• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Postfix - antispam and relay package

pfSense Packages
136
855
1.0m
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    marcelloc
    last edited by Apr 24, 2017, 2:13 PM

    @Bismarck:

    I had to manually install postfix-postfwd-1.35_1 to make it run and listen on 127.0.0.1:10045, otherwise postfix will give warnings about it.

    Fixed the install script to include the pkg add, Thanks again  :)

    I'll push it to repo soon

    Treinamentos de Elite: http://sys-squad.com

    Help a community developer! ;D

    1 Reply Last reply Reply Quote 0
    • N
      n3by
      last edited by Apr 25, 2017, 3:40 PM Apr 25, 2017, 3:19 PM

      Hi,

      Is this re-instalation completed successfully as I also see in /root ?

      drwxr-xr-x   5 root  wheel        512 Apr 25 17:07 spf-tools-master
      
      /root: sh ./install_postfix_23.sh
      Message from syslogd@fwpl at Apr 25 17:05:19 ...
      fwpl php-fpm[61287]: /index.php: Successful loginsh ./install_postfix_23.sh                                                                 fetching  /usr/local/bin/adexport.pl from github
      fetching  /usr/local/pkg/postfix.inc from github
      fetching  /usr/local/pkg/postfix.xml from github
      fetching  /usr/local/pkg/postfix_acl.xml from github
      fetching  /usr/local/pkg/postfix_antispam.xml from github
      fetching  /usr/local/pkg/postfix_domains.xml from github
      fetching  /usr/local/pkg/postfix_recipients.xml from github
      fetching  /usr/local/pkg/postfix_sync.xml from github
      fetching  /usr/local/share/pfSense-pkg-postfix/info.xml from github
      fetching  /usr/local/www/postfix.php from github
      fetching  /usr/local/www/postfix_about.php from github
      fetching  /usr/local/www/postfix_queue.php from github
      fetching  /usr/local/www/postfix_recipients.php from github
      fetching  /usr/local/www/postfix_search.php from github
      fetching  /usr/local/www/postfix_view_config.php from github
      fetching  /usr/local/www/shortcuts/pkg_postfix.inc from github
      fetching  /usr/local/www/widgets/widgets/postfix.widget.php from github
      fetching  /usr/local/pkg/postfix_dkim.inc from github
      fetching  /usr/local/www/vendor/datatable/se-1.2.0.zip from github
      fetching  /usr/local/www/vendor/datatable/css/jquery.dataTables.min.css from github
      fetching  /usr/local/www/vendor/datatable/js/jquery.dataTables.min.js from github
      fetching  /usr/local/www/postfix.sql.php from github
      fetching  /usr/local/bin/postwhite from github
      fetching  /usr/local/pkg/postfix_postwhite.template from github
      Updating FreeBSD repository catalogue...
      Fetching meta.txz: 100%    944 B   0.9kB/s    00:01    
      Fetching packagesite.txz: 100%    6 MiB   3.0MB/s    00:02    
      Processing entries: 100%
      FreeBSD repository update completed. 26278 packages processed.
      Updating pfSense-core repository catalogue...
      pfSense-core repository is up to date.
      Updating pfSense repository catalogue...
      Fetching meta.txz: 100%    944 B   0.9kB/s    00:01    
      Child process pid=77716 terminated abnormally: Segmentation fault
      fetch: https://github.com/jsarenik/spf-tools/archive/master.zip: size of remote file is not known
      master.zip                                              49 kB  195 kBps 00m01s
      Archive:  master.zip
      d spf-tools-master
      replace spf-tools-master/.gitignore? [y]es, [n]o, [A]ll, [N]one, [r]ename: y
       extracting: spf-tools-master/.gitignore  
      replace spf-tools-master/.simplecov? [y]es, [n]o, [A]ll, [N]one, [r]ename: A
       extracting: spf-tools-master/.simplecov  
       extracting: spf-tools-master/.travis.yml  
       extracting: spf-tools-master/AUTHORS  
       extracting: spf-tools-master/LICENSE  
       extracting: spf-tools-master/README.md  
       extracting: spf-tools-master/circle.yml  
       extracting: spf-tools-master/cloudflare.sh  
       extracting: spf-tools-master/compare.sh  
       extracting: spf-tools-master/despf.sh  
       extracting: spf-tools-master/genspfzone.sh  
      d spf-tools-master/include
       extracting: spf-tools-master/include/despf.inc.sh  
       extracting: spf-tools-master/include/global.inc.sh  
       extracting: spf-tools-master/include/isincidrange.sh  
       extracting: spf-tools-master/iprange.sh  
      d spf-tools-master/misc
       extracting: spf-tools-master/misc/ci-runtest.sh  
       extracting: spf-tools-master/misc/ci-setup.sh  
       extracting: spf-tools-master/misc/tmpl  
       extracting: spf-tools-master/mkblocks.sh  
       extracting: spf-tools-master/mkzoneent.sh  
       extracting: spf-tools-master/normalize.sh  
       extracting: spf-tools-master/route53.sh  
       extracting: spf-tools-master/runspftools.sh  
       extracting: spf-tools-master/shippable.yml  
       extracting: spf-tools-master/simplify.sh  
      d spf-tools-master/tests
      d spf-tools-master/tests/a24
       extracting: spf-tools-master/tests/a24/cmd  
       extracting: spf-tools-master/tests/a24/in  
       extracting: spf-tools-master/tests/a24/out  
      d spf-tools-master/tests/brokendns
       extracting: spf-tools-master/tests/brokendns/cmd  
