Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Postfix - antispam and relay package

    Scheduled Pinned Locked Moved pfSense Packages
    855 Posts 136 Posters 1.4m Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      nahid
      last edited by

      Marcello,

      I will try with 587 port. But could you please look over the logs I posted. Even I want to send emails between my network it rejected as "Helo command rejected: Host not found; from= anhuda@sesric.orgto= networkadmin@sesric.orgproto=ESMTP helo=<abunaser>"

      But my domain is sesric.org. Even I have passed my network by given 10.10.1.0/24 to my client access list. ıs there anything wrong with the config?

      Nahid</abunaser>/networkadmin@sesric.org/anhuda@sesric.org

      1 Reply Last reply Reply Quote 0
      • N Offline
        nahid
        last edited by

        Marcello,

        When I uncheck "Use SMTP Authentication" I get the following logs:

        May 21 19:23:28 pfsense postfix/postscreen[8009]: CONNECT from [127.0.0.1]:29580
        May 21 19:23:28 pfsense postfix/postscreen[8009]: PASS OLD [127.0.0.1]:29580
        May 21 19:23:28 pfsense postfix/smtpd[3010]: connect from localhost[127.0.0.1]
        May 21 19:23:28 pfsense postfix/smtpd[3010]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.7.1 <sesric.org?[10.10.1.254]>: Helo command rejected: Host not found; from= networkadmin@sesric.orgto= anhuda@sesric.orgproto=ESMTP helo= <sesric.org?[10.10.1.254]>May 21 19:23:28 pfsense postfix/smtpd[3010]: lost connection after RCPT from localhost[127.0.0.1]
        May 21 19:23:28 pfsense postfix/smtpd[3010]: disconnect from localhost[127.0.0.1]

        And I think it is something wrong with my config that is not going to accept my domain name. Because here also I just tried to send mail inside my domain.

        Best regards,
        Nahid</sesric.org?[10.10.1.254]>/anhuda@sesric.org/networkadmin@sesric.org</sesric.org?[10.10.1.254]>

        1 Reply Last reply Reply Quote 0
        • marcellocM Offline
          marcelloc
          last edited by

          @nahid:

          Helo command rejected: Host not found; from= networkadmin@sesric.orgto= anhuda@sesric.orgproto=ESMTP helo=<sesric.org?[10.10.1.254]>/anhuda@sesric.org/networkadmin@sesric.org

          This is your error.

          Change your client helo info to a valid dns name(internal or external).

          If you want, you can disable the helo check on antispam settings too.(I do not recomend, but in some cases this is the easier way to workaround misconfigured servers)

          att,
          Marcello Coutinho

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • N Offline
            nahid
            last edited by

            Marcello,

            As you recommend to use helo. In the doamin tab I wrote my domain name as "sesric.org" and the internal ip 10.10.1.5. My mail server is "mail2.sesric.org". So do I need to change my domain with mail server.  Or how can I convert helo to a valid dns name with Internal / External mail server name.

            Best regards,
            Nahid

            1 Reply Last reply Reply Quote 0
            • marcellocM Offline
              marcelloc
              last edited by

              @nahid:

              Marcello,

              As you recommend to use helo. In the doamin tab I wrote my domain name as "sesric.org" and the internal ip 10.10.1.5. My mail server is "mail2.sesric.org". So do I need to change my domain with mail server.  Or how can I convert helo to a valid dns name with Internal / External mail server name.

              No domain tab modification is required. Each smtp client has it's own config options. I have no idea how to fix the helo info on your client.

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • N Offline
                nahid
                last edited by

                Marcello,

                After inspecting Postfix configuration I added myhostname and smtpd_banner through which I solved the rDNS. Now I get the real mail server name when I connect through telnet over 25 port.

                Actually here I think there is something unusual with my webclient as always it tries to connect through 127.0.0.1. Every time I tried to connect through webclient I inspect the logs of postfix shows that it tries to connect from 127.0.0.1. If I make a port forward on 25 where the source address would be the localhost(127.0.0.1) and forward them to Internal mail server (10.10.1.5) will it work?

                What do you think? If I do so will cause any problem on postfix?

                Nahid

                1 Reply Last reply Reply Quote 0
                • N Offline
                  nahid
                  last edited by

                  From yesterday I am getting the following error and unable to get emails.

                  (mail for [10.10.1.5] loops back to myself) It bounced the emails.

                  Need help.

