Postfix - antispam and relay package
-
I'll check but I remember including it on install script. Maybe I forgot to push it to GitHub repo
Gui creates the file when there are rules on it. what's the behavior on your box?
-
I'll check but I remember including it on install script. Maybe I forgot to push it to GitHub repo
Gui creates the file when there are rules on it. what's the behavior on your box?
I had to manually install postfix-postfwd-1.35_1 to make it run and listen on 127.0.0.1:10045, otherwise postfix will give warnings about it.
Apr 21 16:40:16 zonk postfix/smtpd[4740]: warning: connect to 127.0.0.1:10045: Operation timed out Apr 21 16:40:16 zonk postfix/smtpd[4740]: warning: problem talking to server 127.0.0.1:10045: Operation timed out
-
I had to manually install postfix-postfwd-1.35_1 to make it run and listen on 127.0.0.1:10045, otherwise postfix will give warnings about it.
Fixed the install script to include the pkg add, Thanks again :)
I'll push it to repo soon
-
Hi,
Is this re-instalation completed successfully as I also see in /root ?
drwxr-xr-x 5 root wheel 512 Apr 25 17:07 spf-tools-master
/root: sh ./install_postfix_23.sh Message from syslogd@fwpl at Apr 25 17:05:19 ... fwpl php-fpm[61287]: /index.php: Successful loginsh ./install_postfix_23.sh fetching /usr/local/bin/adexport.pl from github fetching /usr/local/pkg/postfix.inc from github fetching /usr/local/pkg/postfix.xml from github fetching /usr/local/pkg/postfix_acl.xml from github fetching /usr/local/pkg/postfix_antispam.xml from github fetching /usr/local/pkg/postfix_domains.xml from github fetching /usr/local/pkg/postfix_recipients.xml from github fetching /usr/local/pkg/postfix_sync.xml from github fetching /usr/local/share/pfSense-pkg-postfix/info.xml from github fetching /usr/local/www/postfix.php from github fetching /usr/local/www/postfix_about.php from github fetching /usr/local/www/postfix_queue.php from github fetching /usr/local/www/postfix_recipients.php from github fetching /usr/local/www/postfix_search.php from github fetching /usr/local/www/postfix_view_config.php from github fetching /usr/local/www/shortcuts/pkg_postfix.inc from github fetching /usr/local/www/widgets/widgets/postfix.widget.php from github fetching /usr/local/pkg/postfix_dkim.inc from github fetching /usr/local/www/vendor/datatable/se-1.2.0.zip from github fetching /usr/local/www/vendor/datatable/css/jquery.dataTables.min.css from github fetching /usr/local/www/vendor/datatable/js/jquery.dataTables.min.js from github fetching /usr/local/www/postfix.sql.php from github fetching /usr/local/bin/postwhite from github fetching /usr/local/pkg/postfix_postwhite.template from github Updating FreeBSD repository catalogue... Fetching meta.txz: 100% 944 B 0.9kB/s 00:01 Fetching packagesite.txz: 100% 6 MiB 3.0MB/s 00:02 Processing entries: 100% FreeBSD repository update completed. 26278 packages processed. Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... Fetching meta.txz: 100% 944 B 0.9kB/s 00:01 Child process pid=77716 terminated abnormally: Segmentation fault fetch: https://github.com/jsarenik/spf-tools/archive/master.zip: size of remote file is not known master.zip 49 kB 195 kBps 00m01s Archive: master.zip d spf-tools-master replace spf-tools-master/.gitignore? [y]es, [n]o, [A]ll, [N]one, [r]ename: y extracting: spf-tools-master/.gitignore replace spf-tools-master/.simplecov? [y]es, [n]o, [A]ll, [N]one, [r]ename: A extracting: spf-tools-master/.simplecov extracting: spf-tools-master/.travis.yml extracting: spf-tools-master/AUTHORS extracting: spf-tools-master/LICENSE extracting: spf-tools-master/README.md extracting: spf-tools-master/circle.yml extracting: spf-tools-master/cloudflare.sh extracting: spf-tools-master/compare.sh extracting: spf-tools-master/despf.sh