PFsense postfix how to



  • Hi,

    I want to build a Mail Gateway using only pfSense, I have an Exchange server on my network, segment 192.168.1.XX.
    There any step by step to do?



  • @ivan_pfsense:

    Hi,

    I want to build a Mail Gateway using only pfSense, I have an Exchange server on my network, segment 192.168.1.XX.
    There any step by step to do?

    I do not have a step by step, but if you configure postfix package from general to antispam tab looking for hints and configuration links you will do a sucessfull setup.

    here are some shortcuts to postfix forum thread.

    http://forum.pfsense.org/index.php/topic,40622.msg209769.html#msg209769

    http://forum.pfsense.org/index.php/topic,40622.msg217539.html#msg217539

    http://forum.pfsense.org/index.php/topic,40622.msg222534.html#msg222534

    http://forum.pfsense.org/index.php/topic,40622.msg225663.html#msg225663

    http://forum.pfsense.org/index.php/topic,40622.msg231511.html#msg231511

    main options you have to set up:
    general tab

    • Enable service

    • Choose interfaces to listen on(remember to remove nat from port 25 and allow access on wan firewall rules to postfix)

    • Choose Logging settings if you want to use gui search mail tool

    domains tab

    • configure your mail domain and mail server ip(exchange)

    Recipients tab

    • If you want, you can enable ldap fetch from valid recipients from ad to reject unknow destination addresses without first forwarding message to exchange server

    • Create an account on ad with no user privileges and fill up fields to get info from AD(hint has the format of each filed)

    Access list tab

    • Custom rules to apply to message. If you want to do not receive mail from yahoo for example, put /^From:.*@yahoo.com/ REJECT in header field.

    • To log message subject, include /^Subject:/ WARN on header field too.

    • Mynetworks has ip addresses of server that can send mail through postfix just like a smart host

    Antispam tab

    • Most important tab to protect your internal server against most spams.

    • Follow default options to get a good setup.

    • To avoid complexity for the first setup, use third part spam only when you get postfix package skills(configure,logging, analyzing,etc)

    Hint: Many, many mailservers around the world has misconfigured setups. When you get no email from a specific domain, look the error at both NOQUEUE and QUEUE log type with status info selected at search mail tab.

    That's all you need to get a working postfix.
    Not too easy but not too hard.
    Good luck on your setup.



  • Few questions….

    How do i get the interface address working? if i select my WAN interface, and disable the NAT rule which was in place. I cannot telnet to the WAN address at all? What am i doing wrong? Any suggestions?

    Also if i use this amazing product, to backup my MX record so it can hold my emails and forward them on, can i also do this? And what is the retry options if the server is not alive?



  • @craigduff:

    How do i get the interface address working? if i select my WAN interface, and disable the NAT rule which was in place. I cannot telnet to the WAN address at all? What am i doing wrong? Any suggestions?

    Create a firewall rule on wan to allow tcp port 25 traffic to wan address

    @craigduff:

    Also if i use this amazing product, to backup my MX record so it can hold my emails and forward them on, can i also do this? And what is the retry options if the server is not alive?

    Yes.
    Configure domains and set main mx server ip on Mynetwork at acls tab



  • Hey marcelloc,

    first of all a big THANKS for all your time. Great package.

    I have set up a pfSense 2.0.1 box with working HAVP, squid, squidguard and so on and discovered the postfix-package.
    Really great stuff.

    My problem:
    Our mailserver inside the company fetches the emails for our domain via POP3 from our provider, kind of comparable as if you would fetch all your family's mails from hotmail for example (mom@hotmail.com, dad@hotmail.com and so on). No multidrop, just every single address (25 allover) on its own.
    The clients access the inhouse-server via IMAP.
    As you wrote, this package is not designed to manage mailboxes itself.

    Is there any way to use pfSense with postfix with my config? I am a little bit confused because I have found no thread concerning my problems with the POP3-matter…

    Thanks in advance,
    Michael



  • @lovin_it:

    Is there any way to use pfSense with postfix with my config? I am a little bit confused because I have found no thread concerning my problems with the POP3-matter…

    This package has no pop3 fetch integration and will not work with your full custom config. You can merge your config using custom options.

    To use postfix on you system without the gui, follow these steps:

    • Remove postfix package

    • On console/ssh, install postfix binaries using pkg_add -r http://files.pfsense.org/packages/amd64/8/All/postfix-2.8.7%2C1.tbz(amd64 version)

    • Install filer package and open it`s gui (diagnostics -> filer)

    • add postfix startup script to filer config(it will load current file)

    • Edit default startup status from NO to YES and save file

    • create your postfix config file and select startup script to run after file changes

    Not easy but not impossible too  :)


Log in to reply