       extracting: spf-tools-master/tests/brokendns/in  
       extracting: spf-tools-master/tests/brokendns/out  
      d spf-tools-master/tests/cname
       extracting: spf-tools-master/tests/cname/cmd  
       extracting: spf-tools-master/tests/cname/in  
       extracting: spf-tools-master/tests/cname/out  
      d spf-tools-master/tests/despf
       extracting: spf-tools-master/tests/despf/cmd  
       extracting: spf-tools-master/tests/despf/in  
       extracting: spf-tools-master/tests/despf/out  
      d spf-tools-master/tests/despf_chain
       extracting: spf-tools-master/tests/despf_chain/cmd  
       extracting: spf-tools-master/tests/despf_chain/in  
       extracting: spf-tools-master/tests/despf_chain/out  
      d spf-tools-master/tests/despf_help
       extracting: spf-tools-master/tests/despf_help/cmd  
       extracting: spf-tools-master/tests/despf_help/in  
       extracting: spf-tools-master/tests/despf_help/out  
      d spf-tools-master/tests/despf_qualifier
       extracting: spf-tools-master/tests/despf_qualifier/cmd  
       extracting: spf-tools-master/tests/despf_qualifier/in  
       extracting: spf-tools-master/tests/despf_qualifier/out  
      d spf-tools-master/tests/despf_qualifier2
       extracting: spf-tools-master/tests/despf_qualifier2/cmd  
       extracting: spf-tools-master/tests/despf_qualifier2/in  
       extracting: spf-tools-master/tests/despf_qualifier2/out  
      d spf-tools-master/tests/despf_skip
       extracting: spf-tools-master/tests/despf_skip/cmd  
       extracting: spf-tools-master/tests/despf_skip/in  
       extracting: spf-tools-master/tests/despf_skip/out  
      d spf-tools-master/tests/despf_skip_t
       extracting: spf-tools-master/tests/despf_skip_t/cmd  
       extracting: spf-tools-master/tests/despf_skip_t/in  
       extracting: spf-tools-master/tests/despf_skip_t/out  
      d spf-tools-master/tests/despf_torn
       extracting: spf-tools-master/tests/despf_torn/cmd  
       extracting: spf-tools-master/tests/despf_torn/in  
       extracting: spf-tools-master/tests/despf_torn/out  
      d spf-tools-master/tests/despf_upper_case
       extracting: spf-tools-master/tests/despf_upper_case/cmd  
       extracting: spf-tools-master/tests/despf_upper_case/in  
       extracting: spf-tools-master/tests/despf_upper_case/out  
      d spf-tools-master/tests/fix_32
       extracting: spf-tools-master/tests/fix_32/cmd  
       extracting: spf-tools-master/tests/fix_32/in  
       extracting: spf-tools-master/tests/fix_32/out  
      d spf-tools-master/tests/mkblocks-help
       extracting: spf-tools-master/tests/mkblocks-help/cmd  
       extracting: spf-tools-master/tests/mkblocks-help/in  
       extracting: spf-tools-master/tests/mkblocks-help/out  
      d spf-tools-master/tests/mkblocks-start
       extracting: spf-tools-master/tests/mkblocks-start/cmd  
       extracting: spf-tools-master/tests/mkblocks-start/in  
       extracting: spf-tools-master/tests/mkblocks-start/out  
      d spf-tools-master/tests/mkblocks
       extracting: spf-tools-master/tests/mkblocks/cmd  
       extracting: spf-tools-master/tests/mkblocks/in  
       extracting: spf-tools-master/tests/mkblocks/out  
      d spf-tools-master/tests/mx20
       extracting: spf-tools-master/tests/mx20/cmd  
       extracting: spf-tools-master/tests/mx20/in  
       extracting: spf-tools-master/tests/mx20/out  
      d spf-tools-master/tests/mx20_upper_case
       extracting: spf-tools-master/tests/mx20_upper_case/cmd  
       extracting: spf-tools-master/tests/mx20_upper_case/in  
       extracting: spf-tools-master/tests/mx20_upper_case/out  
      d spf-tools-master/tests/norm_ignore
       extracting: spf-tools-master/tests/norm_ignore/cmd  
       extracting: spf-tools-master/tests/norm_ignore/in  
       extracting: spf-tools-master/tests/norm_ignore/out  
      d spf-tools-master/tests/normalize
       extracting: spf-tools-master/tests/normalize/cmd  
       extracting: spf-tools-master/tests/normalize/in  
       extracting: spf-tools-master/tests/normalize/out  
      d spf-tools-master/tests/normalize_empty
       extracting: spf-tools-master/tests/normalize_empty/cmd  
       extracting: spf-tools-master/tests/normalize_empty/in  
       extracting: spf-tools-master/tests/normalize_empty/out  
      d spf-tools-master/tests/nospf
       extracting: spf-tools-master/tests/nospf/cmd  
       extracting: spf-tools-master/tests/nospf/in  
       extracting: spf-tools-master/tests/nospf/out  
      d spf-tools-master/tests/redirect
       extracting: spf-tools-master/tests/redirect/cmd  
       extracting: spf-tools-master/tests/redirect/in  
      unzip: skipping non-regular entry 'spf-tools-master/tests/redirect/out'
      d spf-tools-master/tests/simplify
       extracting: spf-tools-master/tests/simplify/cmd  
       extracting: spf-tools-master/tests/simplify/in  
       extracting: spf-tools-master/tests/simplify/out  
       extracting: spf-tools-master/tests/test-shell.sh  
       extracting: spf-tools-master/tests/test-subdirs.sh  
       extracting: spf-tools-master/tests/test-unit.sh  
       extracting: spf-tools-master/xsel.sh  
      mv: rename spf-tools-master to /usr/local/bin/spf-tools/spf-tools-master: Directory not empty
      
