Postfix - antispam and relay package
-
The only workaround I found for this is
-
install package from pfsense gui
-
go to console, remove pbi packages(not the gui)
-
Install postfix package via pkg ng
The main postfix binary works fine but all other sub process it starts die with missing libs.
I don't know if writing a guide to use pkg ng will help or add a lot of extra problems.
The main problem with this(and many others) package is that pbi messes up bin and lib location. I have the gui fixed for sqlite2 /sqlite3 but for now, just removing pbi and installing postfix pkg will keep postfix working on 2.2
If I push the gui fix for 2.2 on github, it will broke package gui on 2.1first of all, great work =)
so… 2.1 is old/out of production already, right?
-
-
so… 2.1 is old/out of production already, right?
pfsense 2.1, yes but the package is working on both(2.1 normal install and on 2.2 with the fix above).
-
pfsense 2.1, yes but the package is working on both(2.1 normal install and on 2.2 with the fix above).
Marcelloc, why not to make on the contrary - on pfsense 2.2 normal install, and on pfsense 2.1 with the fix?
It will move more people to update to version 2.2 -
Marcelloc, why not to make on the contrary - on pfsense 2.2 normal install, and on pfsense 2.1 with the fix?
It will move more people to update to version 2.2 -
To get postfix working on pfSense 2.2, follow these steps:
Remember, do it at your own risk ;)
fetch -o /usr/local/www/postfix.php http://e-sac.siteseguro.ws/px22/postfix.txt fetch -o /usr/local/www/widgets/widgets/postfix.widget.php http://e-sac.siteseguro.ws/px22/postfix.widget.txt pbi_delete postfix-2.11.3_2-amd64 rm -f /usr/pbi/bin/libexec/postfix rm -f /usr/local/etc/postfix rm -f /var/spool/postfix rm -f /var/mail/postfix rm -f /var/db/postfix pkg install postfix
I tried the above in 2.2.4 but I had no luck. Can anybody confirm this is working in the latest version of pfSense?
-
Yes, it's working for sure.
Do not forget to install the package via gui before the steps above…
-
Hello,I follow step to remove old postfix.
fetch -o /usr/local/www/postfix.php http://e-sac.siteseguro.ws/px22/postfix.txt
fetch -o /usr/local/www/widgets/widgets/postfix.widget.php http://e-sac.siteseguro.ws/px22/postfix.widget.txt
pbi_delete postfix-2.11.3_2-amd64
rm -f /usr/pbi/bin/libexec/postfix
rm -f /usr/local/etc/postfix
rm -f /var/spool/postfix
rm -f /var/mail/postfix
rm -f /var/db/postfix
pkg install postfixAnd reinstall postfix and postfix forwarder.
The same settings but it's will show relay access denied when mail incoming.
How to fix it? -
Sorry,
I have fix it.It's installed postfix forward and download two file and replace it.It's all ok. -
Tried the steps.
installed package by gui.
removed folders and pbi as posted by marcelloc.
installed package from console pkg.Saved every config page to avoid errors.
starting service fails :Aug 19 11:10:35 php-fpm[24346]: /pkg_edit.php: The command '/usr/pbi/postfix-amd64/sbin/postmap /usr/pbi/postfix-amd64/etc/postfix/sender_access' returned exit code '127', the output was '/usr/pbi/postfix-amd64/sbin/postmap: not found'
Aug 19 11:10:35 php-fpm[24346]: /pkg_edit.php: The command '/usr/pbi/postfix-amd64/sbin/postmap /usr/pbi/postfix-amd64/etc/postfix/transport' returned exit code '127', the output was '/usr/pbi/postfix-amd64/sbin/postmap: not found'What am I missing? Tried this on 2 systems, it looks like I really am missing a step here.