extracting: spf-tools-master/genspfzone.sh d spf-tools-master/include extracting: spf-tools-master/include/despf.inc.sh extracting: spf-tools-master/include/global.inc.sh extracting: spf-tools-master/include/isincidrange.sh extracting: spf-tools-master/iprange.sh d spf-tools-master/misc extracting: spf-tools-master/misc/ci-runtest.sh extracting: spf-tools-master/misc/ci-setup.sh extracting: spf-tools-master/misc/tmpl extracting: spf-tools-master/mkblocks.sh extracting: spf-tools-master/mkzoneent.sh extracting: spf-tools-master/normalize.sh extracting: spf-tools-master/route53.sh extracting: spf-tools-master/runspftools.sh extracting: spf-tools-master/shippable.yml extracting: spf-tools-master/simplify.sh d spf-tools-master/tests d spf-tools-master/tests/a24 extracting: spf-tools-master/tests/a24/cmd extracting: spf-tools-master/tests/a24/in extracting: spf-tools-master/tests/a24/out d spf-tools-master/tests/brokendns extracting: spf-tools-master/tests/brokendns/cmd extracting: spf-tools-master/tests/brokendns/in extracting: spf-tools-master/tests/brokendns/out d spf-tools-master/tests/cname extracting: spf-tools-master/tests/cname/cmd extracting: spf-tools-master/tests/cname/in extracting: spf-tools-master/tests/cname/out d spf-tools-master/tests/despf extracting: spf-tools-master/tests/despf/cmd extracting: spf-tools-master/tests/despf/in extracting: spf-tools-master/tests/despf/out d spf-tools-master/tests/despf_chain extracting: spf-tools-master/tests/despf_chain/cmd extracting: spf-tools-master/tests/despf_chain/in extracting: spf-tools-master/tests/despf_chain/out d spf-tools-master/tests/despf_help extracting: spf-tools-master/tests/despf_help/cmd extracting: spf-tools-master/tests/despf_help/in extracting: spf-tools-master/tests/despf_help/out d spf-tools-master/tests/despf_qualifier extracting: spf-tools-master/tests/despf_qualifier/cmd extracting: spf-tools-master/tests/despf_qualifier/in extracting: spf-tools-master/tests/despf_qualifier/out d spf-tools-master/tests/despf_qualifier2 extracting: spf-tools-master/tests/despf_qualifier2/cmd extracting: spf-tools-master/tests/despf_qualifier2/in extracting: spf-tools-master/tests/despf_qualifier2/out d spf-tools-master/tests/despf_skip extracting: spf-tools-master/tests/despf_skip/cmd extracting: spf-tools-master/tests/despf_skip/in extracting: spf-tools-master/tests/despf_skip/out d spf-tools-master/tests/despf_skip_t extracting: spf-tools-master/tests/despf_skip_t/cmd extracting: spf-tools-master/tests/despf_skip_t/in extracting: spf-tools-master/tests/despf_skip_t/out d spf-tools-master/tests/despf_torn extracting: spf-tools-master/tests/despf_torn/cmd extracting: spf-tools-master/tests/despf_torn/in extracting: spf-tools-master/tests/despf_torn/out d spf-tools-master/tests/despf_upper_case extracting: spf-tools-master/tests/despf_upper_case/cmd extracting: spf-tools-master/tests/despf_upper_case/in extracting: spf-tools-master/tests/despf_upper_case/out d spf-tools-master/tests/fix_32 extracting: spf-tools-master/tests/fix_32/cmd extracting: spf-tools-master/tests/fix_32/in extracting: spf-tools-master/tests/fix_32/out d spf-tools-master/tests/mkblocks-help extracting: spf-tools-master/tests/mkblocks-help/cmd extracting: spf-tools-master/tests/mkblocks-help/in extracting: spf-tools-master/tests/mkblocks-help/out d spf-tools-master/tests/mkblocks-start extracting: spf-tools-master/tests/mkblocks-start/cmd extracting: spf-tools-master/tests/mkblocks-start/in extracting: spf-tools-master/tests/mkblocks-start/out d spf-tools-master/tests/mkblocks extracting: spf-tools-master/tests/mkblocks/cmd extracting: spf-tools-master/tests/mkblocks/in extracting: spf-tools-master/tests/mkblocks/out d spf-tools-master/tests/mx20 extracting: spf-tools-master/tests/mx20/cmd