      

      edit:
      deleted /usr/local/bin/spf-tools/spf-tools-master
      and retry the install and now it looks ok

      1 Reply Last reply Reply Quote 0
      • C
        ccnet
        last edited by Apr 26, 2017, 9:13 AM

        Yesterday, a fresh Pfsense 2.3.3 install. 64bits version, on a vm (esx) with 2Go ram. This Pfsense is not used as firewall, the purpose is testing Pfsense + Postfix package as mail gateway. Runing install from scrip as provide on github. No error except if i miss something.
        Setting a few parameters in Postfix and i can start it.
        Now the problems.
        In    SystemPackage ManagerInstalled Packages :  There are no packages currently installed.

        The only way i find to acces Posrfix setup is via Status / Services and clicj icon Related settings.
        Postfix don(t appear in menu Services. Is this normal ?

        In my actual Postfix gateway (5/6 clients with it) i use access lists for denied domain : one list for domain and another one with regular expresion. In main.cf I have :

        smtpd_client_restrictions = permit_mynetworks
                                    permit_sasl_authenticated                   
        		            check_client_access cidr:/etc/postfix/access_cidr
                                    check_client_access hash:/etc/postfix/access_client
        		            check_client_access regexp:/etc/postfix/access_client_regexp
        			    reject_rbl_client zen.spamhaus.org
        

        I'm not sure to understand howto implement cidr:/etc/postfix/access_cidr and hash:/etc/postfix/access_client.
        etc/postfix/access_cidr is something like

        offrecadeau.ovh         REJECT spammeur
        

        hash:/etc/postfix/access_client is like

        243.200.171.0/24		REJECT Spammeur
        

        This package is a great job. Thanks.

        1 Reply Last reply Reply Quote 0
        • M
          marcelloc
          last edited by Apr 26, 2017, 10:04 AM

          @ccnet:

          In    SystemPackage ManagerInstalled Packages :  There are no packages currently installed.

          That's right. As an Unofficial package, It will not be there.

          @ccnet:

          The only way i find to acces Posrfix setup is via Status / Services and clicj icon Related settings.
          Postfix don(t appear in menu Services. Is this normal ?

          try to install cron package for example. Install process includes postfix on service menu but for some reason, on some boxes, you may need to install a package. I suggest system patches or cron.