-
Reposting update guide for pfsense 2.2.x only:
Install package via gui
execute code below via console/sshfetch -o /usr/local/www/postfix.php http://e-sac.siteseguro.ws/px22/postfix.txt fetch -o /usr/local/www/widgets/widgets/postfix.widget.php http://e-sac.siteseguro.ws/px22/postfix.widget.txt pbi_delete postfix-2.11.3_2-amd64 rm -rf /usr/pbi/bin/libexec/postfix rm -rf /usr/local/etc/postfix rm -rf /var/spool/postfix rm -rf /var/mail/postfix rm -rf /var/db/postfix pkg install postfix libspf2
fix postfix.inc file with this patch via system patcher package
add this patch via package system patcher
**description:**postfix_inc
patch:--- postfix.orig.inc 2015-08-18 08:15:00.000000000 +0000 +++ postfix.inc 2015-08-18 08:18:10.000000000 +0000 @@ -36,11 +36,11 @@ require_once("globals.inc"); $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); -if ($pfs_version == "2.1" || $pfs_version == "2.2") { - define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")); -} else { +//if ($pfs_version == "2.1" || $pfs_version == "2.2") { +// define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")); +//} else { define('POSTFIX_LOCALBASE','/usr/local'); -} +//} $uname=posix_uname(); if ($uname['machine']=='amd64')
directory:/usr/local/pkg/
-
Marcel,
Since the changes required to be compatible with 2.2 for non-trivial packages break compatibility with previous releases, kindly consider creating a new entry in the list of available packages for the postifx 2.2 + versions, then add a note to the 2.1- package to switch to the new one when upgrading.
Of course, as always, easier to ask than to do. Thanks for your efforts!
-
it will on Pfsense 2.3 when pbi will not be used to package binaries.
-
For purpose of testing, i have installed the package on a dédicated Pfsense (this mean : not my firewall). This package seems to be a geat job.
Today my "production" smtp relays are manuelly maintened. I decided to test this package.
First surprise is main.cf generated par the GUI.# Allow connections from specified local clients and strong check everybody else. smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination, check_client_access pcre:/usr/pbi/postfix-amd64/etc/postfix/cal_pcre, check_client_access cidr:/usr/pbi/postfix-amd64/etc/postfix/cal_cidr, reject_unknown_client_hostname, reject_unauth_pipelining, reject_multi_recipient_bounce, permit smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, check_client_access pcre:/usr/pbi/postfix-amd64/etc/postfix/cal_pcre, check_client_access cidr:/usr/pbi/postfix-amd64/etc/postfix/cal_cidr, check_sender_access hash:/usr/pbi/postfix-amd64/etc/postfix/sender_access, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_multi_recipient_bounce, reject_unverified_recipient, reject_spf_invalid_sender, permit
Two times "smtpd_recipient_restrictions".
I also notice in the GUI, there is no way for a flat list for clients restriction.
And sender access list is use with smtpd_sender_restrictions.At this time (others smtp Postfix relay), i manage 3 differents flat lists for :
smtpd_client_restrictions
smtpd_hello_restrictions
smtpd_sender_restrictionsThere is also specifics lists for cidr and PCRE.
Pfsense 2.1.5 and last version of package. Something wrong with my setup.
So i'm a little bit confused the way main.cf is generated from the GUI. Even if I know Postfix can use each list in many restrictions.
-
Two times "smtpd_recipient_restrictions".
Are you sure, the post shows smtpd__clientrestrictions and smtpdrecipient__restrictions
Pfsense 2.1.5 and last version of package. Something wrong with my setup.
Better using on 2.2 with manual fixes above.
So i'm a little bit confused the way main.cf is generated from the GUI. Even if I know Postfix can use each list in many restrictions.
Can you explain it better? You mean you know a better config setup to implement on this package?
-
Having an issue.
Since I cannot seem to install the LDAP plugin in any way or form (or even find it somewhere..) I can not get a link to Exchange to import a list of valid e-mail accounts.
Is there a way to edit Postfix (used in combination with mailscanner) to allow all e-mail accounts from a domain?This is not used as an internal relay, just external anti-spam checking.
yes, I know this lowers the security quit a bit. But having everything blocked now with the same recipient error is the other side of the coin.
I really would just like to the the LDAP connection working. But installing the pkg like by the manual gives an error it cannot be found. And I cannot seem to source it anywhere else.
Did anyone manage to install it somehow?2.1.5 x64 setup.