extracting: spf-tools-master/tests/mx20/in extracting: spf-tools-master/tests/mx20/out d spf-tools-master/tests/mx20_upper_case extracting: spf-tools-master/tests/mx20_upper_case/cmd extracting: spf-tools-master/tests/mx20_upper_case/in extracting: spf-tools-master/tests/mx20_upper_case/out d spf-tools-master/tests/norm_ignore extracting: spf-tools-master/tests/norm_ignore/cmd extracting: spf-tools-master/tests/norm_ignore/in extracting: spf-tools-master/tests/norm_ignore/out d spf-tools-master/tests/normalize extracting: spf-tools-master/tests/normalize/cmd extracting: spf-tools-master/tests/normalize/in extracting: spf-tools-master/tests/normalize/out d spf-tools-master/tests/normalize_empty extracting: spf-tools-master/tests/normalize_empty/cmd extracting: spf-tools-master/tests/normalize_empty/in extracting: spf-tools-master/tests/normalize_empty/out d spf-tools-master/tests/nospf extracting: spf-tools-master/tests/nospf/cmd extracting: spf-tools-master/tests/nospf/in extracting: spf-tools-master/tests/nospf/out d spf-tools-master/tests/redirect extracting: spf-tools-master/tests/redirect/cmd extracting: spf-tools-master/tests/redirect/in unzip: skipping non-regular entry 'spf-tools-master/tests/redirect/out' d spf-tools-master/tests/simplify extracting: spf-tools-master/tests/simplify/cmd extracting: spf-tools-master/tests/simplify/in extracting: spf-tools-master/tests/simplify/out extracting: spf-tools-master/tests/test-shell.sh extracting: spf-tools-master/tests/test-subdirs.sh extracting: spf-tools-master/tests/test-unit.sh extracting: spf-tools-master/xsel.sh mv: rename spf-tools-master to /usr/local/bin/spf-tools/spf-tools-master: Directory not empty
edit:
deleted /usr/local/bin/spf-tools/spf-tools-master
and retry the install and now it looks ok -
Yesterday, a fresh Pfsense 2.3.3 install. 64bits version, on a vm (esx) with 2Go ram. This Pfsense is not used as firewall, the purpose is testing Pfsense + Postfix package as mail gateway. Runing install from scrip as provide on github. No error except if i miss something.
Setting a few parameters in Postfix and i can start it.
Now the problems.
In SystemPackage ManagerInstalled Packages : There are no packages currently installed.The only way i find to acces Posrfix setup is via Status / Services and clicj icon Related settings.
Postfix don(t appear in menu Services. Is this normal ?In my actual Postfix gateway (5/6 clients with it) i use access lists for denied domain : one list for domain and another one with regular expresion. In main.cf I have :
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated check_client_access cidr:/etc/postfix/access_cidr check_client_access hash:/etc/postfix/access_client check_client_access regexp:/etc/postfix/access_client_regexp reject_rbl_client zen.spamhaus.org
I'm not sure to understand howto implement cidr:/etc/postfix/access_cidr and hash:/etc/postfix/access_client.
etc/postfix/access_cidr is something likeoffrecadeau.ovh REJECT spammeur
hash:/etc/postfix/access_client is like
243.200.171.0/24 REJECT Spammeur
This package is a great job. Thanks.
-
In SystemPackage ManagerInstalled Packages : There are no packages currently installed.
That's right. As an Unofficial package, It will not be there.
The only way i find to acces Posrfix setup is via Status / Services and clicj icon Related settings.
Postfix don(t appear in menu Services. Is this normal ?try to install cron package for example. Install process includes postfix on service menu but for some reason, on some boxes, you may need to install a package. I suggest system patches or cron.
This package is a great job. Thanks.
Thanks :)
-
Thanks Marcelloc,
installing the cron package solve the problem about smtp in menu Services. Postfix Forwarder is now visible.