          @ccnet:

          This package is a great job. Thanks.

          Thanks  :)

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • C
            ccnet
            last edited by Apr 26, 2017, 11:34 AM

            Thanks Marcelloc,

            installing the cron package solve the problem about smtp in menu Services. Postfix Forwarder is now visible.

            1 Reply Last reply Reply Quote 0
            • C
              ccnet
              last edited by Apr 26, 2017, 1:51 PM Apr 26, 2017, 1:24 PM

              I thing an access client list is missing for denying a domains list such as

              diglobaltoday.com REJECT

              When looking at configuration i have :

              smtpd_client_restrictions = permit_mynetworks,
              				reject_unauth_destination,
              				check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
              				check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
              				reject_unknown_client_hostname,
              				reject_unauth_pipelining,
              				reject_multi_recipient_bounce,
              				permit
              

              I thing it will be nice to have one more line with :

              check_client_access hash:/usr/local/etc/postfix/cal_hash,
              

              I have 3900 domains rejected at command connect (smtpd_client_restrictions) in my ClearOS Gateway.

              1 Reply Last reply Reply Quote 0
              • M
                marcelloc
                last edited by Apr 26, 2017, 2:24 PM

                Just add a // between domains you have on pcre field.

                
                /\.dsl\./ REJECT DSLs not allowed [HS001]
                /\.dynamic\./ REJECT DSLs not allowed[HS003]
                /mkt/ REJECT Spam is not marketing [HS007]
                
                

                TABLE FORMAT
                      The general form of a PCRE table is:

                /pattern/flags result
                              When pattern matches the input  string,  use  the  corresponding
                              result value.

                !/pattern/flags result
                              When  pattern  does  not  match the input string, use the corre-
                              sponding result value.

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • C
                  ccnet
                  last edited by Apr 26, 2017, 5:22 PM

                  Ok I will try. But I'm not sure howto reject the domain who appear in the commande connect.

                  I add the Postfix  widget, but it remain empty. Mails are correctly routed to internet but nothing in the widget.

                  1 Reply Last reply Reply Quote 0
                  • M
                    marcelloc
                    last edited by Apr 26, 2017, 5:38 PM

                    @ccnet:

                    I add the Postfix  widget, but it remain empty. Mails are correctly routed to internet but nothing in the widget.

                    Two steps to get it on databases. See the general tab under logging.

                    • Enable log destination to maillog

                    • Inlcude /^Subject:/ INFO line in Acl Headers after all your Subject rules.

                    postfix_logging.PNG
                    postfix_logging.PNG_thumb

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • N
                      n3by
                      last edited by Apr 29, 2017, 7:17 PM

                      I think I found why widget display strange data;
                      Update Sqlite I had it set to every hour then I try to 10 min, no luck.
                      I set it to 1 min and since then my data looks ok.

                      Screenshot_2017-04-29_21-13-55.png
                      Screenshot_2017-04-29_21-13-55.png_thumb

                      1 Reply Last reply Reply Quote 0
                      • M
                        marcelloc
                        last edited by May 4, 2017, 10:03 AM May 3, 2017, 7:51 PM

                        Hi, I've pushed to pkg-postfix an auto cloudbased domains whitelist option.

                        This update prevents cloud based domains endless Service currently unavailable problems against Postscreen that we see on almost all postscreen base configuration worldwide.

                        This can be used together with RBL whitelist/negative rbl score and postwhite

                        When a network/CIDR is whitelisted by this function it does not bypass any other postfix, acl, mailscanner, clamav or spamassassin test.  :)

                        auto_whitelist.PNG
                        auto_whitelist.PNG_thumb
                        view_config.PNG
                        view_config.PNG_thumb

                        Treinamentos de Elite: http://sys-squad.com

                        Help a community developer! ;D

                        1 Reply Last reply Reply Quote 0
                        • B
                          Bismarck
                          last edited by May 8, 2017, 12:41 PM

                          @marcelloc - Excellent work!  :)

                          Just in case you have problems to update to 2.3.4-RELEASE because of bugged pkg:

                          https://forum.pfsense.org/index.php?topic=130071.msg716776#msg716776

                          1 Reply Last reply Reply Quote 0
                          • M
                            marcelloc
                            last edited by May 8, 2017, 1:41 PM

                            @Bismarck:

                            @marcelloc - Excellent work!  :)

                            thanks Bismarck

                            @Bismarck:

                            Just in case you have problems to update to 2.3.4-RELEASE because of bugged pkg:

                            https://forum.pfsense.org/index.php?topic=130071.msg716776#msg716776

                            thanks for the info.

