pfSense Forum

pfSense English Support => Packages => Topic started by: marcelloc on September 05, 2011, 03:57:58 pm

Title: Postfix - antispam and relay package
Post by: marcelloc on September 05, 2011, 03:57:58 pm
Hi all,

I've just finished postfix package version 2.3.

Postfix is an amazing mail forwarder that really keep away any misconfigured server or server trying to forge email.
Postfix Forwarder package at pfsense has many antispam features but for now, no SASL support for remote authentication.


And you can also use an third part antispam engine like mailscanner or policyd v2 for a complete antispam solution.



note: NEVER try to install policydv2 freebsd package, it will break out your pfsense.
if you plan to use policydv2 you must put it on other server or in a jail.

The mailscanner tutorial(or package) is under development, for now you can configure by hand using pkg_add -r MailScanner.


att,
Marcello Coutinho
Title: Re: NEW Postfix antispam and relay package
Post by: mikesamo on September 11, 2011, 07:57:07 am
it's possible to use them as an outbound smtp proxy ? with the antispam features?

Thanks,
Title: Re: NEW Postfix antispam and relay package
Post by: mikesamo on September 11, 2011, 08:02:04 am
Seem to work but it's possible to disable valid recipient functionnality?

Thanks,

Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on September 11, 2011, 09:41:26 pm
You can set your internal mail servers on ACLs -> Client Access List, but I don't know if postscreen('zombie blocker') or rbl checks can validade internal mail servers.

You can check other postfix antispam features with 'strong header verification' and ACLs for filter header,MIME and body settings.

For a deep internal mail server antispam search you may need mailscanner.
I'm working on this package now and will be available soon.


best regards,
Marcello Coutinho
Title: Re: NEW Postfix antispam and relay package
Post by: mauricioniñoavella on October 10, 2011, 10:02:38 am
how to do my main.cf configuracuion if I have it in centos bit too high I want to pass this pfSense this is my main.cf I want to enable in pfsnese

thanks for the collaboration

# General settings
bounce_queue_lifetime = 6h
mailbox_size_limit = 51200000
message_size_limit = 10240000
luser_relay =
recipient_delimiter = +
message_strip_characters = \0

# Authentication with SASL
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $mydomain

# Encryption with TLS
# smtpd_tls_auth_only = yes
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_tls_loglevel = 1

# Mail restrictions (note: Kolab policies are not implemented)
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
kolabpolicy_time_limit = 3600
kolabpolicy_max_idle = 20

# Mail routing
mailbox_transport = mailpostfilter
content_filter = mailprefilter
transport_maps = hash:/etc/postfix/transport

# Outbound SMTP authentication
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
unknown_local_recipient_reject_code = 550
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = may
smtp_sasl_type = cyrus
relayhost = [xxxx.com]:587
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 10, 2011, 10:29:29 am
You can put your options on custom main.cf options at gui.

This package was designed to be a relay server only, I do not recomend enabling mailboxes on it.
Title: Re: NEW Postfix antispam and relay package
Post by: mauricioniñoavella on October 11, 2011, 10:11:50 am
I just want it to pass and I get this

postfix/smtpd[50880]: NOQUEUE: reject: RCPT from unknown[192.168.200.xxx]: 554 5.7.1 <mauricio.nino@xxx.com.co>: Relay access denied; from=<root@localhost.localdomain> to=<mauricio.nino@xxx.com.co> proto=ESMTP helo=<localhost.localdomain>
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 11, 2011, 01:05:35 pm
Include your 192.168.200.xxx internal ip in ACL/fiter map.
Title: Re: NEW Postfix antispam and relay package
Post by: mauricioniñoavella on October 11, 2011, 04:51:37 pm
marcelloc

appreciate your help but I do not work I have this in the log

The truth can not be done now, I only serve as a relay,


Oct 11 16:49:45    postfix/smtpd[29361]: generic_checks: name=check_client_access
Oct 11 16:49:45    postfix/smtpd[29361]: check_namadr_access: name unknown addr 192.168.200.14
Oct 11 16:49:45    postfix/smtpd[29361]: check_domain_access: unknown
Oct 11 16:49:45    postfix/smtpd[29361]: dict_cidr_lookup: /usr/local/etc/postfix/cal_cidr: unknown
Oct 11 16:49:45    postfix/smtpd[29361]: check_addr_access: 192.168.200.14
Oct 11 16:49:45    postfix/smtpd[29361]: dict_cidr_lookup: /usr/local/etc/postfix/cal_cidr: 192.168.200.14
Oct 11 16:49:45    postfix/smtpd[29361]: generic_checks: name=check_client_access status=0
Oct 11 16:49:45    postfix/smtpd[29361]: generic_checks: name=permit
Oct 11 16:49:45    postfix/smtpd[29361]: generic_checks: name=permit status=1
Oct 11 16:49:45    postfix/smtpd[29361]: >>> START Helo command RESTRICTIONS <<<
Oct 11 16:49:45    postfix/smtpd[29361]: generic_checks: name=reject_unknown_helo_hostname
Oct 11 16:49:45    postfix/smtpd[29361]: reject_unknown_hostname: localhost.localdomain
Oct 11 16:49:45    postfix/smtpd[29361]: lookup localhost.localdomain type A flags 0
Oct 11 16:49:45    postfix/smtpd[29361]: dns_query: localhost.localdomain (A): OK
Oct 11 16:49:45    postfix/smtpd[29361]: dns_get_answer: type A for localhost.localdomain
Oct 11 16:49:45    postfix/smtpd[29361]: generic_checks: name=reject_unknown_helo_hostname status=0
Oct 11 16:49:45    postfix/smtpd[29361]: >>> END Helo command RESTRICTIONS <<<
Oct 11 16:49:45    postfix/smtpd[29361]: >>> START Sender address RESTRICTIONS <<<
Oct 11 16:49:45    postfix/smtpd[29361]: generic_checks: name=reject_unknown_sender_domain
Oct 11 16:49:45    postfix/smtpd[29361]: reject_unknown_address: root@localhost.localdomain
Oct 11 16:49:45    postfix/smtpd[29361]: ctable_locate: move existing entry key root@localhost.localdomain
Oct 11 16:49:45    postfix/smtpd[29361]: reject_unknown_mailhost: localhost.localdomain
Oct 11 16:49:45    postfix/smtpd[29361]: lookup localhost.localdomain type MX flags 0
Oct 11 16:49:45    postfix/smtpd[29361]: dns_query: localhost.localdomain (MX): Host not found
Oct 11 16:49:45    postfix/smtpd[29361]: lookup localhost.localdomain type A flags 0
Oct 11 16:49:45    postfix/smtpd[29361]: dns_query: localhost.localdomain (A): OK
Oct 11 16:49:45    postfix/smtpd[29361]: dns_get_answer: type A for localhost.localdomain
Oct 11 16:49:45    postfix/smtpd[29361]: generic_checks: name=reject_unknown_sender_domain status=0
Oct 11 16:49:45    postfix/smtpd[29361]: generic_checks: name=permit
Oct 11 16:49:45    postfix/smtpd[29361]: generic_checks: name=permit status=1
Oct 11 16:49:45    postfix/smtpd[29361]: >>> START Recipient address RESTRICTIONS <<<
Oct 11 16:49:45    postfix/smtpd[29361]: generic_checks: name=reject_unauth_destination
Oct 11 16:49:45    postfix/smtpd[29361]: reject_unauth_destination: mauricio.nino@xxxx.com.co
Oct 11 16:49:45    postfix/smtpd[29361]: permit_auth_destination: mauricio.nino@xxxx.com.co
Oct 11 16:49:45    postfix/smtpd[29361]: ctable_locate: move existing entry key mauricio.nino@xxxx.com.co
Oct 11 16:49:45    postfix/smtpd[29361]: NOQUEUE: reject: RCPT from unknown[192.168.200.14]: 554 5.7.1 <mauricio.nino@itac.com.co>: Relay access denied; from=<root@localhost.localdomain> to=<mauricio.nino@xxx.com.co> proto=ESMTP helo=<localhost.localdomain>
Oct 11 16:49:45    postfix/smtpd[29361]: generic_checks: name=reject_unauth_destination status=2
Oct 11 16:49:45    postfix/smtpd[29361]: > unknown[192.168.200.14]: 554 5.7.1 <mauricio.nino@xxxx.com.co>: Relay access denied
Oct 11 16:49:45    postfix/smtpd[29361]: watchdog_pat: 0x800e115f0
Oct 11 16:49:45    postfix/smtpd[29361]: < unknown[192.168.200.14]: DATA
Oct 11 16:49:45    postfix/smtpd[29361]: > unknown[192.168.200.14]: 554 5.5.1 Error: no valid recipients
Oct 11 16:49:45    postfix/smtpd[29361]: watchdog_pat: 0x800e115f0
Oct 11 16:49:45    postfix/smtpd[29361]: < unknown[192.168.200.14]: RSET
Oct 11 16:49:45    postfix/smtpd[29361]: > unknown[192.168.200.14]: 250 2.0.0 Ok
Oct 11 16:49:45    postfix/smtpd[29361]: watchdog_pat: 0x800e115f0
Oct 11 16:49:45    postfix/smtpd[29361]: < unknown[192.168.200.14]: QUIT
Oct 11 16:49:45    postfix/smtpd[29361]: > unknown[192.168.200.14]: 221 2.0.0 Bye
Oct 11 16:49:45    postfix/smtpd[29361]: match_hostname: unknown ~? 192.168.200.0/23
Oct 11 16:49:45    postfix/smtpd[29361]: match_hostaddr: 192.168.200.14 ~? 192.168.200.0/23
Oct 11 16:49:45    postfix/smtpd[29361]: disconnect from unknown[192.168.200.14]
Title: Re: NEW Postfix antispam and relay package
Post by: jedblack on October 11, 2011, 04:54:00 pm
marcelloc,

Thanks for all the hard work!  

I have one question...

can i use the postfix forwarder to forward my mail to GMAIL server... i'm doing this now with a centos/postfix install... below is the pertinent config file entries..

# SASL authentication
smtp_tls_security_level=encrypt
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
relayhost = [smtp.gmail.com]:587
transport_maps = hash:/etc/postfix/transport

# TLS
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_cert_file = /etc/postfix/certs/git01.pem
smtp_tls_key_file = /etc/postfix/certs/git01.key
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/certs/git01.pem
smtpd_tls_key_file = /etc/postfix/certs/git01.key
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtpd_use_tls = yes
smtp_tls_loglevel = 1
tls_random_source = dev:/dev/urandom
smtp_cname_overrides_servername = no
#debug_peer_list=smtp.gmail.com
#debug_peer_level=3
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 11, 2011, 05:03:53 pm
Did you tried to include your config in custom main.cf options and of course transfer your files to pfsense?

I'm not sure if other options will affect you setup but could work.

Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 11, 2011, 05:49:04 pm
marcelloc
Oct 11 16:49:45    postfix/smtpd[29361]: dns_query: localhost.localdomain (MX): Host not found
Oct 11 16:49:45    postfix/smtpd[29361]: dns_query: localhost.localdomain (A): OK
Oct 11 16:49:45    postfix/smtpd[29361]: dns_get_answer: type A for localhost.localdomain
Oct 11 16:49:45    postfix/smtpd[29361]: NOQUEUE: reject: RCPT from unknown[192.168.200.14]: 554 5.7.1 <mauricio.nino@itac.com.co>: Relay access denied; from=<root@localhost.localdomain> to=<mauricio.nino@itac.com.co> proto=ESMTP helo=<localhost.localdomain>
Oct 11 16:49:45    postfix/smtpd[29361]: generic_checks: name=reject_unauth_destination status=2
Oct 11 16:49:45    postfix/smtpd[29361]: > unknown[192.168.200.14]: 554 5.5.1 Error: no valid recipients

mauricioniñoavella,

see what postfix is rejecting and correct it.
It looks like you tried to send a email with an invalid sender.
If you need this sender, create this domain in dns server that pfsense uses.

att,
Marcello Coutinho

Title: Re: NEW Postfix antispam and relay package
Post by: mauricioniñoavella on October 13, 2011, 11:25:46 am
marcelloc

greeting
I tried to do everything

Current issue if tusabes Nose to issue

generates this error since I only use smtp_sasl

mailserver postfix/smtpd[20836]: warning: smtpd_sasl_auth_enable is true, but SASL support is not compiled in
mailserver postfix/smtpd[20836]: connect from unknown[xxxx.xxxx.xxxx.xxx]
mailserver postfix/smtpd[20836]: disconnect from unknown[xxxx.xxxx.xxxx.xxx]

I hit it in the

custom main.cf options

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
relayhost = [smtp.xxx.com]:587


thanks for your collaboration
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 13, 2011, 01:15:04 pm
Seems that many people need SASL auth, I will put in postfix forwarder TODO list.



Title: Re: NEW Postfix antispam and relay package
Post by: mauricioniñoavella on October 13, 2011, 03:15:53 pm
Too bad I could bother you confirm if it works as a relay Services: Postfix relay and antispam (postfix forwarder) and also worked with
STARTTLS

thanks for your collaboration
Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 17, 2011, 12:08:10 pm
Hello,

I must say I am glad to see this package. Mail proxies and mail forwarders with filtering is a must have these days. I am new to this package and was wondering if there is any documentation on how to configure and set it up for use. Some of the setting are unclear to me.

I am not sure what the binding setting is for the WAN, LAN, and loopback and can't find anything that explains it better or what basic settings should be set to. Also, when I removed my SMTP port forward form NAT and rules to use this package, I am having trouble recieving mails. I went to mxtoolbox.com and did a diagnostics test and I don't get a header response or anything. It just says host times out from inactivity.

I really did not change any of the default setting from the install and yes I did add the domain with a forwarding internal address.

Could someone help or post a basic setup that would get this working. It is a little hard to figure settings with no documentation or explinations of settings.

Thanks,

MDP
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 17, 2011, 12:43:09 pm
at docs.pfsense.com has some info but not so detailed.

the basic setup is:


Many options has recommend, default and link option to postfix documentation.

I recommend enable all antispam settings too.

att,
Marcello Coutinho
Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 17, 2011, 09:04:34 pm
Hey thanks very much for the info. I will give a try. I really like the concept of this package and have waited a while to see something like this come out for pfsense, so thanks for all your hard work.

I do have one question for your response. When you say WAN loopback interface, do you mean select the WAN interface only, the loopback interface only, or both?

Thanks Again,
Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 17, 2011, 11:14:56 pm
So I have e-mails forwarding ok now and thanks for the basic info for that. Just curious, as I seen in early to mid last month a post you made about mailscanner, and was wondering if this will become part of the base install of the postfix forwarder package?

Currently I am unsure how to implement this ability and not really sure on what the ACLs/Filter maps tab does.

If you made this package an all inclusive install with all the components needed for a full SMTP filter, that would be sweet.

Thanks
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 18, 2011, 06:35:11 am
Mailscanner + spamassassin will be released soon as a new package with more then 500 options to filter spam. As I told in other posts, I'm waiting Mailscanner package compilation by core team. But if you know how mailscanner works you can add freebsd package and configure it.

Can you feedback in % how postfix + all antispam settings reduced spam messages on mailboxes?

Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 18, 2011, 07:44:49 am
Yeah, I will post some stats in a about a week. I will compare report files from our other filtering system and see what a rough % in reduction maybe. I can say that I have noticed a difference already just from last night when I enabled it. I am seeing a lot of RBLS blocks and invalide host address blocks. Normally this would get cought by our other filter, but not always for some reason.

For the most part, it seems to be working very well and I am excited for the Mailscanner package.

I have been playing around with the ACLs/Filter Maps section and was wondering if a manual blacklist block and whitelist allow will be added?

Thanks,
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 18, 2011, 08:06:56 am
The ACLs allow you to block or permit ips, subjects, atachments and Also filter message body.

Take a look at samples below each field.
Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 18, 2011, 09:52:39 am
Ahhh yes, I am starting to understand how you are laying this out. This all makes sense now. I guess I have just been getting to use to check boxes and enable buttons way to much LOL.

Thanks again for the info.

Take Care

MDP
Title: Re: NEW Postfix antispam and relay package
Post by: mauricioniñoavella on October 18, 2011, 09:56:00 am
hello

marcelloc

I can confirm you this module can function as a relay host, thatis I work as an SMTP forwarder to an external mail Server using STARTTLS


I congratulate you for your great support for this great pauqete, Proxies and redirects mail, I'm new in this package I would like know if there is some configuration information, as a forwarder (SMTP) mail to an external Server "Outbound Relay Hosts"



Could anyone help me with the basic configuration to work as mail forwarder to an external server authentication through a little priest specified. It's a bit difficult to understand the configuration without documentation or configuration give some tics.

thanks for your collaboration
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 18, 2011, 08:54:08 pm
mauricioniñoavella,

The basic setup is already in this topic.
http://forum.pfsense.org/index.php/topic,40622.msg217539.html#msg217539

All features in postfix forwarder package was include after many hours reading official postfix documentation.

Many features in this packages, has samples or direct links to postfix website, take a look.

Also you have the options to see the result of gui setup in View confi files tab.

Some docs about SASL say that are many implementations for it in postfix, now I'm trying to find one compatible with pfsense.

see considerations on enabling TLS
http://www.postfix.org/TLS_README.html

Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 19, 2011, 11:20:23 am
marcelloc

I have a e-mail that seems to be getting blocked, which I think is a false positive. Here is the log I get back. Note that I removed the actual domain name and IP.

postfix/smtpd[32719]: NOQUEUE: reject: RCPT from mail.example.org[XXX.XXX.XXX.XXX]: 450 4.7.1 <EX02.example.local>: Helo command rejected: Host not found; from=<someone@example.org> to=<someone@mydomain.com> proto=ESMTP helo=<EX02.example.local>


I added this filter rule in the header to allow. This did not seem to work, but when I added a different rule to REJECT a different domain name, it worked.

/^From:.*@example.org/ OK

Any idea on this?

Thanks,

MDP
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 19, 2011, 05:03:34 pm
The host that remote server announce on Helo smtp command Does not exist.

This is one of the header verification tests.
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 20, 2011, 11:05:41 am
Hi all,

Postfix compilation on x64 now includes cyrus-SASL2 and TLS.

who need or want to test it, reinstall or remove/install postfix package.

No changes in gui for this option. Include all your SASL and/or TLS config in custom main.cf options

att,
Marcello Coutinho
Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 21, 2011, 07:31:28 am
marcelloc,

I am getting a lot of these messages and I have seen a lot of them that are from domains and users I know. What can I do to stop these false positives. Here is the message I recieve minus real IP and domain names.

postfix/smtpd[61721]: NOQUEUE: reject: RCPT from mail.someonesdomain.com[xxx.xxx.xxx.xxx]: 450 4.7.1 <CNASRV.CNA.local>: Helo command rejected: Host not found; from=<someone@someonesdomain.com> to=<user@mydomain.com> proto=ESMTP helo=<CNASRV.CNA.local>

Here is my configuration. I have messed around trying to find out what is causing it and had no luck.

ACL Filter MIME:
/^name=[^>]*\.(com|vbs|js|jse|exe|bat|cmd|vxd|scr|hlp|pif|shs|ini|dll)/ REJECT W do not allow files of type "$3" because of security concerns - "$2" caused the block.
/^Content-(Disposition|Type):\s+.+?(?:file)?name="?.+?\.(386|ad[ept]|drv|em(ai)?l|ex[_e]|xms|\{[\da-f]{8}(?:-[\da-f]{4}){3}-[\da-f]{12}\})\b/ REJECT ".$2" file attachment types not allowed

ACL Filter CIDR:My Internal Subnet xxx.xxx.xxx.xxx/24

Antispam:
Header Verification = strong

Zombie Blocker = Enabled with enforce

After greetins Test= all selected

Softbounce= enabled

RBL with = dnsbl.sorbs.net, bl.spamcop.net*2, dnslb.local*-5, cbl.abuseat.org, b.barracudacentral.org

RBL threshold = 1

SPF Check = Recomended setting

I have tried litteraly disabling everything and setting head check to basic to see if the messages would pass. I even added rules to the ACL filter list such as /^From:.*@someonesdomain.com OK

Is there something I can do? Do you have any suggestions?

Thanks,

MDP
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 21, 2011, 08:27:40 am
As I told you last post, postfix is very judicious in header checks, so check your DNS server to see if this host announced by remote SMTP does exist or not.

You can also try to white-list this host in your local RBL and CIDR ACL.

I have many of these alerts too, but all of them are really spam or 'misconfigured' hosts.

Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 21, 2011, 11:40:22 am
marcelloc,

I am going to assume that they are misconfigured host because I know they are not spam emails.

I did state I added the /^From:.*@someonesdomain.com OK in the ACL's Filter in the header section. Does this not whitelist the e-mail or is it just whitelisting only one of the spam checks?

Also, if I add their domain address to the CIDR allow, wouldn't that allow their mail server to relay off ours according to the text I am reading at the bottom of that form field?

Thanks,

MDP
Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 21, 2011, 11:43:59 am
Sorry, I meant relay off the pfsense box. My mail server would not act as an open relay.
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 21, 2011, 11:48:31 am
I am going to assume that they are misconfigured host because I know they are not spam emails.

Did you tested name resolution oh the remote host header info?


Also, if I add their domain address to the CIDR allow, wouldn't that allow their mail server to relay off ours according to the text I am reading at the bottom of that form field?


When using postscreen, the documentations says(correct me if I'm wrong) that this only prevents blocking.
When postscreen is disabled, any ip on CIDR allows relay on your server.

Can you test this with any other external ip?

Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 21, 2011, 11:59:59 am
I have been using mxtoolbox.com for testing. One of the domains I am trying to figure out why it is getting blocked is clemansnelson.com

When I do a test on mxtoolbox.com for mail.clemansnelson.com I get the following.

220 CNASRV.CNA.local Microsoft ESMTP MAIL Service ready at Fri, 21 Oct 2011 12:59:31 -0400

 OK - 24.123.130.226 resolves to mail.clemansnelson.com
 Warning - Reverse DNS does not match SMTP Banner
 0 seconds - Good on Connection time
 Not an open relay.
 5.335 seconds - Warning on Transaction time

Thanks,

MDP
Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 21, 2011, 12:09:11 pm
How would I go about disabling postscreen just to see if the mails start to come through. I thought I did disable once by simply unselecting the after greeting checks and disabling Zombie Blocker?
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 21, 2011, 12:11:11 pm
Can you see that there is a warning for this domain on your test?

