• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Postfix - antispam and relay package

pfSense Packages
136
855
1.0m
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    marcelloc
    last edited by Apr 20, 2017, 6:01 PM

    @danjeman:

    Noticed that the options for 'SPF lookup HELO' and 'SPF lookup Mail From' are missing 'Fail' option..

    Looks like option Null for 'HELO' has value Fail set as well as option Fail so 'Fail' never displays (also would mean selecting Null didn't do what you expect).

    For 'Mail From' option Null shouldn't be an option (according to the commented policyd-spf.conf) so removing this will correct the available options.

    thanks for the pull request on github  :)

    Treinamentos de Elite: http://sys-squad.com

    Help a community developer! ;D

    1 Reply Last reply Reply Quote 0
    • N
      n3by
      last edited by Apr 22, 2017, 6:56 PM

      Widget start to display strange data…

      ![2017-04-22 20.53.41.jpg](/public/imported_attachments/1/2017-04-22 20.53.41.jpg)
      ![2017-04-22 20.53.41.jpg_thumb](/public/imported_attachments/1/2017-04-22 20.53.41.jpg_thumb)
      ![2017-04-22 18.48.31.jpg](/public/imported_attachments/1/2017-04-22 18.48.31.jpg)
      ![2017-04-22 18.48.31.jpg_thumb](/public/imported_attachments/1/2017-04-22 18.48.31.jpg_thumb)

      1 Reply Last reply Reply Quote 0
      • M
        marcelloc
        last edited by Apr 22, 2017, 7:54 PM

        Are you waiting first refresh?

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • B
          Bismarck
          last edited by Apr 22, 2017, 8:05 PM

          Looks good so far here. :)

          marcelloc postfwd pkg is missing in the setup script? I've installed it manually and set postfwd.cf and the port to 10045 in the rc file, now its running.

          ![2017-04-22 19.41.54.png](/public/imported_attachments/1/2017-04-22 19.41.54.png)
          ![2017-04-22 19.41.54.png_thumb](/public/imported_attachments/1/2017-04-22 19.41.54.png_thumb)

          1 Reply Last reply Reply Quote 0
          • M
            marcelloc
            last edited by Apr 22, 2017, 10:36 PM

            @Bismarck:

            Looks good so far here. :)

            marcelloc postfwd pkg is missing in the setup script? I

            I'll check but I remember including it on install script. Maybe I forgot to push it to GitHub repo

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • M
              marcelloc
              last edited by Apr 24, 2017, 2:26 AM

              @marcelloc:

              I'll check but I remember including it on install script. Maybe I forgot to push it to GitHub repo

              Gui creates the file when there are rules on it. what's the behavior on your box?

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • B
                Bismarck
                last edited by Apr 24, 2017, 7:51 AM

                @marcelloc:

                @marcelloc:

                I'll check but I remember including it on install script. Maybe I forgot to push it to GitHub repo

                Gui creates the file when there are rules on it. what's the behavior on your box?

                I had to manually install postfix-postfwd-1.35_1 to make it run and listen on 127.0.0.1:10045, otherwise postfix will give warnings about it.

                Apr 21 16:40:16 zonk postfix/smtpd[4740]: warning: connect to 127.0.0.1:10045: Operation timed out
                Apr 21 16:40:16 zonk postfix/smtpd[4740]: warning: problem talking to server 127.0.0.1:10045: Operation timed out
                
                1 Reply Last reply Reply Quote 0
                • M
                  marcelloc
                  last edited by Apr 24, 2017, 2:13 PM

                  @Bismarck:

                  I had to manually install postfix-postfwd-1.35_1 to make it run and listen on 127.0.0.1:10045, otherwise postfix will give warnings about it.

                  Fixed the install script to include the pkg add, Thanks again  :)

                  I'll push it to repo soon

                  Treinamentos de Elite: http://sys-squad.com

                  Help a community developer! ;D

                  1 Reply Last reply Reply Quote 0
                  • N
                    n3by
                    last edited by Apr 25, 2017, 3:40 PM Apr 25, 2017, 3:19 PM

                    Hi,

                    Is this re-instalation completed successfully as I also see in /root ?