                  1 Reply Last reply Reply Quote 0
                  • R Offline
                    RobinGill
                    last edited by

                    Hi Marcello,

                    Many thanks for the information! I've managed to get LDAP working - problem turned out to be a space in a user name. Just thought I would also mention that once the import has worked, I can see all the entries in the GUI when looking at view config/relay_recipients.

                    Also after reinstalling yet again it seems to be working perfectly! Thanks again for the package :)

                    1 Reply Last reply Reply Quote 0
                    • marcellocM Offline
                      marcelloc
                      last edited by

                      RobinGill,

                      all working now? I was trying to reproduce your no valid recipients check you've posted today.
                      The reinstall did the trick?

                      att,
                      Marcello Coutinho

                      Treinamentos de Elite: http://sys-squad.com

                      Help a community developer! ;D

                      1 Reply Last reply Reply Quote 0
                      • F Offline
                        fogelholk
                        last edited by

                        Hi marcelloc,

                        I'm sorry if this really doesn't concern you, but I would love if you could either point me in some direction or something about this matter;
                        I'm using your postfix forwarder just for relaying messages because my net is blocked, works wonderfully, but…
                        I realized today that messages over just a couple of megabytes is a no-go sending through the forwarder, I upped the limit to ~100mb (102400000 bytes).
                        I just tried sending a message that is just over 10 megabytes in size and I get this message:

                        May 25 10:55:22 princesscelestia postfix/smtpd[3713]: NOQUEUE: reject: MAIL from twilightsparkle.fogelholk.se[192.168.11.11]: 452 4.3.1 Insufficient system storage; proto=SMTP helo= <derpy.fogelholk.se>May 25 10:55:22 princesscelestia postfix/smtpd[3713]: warning: not enough free space in mail queue: 47714304 bytes < 1.5*message size limit</derpy.fogelholk.se>

                        I use the 4gb nanoBSD-image build on a usb-stick, and on the dashboard it says I have only used 17% of the total disk space, is it possible to, I don't know, use another folder or something with more space for Postfix Forwarder?
                        I must admit I'm not very good with BSD-commands, but I get around somewhat and you should be able to get quite techy in your description if you decide to help me :)

                        Thanks for a great addon otherwise, has worked great so far!

                        Edit: Did some more testing and the error above apperently means that postfix can't allocate the 102400000 bytes that I set, if I for example decrease it to 20480000 bytes (~20mb) I can send messages larger than 10 megabytes.
                        Though I would like to increase the limit to about 100 megabytes or around there, is this possible with either moving the postfix folder or where it allocates the space in some way or another?

                        1 Reply Last reply Reply Quote 0
                        • marcellocM Offline
                          marcelloc
                          last edited by

                          The problem is that /var is ram drive and /usr is read only on nanobsd.

                          you can symlink postfix folder to /usr but you will need to leave /usr writable all the time.

                          Treinamentos de Elite: http://sys-squad.com

                          Help a community developer! ;D

                          1 Reply Last reply Reply Quote 0
                          • F Offline
                            fogelholk
                            last edited by

                            @marcelloc:

                            The problem is that /var is ram drive and /usr is read only on nanobsd.

                            you can symlink postfix folder to /usr but you will need to leave /usr writable all the time.

                            Alright, thanks for your answer.

                            Would it be possible to give it more ram or increase the size of /var or something? The tiny beast has 2GB of total ram, and currently about 11% in use.

                            1 Reply Last reply Reply Quote 0
                            • N Offline
                              nahid
                              last edited by

                              Marcello,

                              My SMTP Test report as follows:
                              EHLO please-read-policy.mxtoolbox.com
                              250-firewall.sesric.org
                              250-PIPELINING
                              250-SIZE 10240000
                              250-ETRN
                              250-ENHANCEDSTATUSCODES
                              250-8BITMIME
                              250 DSN [187 ms]
                              MAIL FROM: supertool@mxtoolbox.com250 2.1.0 Ok [203 ms]
                              RCPT TO: test@example.com554 5.7.1 test@example.com: Relay access denied [187 ms]
                              QUIT
                              221 2.0.0 Bye [203 ms]

                              I want to convert the local address (red marked) to mail2.sesric.org.
                              Is there any way to solve this.