I've made some tests here and  mail.clemansnelson.com has a valid dns entry and it's related as SPF for clemansnelson.com.

check if your dns has same info and if postfix erros say that worng hostname is mail.clemansnelson.com or something else.


If you disable postscreen, the error will remain as it is done in header check.

Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 21, 2011, 12:16:11 pm
Here is the message minus user email name and our domain name.

postfix/smtpd[10950]: NOQUEUE: reject: RCPT from mail.clemansnelson.com[24.123.130.226]: 450 4.7.1 <CNASRV.CNA.local>: Helo command rejected: Host not found; from=<someone@clemansnelson.com> to=<someone@mydomain.com> proto=ESMTP helo=<CNASRV.CNA.local>

When you say my DNS, our you referring to my internal DNS or external WAN DNS from the firewall?

Thanks,

MDP
Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 21, 2011, 12:20:37 pm
I have spotted about 6 other domains that I know are not spam that is getting the same message above. If I disable the Postfix forwarder and then do a temporary NAT and port forward of SMTP:25 to our internal mail server. The transparent spam filters we have will allow the message through and they do a lot of the same checks. I must have something misconfigured on postfix, or these host are not configured correctly. I am not willing to say something is wrong with the package because we are still getting a lot of good e-mails coming through.

Up above I posted my base config, can you see anything that would be causing the issue in that config?

Thanks,

MDP
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 21, 2011, 12:35:28 pm
postfix/smtpd[10950]: NOQUEUE: reject: RCPT from mail.clemansnelson.com[24.123.130.226]: 450 4.7.1 <CNASRV.CNA.local>: Helo command rejected: Host not found; from=<someone@clemansnelson.com> to=<someone@mydomain.com> proto=ESMTP helo=<CNASRV.CNA.local>


The problem is this : helo=<CNASRV.CNA.local>

Helo host in smtp negotiaton must exist. If you allow any host in SMTP helo, you are opening your server for a lot of spam.

Many STMP admins 'foget' to configure their servers, it's normal.

In any way I suggest you to disable spam checks.

EDIT:

Note that any client behind a misconfigured server will receive this erros for many domains, so they can forward it to SMTP 'admins'

Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 21, 2011, 12:47:27 pm
Well, as much as I hated to, I disabled the spam checks and saved, then disabled and saved and then renabled postfix and saved.

I am still getting the same messages?

Thanks,

MDP
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 21, 2011, 12:53:33 pm
And about your config, I suggest you to change RBL threshold to 2.

As I told you, this host error is got by header check, not postscreen.
See configuration files options in gui.

in main.cf
Code: [Select]
#Don't talk to mail systems that don't know their own hostname.
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_unknown_helo_hostname

This is a feature, not a bug or false positive.

Don't think the problem is with your setup.
Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 21, 2011, 01:02:08 pm
Ok, I am starting to see now what you are saying. On the main config code you pointed out, Should I change smtpd_helo_required = yes to = no or change smtpd_helo_restrictions = reject_unknown_helo_hostname

Like you said, I am afraid I will open the gates for flooding of spam. We have transparent backend filters, but I was hoping to kill most of it at the gateway level.

So what would you suggest at this point. I changed my RBL from 1 to 2.

Thanks for all your help,

MDP
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 21, 2011, 01:31:48 pm
Send a email to postmaster@ domains you identify that misconfiguration.

Or try CIDR with remote SMTPS While using postscreen
Title: Re: NEW Postfix antispam and relay package
Post by: invaluement on October 24, 2011, 09:54:22 am
RBL with = dnsbl.sorbs.net, bl.spamcop.net*2, dnslb.local*-5, cbl.abuseat.org, b.barracudacentral.org

MDP,

Hi. I'm the owner/manager of invaluement.com and the host name you listed above for using invaluement.com as an RBL is WRONG!!!! (I deleted it in my quote of your post.. see post for what I'm talking about)

Anyone using that host name as an RBL will ONLY get rejected queries. This a waste of other's resources--since anyone adding a bogus RBL only adds wasted time to the processing of each message. Therefore, please edit your post above to remove that reference to invaluement.

Even if you had the correct host name, it would STILL get blocked because access to invaluement is ONLY available to paying subscribers via RSYNC to rbldnsd files, which are then hosted locally.

An invaluement subscription is VERY INEXPENSIVE... and locally hosted RBLs on an rbldnsd server are extremely FAST--which helps your filtering to go FASTER and become more scalable--could even save you $$ on hardware upgrades in the future! Subscription information can be found here:

http://dnsbl.invaluement.com/subscribe/

Thanks and please let me know if you have any questions.
Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 24, 2011, 10:13:07 am
marcelloc,

Can you confirm if that last post from invaluement is true? I noticed they are a new user with that being their first post. Looks a little shady.

Also I e-mail postmaster at those domains with nothing yet. Also, I am not sure what you were meaning with "Or try CIDR with remote SMTPS While using postscreen"?

Thanks,

MDP
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 24, 2011, 11:47:22 am
The Rbl list in package example is just an example for how to configure Rbl list.

You MUST take care on what list you choose. There is also a link in the package for a lot of Rbl lists, free and paid.

And about the emails you sent, just be patient. You can also look for other emails on domains web page.



Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 24, 2011, 02:51:18 pm
I clicked the link, but I am not sure what list are free and which ones are paid?
Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 26, 2011, 02:51:03 pm
marcelloc,

I have some new info for you as requested. I have compared the past 3 weeks of SPAM data on our backend SPAM filter reports, and they have been very close from week-to-week of around 650 to 700 SPAM e-mails per week. This past weeks reports since the postfix forwarder package has been installed, has litterally cut that report down to around 190 to 200 SPAM e-mails. This is without any mail scanner or Spamassin added to the postfix forwarder.

So right now we are seeing about a 300% decrease in SPAM on just the first layer of filtering at the gateway level. Very Nice...

Any idea on when that mailscanner feature will be added?
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 26, 2011, 03:54:58 pm
Great news,

Looking my logs what I see is that nasty emails like fake domains, virus, phishing, etc are almost 100% blocked with postfix. Comercial mail that has real smtp info can be easly blocked using ACLS.

Quote
Any idea on when that mailscanner feature will be added?
I think i will release a mailscanner-dev version with freebsd 8.1-release packages to get it working until pfsense packages are done.

Thanks for your feedback

 
Title: Re: NEW Postfix antispam and relay package
Post by: invaluement on October 27, 2011, 11:29:39 pm
marcelloc,

Can you confirm if that last post from invaluement is true? I noticed they are a new user with that being their first post. Looks a little shady.

Here is confirmation. See message to 'darklogic' at the bottom of this page: http://dnsbl.invaluement.com/about/
...I couldn't do that if this wasn't legit!
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 27, 2011, 11:34:06 pm
I've also included this in Rbl field list info:

THIS IS JUST AN EXAMPLE, CHECK IF ANY LIST YOU CHOOSE IS PAID OR FREE!
ex: dnsbl.sorbs.net, bl.spamcop.net*2, dnslb.local*-5, b.barracudacentral.org
Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 28, 2011, 12:34:23 pm
marcelloc,

I removed the list from my post.

Also, I am having no luck with those domains that are getting rejected that I know are ok e-mails, but maybe misconfigured servers. I am getting a lot of this and I have had about 5 employees ask if something was wrong with the e-mail system. If I can't figure a way to allow these e-mails, I may have to back away from the postfix package. I really don't want to do that... This is the same issue I have been previously posting about.

Thanks,

MDP
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 28, 2011, 02:34:08 pm
First of all, it's not a issue with postfix. It's a issue with remote smtp admin.

Try to include remote server in cidr or call remote admin.

Here is the link for poscreen documentation about whitelist:

http://www.postfix.org/postconf.5.html#postscreen_access_list
PERMANENT WHITE/BLACKLIST TEST
       This test is executed  immediately  after  a  remote  SMTP
       client  connects.  If a client is permanently whitelisted,
       the client will be handed off  immediately  to  a  Postfix
       SMTP server process.

       postscreen_access_list (permit_mynetworks)
              Permanent white/blacklist for remote SMTP client IP
              addresses.
Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 28, 2011, 02:50:06 pm
I'm sorry, I didnt mean to sound like I was saying something is wrong with your package. I just don't have any clear way to resolve this issue with so many misconfigured e-mail servers.

There is little documentation for your package and the docs that are being provided are for a project other than a package for pfsense. If I knew all the ends and outs of this package, I guess I would know the answer, and if I knew the answer on how to configure this mod with little documentation to follow, I guess I might even be able to develope it, but I don't know.

Even you main.cf file states in it, not to modify?

I like this package, I really want to use it, but the documentation being provided is not for the pfsense package.

Thanks For All You Help,

MDP
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 28, 2011, 03:00:33 pm
the link was for postscreen documentation to show you that putting the remote smtp ip in CIDR while using postscreen does not open your server to relay.

You just step over postscreen and connect direct to postfix daemon where there are other tests.

Sorry if it seemed offensive, was not my intention.
Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 28, 2011, 09:45:28 pm
marcelloc,

I was not taking it offensive, I was trying to clear up the fact that I am no developer or coder. It takes me some time to understand what's going on in the guts of the program. Basically I don't have your knowledge and therefore I don't understand some of the lingo or even the documentation that is being provided. I understand that this package is still new and in RC1 stage right now and some things should not be exspected. In all reality, I have no reason to complain as this package is free and you are spending your free time to develope it, and I thank you for that truely.

So what I got from your last post is if you add the public IP of the sender in the Client Access List in the CIDR form box. It will pass the message from that domain address that is getting blocked or any address coming from that domain IP? Is that correct?

Thanks for your time,

MDP
Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 28, 2011, 09:54:36 pm
OK, so I added some of the IP's xxx.xxx.xxx.xxx OK to the CIDR list. In the logs I see where is starts the connection, states the IP is whitelisted in postscreen and then I get the same reject message? Does something else need to be done?

Any ideas?

Thanks,
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 29, 2011, 06:29:17 am
No ideas.

I will try to find a way to reduce security checks for specific domains.
Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on October 30, 2011, 03:53:03 pm
Sounds good, thanks.

MDP
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on October 30, 2011, 04:33:45 pm
Try to include the wrong hello host from remote domain in /etc/hosts file.
Title: Re: NEW Postfix antispam and relay package
Post by: mauricioniñoavella on October 31, 2011, 08:37:40 am
I'm trying to colleagues include, relay host that I may just mail forwarder to an external server with me autenticaion and generates this error if anyone can help me

postfix/smtpd[5191]: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"

thanks for the help
Title: Re: NEW Postfix antispam and relay package
Post by: mauricioniñoavella on October 31, 2011, 04:02:16 pm
hello

marcelloc



You had confirmed that the package already endured STARTTLS and is filing this prolem please collaborate or me to do

postfix/smtpd[21954]: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"

ldd /usr/local/sbin/saslpasswd2
/usr/local/sbin/saslpasswd2:
   libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x800647000)
   libcrypto.so.6 => /lib/libcrypto.so.6 (0x800761000)
   libgssapi.so.10 => not found (0x0)
   libheimntlm.so.10 => not found (0x0)
   libkrb5.so.10 => not found (0x0)
   libhx509.so.10 => not found (0x0)
   libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x8009fb000)
   libasn1.so.10 => not found (0x0)
   libroken.so.10 => not found (0x0)
   libcrypt.so.5 => /lib/libcrypt.so.5 (0x800afd000)
   libopie.so.6 => /usr/lib/libopie.so.6 (0x800c16000)
   libc.so.7 => /lib/libc.so.7 (0x800d1f000)
   libmd.so.5 => /lib/libmd.so.5 (0x800f5b000)
Title: Re: NEW Postfix antispam and relay package
Post by: ermal on November 01, 2011, 11:41:27 am
That's missing dependency of the package i think or missing libraries in base of pfSense.
It is not a missing compile flag of the package itself.

