Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issue with the postfix package

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      ptonini
      last edited by

      Hi

      I work at a IT suport company, and we have been using pfSense in several production enviroments for a couple of months now. In one of this instalations we are using pfSense as a mail gateway for an Exchange server. It is working fine, but there is an issue that is requiring some aditional atention when altering any of the postfix settings on the webConfigurator.

      My setup is as follows:

      pfSense 2.0.1 (i386)
      Postfix Forwarder Package v.2.3.4_1
      Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
      2 NICS:
        NIC 1: Public IP.
        NIC 2: Private subnet, where the Exchange server resides.

      Postfix is listening on both NIC's, and relay messages fom the cloud to the Exchange server and vice-versa.

      The issue is that, when I enable the postscreen service, the public NIC listens and relays messages without errors, but the internal NIC gets unresponsive, taking up to 1 hour sometimes to relay a message to the cloud. If i disable the postscreen service, the situation is reversed, and the messages from the cloud take up to 1 hour to be relayed to the Exchange.

      The IP of the Exchange server is listed on the My Networks filed under Access Lists.

      I've managed to go around the issue by manualy editing the master.cf file, and disabling postscreen only for the internal interface, but every time that I change any of the postfix settings on the webConfigurator, it generates a new master.cf file from the database and I have to change it again manualy.

      I would realy apreciate if someone could help me understand why this is happening, and to request, if possible, that future versions of the postfix package include an option to enable the postscreen service on a per NIC basis, with would avoid the issue alltogether.

      Best regards and thanks in advance,

      Pedro Tonini
      RJ - Brasil

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        @ptonini:

        I would realy apreciate if someone could help me understand why this is happening

        Did you tried to include your internal addresses on Client access list CIDR field?

        postscreen_access_list = permit_mynetworks,
        			cidr:/usr/local/etc/postfix/cal_cidr
        

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • P
          ptonini
          last edited by

          Yes, it is. We just moved the mailboxes from a postfix internal server to the Exchange server. Both of then are on the CIDR list, and both of then suffered the same problem.

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            On my setup(high mail volume per day) I have one pool for incoming mail and another pool on virtual machines for outgoing mail.

            Can you check on postfix logs what is happening with these messages?

            Postscreen should forward whitelisted ips mail direct to postfix.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • P
              ptonini
              last edited by

              This server has a high load too, around 10.000 messages per day. Tonight I'll undo my workaround and try to collect some logs for you (can't do it during workhours).

              I didn't find any clues on the log the last time. I verified the error using telnet: with postscreen enable I didn't get the helo message on the internal NIC and whit it disabled I didin't get the helo message on the external NIC.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.