                    drwxr-xr-x   5 root  wheel        512 Apr 25 17:07 spf-tools-master
                    
                    /root: sh ./install_postfix_23.sh
                    Message from syslogd@fwpl at Apr 25 17:05:19 ...
                    fwpl php-fpm[61287]: /index.php: Successful loginsh ./install_postfix_23.sh                                                                 fetching  /usr/local/bin/adexport.pl from github
                    fetching  /usr/local/pkg/postfix.inc from github
                    fetching  /usr/local/pkg/postfix.xml from github
                    fetching  /usr/local/pkg/postfix_acl.xml from github
                    fetching  /usr/local/pkg/postfix_antispam.xml from github
                    fetching  /usr/local/pkg/postfix_domains.xml from github
                    fetching  /usr/local/pkg/postfix_recipients.xml from github
                    fetching  /usr/local/pkg/postfix_sync.xml from github
                    fetching  /usr/local/share/pfSense-pkg-postfix/info.xml from github
                    fetching  /usr/local/www/postfix.php from github
                    fetching  /usr/local/www/postfix_about.php from github
                    fetching  /usr/local/www/postfix_queue.php from github
                    fetching  /usr/local/www/postfix_recipients.php from github
                    fetching  /usr/local/www/postfix_search.php from github
                    fetching  /usr/local/www/postfix_view_config.php from github
                    fetching  /usr/local/www/shortcuts/pkg_postfix.inc from github
                    fetching  /usr/local/www/widgets/widgets/postfix.widget.php from github
                    fetching  /usr/local/pkg/postfix_dkim.inc from github
                    fetching  /usr/local/www/vendor/datatable/se-1.2.0.zip from github
                    fetching  /usr/local/www/vendor/datatable/css/jquery.dataTables.min.css from github
                    fetching  /usr/local/www/vendor/datatable/js/jquery.dataTables.min.js from github
                    fetching  /usr/local/www/postfix.sql.php from github
                    fetching  /usr/local/bin/postwhite from github
                    fetching  /usr/local/pkg/postfix_postwhite.template from github
                    Updating FreeBSD repository catalogue...
                    Fetching meta.txz: 100%    944 B   0.9kB/s    00:01    
                    Fetching packagesite.txz: 100%    6 MiB   3.0MB/s    00:02    
                    Processing entries: 100%
                    FreeBSD repository update completed. 26278 packages processed.
                    Updating pfSense-core repository catalogue...
                    pfSense-core repository is up to date.
                    Updating pfSense repository catalogue...
                    Fetching meta.txz: 100%    944 B   0.9kB/s    00:01    
                    Child process pid=77716 terminated abnormally: Segmentation fault
                    fetch: https://github.com/jsarenik/spf-tools/archive/master.zip: size of remote file is not known
                    master.zip                                              49 kB  195 kBps 00m01s
                    Archive:  master.zip
                    d spf-tools-master
                    replace spf-tools-master/.gitignore? [y]es, [n]o, [A]ll, [N]one, [r]ename: y
                     extracting: spf-tools-master/.gitignore  
                    replace spf-tools-master/.simplecov? [y]es, [n]o, [A]ll, [N]one, [r]ename: A
                     extracting: spf-tools-master/.simplecov  
                     extracting: spf-tools-master/.travis.yml  
                     extracting: spf-tools-master/AUTHORS  
                     extracting: spf-tools-master/LICENSE  
                     extracting: spf-tools-master/README.md  
                     extracting: spf-tools-master/circle.yml  
                     extracting: spf-tools-master/cloudflare.sh  
                     extracting: spf-tools-master/compare.sh  
                     extracting: spf-tools-master/despf.sh  
                     extracting: spf-tools-master/genspfzone.sh  
                    d spf-tools-master/include
                     extracting: spf-tools-master/include/despf.inc.sh  
                     extracting: spf-tools-master/include/global.inc.sh  
                     extracting: spf-tools-master/include/isincidrange.sh  
                     extracting: spf-tools-master/iprange.sh  
                    d spf-tools-master/misc
                     extracting: spf-tools-master/misc/ci-runtest.sh  
                     extracting: spf-tools-master/misc/ci-setup.sh  
                     extracting: spf-tools-master/misc/tmpl  
                     extracting: spf-tools-master/mkblocks.sh  
                     extracting: spf-tools-master/mkzoneent.sh  
                     extracting: spf-tools-master/normalize.sh  
                     extracting: spf-tools-master/route53.sh  
                     extracting: spf-tools-master/runspftools.sh  
                     extracting: spf-tools-master/shippable.yml  
                     extracting: spf-tools-master/simplify.sh  
                    d spf-tools-master/tests
                    d spf-tools-master/tests/a24
                     extracting: spf-tools-master/tests/a24/cmd  
                     extracting: spf-tools-master/tests/a24/in  
                     extracting: spf-tools-master/tests/a24/out  
                    d spf-tools-master/tests/brokendns
                     extracting: spf-tools-master/tests/brokendns/cmd  
                     extracting: spf-tools-master/tests/brokendns/in  
                     extracting: spf-tools-master/tests/brokendns/out  
                    d spf-tools-master/tests/cname
                     extracting: spf-tools-master/tests/cname/cmd  
                     extracting: spf-tools-master/tests/cname/in  
                     extracting: spf-tools-master/tests/cname/out  
                    d spf-tools-master/tests/despf
                     extracting: spf-tools-master/tests/despf/cmd  