Just general comment here while i saw this though.
Title: Re: NEW Postfix antispam and relay package
Post by: mauricioniñoavella on November 01, 2011, 08:33:57 pm
This is for
Forum and BSD developers pfSense
I do not understand why people who work in this great project, such as pfSense, stop the publication of a package, which is not compatible with pfSense.
Please do not degrade this great software such as pfSense without offending anyone, first of all congratulate marcelloc and Postfix antispam and relay package has problems.
But I do recommend working to improve, and we who belong to the family of pfSense, are the ones who try and give them guidelines for improving pfSense.
PfSense do not compare with other systems or software firewalls, for there is but I have reviewed (ClearOs Linux), and has a very simple setup SMTP Relay with Authentication. (relay host)
I hope this is taken into account
regards

Mauricio
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on November 01, 2011, 09:33:28 pm
Quote
This is for
Forum and BSD developers pfSense
I'm not a pfsense developer, I'm a pfSense user just like you. I've decided to stop waiting for packages that do what I need and started writing features to improve them.

The first version of postfix forwarder was just a forwarder, with no options, including SASL.

I've spent many hours in postfix documentation to write a gui that helps administrators on configuring this great mail server and also looking for a better compilation to include features such as PCRE, SPF and SASL.

Quote
I do not understand why people who work in this great project, such as pfSense, stop the publication of a package, which is not compatible with pfSense.

Sorry but i did not understood your post. Postfix is compatible with pfsense.

Quote
But I do recommend working to improve, and we who belong to the family of pfSense, are the ones who try and give them guidelines for improving pfSense.
You are using a huge free open source firewall and do you really think you are doing a favor to pfSense's team? Unbelievable!

Quote
I have reviewed (ClearOs Linux), and has a very simple setup SMTP Relay with Authentication. (relay host)

What are you waiting for? Config and internal machine with it and put your mail system on.


I suggest you to read the section Helping out in pfsense website
Here is the link if you are waiting somebody to look it for you.
http://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77
Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on November 02, 2011, 07:37:15 am
mauricioniñoavella

I'm not sure if I understand the nature of your e-mail either. Postfix is somthing new to pfsense. marcelloc has done a wonderful job on this package. The only thing I am struggling with is the limited documentation that explains how to configure this package with pfsense. marcelloc has help me a lot with that and I much appreciate his time and efforts to creat a package that I feel should be yet another great package that is part of the base pfsense system. As I have posted before in the past, there are many sistuation that people just need a fast processing router/firewall such as ISP or large internal networks and then there is the rest of us that need a lot more such as a UTM (Unified Threat Management System).

I personally have used ClearOS AKA ClarkConnect for years. Yes it is a great product, but it is a Server, Firewall, and Proxy UTM. You are comparing apples to oranges. I will agree that ClearOS has a great and easy to use mail forwarder feature, but it is very leaky with SPAM even with spamassasin and clamav attached to it. A few other good products I have used that have mail forwarding with filtering is Astatro, Endian, IPCop, Zentyal, Vyatta, and SME Server. So far the best non leaky SPAM forwarder/SPAM filter systems I have came across has been Endian and this new Postfix package marcelloc has made. The funny thing is that the pfsense package does not even have any spamassisin or clamav intergrated into it, and it does a better job than other projects that do. Once marcelloc gets all this added into the package, I am sure it will be one of the best. But, it is in RC1 status right now, so for the love of GOD, give the man some time and don't bite the hand that feeds.

I personaly use multiple firewalls for different uses. So far, I have came to the conclusion after years of using these top 3 products for security. Untangle hands down blows almost everyone out of the water. Astaro Home edition could be there with Untangle if they didn't limit to 50 IP's. pfsense, well this software just does everything. I have my use for it and have faith that it will become more UTM like. pfSense has been my answer to solve many problems when others could not. If pfsense had a solid foundation with everything is currently does and then made IDS/IPS, Web proxy filter, Mail Filter, WAF (Web Application Firewall), which I am supprised to see that the package has not been picked up by someone yet for updating to 2.0 version.

pfSense already has many great features, but could really dominate the market if they supported these UTM features in their base system. I believe a lot of people would agree that a basic stateful NAT firewall is not enough security these days if you have users browsing the web, let a lone if you host anything on you internal network.

marcelloc, thanks for this UTM like package
Title: Re: NEW Postfix antispam and relay package
Post by: mauricioniñoavella on November 02, 2011, 08:37:21 am
marcelloc
I apologize but do not misunderstand me, only I want is to congratulate you for great work, and definiately not put in doubt, I am a lover of pfSense is best,


The idea of ​​posting in the forum is not for misunderstanding or disagreement is only because as darklogic is more than documentation,
suddenly I'm a little confused with the package does not work and you bothered sending you personal messages, but I see no light, ie how to solve the relay hosts, again, I apologize and I am hoping that this is a great package.

I apologize to you and the forum, but there are things that improve with your help and with a bit of time is the best

but reiterated that it should have done enough testing before release
with pfSense version 2.0

regards

and a thousand thanks for your charisma and collaboration
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on November 03, 2011, 03:08:58 pm
Darklogic,

try this setup on your postfix:

First go to on diagnostics -> edit file
type /etc/hosts in 'Save / Load from path:' then press load
WITH CAUTION, include the ip address and the wrong helo info from remote domain you want to receive email.
Code: [Select]
24.123.130.226 CNASRV.CNA.local
press save button.

Go to postfix configuration and add custom cf options:
Code: [Select]
disable_dns_lookups = yes
Save config and see what will happen with your server.
If it works, also check if /etc/hosts file keeps the info after a reboot.

I saw no options to relax  reject_unknown_client_hostname.

This is the postfix documentation for this option: (http://www.postfix.org/postconf.5.html)
Code: [Select]
disable_dns_lookups (default: no)
Disable DNS lookups in the Postfix SMTP and LMTP clients. When disabled, hosts are looked up with the getaddrinfo() system library routine which normally also looks in /etc/hosts.

DNS lookups are enabled by default.

Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on November 04, 2011, 07:07:51 am
marcelloc,

It looks like it works. I have not had a chance to reboot yet. I will keep an eye on this and see how it pans out. Also, I like the new pfblocker you and tommyboy are working on.

Thanks for the detailed configuration info.

MDP
Title: Re: NEW Postfix antispam and relay package
Post by: darklogic on November 04, 2011, 07:29:09 am
marcelloc,

I added a couple more into the /etc/hosts and then saved the config. For some reason it is removing the entries. They will just randomly drop off the list, but I can see where dynamic dhcp client on the internal network are getting added to this list? The only entry that is not getting removed is the example one I used and you used in your post?

Not sure what I am doing wrong. It corrected the issue with only the first manually added host and IP.

Thanks,

MDP
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on November 04, 2011, 07:41:09 am
For internal clients, the best way is to include their hostnames on your local dns.

Setup your pfSense box to use your internal dns.

But, if you are using dns Forwarder on pfsense, you can also include these host info on it.

And don't forget to save postfix config after any host change.
Title: Re: NEW Postfix antispam and relay package
Post by: mauricioniñoavella on November 04, 2011, 08:35:36 am
marcelloc

regards

what a pity to disturb, look I'm working and making changes to the cfg and Services: Postfix relay and spam, but not working.

not to do just what I want is a postfix relay host, that I may have a serviodor forwarder external mail, which is in zimbra

using a generic account with authentication and security is, with STARTTLS

as I have written before I had the problems that no longer do.

thanks
for your collaboration
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on November 04, 2011, 08:44:41 am
mauricioniñoavella,

As we saw in ermal post (http://forum.pfsense.org/index.php/topic,40622.msg220089.html#msg220089), package cyrrus has a missing dependencie in pfsense. Its not a missing compile arg, so there is nothing I can do to Fix it.

For now, postfix Forwarder Does not has SASL option.

If you want a quick solution for that, buy some commercial support hours as ask pfsense team to Fix it.

If you google for you problem, you will find that openldap client requires cyrrus too.

good luck on your trouble shooting.
Title: Re: NEW Postfix antispam and relay package
Post by: mauricioniñoavella on November 04, 2011, 02:13:09 pm
marcelloc
then you confirm that the problem is not yours, rom problems pfSense team, then you spor angry about this that you wrote

I see you work for us.

many thanks for your collaboration
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on November 04, 2011, 03:07:25 pm
marcelloc
then you confirm that the problem is not yours, rom problems pfSense team, then you spor angry about this that you wrote

I see you work for us.

many thanks for your collaboration
mauricioniñoavella,

you must understand one thing.

pfsense's team released version 2.0 with no need of cyrrus-sasl library, so the problem is not with pfsense's team.

Packages are contributions and almost created and maintained by community, so when a package has a problem, the problem is not on pfsense2.0.

When somebody builds a package, all ports compilation is done by pfsense team BUT it does not means that is fully supported by them.

Pfsense is one thing, packages is another thing completely apart of base project.

if you don't like the way libraries are missing on pfsense, try installing freebsd packages on labs.


I'm not angry about anything in pfsense's project, its perfect to me.
Title: Re: NEW Postfix antispam and relay package
Post by: mauricioniñoavella on November 04, 2011, 10:06:58 pm
marcelloc

To my pfSense also is an excellent project.

In fact I think it is good to realize this problem, as I have experienced that served to improve your package. And that the community forum to find out.
It is very important to account for other versions as I could incorporate cyrrus-sasl library, I hope you will contribute to have been able to let you know this,
Thank you very much for your input.
To think this forum, to share and we want this project. As is pfSense, and do not take as a destructive criticism but a constructive criticism.
I hope you take it in practice because it is a benefit to all who participated in this forum, showing the possible problems that arise in the project, to improve it.
The Free BSD Project was born to be a complete Unix-like operating system free software, software that respects your freedom. and best of all and for all.

I will be working to bring you the package for continuous improvement in your work is excellent, because I think an excellent system, and wait when you merge with relay host including cyrrus-sasl.


thanks

Mauricio
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on November 14, 2011, 09:47:03 pm
HI all,

I've just released package version 2.2 with:


check first post for screen shots (http://forum.pfsense.org/index.php/topic,40622.0.html).


