Postfix - antispam and relay package
-
@The:
Unfortunately it's currently broken. …/... I'd suggest installing postfix on another server and port-forwarding as needed.
+1
That's pretty clear and obvious.
What is somewhat frustrating is that such comment and conclusion should come from pfSense.
It would be much easier to have pfSense interface not allowing any additional package as package support and reliability is at least questionable rather than having pfSense allowing to install it easily in a way that could make some people thinking that packages are fully part of pfSense :-\ -
I installed postfix and mailscanner and then uninstalled them. Does this cause any problems in the future?
-
I agree that package support is not always the greatest, but you also have to understand that Developers of these packages do it on their own free time and usually without any monetary gain. There are just a handful of Developers that I see maintaining packages at this time.
Its the fact in "Open Source" where a handful code and the balance profit from their work.
Suggestions -
- Support pfSense with a Gold Subscription
- Post bug reports that have enough detail for a Dev to be able to reproduce.
- Take the time to help Test Packages as no Dev can see all possible conditions by himself. Each network is different. So participation is really key.
- Support the Devs in other ways to keep them interested to maintain and upgrade their package(s) at each version change of pfSense.
Also realize that the Devs are planning on changing PHP to Python in v3.0. What does this mean? Well, a lot of work for the Developers to re-code all of their work and/or the work of the previous maintainer.
And I don't mean to say this in any Negative way.. we all love to use pfSense and for myself, I try to contribute in as many ways as I can, as that commitment is returned back to me in other ways. Lets keep pfSense Strong!
My 2 Cents!
-
As I noted elsewhere, the PBI disaster does not help either; no surprise people are not exactly keen to maintain the packages.
-
Could someone give a link or otherwise explain "the PBI disaster" as it relates to pfsense (mentioned upstream)?
The glowing PR of PBI explains that it's 'fully automatic' – except for the custom pre-remove and post-install scripts that are, as it explains, 'sometimes necessary'. So, 'mostly fully automatic' would have been better.
-
The thing is utterly broken. It produces whacky hardlinks to non-existent libraries because it seems to pick up dead symlinks instead (tons of packages after 2.2 was released), it is unable to find the libraries it itself ships with the package (recently sudo with 2.2.1 upgrade), and in general is just a nightmare for packaging. BSD does not exactly excel in the package managers department, but I have never seen such broken packaging format like PBI. Self-contain my ass. In general "works" like the DLL hell on Windows.
-
The only workaround I found for this is
-
install package from pfsense gui
-
go to console, remove pbi packages(not the gui)
-
Install postfix package via pkg ng
The main postfix binary works fine but all other sub process it starts die with missing libs.
I don't know if writing a guide to use pkg ng will help or add a lot of extra problems.
-
-
I agree that package support is not always the greatest, but you also have to understand that Developers of these packages do it on their own free time and usually without any monetary gain. There are just a handful of Developers that I see maintaining packages at this time.
This is crystal clear and I fully share your comment.
I'm not blaming anyone and especially not those trying to develop packages and making it available to the community :-[
However it has tons of negative side effect with potential users not understanding that "package" is not "pfSense", especially, and this is my main point, because communication from pfSense or from NetGate or even from gurus here doesn't state this clearly enough, from my own standpoint ;) -
# cd /usr/local/lib # ln -s /usr/pbi/postfix-amd64/local/lib/libspf2.so.2Also:
ln -s /usr/pbi/postfix-amd64/local/lib/libsasl2.so.3 ln -s /usr/pbi/postfix-amd64/local/lib/libpcre.so.3 -
I have been going a little nuts trying to get a simple mail relay (smart host) up and running for my local subnet, which is just about the easiest thing to do in Postfix. I was getting stuck on error messages such as "no mechanism available" and "No worthy mechs found" trying to authenticate against my ISP's relay.
In addition to linking libspf2, libpcre, and libsasl2 from /usr/pbi/postfix-amd64/local/lib, you also need to link the mechanism libraries found in /usr/pbi/postfix-amd64/local/lib/sasl2. If I knew more about FreeBSD, I would suggest updating ld.so.conf with these paths or setting a LD_LIBRARY_PATH in the environment instead of creating symlinks all over the filesystem. Alternatively, you can just install the required libraries directly from FreeBSD, which is what I did, with the following command:
pkg install libspf2 pcre cyrus-saslRestart Postfix Forwarder in the webConfigurator and you should be good to go. I've been using System > Advanced > Notifications > Test SMTP to test it. Make sure to set your email server to localhost, port to 25, From (e.g. admin@yourhost.example.com), Notification (e.g. your personal email address), and leave everything else blank/default.