                            Treinamentos de Elite: http://sys-squad.com

                            Help a community developer! ;D

                            1 Reply Last reply Reply Quote 0
                            • B
                              Bismarck
                              last edited by May 8, 2017, 5:59 PM

                              Marcello, how does Auto whitelist work, I just see a reference to auto_whitelisted_cidr but no function anywhere?

                              https://github.com/marcelloc/Unofficial-pfSense-packages/commit/a5d8b57f932b9ffa0f1b275842777723475f1647

                              1 Reply Last reply Reply Quote 0
                              • M
                                marcelloc
                                last edited by May 8, 2017, 10:19 PM May 8, 2017, 7:48 PM

                                The script was uploaded few commits before but I messed up with older files.

                                https://github.com/marcelloc/Unofficial-pfSense-packages/commit/a9770ddfaf827e025f79fc8d94f4c7e0cec086eb#diff-e50e08425a53cf0a262fae58e6f8de0c

                                It works together with every minute update database.
                                It checks for domains that received the 'back later' and if it reaches the count you defined on gui, it looks for all spf records for that domain and whitelist it on postscreen.

                                The view configuration tab shows whitelisted domains and it's cidrs.

                                Treinamentos de Elite: http://sys-squad.com

                                Help a community developer! ;D

                                1 Reply Last reply Reply Quote 0
                                • B
                                  Bismarck
                                  last edited by May 9, 2017, 4:51 AM

                                  Okay now I got it. ;)

                                  postfix_cloud_domains.php is missing in the install_postfix_23.sh, you maybe want to fix this?  :P

                                  1 Reply Last reply Reply Quote 0
                                  • M
                                    marcelloc
                                    last edited by May 9, 2017, 4:24 PM May 9, 2017, 11:58 AM

                                    @Bismarck:

                                    Okay now I got it. ;)

                                    postfix_cloud_domains.php is missing in the install_postfix_23.sh, you maybe want to fix this?  :P

                                    I will​. :)

                                    EDIT

                                    done

                                    https://github.com/marcelloc/Unofficial-pfSense-packages/commit/28e7676ee2b665de62cdccd28196975bc407288a

                                    Treinamentos de Elite: http://sys-squad.com

                                    Help a community developer! ;D

                                    1 Reply Last reply Reply Quote 0
                                    • M
                                      marcelloc
                                      last edited by May 13, 2017, 7:18 AM May 13, 2017, 7:04 AM

                                      With Bismarck suggestion and help, I did a version of postfix package with DMARC.

                                      I had to change the domain tab from rowhelper to domain list. It changes some internal logic on the package. So I ask you to test it and feedback to see if you get the same result as I did.

                                      The install script is under postfix-DMARC branch, so to install this version, run

                                      
                                      fetch https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/postfix-DMARC/pkg-postfix/files/install_postfix_23.sh
                                      sh install_postfix_23.sh
                                      
                                      

                                      Warning, this will move and merge your domain config/dkim data on config.xml. So once upgraded to DMARC version, you will need to add all domain config again if you want to back to current stable version.

                                      Once I do more tests and be sure nothing is broken, DMARC version will be the new stable version.

                                      domain_list.PNG
                                      domain_list.PNG_thumb
                                      domain_detail.PNG
                                      domain_detail.PNG_thumb
                                      dmarc.PNG
                                      dmarc.PNG_thumb

                                      Treinamentos de Elite: http://sys-squad.com

                                      Help a community developer! ;D

                                      1 Reply Last reply Reply Quote 0
                                      • M
                                        marcelloc
                                        last edited by May 14, 2017, 6:46 AM

                                        Did some minor fixes based on Bismarck feedback and also implemented the apply button to package gui

                                        https://github.com/marcelloc/Unofficial-pfSense-packages/commit/1459643eb929263a6811fd75ed30e40f81522844

                                        apply_changes.PNG
                                        apply_changes.PNG_thumb

                                        Treinamentos de Elite: http://sys-squad.com

                                        Help a community developer! ;D

                                        1 Reply Last reply Reply Quote 0
                                        • B
                                          Bismarck
                                          last edited by May 17, 2017, 10:19 AM

                                          @marcelloc:

                                          I had to change the domain tab from rowhelper to domain list. It changes some internal logic on the package.

                                          I really like the new domain tab, you can even sort the domains via drag&drop.  ;)

                                          1 Reply Last reply Reply Quote 0
                                          812 out of 855
                                          • First post
                                            812/855
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.