Title: Re: Postfix - antispam and relay package
Post by: darklogic on November 14, 2011, 10:21:21 pm
Awsome news. I hope this corrects my issue. I will post something here in a bit that I have encountered.
Title: Re: Postfix - antispam and relay package
Post by: darklogic on November 14, 2011, 10:28:18 pm
OK, so the rejects that I have been getting seems to occure when the remote host excepts e-mail on a different public IP than the one it sends from. I discovered this by talking with some IT people that I have been getting all these legitamite e-mail rejects on the helo host not found. They have something like an ironport or barracuda acting as a mail gateway behind a firewall in bound SMTP on a particular IP and then their mail server has a statis 1-to-1 NAT rule that translates outbound sending of mail on a different IP.

I have not idea how to even resolve this since it tries the verify back to an IP that does not listen or forward mail back to the internal mail server.

Please let me know if this is not a clear enough write up on what I am saying.

Thanks for all you do marcelloc
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on November 14, 2011, 10:34:13 pm
The helo smtp info can be easily configured by email admins, including Micro$oft. The default option is something internal like hostname.local if you do not use any server for relay to internet.

Unckeck this option and see how postfix deals with your spammers.

On my clients networks, I do only accept mail from server that are not misconfigured.





Title: Re: Postfix - antispam and relay package
Post by: darklogic on November 14, 2011, 10:43:03 pm
on your check box for helo check. I see it says checked for default. So if I check it, I am assuming it will check helo and if it is unchecked it will not check helo?

Thanks,
Title: Re: Postfix - antispam and relay package
Post by: darklogic on November 14, 2011, 10:45:10 pm
ahhh, I think your updated package has worked. I am starting to recieve these e-mails now. I just recieved the ones from earlier today.

This makes me feel so much better.

Thanks marcelloc
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on November 14, 2011, 10:53:40 pm
Great news. In few days you will have many logs on Database. Take a look on dashboard postfix widget and on search mail.
Title: Re: Postfix - antispam and relay package
Post by: darklogic on November 14, 2011, 11:00:57 pm
I am currently looking into it. Great work marcelloc.
Title: Re: Postfix - antispam and relay package
Post by: darklogic on November 14, 2011, 11:06:25 pm
This is odd. I am getting an error when trying to go to avalible packages. Are you getting this?
Title: Re: Postfix - antispam and relay package
Post by: darklogic on November 14, 2011, 11:09:55 pm
This is the error I am getting. It was just working???

Unable to communicate with www.pfsense.com. Please verify DNS and interface configuration, and that pfSense has functional Internet connectivity.
Title: Re: Postfix - antispam and relay package
Post by: darklogic on November 15, 2011, 09:00:05 am
It was SNORT HTTP inspect causing the issue.

Anyways, I have a question about the logs. I am not seeing anything showing up yet. I followed the instructions, but don't understand the last line that I highlighted below in red.

Choose how often pfSense will transfer log files to Sqlite database.
To use Diagnostics -> Search mail you need to:
Select Loggin Destination to /var/log/maillog
Select update Sqlite frequency
Inlcude /^Subject:/ WARN line in Acl Headers after all your Subject rules.

Thanks,
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on November 15, 2011, 09:27:36 am
Go to acls tab and include the subject line in header option.

Title: Re: Postfix - antispam and relay package
Post by: darklogic on November 15, 2011, 09:41:08 am
OK, got it. I am starting to see data coming into the logs.


You have done an excellent job on this package. Thanks for all your hard work.


Thanks,
Title: Postfix - antispam and relay package (SMTP Out?)
Post by: cmariotti on November 15, 2011, 09:40:27 pm
I posted a question to the pfSense mailing list and was directed to look at the Postfix relay package. I saw a posting asking if SMTP out was an option, but I didn't see a clear answer to this.

Let me explain my issue...

After converting a network of computers to use a fairly popular 3rd party email service (not my decision unfortunately), users are experiencing very odd issues with email (POP and SMTP based). The 3rd party says we should try different ports, increase timeouts, etc…  and they sometimes take days to admit they themselves have an issue (after we have jumped through their hoops).

One of the issues is email taking a while to be sent out of the network to the 3rd party SMTP servers… in many cases, items sit in Outlook… with recipients complaining that they received multiple copies of the same email.

My thought was to see if there was an SMTP server that can run on pfSense 2.0? I would like to be able to monitor the queue, etc…  My hope is that the client computers would stop failing/timing out/multiple deliveries and that pfSense would just act as the active sender SMTP server... basically to send out emails from the network directly to the recipient's mailserver... But I need to be able to manage and monitor it easily in real-time and after the fact on specific dates/times to see what is happening with a specific email problem.

Any advice or suggestions? Does the replay package allow this? Or is it simply for inbound emails only?

Regards,

Chuck
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on November 16, 2011, 04:55:33 am
If you have static ip on your internet connection and if you could include this ip as a Spf record on your internet dns domain, then you could configure your smtp client option to this package.

I suggest you to change pop3 to imap. It's much better.

Smtp auth with SASL is not working on current version because a missing dependencie in cyrrus-SASL package.
Title: Re: Postfix - antispam and relay package
Post by: cmariotti on November 17, 2011, 12:13:17 am
So basically just install the package, create spf record for the public IP and point the clients to use the internal firewall IP as their SMTP server. That sound right?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on November 17, 2011, 05:29:41 am
Yes. That's it.

On package, try this configurarion:

Title: Re: Postfix - antispam and relay package
Post by: timreichhart on November 23, 2011, 03:10:47 pm
does this package have a option for users to manage there whitelist/blacklist or any other options they need to configure under there own login page?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on November 23, 2011, 03:36:57 pm
This package act as a relay for internal smtp server. Postfix on pfsense has no client accounts or user page.

Title: Re: Postfix - antispam and relay package
Post by: darklogic on November 27, 2011, 01:12:58 am
marcelloc,

Any word on the postfix AV and anti-spam add-on? Your latest release fixed all the issues I was having. Great package. I am excited to see what will come next.

Thanks Again,
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on November 27, 2011, 10:28:19 am
The upcoming version 2.3 improves maillog Database and fixes some minor bugs.

Mailscanner maybe released in december.
Title: Re: Postfix - antispam and relay package
Post by: darklogic on November 27, 2011, 05:24:14 pm
That is excellent news. Keep up the great work.

Thanks Again,

MDP
Title: Re: NEW Postfix antispam and relay package
Post by: mince69meat on November 29, 2011, 04:26:42 pm
Hi all,

Postfix compilation on x64 now includes cyrus-SASL2 and TLS.

who need or want to test it, reinstall or remove/install postfix package.

No changes in gui for this option. Include all your SASL and/or TLS config in custom main.cf options

att,
Marcello Coutinho

Hi Marcello and everyone else

can anyone help me out I would like to send mail from internal to exturnal though this fantastic packege but can't get passed "smtpd_recipient_restrictions = reject_unauth_destination" have tried "smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination" in custom but it will not override the defaults, tried SASL but don't know how to install it on pfsense, have spent a week doing this before postting so sorry if its in a post elswere, any help or point to any posts that could help or how to override the default would be grateful

Mick
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on November 29, 2011, 06:39:42 pm
mince69meat,

I'ts included in upcoming version 2.3. I'm finished coding and now I'm testing before publishing.

The not so good news is that 2.2 sqlite database is not compatible with 2.3.



 
Title: Re: Postfix - antispam and relay package
Post by: mince69meat on November 29, 2011, 06:54:36 pm
mince69meat,

I'ts included in upcoming version 2.3. I'm finished coding and now I'm testing before publishing.

The not so good news is that 2.2 sqlite database is not compatible with 2.3.



 

Love you man, im up all though the night as I was just about to build a bsd VM to get around the problem till your fantastic package was more.. if you want I have a fresh PF without postfix just finnished installing if you need a tester :-) before release. dont know what to do now wait or carry on with the bsd VM, dont know if I can help any more than being a user tester but know a little about coding and postfix, great work - respect


Title: Re: Postfix - antispam and relay package
Post by: marcelloc on November 29, 2011, 07:06:45 pm
to patch 2.2 to accept mynetworks,BACKUP /usr/local/pkg/postfix.inc to /root dir and then edit /usr/local/pkg/postfix.inc to modify postfix declaration.

Do not backup postfix.inc file on same dir, it will break your boot.

look for 'postscreen_access_list=' and include permit_mynetworks:
postscreen_access_list = permit_mynetworks,\n\t\t\tcidr:/usr/local/etc/postfix/cal_cidr\n"

look for 'smtpd_recipient_restrictions=' (02 times in file) and include permit_mynetworks
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination,

save file, Go to custom options in gui, declare 'mynetworks' list save config and check main.cf file in view configuration tab
Code: [Select]
Examples:
mynetworks = 127.0.0.0/8 168.100.189.0/28
mynetworks = !192.168.0.1, 192.168.0.0/28
mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64
"mynetworks_style = host"
"mynetworks_style = subnet"
"mynetworks_style = class"
reference: http://www.postfix.org/postconf.5.html
Title: Re: Postfix - antispam and relay package
Post by: mince69meat on November 29, 2011, 08:58:41 pm
to patch 2.2 to accept mynetworks,BACKUP /usr/local/pkg/postfix.inc to /root dir and then edit /usr/local/pkg/postfix.inc to modify postfix declaration.

Do not backup postfix.inc file on same dir, it will break your boot.

look for 'postscreen_access_list=' and include permit_mynetworks:
postscreen_access_list = permit_mynetworks,\n\t\t\tcidr:/usr/local/etc/postfix/cal_cidr\n"

look for 'smtpd_recipient_restrictions=' (02 times in file) and include permit_mynetworks
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination,

save file, Go to custom options in gui, declare 'mynetworks' list save config and check main.cf file in view configuration tab
Code: [Select]
Examples:
mynetworks = 127.0.0.0/8 168.100.189.0/28
mynetworks = !192.168.0.1, 192.168.0.0/28
mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64
"mynetworks_style = host"
"mynetworks_style = subnet"
"mynetworks_style = class"
reference: http://www.postfix.org/postconf.5.html

Hi marcelloc, knew to edit postfix.inc (would have missed postscreen_access_list, thanks), did not want to edit this file as I'm worried about braking the package on updates, can you comfirm this will not brake anything on update? was looking for a way to override just by the "custom main.cf options" to keep the package as you made it :-) and not cause problems on upgrades as I have boken things in the past by doing things my way and not the matainers way lol

some info for you, installing postfix on x64 I see that cyrus-sasl-2.1.25_1.tbz is installed as dependencie but on a x86 system it is not installed, don't know if you know that, also for the rest of the community pkg_add will not install it properly on x86 :-(

nice work and brill post about adding mynetworks, should help more on here out than just me

respect





Title: Re: Postfix - antispam and relay package
Post by: marcelloc on November 29, 2011, 09:14:49 pm
The postfix in 32 bit version is not compilled every day just like 64bits. This may be something related to 2.1 working. The cyrrus-SASL has a missing dependencie that was not fixed yet, So you can only use unauth outgoing smtp for now.

About the postfix.inc, if you do the way I described, it will not broke any package update. Just insert the update on file and do not remove anything.
Package update will update postfix.inc
Do it with caution.
I'll send a line to core team asking 32bits updates.
Postix is on 2.8.7 on 64 bits and 2.8.5 on 32.
Title: Re: Postfix - antispam and relay package
Post by: mince69meat on November 29, 2011, 09:40:25 pm

How would you use unauth outgoing smtp and get passed the "reject_unauth_destination" or is the only wayto  edit /usr/local/pkg/postfix.inc as you said a few posts back?