-
I thing an access client list is missing for denying a domains list such as
diglobaltoday.com REJECT
When looking at configuration i have :
smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination, check_client_access pcre:/usr/local/etc/postfix/cal_pcre, check_client_access cidr:/usr/local/etc/postfix/cal_cidr, reject_unknown_client_hostname, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
I thing it will be nice to have one more line with :
check_client_access hash:/usr/local/etc/postfix/cal_hash,
I have 3900 domains rejected at command connect (smtpd_client_restrictions) in my ClearOS Gateway.
-
Just add a // between domains you have on pcre field.
/\.dsl\./ REJECT DSLs not allowed [HS001] /\.dynamic\./ REJECT DSLs not allowed[HS003] /mkt/ REJECT Spam is not marketing [HS007]
TABLE FORMAT
The general form of a PCRE table is:/pattern/flags result
When pattern matches the input string, use the corresponding
result value.!/pattern/flags result
When pattern does not match the input string, use the corre-
sponding result value. -
Ok I will try. But I'm not sure howto reject the domain who appear in the commande connect.
I add the Postfix widget, but it remain empty. Mails are correctly routed to internet but nothing in the widget.
-
I add the Postfix widget, but it remain empty. Mails are correctly routed to internet but nothing in the widget.
Two steps to get it on databases. See the general tab under logging.
-
Enable log destination to maillog
-
Inlcude /^Subject:/ INFO line in Acl Headers after all your Subject rules.
-
-
I think I found why widget display strange data;
Update Sqlite I had it set to every hour then I try to 10 min, no luck.
I set it to 1 min and since then my data looks ok.
-
Hi, I've pushed to pkg-postfix an auto cloudbased domains whitelist option.
This update prevents cloud based domains endless Service currently unavailable problems against Postscreen that we see on almost all postscreen base configuration worldwide.
This can be used together with RBL whitelist/negative rbl score and postwhite
When a network/CIDR is whitelisted by this function it does not bypass any other postfix, acl, mailscanner, clamav or spamassassin test. :)
-
@marcelloc - Excellent work! :)
Just in case you have problems to update to 2.3.4-RELEASE because of bugged pkg:
https://forum.pfsense.org/index.php?topic=130071.msg716776#msg716776
-
@marcelloc - Excellent work! :)
thanks Bismarck
Just in case you have problems to update to 2.3.4-RELEASE because of bugged pkg:
https://forum.pfsense.org/index.php?topic=130071.msg716776#msg716776
thanks for the info.
-
Marcello, how does Auto whitelist work, I just see a reference to auto_whitelisted_cidr but no function anywhere?
https://github.com/marcelloc/Unofficial-pfSense-packages/commit/a5d8b57f932b9ffa0f1b275842777723475f1647
-
The script was uploaded few commits before but I messed up with older files.
https://github.com/marcelloc/Unofficial-pfSense-packages/commit/a9770ddfaf827e025f79fc8d94f4c7e0cec086eb#diff-e50e08425a53cf0a262fae58e6f8de0c
It works together with every minute update database.
It checks for domains that received the 'back later' and if it reaches the count you defined on gui, it looks for all spf records for that domain and whitelist it on postscreen.The view configuration tab shows whitelisted domains and it's cidrs.
-
Okay now I got it. ;)
postfix_cloud_domains.php is missing in the install_postfix_23.sh, you maybe want to fix this? :P
-
Okay now I got it. ;)
postfix_cloud_domains.php is missing in the install_postfix_23.sh, you maybe want to fix this? :P
I will. :)
EDIT
done
https://github.com/marcelloc/Unofficial-pfSense-packages/commit/28e7676ee2b665de62cdccd28196975bc407288a
-
With Bismarck suggestion and help, I did a version of postfix package with DMARC.
I had to change the domain tab from rowhelper to domain list. It changes some internal logic on the package. So I ask you to test it and feedback to see if you get the same result as I did.
The install script is under postfix-DMARC branch, so to install this version, run
fetch https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/postfix-DMARC/pkg-postfix/files/install_postfix_23.sh sh install_postfix_23.sh
Warning, this will move and merge your domain config/dkim data on config.xml. So once upgraded to DMARC version, you will need to add all domain config again if you want to back to current stable version.
Once I do more tests and be sure nothing is broken, DMARC version will be the new stable version.