Postfix - antispam and relay package
-
Hello!
Does somebody have a modified system.inc for PFsenese 2.3.3 ? ( It doesn't work with system.inc from attached pfSense-2.3-Postfix.zip…. PFsense doesn't load saved configuration... ) :( :( :(
Here is my running /etc/inc/system.inc attached, I'm using the Patches package with Auto Apply, so it will be auto patched after an pfSense update has deleted the maillog line.
--- system.inc 2017-03-08 11:19:12.000000000 +0100 +++ system-new.inc 2017-03-08 11:21:39.000000000 +0100 @@ -1164,6 +1164,7 @@ local4.* {$log_directive}{$g['varlog_path']}/portalauth.log local5.* {$log_directive}{$g['varlog_path']}/nginx.log local7.* {$log_directive}{$g['varlog_path']}/dhcpd.log +mail.* /var/log/maillog *.notice;kern.debug;lpr.info;mail.crit;daemon.none;news.err;local0.none;local3.none;local4.none;local7.none;security.*;auth.info;authpriv.info;daemon.info {$log_directive}{$g['varlog_path']}/system.log auth.info;authpriv.info |exec /usr/local/sbin/sshlockout_pf 15 *.emerg *
And don't forget to reboot after patching. :)
-
Thank you Bismarck - It works !!!
P.S. for others
Next edit:
/conf/config.xml
- and add Postfix to the Service Status and Menu:
<service><name>postfix</name>
<rcfile>postfix.sh</rcfile>
<executable>master</executable></service><menu>
<name>Postfix Forwarder</name>
<tooltiptext>Configure Postfix Forwarder</tooltiptext>
Services
<url>/pkg_edit.php?xml=postfix.xml&id=0</url>
</menu><menu>
<name>Search Mail</name>
<tooltiptext>Search postfix logs</tooltiptext>
Diagnostics
<url>/postfix_search.php</url>
</menu><menu>
<name>Postfix Queue</name>
<tooltiptext>check postfix queue</tooltiptext>
Status
<url>/postfix_queue.php</url>
</menu>Those must be inserted in the <installedpackages>section :)</installedpackages>
-
Hi everybody.
It's finally done 8)
Here are install instructions for UNOFFICIAL postfix package for pfSense(R) software 2.3.x
Under console/ssh, fetch the install script, check what it does if you want and then execute it.
cd /root fetch https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-postfix/files/install_postfix_23.sh sh ./install_postfix_23.sh
Once it finishes, all must be in place. If you do not see the menu after it finishes, try to install any pfSense package from GUI, like cron for example.
WARNING
Use it at your own risk.
This script install packages from freebsd and change your config file.
-
Thank you looks very good so far, just one thing, the Widget always shows reject = 0.
-
Thank you looks very good so far, just one thing, the Widget always shows reject = 0.
I've updated some improvements on log to database function and search as well. Try updating the gui files or running the install process again.
Also check if you have reject logs on /var/log/maillog.
-
To follow updates on the package, check
https://github.com/marcelloc/Unofficial-pfSense-packages/commits/master/pkg-postfix
-
Hello marcelloc, I did run the install process again but no luck, reject is still 0 and I have different stats about the spam count in MailWatch as well.
Any idea?
BTW SPF and DKIM integration is awesome, thank you!
-
Do you have any non word character on server name like antispam-01 ?
The stats on widget are based on destination recipients. Is this what mailwatch does?
A message sid can have more then one destination recipient.
The spam message on widget is specific for spamassassin message that has the alert on logs with 'is spam'.
-
Do you have any non word character on server name like antispam-01 ?
No its just pfsense
The stats on widget are based on destination recipients. Is this what mailwatch does?
Yes, but it looks like the widget just counts high scored spam and not all, same when searching for spam in postfix_search.php it just finds high scored spam and the numbers of high scored spam are are always the same in the widget and MailMatch.
The spam message on widget is specific for spamassassin message that has the alert on logs with 'is spam'.
Yes, but for some odd reason, only the high scored spam gets logged to sqlite.
In the first unofficial version, the logging to sqlite was working fine, nothing changed since with my setup, except the new Postfix package.
If you like I can send you my maillog?
/edit
Searching for spam in postfix_search.php before the update in a sqlite db it shows all spam messages, the low and high scored.
-
-
Yes, but it looks like the widget just counts high scored spam and not all, same when searching for spam in postfix_search.php it just finds high scored spam and the numbers of high scored spam are are always the same in the widget and MailMatch.
The point is that database gets the last status from message. 'Normal spam' on your configuration are sent to user, this way, last state is sent, instead of spam.
The spam message on widget is specific for spamassassin message that has the alert on logs with 'is spam'.
There was some logic error on widget I've fixed too.
There was also an index on database that suposed to be unique but wasn't. Fixed this too.
https://github.com/marcelloc/Unofficial-pfSense-packages/commit/5cea314818b93122582be87bdf63c0a1eedad475
Thanks for your feedback. :)ps: Your mailscanner and spamassassin looks working really great. Did you had to change a lot of default gui config or rules? Are you using other spamassassin rules?
-
https://github.com/marcelloc/Unofficial-pfSense-packages/commit/5cea314818b93122582be87bdf63c0a1eedad475
Thanks for your feedback. :)I've applied the patch and it looks very good so far! :)
ps: Your mailscanner and spamassassin looks working really great. Did you had to change a lot of default gui config or rules? Are you using other spamassassin rules?