Title: Re: Postfix - antispam and relay package
Post by: mince69meat on November 30, 2011, 12:47:27 am
to patch 2.2 to accept mynetworks,BACKUP /usr/local/pkg/postfix.inc to /root dir and then edit /usr/local/pkg/postfix.inc to modify postfix declaration.

Do not backup postfix.inc file on same dir, it will break your boot.

look for 'postscreen_access_list=' and include permit_mynetworks:
postscreen_access_list = permit_mynetworks,\n\t\t\tcidr:/usr/local/etc/postfix/cal_cidr\n"

look for 'smtpd_recipient_restrictions=' (02 times in file) and include permit_mynetworks
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination,

save file, Go to custom options in gui, declare 'mynetworks' list save config and check main.cf file in view configuration tab
Code: [Select]
Examples:
mynetworks = 127.0.0.0/8 168.100.189.0/28
mynetworks = !192.168.0.1, 192.168.0.0/28
mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64
"mynetworks_style = host"
"mynetworks_style = subnet"
"mynetworks_style = class"
reference: http://www.postfix.org/postconf.5.html

is this line right the middle part (tcidr) just don't seem right?
postscreen_access_list = permit_mynetworks,\n\t\t\tcidr:/usr/local/etc/postfix/cal_cidr\n"
Title: Re: Postfix - antispam and relay package
Post by: mince69meat on November 30, 2011, 02:46:49 am
hope someone can help with this one, have multi wan and want postfix to send mail out of non default wan gateway, tried smtp_bind_address = xxx.xxx.xxx.xxx and it works sendding out but then incoming mail will not forward to internal mail server, any hint want to try either on pf firewall or postfix would be great

Mince
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on November 30, 2011, 04:54:16 am
Did you created a wan rule to accept incoming traffic on this ip?

Another way to do it is listening postfix on loopback and then create inbound and outbound nat to your ip aliases or carp.

Quote
is this line right the middle part (tcidr) just don't seem right?
postscreen_access_list = permit_mynetworks,\n\t\t\tcidr:/usr/local/etc/postfix/cal_cidr\n"
Just include the 'permit_mynetworks,' at The beginning of postscreen_access_list.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on December 01, 2011, 10:46:28 am
Hi everybody,

I've just published package version 2.3 with many improvements. check first post for screen shots

main improvements:

Title: Re: Postfix - antispam and relay package
Post by: mince69meat on December 01, 2011, 11:09:39 am
hi all, first off, fantastic work on 2.3 :-)

now on a PF x86 box we have

Downloading http://files.pfsense.org/packages/8/All/perl-5.12.4_3.tbz ...  could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/i386/packages-8.1-release/All/perl-5.12.4_3.tbz.
of perl-5.12.4_3 failed!

x64 box all seens fine so far will play alot more and report back soon, hopping the above error is just waitting for the ports to update

Mince
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on December 01, 2011, 11:18:42 am
mince69meat,

thanks for your feedback.

I've just fixed 32bits perl version. try again in 15minutes.
Title: Re: Postfix - antispam and relay package
Post by: darklogic on December 01, 2011, 05:08:24 pm
Excellent work marcelloc, This package is really coming along very nice. Seems to be working good. The only thing I noticed after doing an update, was all my configuration seetings stayed as was, but I had to re-add my domain and point it to the internal mail server for some reason?

Thanks for all your hard work.
Title: Re: Postfix - antispam and relay package
Post by: mince69meat on December 01, 2011, 07:42:22 pm
hate saying when there is somthing wrong as it feels like im ungreatfull, that said here it comes lol

pkg_add -r MailScanner don't work on both x86 & x64 "Error: Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.1-release/Latest/MailScanner.tbz: File unavailable (e.g., file not found, no access)"

if you have the "Use Third part antispam" ticked it blocks outgoing mail and the outgoing mail logs report the mail as incoming

maybe warn not to tick untill mailscanner installed or have i got it wrong and VA is installed?

sorry for not getting back sooner feel asleep been working long hours, x86 installing installing now but noticed when reinstalling a newer virsion installing and now we have 2 installs pkg_info shows
perl-5.10.1_3       Practical Extraction and Report Language
perl-5.12.4_2       Practical Extraction and Report Language

not tested properly so take as just could be bug, think the logging is not loging incoming and out going properly as it seems to be logging the recipiant as the sender in some cases, more than likely a bounce massage but it should be from postmaster, will keep an eye on it but think its more than likely my bad and readding it wrong.

any tests I can do to help out just say and it will be done, as always respect, great work :-)

you might want to surgest in info below mynetworks to add 127.0.0.0/8 if adding custom unless you have this taken care of else where

there is 2 mynetworks_style = host in main.cf

Mince
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on December 01, 2011, 09:07:14 pm
Darklogic,

I've moved domains to it's own tab. That's why you needed to config again.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on December 01, 2011, 09:13:50 pm
mince69meat,

I've started testing mailscanner package and it only works with perl version 5.10. So I've changed postfix perl dependencie from 5.12 to 5.10.

Remove both manually with pkg_delete and then reinstall package.


When you check mailscanner, you tell postfix to hold all messages, thats why you have no mail working.


I'm going to publish tomorrow the mailscanner-dev package until it get stable enough to a RELEASE version.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on December 05, 2011, 05:25:48 pm
package version 2.3.1 is out with mailscanner integration (logs + options).

also mailscanner-dev 0.1 is out too.

I will start a new tread for it.

Just be sure to do have perl specific version perl-5.10.1_3.

Mailscanner-dev package uses freebsd 8.2 packages, so do not try it with any other perl version.

if you have any other perl version, i suggest you to uninstall it, any p5-module and maybe sqlite version prior to 3.7.4 you find with pkg_add.

After removing it, close console and try to install packages.

Title: Re: Postfix - antispam and relay package
Post by: marcelloc on December 16, 2011, 03:41:36 pm
package version 2.3.2 is out with check_sender gui option.

perl dependencie is back to 5.12 for mailscanner 4.83.5 integration.
Title: Re: Postfix - antispam and relay package
Post by: mince69meat on December 22, 2011, 05:33:08 am
package version 2.3.2 is out with check_sender gui option.

perl dependencie is back to 5.12 for mailscanner 4.83.5 integration.

postfix-2.8.7,1.tbz
dose not install on either x86 or x64 :-(
shows as version 2.3.3 also

Mince
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on December 22, 2011, 05:52:46 am
files.pfsense.org are offline, wait some time and try again.
Title: Re: Postfix - antispam and relay package
Post by: expert_az on December 31, 2011, 01:31:20 am
marcelloc thank you for your great job,very userfull and helpfull package i ever used on pfsense.
any plans  DKIM(opendkim) support for outgoing mails?
Title: Re: Postfix - antispam and relay package
Post by: biggsy on December 31, 2011, 04:34:38 am
Hi Marcello,

I have installed this package and it really does look very good but I haven't enabled it yet - just figuring out the configuration.  A bit of background:
- I run my own mailserver for a couple of domains.
- My ISP's mailserver redirects any mail sent to me at ISPdomain.com to me at mydomain.com. 
- Port 25 outbound is blocked by my ISP (fairly standard), so my mailserver must smarthost outbound emails through their mailserver.  25 inbound is open.

A couple of questions:

1) Is there any special configuration needed to allow for the smarthosting?

2) Is outbound email from my mailserver automatically subject to the same Postfix rules as email coming from my ISP or direct to my mailserver?  If so, any way to bypass that?

3) I can't find a way to get entries into smtpd_helo_restrictions - e.g., reject_non_fqdn_hostname.  Am I missing something?

Thanks,
Biggsy



 

 
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on December 31, 2011, 06:52:52 am
Quote
1) Is there any special configuration needed to allow for the smarthosting?

Include this on genereal -> custom main.cf options:
relayhost = your.server.com

Quote
2) Is outbound email from my mailserver automatically subject to the same Postfix rules as email coming from my ISP or direct to my mailserver?  If so, any way to bypass that?

configure your internal servers in Access List -> MyNetworks

Quote
3) I can't find a way to get entries into smtpd_helo_restrictions - e.g., reject_non_fqdn_hostname.  Am I missing something?

choose strong on Antispam -> Header verification
I also suggest enabling postscreen and all its features


After configuring it, check main.cf file in view config tab
Title: Re: Postfix - antispam and relay package
Post by: biggsy on January 01, 2012, 05:23:09 pm
Thank you Marcello,

I've enabled it now and it does seem to be doing its job very well.  You must have read a lot of documentation to get this going.  I spent hours doing that - just trying to figure out what I should have in main.cf as a starting point.

You may have looked at this (and there are already more than enough parameters) but could I suggest a place in the GUI to enter myhostname as a means of overriding the default of using the hostname of the pfSense machine. 

Thanks again,
Biggsy



Title: Re: Postfix - antispam and relay package
Post by: marcelloc on January 01, 2012, 07:23:01 pm
You must have read a lot of documentation to get this going.  I spent hours doing that - just trying to figure out what I should have in main.cf as a starting point.

Yes I did, many many hours. I was on sendmail before  :)

You may have looked at this (and there are already more than enough parameters) but could I suggest a place in the GUI to enter myhostname as a means of overriding the default of using the hostname of the pfSense machine. 

I'll take a note on this, for now you can change it on  genereal -> custom main.cf options

Thanks for you feedback.
Title: Re: Postfix - antispam and relay package
Post by: FiSHswe on January 07, 2012, 06:13:43 pm
Hi Marcelloc and everyone else!
First of all, thank you for a great package!
I just installed postfix on my pfsense 2.0  but i got some issues.
When i try to add custom valid recipients it doesn't work.
In the custom list box i add the users e-mail following the hint "user@mycompany.com"

The errorlog:
postfix/postmap[37560]: warning: /usr/local/etc/postfix/relay_recipients, line 2: expected format: key whitespace value
postfix/postmap[37560]: warning: /usr/local/etc/postfix/relay_recipients, line 3: expected format: key whitespace value
postfix/postmap[37560]: warning: /usr/local/etc/postfix/relay_recipients, line 4: expected format: key whitespace value
and so on...

Any ideas?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on January 07, 2012, 07:25:29 pm
take a look on custom valid recipients field note:

Paste your valid recipients here, one per line. HINT user@mycompany.com OK

there is a value after each email.

the error says

expected format: key whitespace value
so

key= user@mycompany.com
value= OK
Title: Re: Postfix - antispam and relay package
Post by: FiSHswe on January 08, 2012, 02:13:49 am
Aha!  :) misunderstood the syntax.
Thanks!
Title: Re: Postfix - antispam and relay package
Post by: expert_az on January 09, 2012, 08:30:20 am

marcelloc thank you for your great job,very userfull and helpfull package i ever used on pfsense.
any plans  DKIM(opendkim) support for outgoing mails?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on February 22, 2012, 04:49:23 pm
Do you have any updates on SASL authentication and if/when it may be included in this great package?