                              Best regards,
                              Nahid/test@example.com/test@example.com/supertool@mxtoolbox.com

                              1 Reply Last reply Reply Quote 0
                              • marcellocM Offline
                                marcelloc
                                last edited by

                                Nahid,

                                I think you just need to add

                                myhostname=mail2.sesric.org
                                smtp_helo_name=mail2.sesric.org

                                to genereal -> custom main.cf options

                                att,
                                Marcello Coutinho

                                Treinamentos de Elite: http://sys-squad.com

                                Help a community developer! ;D

                                1 Reply Last reply Reply Quote 0
                                • N Offline
                                  nahid
                                  last edited by

                                  Mercello,

                                  In that case I got the following log that shows the messages were bounced and it doesn't deliver.

                                  May 26 12:10:19 nahid05@gmail.com anhuda@sesric.org 0.63 bounced (mail for [10.10.1.5] loops back to myself)
                                  May 26 12:09:23 nashanahid@yahoo.com anhuda@sesric.org 0.69 bounced (mail for [10.10.1.5] loops back to myself)

                                  Best regards,
                                  Nahid

                                  1 Reply Last reply Reply Quote 0
                                  • R Offline
                                    RobinGill
                                    last edited by

                                    @marcelloc:

                                    RobinGill,

                                    all working now? I was trying to reproduce your no valid recipients check you've posted today.
                                    The reinstall did the trick?

                                    att,
                                    Marcello Coutinho

                                    Hi Marcello,

                                    Yes it's all working now that I've reinstalled. Strange thing is I tried a few times until I got it working. If I can figure out how to reproduce the problem I had I will let you know.

                                    Also it's no major deal, but I'm wondering if on the next update it may be worth modifying the package to add quote marks to allow ldap authentication with a username with a space in it. I tried adding the quote marks in the gui but they are automatically removed.

                                    1 Reply Last reply Reply Quote 0
                                    • marcellocM Offline
                                      marcelloc
                                      last edited by

                                      @RobinGill:

                                      but I'm wondering if on the next update it may be worth modifying the package to add quote marks to allow ldap authentication with a username with a space in it. I tried adding the quote marks in the gui but they are automatically removed.

                                      I leave only letters and number to avoid code on the field.

                                      Treinamentos de Elite: http://sys-squad.com

                                      Help a community developer! ;D

                                      1 Reply Last reply Reply Quote 0
                                      • N Offline
                                        nahid
                                        last edited by

                                        "Mercello,

                                        In that case I got the following log that shows the messages were bounced and it doesn't deliver.

                                        May 26 12:10:19  nahid05@gmail.com  anhuda@sesric.org  0.63  bounced  (mail for [10.10.1.5] loops back to myself)
                                        May 26 12:09:23  nashanahid@yahoo.com  anhuda@sesric.org  0.69  bounced  (mail for [10.10.1.5] loops back to myself)

                                        Best regards,
                                        Nahid"

                                        Marcello,

                                        Is there any way to solve this?

                                        Nahid

                                        1 Reply Last reply Reply Quote 0
                                        • Z Offline
                                          zlyzwy
                                          last edited by

                                          Hi Marcelloc,

                                          I have one question, some mail server is continuing sending spam email to my server.
                                          It brings me a lot of useless log in Search Mail(NOQUEUE).

                                          May 28 15:41:58	xxx@xxx.com	aaa@aaa.cn	reject
                                          May 28 15:42:58	xxx@xxx.com	aaa@aaa.cn	reject
                                          May 28 15:43:58	xxx@xxx.com	aaa@aaa.cn	reject
                                          May 28 15:44:58	xxx@xxx.com	aaa@aaa.cn	reject
                                          May 28 15:45:58	xxx@xxx.com	aaa@aaa.cn	reject
                                          May 28 15:46:58	xxx@xxx.com	aaa@aaa.cn	reject
                                          May 28 15:47:58	xxx@xxx.com	aaa@aaa.cn	reject
                                          

                                          I add the rule in Access List –> Sender

                                          xxx@xxx.com RJECT
                                          bbb.com REJECT
                                          

                                          But I found I still can see these log in Search Mail.

                                          Can I just block these mail address somewhere? Or maybe there will have a filter for log?

                                          Thanks for your great work!
                                          Zlyzwy

                                          1 Reply Last reply Reply Quote 0
                                          • marcellocM Offline
                                            marcelloc
                                            last edited by

                                            The noqueue log means that the message was rejected before mail data.

                                            To do not receive this error, you will need to configure a firewall rule for these ips.

                                            att,
                                            Marcello Coutinho

                                            Treinamentos de Elite: http://sys-squad.com

                                            Help a community developer! ;D

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.