I've changed a lot of small things and yes I use custom scripts, rule channels and clamav sigs etc. but I think a good bayes training is the key.
If you like a can pack it all together for you?
Muito obrigado novamente! ;)
-
If you like a can pack it all together for you?
Sure. Is it something I can apply on mailscanner package installation?
-
If you like a can pack it all together for you?
Sure. Is it something I can apply on mailscanner package installation?
Sure why not. I'll make you a list of the things and files and where to get them.
-
Hello marcelloc,
thank you for your work and this package… Is there any documentation on how to enable postfix as smarthost and to relay via gmail smtp?
I'm trying to configure it as the old package (in pfsense 2.2x) that was working as smarthost for the internal lan, with relay via my gmail account: the only instruction I've found are http://ghanima.net/doku.php?id=wiki:pfsense:postfixmailrelay but I can't make it work (different paths) and various errors in /var/log/system.log
Apr 7 17:42:38 pfSense0 php-fpm[64394]: /pkg_edit.php: Writing out configuration
Apr 7 17:42:40 pfSense0 php-fpm[64394]: /pkg_edit.php: Writing rc_file
Apr 7 17:42:41 pfSense0 php-fpm[64394]: /pkg_edit.php: Stopping postfix
Apr 7 17:42:41 pfSense0 postfix/postfix-script[73787]: fatal: the Postfix mail system is not running
Apr 7 17:42:42 pfSense0 php-fpm[64394]: /pkg_edit.php: The command stop' returned exit code '1', the output was ''
…
Apr 7 17:45:43 pfSense0 php-fpm[67433]: /pkg_edit.php: Writing out configuration
Apr 7 17:45:45 pfSense0 php-fpm[67433]: /pkg_edit.php: Writing rc_file
Apr 7 17:45:46 pfSense0 php-fpm[67433]: /pkg_edit.php: Reloading/starting postfix
Apr 7 17:45:46 pfSense0 postfix/postfix-script[98918]: fatal: the Postfix mail system is not running
Apr 7 17:45:47 pfSense0 php-fpm[67433]: /pkg_edit.php: Postfix setup completed
Apr 7 17:45:58 pfSense0 postfix/smtp[70787]: fatal: SASL library initialization
Apr 7 17:46:59 pfSense0 postfix/smtp[3068]: fatal: SASL library initialization
Apr 7 17:48:00 pfSense0 postfix/smtp[24940]: fatal: SASL library initializationExecuting via ssh the command "/usr/local/etc/rc.d/postfix.sh start" gives the following output:
kern.ipc.nmbclusters: 379268
sysctl: kern.ipc.nmbclusters=65536: Invalid argument
kern.ipc.somaxconn: 16384 -> 16384
kern.maxfiles: 131072 -> 131072
kern.maxfilesperproc: 104856 -> 104856
kern.threads.max_threads_per_proc: 4096 -> 4096
postfix: Postfix is running with backwards-compatible default settings
postfix: See http://www.postfix.org/COMPATIBILITY_README.html for details
postfix: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
postfix/postfix-script: fatal: the Postfix mail system is already runningWhat can I check? Thank you for your time…
Riccardo. -
New pkg version includes postwhite integration 8)
Thanks for Postwhite, spf-tools projects and Bismarck
-
@pf-disa - you could try (untested but would make sense)
cd /root fetch https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-postfix/files/install_postfix_23.sh nano install_postfix_23.sh
go down to line 81 and edit like this:
Install postfix package
pkg install postfix**-sasl** libspf2 opendkim libmilter py27-postfix-policyd-spf-python p5-perl-ldap
and then
sh ./install_postfix_23.sh
to get rid of the compatibility warning add
smtputf8_enable=yes compatibility_level=2
to the custom main.cf options
This package is getting in a really beautiful shape, its so sad that its not be in the official repo. :'(
Anyway excellent work! :)
-
I'll include the sasl option in the install. The idea of this package is to give sysadmins an excellent smtp layer 7 filtering /proxy.
-
Hello,
@Bismark thanks for the info now everything works as desired! 8)
In /var/log/system.log remain the fatal error, even if all works…
Apr 9 12:26:55 pfSense0 pkg: postfix-3.1.4,1 deinstalled Apr 9 12:26:56 pfSense0 pkg: pkg reinstalled: 1.10.1 -> 1.10.1 Apr 9 12:27:00 pfSense0 pkg: postfix-sasl-3.1.4,1 installed Apr 9 12:27:01 pfSense0 pkg: tiff-4.0.7_1 installed ... Apr 9 12:28:45 pfSense0 php-fpm[47768]: /pkg_edit.php: Writing out configuration Apr 9 12:28:47 pfSense0 php-fpm[47768]: /pkg_edit.php: Writing rc_file Apr 9 12:28:48 pfSense0 php-fpm[47768]: /pkg_edit.php: Reloading/starting postfix Apr 9 12:28:48 pfSense0 postfix/postfix-script[17508]: fatal: the Postfix mail system is not running Apr 9 12:28:49 pfSense0 php-fpm[47768]: /pkg_edit.php: Postfix setup completed
Excellent work @Marcelloc, thank you!
Riccardo. -
The fatal maybe related to a restart call to a process that is not ruining.
Good to see that this package is useful for community.