                     extracting: spf-tools-master/tests/despf/in  
                     extracting: spf-tools-master/tests/despf/out  
                    d spf-tools-master/tests/despf_chain
                     extracting: spf-tools-master/tests/despf_chain/cmd  
                     extracting: spf-tools-master/tests/despf_chain/in  
                     extracting: spf-tools-master/tests/despf_chain/out  
                    d spf-tools-master/tests/despf_help
                     extracting: spf-tools-master/tests/despf_help/cmd  
                     extracting: spf-tools-master/tests/despf_help/in  
                     extracting: spf-tools-master/tests/despf_help/out  
                    d spf-tools-master/tests/despf_qualifier
                     extracting: spf-tools-master/tests/despf_qualifier/cmd  
                     extracting: spf-tools-master/tests/despf_qualifier/in  
                     extracting: spf-tools-master/tests/despf_qualifier/out  
                    d spf-tools-master/tests/despf_qualifier2
                     extracting: spf-tools-master/tests/despf_qualifier2/cmd  
                     extracting: spf-tools-master/tests/despf_qualifier2/in  
                     extracting: spf-tools-master/tests/despf_qualifier2/out  
                    d spf-tools-master/tests/despf_skip
                     extracting: spf-tools-master/tests/despf_skip/cmd  
                     extracting: spf-tools-master/tests/despf_skip/in  
                     extracting: spf-tools-master/tests/despf_skip/out  
                    d spf-tools-master/tests/despf_skip_t
                     extracting: spf-tools-master/tests/despf_skip_t/cmd  
                     extracting: spf-tools-master/tests/despf_skip_t/in  
                     extracting: spf-tools-master/tests/despf_skip_t/out  
                    d spf-tools-master/tests/despf_torn
                     extracting: spf-tools-master/tests/despf_torn/cmd  
                     extracting: spf-tools-master/tests/despf_torn/in  
                     extracting: spf-tools-master/tests/despf_torn/out  
                    d spf-tools-master/tests/despf_upper_case
                     extracting: spf-tools-master/tests/despf_upper_case/cmd  
                     extracting: spf-tools-master/tests/despf_upper_case/in  
                     extracting: spf-tools-master/tests/despf_upper_case/out  
                    d spf-tools-master/tests/fix_32
                     extracting: spf-tools-master/tests/fix_32/cmd  
                     extracting: spf-tools-master/tests/fix_32/in  
                     extracting: spf-tools-master/tests/fix_32/out  
                    d spf-tools-master/tests/mkblocks-help
                     extracting: spf-tools-master/tests/mkblocks-help/cmd  
                     extracting: spf-tools-master/tests/mkblocks-help/in  
                     extracting: spf-tools-master/tests/mkblocks-help/out  
                    d spf-tools-master/tests/mkblocks-start
                     extracting: spf-tools-master/tests/mkblocks-start/cmd  
                     extracting: spf-tools-master/tests/mkblocks-start/in  
                     extracting: spf-tools-master/tests/mkblocks-start/out  
                    d spf-tools-master/tests/mkblocks
                     extracting: spf-tools-master/tests/mkblocks/cmd  
                     extracting: spf-tools-master/tests/mkblocks/in  
                     extracting: spf-tools-master/tests/mkblocks/out  
                    d spf-tools-master/tests/mx20
                     extracting: spf-tools-master/tests/mx20/cmd  
                     extracting: spf-tools-master/tests/mx20/in  
                     extracting: spf-tools-master/tests/mx20/out  
                    d spf-tools-master/tests/mx20_upper_case
                     extracting: spf-tools-master/tests/mx20_upper_case/cmd  
                     extracting: spf-tools-master/tests/mx20_upper_case/in  
                     extracting: spf-tools-master/tests/mx20_upper_case/out  
                    d spf-tools-master/tests/norm_ignore
                     extracting: spf-tools-master/tests/norm_ignore/cmd  
                     extracting: spf-tools-master/tests/norm_ignore/in  
                     extracting: spf-tools-master/tests/norm_ignore/out  
                    d spf-tools-master/tests/normalize
                     extracting: spf-tools-master/tests/normalize/cmd  
                     extracting: spf-tools-master/tests/normalize/in  
                     extracting: spf-tools-master/tests/normalize/out  
                    d spf-tools-master/tests/normalize_empty
                     extracting: spf-tools-master/tests/normalize_empty/cmd  
                     extracting: spf-tools-master/tests/normalize_empty/in  
                     extracting: spf-tools-master/tests/normalize_empty/out  
                    d spf-tools-master/tests/nospf
                     extracting: spf-tools-master/tests/nospf/cmd  
                     extracting: spf-tools-master/tests/nospf/in  
                     extracting: spf-tools-master/tests/nospf/out  
                    d spf-tools-master/tests/redirect
                     extracting: spf-tools-master/tests/redirect/cmd  
                     extracting: spf-tools-master/tests/redirect/in  
                    unzip: skipping non-regular entry 'spf-tools-master/tests/redirect/out'
                    d spf-tools-master/tests/simplify
                     extracting: spf-tools-master/tests/simplify/cmd  
                     extracting: spf-tools-master/tests/simplify/in  
                     extracting: spf-tools-master/tests/simplify/out  
                     extracting: spf-tools-master/tests/test-shell.sh  
                     extracting: spf-tools-master/tests/test-subdirs.sh  
                     extracting: spf-tools-master/tests/test-unit.sh  
                     extracting: spf-tools-master/xsel.sh  
                    mv: rename spf-tools-master to /usr/local/bin/spf-tools/spf-tools-master: Directory not empty
                    
