse for security. You have no idea what was compiled into those binaries.

It's ludicrous to suggest that could be in any way a viable practice from a security standpoint.

Bismarck

@jimp

Those binaries are coming from official freebsd repo. So you don't have any facts to backup your statement, its just an opinion which I do respect.

jimp

@Bismarck said in Is there an email spam filter?:

@jimp

Those binaries are coming from official freebsd repo. So you don't have any facts to backup your statement, its just an opinion which I do respect.

Clearly you did not do your homework. That link tells you to add this package repo:

FreeBSD: { enabled: no }

Unofficial: { url: "pkg+https://github.com/marcelloc/Unofficial-pfSense-packages/raw/master/repo/${ABI}",
	    mirror_type: "srv",
	    enabled: yes}

Which pulls binaries from that github repo, NOT FreeBSD. For example: https://github.com/marcelloc/Unofficial-pfSense-packages/tree/master/repo/FreeBSD:11:amd64

Did he copy those binaries from FreeBSD? Maybe? Who knows. If his github was compromised, they could be swapped out and you'd never know. There is also no signing setup there to verify the packages.

Bismarck

@jimp said in Is there an email spam filter?:

LOL you did just one luck punch, my binaries are from the official repo because I've installed them by myself, marcelloc must have changed this 3 days ago.

Jimp, you should not take this this so much personally.

I've setup my pfSense firewall, it was my decision to install and run 3rd party packages, its my responsibility. I do understand your concern, but in my case the benefits outweigh the risks.

jimp

I take the security of everyone's firewalls seriously, and I don't like when people recommend things that will compromise that severely. I know you feel justified in what you've done, but it's not something that should be done, and should not be recommended to anyone.

The instructions for that repo have changed recently but even before then, they included an install script that still pulled the binaries from his personal repo, not FreeBSD.

If you want to do it, you do you, but don't spread the infection.