I would love to migrate our existing SMTP solution over to this but the lack of authentication is the only thing stopping me.
James,

To try sasl auth you need to fix some missing lib from kerberos

ldd /usr/local/sbin/saslpasswd2
/usr/local/sbin/saslpasswd2:
   libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x800647000)
   libcrypto.so.6 => /lib/libcrypto.so.6 (0x800761000)
   libgssapi.so.10 => not found (0x0)
   libheimntlm.so.10 => not found (0x0)
   libkrb5.so.10 => not found (0x0)
   libhx509.so.10 => not found (0x0)
   libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x8009fb000)
   libasn1.so.10 => not found (0x0)
   libroken.so.10 => not found (0x0)
   libcrypt.so.5 => /lib/libcrypt.so.5 (0x800afd000)
   libopie.so.6 => /usr/lib/libopie.so.6 (0x800c16000)
   libc.so.7 => /lib/libc.so.7 (0x800d1f000)
   libmd.so.5 => /lib/libmd.so.5 (0x800f5b000)



The missing libs to get sasl working can be fetched from this url

http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/

and saved on /usr/local/lib/

On amd64
Code: [Select]
cd /usr/local/lib
fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libasn1.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libgssapi.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libheimntlm.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libhx509.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libkrb5.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libroken.so.10

On i386
Code: [Select]
cd /usr/local/lib
fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libasn1.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libgssapi.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libheimntlm.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libhx509.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libkrb5.so.10
fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libroken.so.10

after this, try to paste your sasl config com custom field at postfix configuration.

Let me know if it works  :)
Title: Re: Postfix - antispam and relay package
Post by: jamesc on February 28, 2012, 04:47:53 am
Thanks Marcello.

I'm very new to Postfix so I will have to do some reading before I actually attempt this.  I'm not so sure on what I use for my authentication backend.  Can you give me some pointers?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on February 28, 2012, 08:17:27 am
Thanks Marcello.

I'm very new to Postfix so I will have to do some reading before I actually attempt this.  I'm not so sure on what I use for my authentication backend.  Can you give me some pointers?

I did not used sals on pfsense, so I do not know the best way to implement this.

try to follow official postfix how to for cyrrus SASL.

http://www.postfix.org/SASL_README.html

I've also asked mauricioniñoavella to post his successfull cyrrus SASL config here.


att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: jamesc on February 29, 2012, 03:41:36 am
Thank you Marcello.

The first thing i'm trying to implement is some simple anti-spoofing checks.

For example, the Postfix server is configured to accept email for mydomain.com and then to forward on to our internal mail server located within the trusted network zone.

I want Postfix to carry out a check on the MAIL FROM and RCPT TO addresses, it should immediately drop any email where both the sender address and recipient is equal to mydomain.com because these emails would never genuinely hit the Postfix gateway.

Any ideas?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on February 29, 2012, 05:51:21 am
This is done on postfix antispam tab.

Set strong header verification, reject when spf fails, etc.

Almost all options has a minihelp on description and default value.

Title: Re: Postfix - antispam and relay package
Post by: jamesc on March 01, 2012, 08:31:40 am
Thanks.

I would like to use basic header verification and then build the rest of my config using the custom main.cf options.

Is this possible or not recommended?

If I try adding the below to my custom main.cf (when using basic header verification) I cannot get an SMTP connection into the server

Code: [Select]
disable_vrfy_command = yes
strict_rfc821_envelopes = yes

smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit

Any ideas?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on March 01, 2012, 08:37:23 am
This options are applied to header checks, it could not be alone on configuration.

Check current config file on view configuration postfix tab.

This way you can check what is applied to postfix.
Title: Re: Postfix - antispam and relay package
Post by: jamesc on March 01, 2012, 08:47:04 am
This is my main.cf

Code: [Select]
/usr/local/etc/postfix/main.cf
#main.cf\
#Part of the Postfix package for pfSense
#Copyright (C) 2010 Erik Fonnesbeck
#Copyright (C) 2011 Marcello Coutinho
#All rights reserved.
#DO NOT EDIT THIS FILE


mynetworks = /usr/local/etc/postfix/mynetwork_table
mynetworks_style = host
disable_vrfy_command = yes
strict_rfc821_envelopes = yes

smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit

smtpd_client_restrictions = reject_unknown_client_hostname,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
relay_domains = mydomain.com
transport_maps = hash:/usr/local/etc/postfix/transport
local_recipient_maps =
mydestination =
mynetworks_style = host
message_size_limit = 10240000
default_process_limit = 100
#Just reject after helo,sender,client,recipient tests
smtpd_delay_reject = yes

# Don't talk to mail systems that don't know their own hostname.
smtpd_helo_required = yes
smtpd_helo_restrictions =

smtpd_sender_restrictions = reject_unknown_sender_domain,
permit


# Allow connections from specified local clients and rbl check everybody else if rbl check are set.
smtpd_client_restrictions = check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
permit


# Whitelisting: local clients may specify any destination domain.
#,
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination,
reject_spf_invalid_sender,
permit

postscreen_access_list = permit_mynetworks,
cidr:/usr/local/etc/postfix/cal_cidr
postscreen_dnsbl_action= drop
postscreen_blacklist_action= drop

As you can see, the smtpd_sender_restrictions section appears twice, one is from my custom main.cf and the second is what you get as standard with basic header verification.

Are you saying this is not a valid configuration?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on March 01, 2012, 09:10:23 am
I don't know how postfix handles with two smtpd_sender_restrictions on config file.

Why don't you use strong header check and configure your internal servers on acls?

Title: Re: Postfix - antispam and relay package
Post by: jamesc on March 02, 2012, 10:07:20 am
That seems to work, thanks.  I just like to do things from scratch because it helps me learn  :)

I'm currently logging to /var/log/maillog.  I only want to retain 30 days worth of logs, is there a way I can set this up?

Also, how can I manage 'dead messages', is it possible to delete these from the queue?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on March 02, 2012, 10:49:27 am
These extra steps can be done via shell/php scripts
Title: Re: Postfix - antispam and relay package
Post by: jamesc on March 05, 2012, 05:15:08 am
Could the .db files just be deleted from /var/db/postfix or would I need to run some SQL to perform the maintenance?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on March 05, 2012, 05:37:01 am
You mean per day log files in db format?

If so, just delete it to cleanup disk.
Title: Re: Postfix - antispam and relay package
Post by: jamesc on March 05, 2012, 05:53:02 am
Yes that's correct, e.g:

2012-03-01.db
2012-03-02.db
2012-03-03.db
2012-03-04.db

Do I just delete the .db file, simple as that?

Thanks for all your advice Marcello, you have been very helpful while i've been getting to grips with this excellent package :-)     
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on March 05, 2012, 06:57:00 am
Do I just delete the .db file, simple as that?

Yes  :)
Title: Re: Postfix - antispam and relay package
Post by: jamesc on March 06, 2012, 08:59:13 am
Marcello, I notice when I disable the anvil daemon I get these warning messages in the log:

Code: [Select]
Mar  6 13:16:58 smtp postfix/smtpd[19050]: warning: connect to private/anvil: Connection refused
Mar  6 13:16:58 smtp postfix/smtpd[19050]: warning: problem talking to server private/anvil: Connection refused

When I run the postfix upgrade-configuration command, this is what happens:

Code: [Select]
[2.0.1-RELEASE][root@smtp.lab.local]/var/log(51): postfix upgrade-configuration
Editing /usr/local/etc/postfix/master.cf, adding missing entry for anvil service
Editing /usr/local/etc/postfix/master.cf, adding missing entry for postscreen TCP service

Then these lines are added back into master.cf:

Code: [Select]
anvil   unix - - n - 1 anvil
#smtp      inet  n       -       n       -       1       postscreen
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on March 06, 2012, 09:02:14 am
The disable anvil option was added to avoid delays between connections(maybe just for debug).

If you do not have this issue, leave it enabled.
Title: Re: Postfix - antispam and relay package
Post by: jamesc on March 06, 2012, 09:35:45 am
I have internal clients relaying directly to the Postfix box and the helper text suggests it should be disabled in this scenario?

Code: [Select]
anvil - Postfix session count and request rate control.
You can disable it if your server relays mail from internal clients to internet.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on March 06, 2012, 12:27:26 pm
I do. :)

Take a look on mailscanner topic.
Title: Re: Postfix - antispam and relay package
Post by: ktims on March 07, 2012, 11:49:08 am
Great package, thanks. I used to install postfix manually, and this makes life a lot easier especially on NanoBSD installs.

I have one simple request: could you add fields for relayhost and smtp_fallback_relay, as I'm just using it as a relay?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on March 07, 2012, 01:57:53 pm
Great package, thanks. I used to install postfix manually, and this makes life a lot easier especially on NanoBSD installs.

I have one simple request: could you add fields for relayhost and smtp_fallback_relay, as I'm just using it as a relay?

Try to paste this options on custom field.
Title: Re: Postfix - antispam and relay package
Post by: jamesc on March 08, 2012, 07:16:50 am
I do. :)

Take a look on mailscanner topic.

I did, but no mention of the anvil daemon on there, unless i'm missing something obvious?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on March 08, 2012, 07:21:57 am
I did, but no mention of the anvil daemon on there, unless i'm missing something obvious?

If you are having no issues with anvil, just leave it enabled.
Title: Re: Postfix - antispam and relay package
Post by: ktims on March 14, 2012, 11:42:45 am
Try to paste this options on custom field.
This works of course, a decent UI for it was just a suggestion :).
Title: Re: Postfix - antispam and relay package
Post by: Sn3ak on March 14, 2012, 11:11:06 pm
Can this package be used as a secondary MX in it's current form? ie. No internal email servers.
My primary email server is co-located at another location then this pfsense box.

I honestly haven't installed the package yet, as I still have a bad taste in my mouth after installing
spamd once, and there being no warning that it would automatically start eatting email without it
being configured.

I've previously used the jails package and used ran a jail for email, but after being blown away for a clean
2.0 upgrade, and noticing this package, I thought it would be rather nice if it was able to do this.

I have read the thread, and searched the forum / wiki, and either this hasn't been answered, or I'm not searching
for the right phrases.

I know I could rtfm, and probably make this package do what I need, but that is not really what I am after, unless
there is a text box or some such for custom strings that will survive a package reinstall/upgrade/etc.

If it's not directly supported, could it be added to the todo list?


As a secondary question, (while cringing..)  has anyone tried this package with the spamd package? Just wondering
if a warning should be added on here about those.. I'm guessing the way spamd grabs control it wouldn't be compatible
with this package..
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on March 14, 2012, 11:26:23 pm
This package is not compatible with spamd if you want to use postfix to filter spam and bad configured/fake servers. Both need to be the fist contact from remote server.

Afaik, Spamd needs a forward mail server so That's why postfix first release was done for.

Postfix package has a lot of reports to help you identify What happened to rejected Message and postscreen(anti zombie)+ rbls + spf + header checks are very good on Message filtering.

Something this package does not act as a mail server and no plans to be, so no local mailboxes, just an inbound/outbound filter to another smtp server(s).

Mailscanner package implements more filtering options and antivirus to this MTA filtering solution.

If you are really good on postfix and believe That you have better config files to run postfix on pfsense, you can install postfix package itself and configure it by hand using filer package. This way all custom setup you have can be applied, just like I supose you did on jails.

Postfix forwarder has a custom field to save options That are not on gui.