-
Having an issue.
Since I cannot seem to install the LDAP plugin in any way or form
Did you tried```
pkg add p5-perl-ldap -
pkg_add pR5-perl-ldap pkg_add: can't stat package file "pR5-perl-ldap"
that or cannot find package.
Tried your private hosted version from 2012. gives more errors then someone dyslexic quoting Nietzsche.
-
Yeah, perhaps you could fix your copy/paste skills. Noone told you to install nonsense like pR5-perl-ldap.
-
Reposting update guide for pfsense 2.2.x only:
Install package via gui
execute code below via console/sshfetch -o /usr/local/www/postfix.php http://e-sac.siteseguro.ws/px22/postfix.txt fetch -o /usr/local/www/widgets/widgets/postfix.widget.php http://e-sac.siteseguro.ws/px22/postfix.widget.txt pbi_delete postfix-2.11.3_2-amd64 rm -f /usr/pbi/bin/libexec/postfix rm -f /usr/local/etc/postfix rm -f /var/spool/postfix rm -f /var/mail/postfix rm -f /var/db/postfix pkg install postfix
fix postfix.inc file with this patch via system patcher package
add this patch via package system patcher
**description:**postfix_inc
patch:--- postfix.orig.inc 2015-08-18 08:15:00.000000000 +0000 +++ postfix.inc 2015-08-18 08:18:10.000000000 +0000 @@ -36,11 +36,11 @@ require_once("globals.inc"); $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); -if ($pfs_version == "2.1" || $pfs_version == "2.2") { - define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")); -} else { +//if ($pfs_version == "2.1" || $pfs_version == "2.2") { +// define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")); +//} else { define('POSTFIX_LOCALBASE','/usr/local'); -} +//} $uname=posix_uname(); if ($uname['machine']=='amd64')
directory:/usr/local/pkg/
Hi,
thank you for the manual fix. I have tried several times , believing i screwed up somewhere, but still no white smoke . The error messages stay the same.
Does anyone have more suggestions in this ? The setup is a carp unit, with a 2.1.4 install upgraded to 2.1.5 and now jumped to 2.2.4 .Thank you in advance..
-
Hi.
In case someone needs to specify a port in domain forwarding, here is a patch for /usr/local/pkg/postfix.inc:
--- postfix.inc.org 2015-10-29 13:59:12.000000000 +0300 +++ postfix.inc 2015-10-29 14:19:36.000000000 +0300 @@ -263,10 +263,17 @@ if (is_array($postfix_domains['row'])) { foreach ($postfix_domains['row'] as $postfix_row) { $relay_domains .= ' ' . $postfix_row['domain']; - if (!empty($postfix_row['mailserverip'])) - $transport .= $postfix_row['domain'] . " smtp:[" . $postfix_row['mailserverip'] . "]\n"; + if (!empty($postfix_row['mailserverip'])) { + if (strrpos($postfix_row['mailserverip'], ":") === false) { + $transport .= $postfix_row['domain'] . " smtp:[" . $postfix_row['mailserverip'] . "]\n"; + } + else { + list($t_ip, $t_port) = explode(":", $postfix_row['mailserverip']); + $transport .= $postfix_row['domain'] . " smtp:[" . $t_ip . "]:" . "$t_port\n"; } } + } + } #check cron check_cron(); #check logging @@ -787,8 +794,15 @@ } else if (substr($key, 0, 12) == "mailserverip" && is_numeric(substr($key, 12))) { if (empty($post['domain' . substr($key, 12)])) $input_errors[] = "Domain for {$value} cannot be blank."; - if (!is_ipaddr($value) && !is_hostname($value)) - $input_errors[] = "{$value} is not a valid IP address or host name."; + if (strrpos($value, ":") === false) { + if (!is_ipaddr($value) && !is_hostname($value)) + $input_errors[] = "{$value} is not a valid IP address or host name."; + } + else { + list($t_ip, $t_port) = explode(":", $value); + if (!is_ipaddr($t_ip) && !is_hostname($t_ip)) + $input_errors[] = "{$value} is not a valid IP address or host name."; + } } } }