Here's my "custom main.cf options" (for the time being, I'm going to try to lock it down and enable TLS now that I've got it working):
relayhost = [smtp.comcast.net]:587 smtp_sasl_auth_enable = yes smtp_sasl_security_options = smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwdUPDATE: TLS was pretty easy to turn on (following the pfSense documentation) after solving the above issues. Here's my final config:
relayhost = [smtp.comcast.net]:587 smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous, noplaintext smtp_sasl_tls_security_options = noanonymous smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd smtp_tls_security_level = secure smtp_tls_CAfile = /etc/ssl/cert.pem smtp_tls_loglevel = 1Apr 11 20:15:06 cerberus postfix/smtp[13917]: Verified TLS connection established to smtp.comcast.net[68.87.20.6]:587: TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits)See the screenshots for the rest of my "smart host" configuration. The most important part is to set it to "Listen on" loopback and your LAN interface(s), and to set MyNetworks in Access Lists to the loopback subnet and your local subnet(s). I also dumbed down the antispam settings but I'm not sure if is necessary; SMTP clients in MyNetworks might not be subject to antispam rules.
UPDATE 2: The update from 2.2.1 to 2.2.2 blew away my sasl_passwd file (I uninstalled all my packages before the update and reinstalled everything afterwards), but that was easy enough to regenerate. I moved it to /etc/postfix to prevent it from happening in the future. Everything else seems to still work fine (except for the known sqlite2/3 issue).
 -
Hello. Am I understanding correctly, this package is not working?
-
MadCatZA,
from my experience with the package, it works only on pfSense Version 2.1.5 or older. As far as I remember, the author has written in this forum about it.
Regards
yarick123 -
MadCatZA,
from my experience with the package, it works only on pfSense Version 2.1.5 or older. As far as I remember, the author has written in this forum about it.
Regards
yarick123Appreciated, I have setup a 2.1.5 box and indeed it is working as compared to 2.2.2 which is not without manual modifications. What a shame :(
-
any change to update to postfix 2.11 without waiting for pfsense 2.3?
I want to implement dnssec and dane…//edit: mah... openssl 0.9.8 is a bummer, too.
-
Any news on a fix for this?
-
The author of this package said, maybe it will fixed in pfSense version 2.3 with pkgng.
https://redmine.pfsense.org/projects/pfsense/roadmap#2.3
So don't hold you breath, it can take some time…
-
it's pretty easy to get it running with the current version without the sqlite/db thing… just search through the forum.
-
Uhhh, if this package is broken, why is it still listed in pfSense 2.2?
My pfSense shows this:
Postfix Forwarder Release 2.4.2
platform: 2.2 2.2.999Or is this some automatic thing, with the 2.2.999 meaning it has not been officially tested?
-
The only workaround I found for this is
-
install package from pfsense gui
-
go to console, remove pbi packages(not the gui)
-
Install postfix package via pkg ng
The main postfix binary works fine but all other sub process it starts die with missing libs.
I don't know if writing a guide to use pkg ng will help or add a lot of extra problems.
The main problem with this(and many others) package is that pbi messes up bin and lib location. I have the gui fixed for sqlite2 /sqlite3 but for now, just removing pbi and installing postfix pkg will keep postfix working on 2.2
If I push the gui fix for 2.2 on github, it will broke package gui on 2.1 -
-
To get postfix working on pfSense 2.2, follow these steps:
Remember, do it at your own risk ;)
fetch -o /usr/local/www/postfix.php http://e-sac.siteseguro.ws/px22/postfix.txt fetch -o /usr/local/www/widgets/widgets/postfix.widget.php http://e-sac.siteseguro.ws/px22/postfix.widget.txt pbi_delete postfix-2.11.3_2-amd64 rm -rf /usr/pbi/bin/libexec/postfix rm -rf /usr/local/etc/postfix rm -rf /var/spool/postfix rm -rf /var/mail/postfix rm -rf /var/db/postfix pkg install postfix libspf2fix postfix.inc file with this patch via system patcher package
add this patch via package system patcher
**description:**postfix_inc
patch:--- postfix.orig.inc 2015-08-18 08:15:00.000000000 +0000 +++ postfix.inc 2015-08-18 08:18:10.000000000 +0000 @@ -36,11 +36,11 @@ require_once("globals.inc"); $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); -if ($pfs_version == "2.1" || $pfs_version == "2.2") { - define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")); -} else { +//if ($pfs_version == "2.1" || $pfs_version == "2.2") { +// define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")); +//} else { define('POSTFIX_LOCALBASE','/usr/local'); -} +//} $uname=posix_uname(); if ($uname['machine']=='amd64')directory:/usr/local/pkg/