                    

                    edit:
                    deleted /usr/local/bin/spf-tools/spf-tools-master
                    and retry the install and now it looks ok

                    1 Reply Last reply Reply Quote 0
                    • C
                      ccnet
                      last edited by Apr 26, 2017, 9:13 AM

                      Yesterday, a fresh Pfsense 2.3.3 install. 64bits version, on a vm (esx) with 2Go ram. This Pfsense is not used as firewall, the purpose is testing Pfsense + Postfix package as mail gateway. Runing install from scrip as provide on github. No error except if i miss something.
                      Setting a few parameters in Postfix and i can start it.
                      Now the problems.
                      In    SystemPackage ManagerInstalled Packages :  There are no packages currently installed.

                      The only way i find to acces Posrfix setup is via Status / Services and clicj icon Related settings.
                      Postfix don(t appear in menu Services. Is this normal ?

                      In my actual Postfix gateway (5/6 clients with it) i use access lists for denied domain : one list for domain and another one with regular expresion. In main.cf I have :

                      smtpd_client_restrictions = permit_mynetworks
                                                  permit_sasl_authenticated                   
                      		            check_client_access cidr:/etc/postfix/access_cidr
                                                  check_client_access hash:/etc/postfix/access_client
                      		            check_client_access regexp:/etc/postfix/access_client_regexp
                      			    reject_rbl_client zen.spamhaus.org
                      

                      I'm not sure to understand howto implement cidr:/etc/postfix/access_cidr and hash:/etc/postfix/access_client.
                      etc/postfix/access_cidr is something like

                      offrecadeau.ovh         REJECT spammeur
                      

                      hash:/etc/postfix/access_client is like

                      243.200.171.0/24		REJECT Spammeur
                      

                      This package is a great job. Thanks.

                      1 Reply Last reply Reply Quote 0
                      • M
                        marcelloc
                        last edited by Apr 26, 2017, 10:04 AM

                        @ccnet:

                        In    SystemPackage ManagerInstalled Packages :  There are no packages currently installed.

                        That's right. As an Unofficial package, It will not be there.

                        @ccnet:

                        The only way i find to acces Posrfix setup is via Status / Services and clicj icon Related settings.
                        Postfix don(t appear in menu Services. Is this normal ?

                        try to install cron package for example. Install process includes postfix on service menu but for some reason, on some boxes, you may need to install a package. I suggest system patches or cron.

                        @ccnet:

                        This package is a great job. Thanks.

                        Thanks  :)

                        Treinamentos de Elite: http://sys-squad.com

                        Help a community developer! ;D

                        1 Reply Last reply Reply Quote 0
                        • C
                          ccnet
                          last edited by Apr 26, 2017, 11:34 AM

                          Thanks Marcelloc,

                          installing the cron package solve the problem about smtp in menu Services. Postfix Forwarder is now visible.

                          1 Reply Last reply Reply Quote 0
                          • C
                            ccnet
                            last edited by Apr 26, 2017, 1:51 PM Apr 26, 2017, 1:24 PM

                            I thing an access client list is missing for denying a domains list such as

                            diglobaltoday.com REJECT

                            When looking at configuration i have :

                            smtpd_client_restrictions = permit_mynetworks,
                            				reject_unauth_destination,
                            				check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
                            				check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
                            				reject_unknown_client_hostname,
                            				reject_unauth_pipelining,
                            				reject_multi_recipient_bounce,
                            				permit
                            

                            I thing it will be nice to have one more line with :

                            check_client_access hash:/usr/local/etc/postfix/cal_hash,
                            

                            I have 3900 domains rejected at command connect (smtpd_client_restrictions) in my ClearOS Gateway.

                            1 Reply Last reply Reply Quote 0
                            • M
                              marcelloc
                              last edited by Apr 26, 2017, 2:24 PM

                              Just add a // between domains you have on pcre field.

                              
                              /\.dsl\./ REJECT DSLs not allowed [HS001]
                              /\.dynamic\./ REJECT DSLs not allowed[HS003]
                              /mkt/ REJECT Spam is not marketing [HS007]
                              
                              

                              TABLE FORMAT
                                    The general form of a PCRE table is:

                              /pattern/flags result
                                            When pattern matches the input  string,  use  the  corresponding
                                            result value.

                              !/pattern/flags result
                                            When  pattern  does  not  match the input string, use the corre-
                                            sponding result value.

                              Treinamentos de Elite: http://sys-squad.com

                              Help a community developer! ;D

                              1 Reply Last reply Reply Quote 0
                              • C
                                ccnet
                                last edited by Apr 26, 2017, 5:22 PM

                                Ok I will try. But I'm not sure howto reject the domain who appear in the commande connect.

                                I add the Postfix  widget, but it remain empty. Mails are correctly routed to internet but nothing in the widget.

                                1 Reply Last reply Reply Quote 0
                                • M
                                  marcelloc
                                  last edited by Apr 26, 2017, 5:38 PM

                                  @ccnet:

                                  I add the Postfix  widget, but it remain empty. Mails are correctly routed to internet but nothing in the widget.

                                  Two steps to get it on databases. See the general tab under logging.

                                  • Enable log destination to maillog

                                  • Inlcude /^Subject:/ INFO line in Acl Headers after all your Subject rules.

                                  postfix_logging.PNG
                                  postfix_logging.PNG_thumb

                                  Treinamentos de Elite: http://sys-squad.com

                                  Help a community developer! ;D

                                  1 Reply Last reply Reply Quote 0
                                  • N
                                    n3by
                                    last edited by Apr 29, 2017, 7:17 PM

                                    I think I found why widget display strange data;
                                    Update Sqlite I had it set to every hour then I try to 10 min, no luck.
                                    I set it to 1 min and since then my data looks ok.

                                    Screenshot_2017-04-29_21-13-55.png
                                    Screenshot_2017-04-29_21-13-55.png_thumb

                                    1 Reply Last reply Reply Quote 0
                                    • M
                                      marcelloc
                                      last edited by May 4, 2017, 10:03 AM May 3, 2017, 7:51 PM

                                      Hi, I've pushed to pkg-postfix an auto cloudbased domains whitelist option.

                                      This update prevents cloud based domains endless Service currently unavailable problems against Postscreen that we see on almost all postscreen base configuration worldwide.

                                      This can be used together with RBL whitelist/negative rbl score and postwhite

                                      When a network/CIDR is whitelisted by this function it does not bypass any other postfix, acl, mailscanner, clamav or spamassassin test.  :)

                                      auto_whitelist.PNG
                                      auto_whitelist.PNG_thumb
                                      view_config.PNG
                                      view_config.PNG_thumb

                                      Treinamentos de Elite: http://sys-squad.com

                                      Help a community developer! ;D

                                      1 Reply Last reply Reply Quote 0
                                      • B
                                        Bismarck
                                        last edited by May 8, 2017, 12:41 PM

                                        @marcelloc - Excellent work!  :)

                                        Just in case you have problems to update to 2.3.4-RELEASE because of bugged pkg:

                                        https://forum.pfsense.org/index.php?topic=130071.msg716776#msg716776

                                        1 Reply Last reply Reply Quote 0
                                        • M
                                          marcelloc
                                          last edited by May 8, 2017, 1:41 PM

                                          @Bismarck:

                                          @marcelloc - Excellent work!  :)

                                          thanks Bismarck

                                          @Bismarck:

                                          Just in case you have problems to update to 2.3.4-RELEASE because of bugged pkg:

                                          https://forum.pfsense.org/index.php?topic=130071.msg716776#msg716776

                                          thanks for the info.

                                          Treinamentos de Elite: http://sys-squad.com

                                          Help a community developer! ;D

                                          1 Reply Last reply Reply Quote 0
                                          805 out of 855
                                          • First post
                                            805/855
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.