Att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: Sn3ak on March 14, 2012, 11:31:31 pm
Something this package does not act as a mail server and no plans to be, so no local mailboxes, just an inbound/outbound filter to another smtp server(s).

A secondary MX wouldn't have local mailboxes (well a dedicated backup MX anyways). and is essentially the same thing, except storing the emails for
a potentially longer period of time if the primary mail server is down.

So, is the answer the same? If so, that's fine, again I can use my Jail solution, but a neat little appliance package would be cool.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on March 14, 2012, 11:34:59 pm
Backup mx holding Messages until mx1 is back can be done wih this package. :)

I have also edited previous post while you where answering, take a look.

I think you will like postfix forwarder package. ;)
Title: Re: Postfix - antispam and relay package
Post by: Sn3ak on March 14, 2012, 11:45:19 pm
Great, glad to hear. Actually I know very little about postfix, I've historically been a qmail guy.
Any pointers on setting it up as a backup mx? or am I going to need to add custom fields?

I think I will attempt to setup a vm (to be on the safe side) to test this with later this evening
if I get a chance.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on March 14, 2012, 11:49:48 pm
Configure your mx1 to accept relay from mx2 and add mx1 on postfix config as an internal server.

Quite simple and full gui support for this setup. :)

Most all options has help,hints and link to oficial postfix documentation.

Just to know, I was a sendmail guy before decide to migrate this antispam solution to postfix.
Title: Re: Postfix - antispam and relay package
Post by: Sn3ak on March 14, 2012, 11:52:54 pm
Perfect, I'll be giving it a shot. Thanks for the information.
Yeah, I used sendmail for a # of years before moving to qmail for an anti-spam solution
as amavisd wasn't really cutting it back then.

I'm tired of trying to figure out qmail logs when things break though, so I've been meaning
to try out postfix, and this is the perfect opportunity to kick the tires a little.
Title: Re: Postfix - antispam and relay package
Post by: Sn3ak on March 15, 2012, 08:35:16 pm
Figured I would report my success. The package looks great.
It looks like Anvil Daemon is more or less required, otherwise
it spits out errors in the maillog, and seems to cause a small
connection delay as well (at least on my setup).

I turned off most of the protections, since it is a secondary
MX, and I wasn't doing any filtering previously, at least until
I have a chance to read up more as to what the settings do.

I am however however excited by the Valid recipients from clear
text url option. That will cut out a lot of the junk that gets stuck
in the secondary MX.

I'll need to read more about that, and find out the format of the
text file, and how often it polls, but that is a very nice option.

Thanks for the good work.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on March 15, 2012, 08:42:54 pm
The format is

Email@domain.com ok
Admin@domain.com ok
.
.
.

As my active directory is on local lan, I've setup a 1h update frequecy.
Title: Re: Postfix - antispam and relay package
Post by: Sn3ak on March 16, 2012, 11:28:48 pm
Thanks, I haven't had a chance to try that.. I do have another problem that you may be able to help me with.

It seems adding:
myhostname=mx02.example.com
smtp_helo_name=mx02.example.com

is ignored by postfix, at first it wasn't being added to main.cf, but finally that started working, however is being ignored.

postconf -d | grep example
mydomain = example.local
myhostname = pfsense.example.local

as well as smtp_helo_name =  not being respected if changed either.

I'm attempting to change the name to my correct external hostname so other email servers (including my primary) don't get
upset due to the .local address
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on March 17, 2012, 12:09:20 am
Change pfsense host and domain info on system settings.

Did you tried to paste this config on custom field and then checking config file?
Title: Re: Postfix - antispam and relay package
Post by: Sn3ak on March 20, 2012, 10:25:00 pm
Sorry for the late reply, as it turns out the settings did take, however postconf -d
doesn't reflect it, and, using telnet on localhost apparently uses the default and
ignores the setting.


Would it be possible to add a delete option in the queue screen, since you are already displaying the Message ID?
Command would be postsuper -d msgID. Also maybe another button at the bottom for deleting all Mailer-Daemon
emails? Command would be: mailq | grep -v "^[^0-9A-Z]" | grep MAILER-DAEMON | awk '{print $1}' | xargs postsuper -d

If nothing else, I can probably submit patches, as long as you are interested in including them.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on March 20, 2012, 10:42:55 pm
Good to know this package is being usefull for you. :)

Did you applied postfix conf after changing machine name and domain?

Patches and improvements are welcome, let me test it first before publishing.
Title: Re: Postfix - antispam and relay package
Post by: Popupgbg on April 11, 2012, 06:23:29 pm
Split domain mail functionality

I don´t know if this package can do this but it would be nice to have it with a GUI. I know that sometimes hosting providers is using Postfix to provide a split domain functionality on mailservice. The use Postfix to receive all mails addressed to different recipients in different domains in Postfix. They setup the possibility to forward incoming mail so that mail to a@domain.com  is sent to an POP server and mail to b@domain.com to an Exchange server. This due to the fact that all users in an organization don´t need the functionality of an Exchange server.
This is my request  :)

/Thanks
Title: Re: Postfix - antispam and relay package
Post by: madas on April 13, 2012, 06:31:06 am
Hello,

I'm trying to modify this part of the main.cf to remove the reject_unknown_sender_domain

----------------
smtpd_sender_restrictions = reject_unknown_sender_domain,
            permit
----------------
My server is using a remote DNS so I cannot add a A or MX record for some of my local servers so I need to remove this option (or add a permit_mynetworks above it).

I cannot seem to do this anyway in the gui.  I can do it manually but it seems to be overwritten shortly after.

Any ideas?

Thanks

M
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on April 13, 2012, 06:47:58 am
Madas,

Include your hosts on my network acl.
Title: Re: Postfix - antispam and relay package
Post by: madas on April 18, 2012, 06:46:51 am
I have.  The reject_unknown_sender_domain seems to be bouncing the message before the network ACL's are checked.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on April 18, 2012, 11:49:08 pm
I have.  The reject_unknown_sender_domain seems to be bouncing the message before the network ACL's are checked.

It will work if you create this dummy domain on your internal dns and point pfsense to use it.
Title: Re: Postfix - antispam and relay package
Post by: madas on April 19, 2012, 06:23:36 am
My firewall points directly to the ISP's DNS.  I don't run a local one that is accessible from my firewall.  I just want to remove that restriction
Title: Re: Postfix - antispam and relay package
Post by: LinuxTracker on April 21, 2012, 02:24:59 pm
Finally set this up today and have read through the thread.

I seem to be missing something in the basic configuration.

Notes: I disabled the port 25 NAT and associated rule.
A new rule to allow port 25 to WAN Address is in place and is logged.
I let it run for 15+min.

My Port 25 Rules block 1k spam connects/hour.  I find I've grown attached to them. /notes


Problem:
If I bind to Postfix to WAN, Postfix receives and passes mail correctly; but Port 25 Rules are ignored.
When I bind to loopback-only, I don't see any indication that any mail is reaching Postfix.

In both cases, the Rule Logs show traffic being passed to the WAN address.

What am I missing?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on April 21, 2012, 03:18:50 pm
Hi linuxtracker,

When you listen postfix on loopback only, you need a Nat rule to forward traffic from wan address to localhost.

In both cases, you need to put block rules before allow rules on firewall tab.
Title: Re: Postfix - antispam and relay package
Post by: LinuxTracker on April 21, 2012, 03:58:44 pm
In both cases, you need to put block rules before allow rules on firewall tab.

Crap.  That is exactly what I did.  I know better too. 

Now I have to go wear the hat for the rest of the day.

(http://i865.photobucket.com/albums/ab214/salvan2009/dunce-cap.png)
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on April 21, 2012, 04:10:12 pm
No intention to call you dunce, I was just posting full info to solve your problem.
Sorry.  :(
Title: Re: Postfix - antispam and relay package
Post by: LinuxTracker on April 21, 2012, 06:53:14 pm
No intention to call you dunce, I was just posting full info to solve your problem.
Sorry.

I wasn't irritated with you.  I was poking fun at myself for making a rookie mistake.

If you hadn't set me straight, I'd probably still be banging my head against it.

So - Thank you.
Title: Re: Postfix - antispam and relay package
Post by: digdug3 on April 22, 2012, 07:28:26 am
Is it possible to forward all incoming domains to another mail server after the email address had been checked?
So * to ip x.x.x.x
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on April 22, 2012, 12:15:39 pm
You can configure smart relay options, but I think it's not a good idea as postfix will accept any email, including relay atempts and your internal server will miss the external IP address to do spam checks.
Title: Re: Postfix - antispam and relay package
Post by: digdug3 on April 22, 2012, 01:08:57 pm
You can configure smart relay options, but I think it's not a good idea as postfix will accept any email, including relay atempts and your internal server will miss the external IP address to do spam checks.
Ok, but is it possible to add the domains just like the valid recipients? e.g. a txt file from an external url?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on April 23, 2012, 09:18:37 am
Ok, but is it possible to add the domains just like the valid recipients? e.g. a txt file from an external url?

I think it's not a good idea as this setup may forward many open relay attempts to your internal server and it will not be able to test external ip as you  'proxied' connection with postifx ip.
Title: Re: Postfix - antispam and relay package
Post by: miken32 on April 30, 2012, 05:27:13 pm
Sorry if this has been covered in the many pages before; I took a skim through and didn't find anything. I want to intercept all SMTP traffic (port 25) from the LAN side and redirect it to my own remote mail server, which requires SMTP authentication.

So I guess two parts here; doing a redirect from the actual SMTP server to my local Postfix which is installed via this package, and then getting Postfix to talk to the remote server and send the mail on.

I guess part one can be done with outbound NAT? For part two everything I see online for a relayhost with SMTP authentication requires additional files and encryption libraries. Is it possible with this package?

Thanks a lot if anyone can help.
Title: Re: NEW Postfix antispam and relay package
Post by: zlyzwy on May 02, 2012, 03:02:23 am
Hi all,

Postfix compilation on x64 now includes cyrus-SASL2 and TLS.

who need or want to test it, reinstall or remove/install postfix package.

No changes in gui for this option. Include all your SASL and/or TLS config in custom main.cf options

att,
Marcello Coutinho

Hi marcelloc,

First, thanks for your great work.

Do you have any guide or sample what should I include in main.cf to support TLS?

I am sorry I can't find any reference in these posts.

Thanks!

Zlyzwy
Title: Re: Postfix - antispam and relay package
Post by: ics on May 02, 2012, 09:58:22 am
Hi all,

All emails appears in status "hold" in the search mail option.
Is it normal ?
Yet I receive all emails...

Does it mean that a copy of all emails is kept in postfix ?
If yes, the disk might be full soon...

In the "third party antispam settings" of postfix, the message hold mode is "auto mode".
Is it a recommended configuration ?
What the advantage of manual mode ? And what should we put in ACL headers in such a mode (I'm a newbie)?

Thanks
Title: Re: NEW Postfix antispam and relay package
Post by: marcelloc on May 02, 2012, 03:26:51 pm
Do you have any guide or sample what should I include in main.cf to support TLS?

Paste postfix config for TLS on custom options at gui.

As I did not implemented SASL/TLS yet, I don't know how to help you, but google does  ;)
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 02, 2012, 03:29:56 pm
All emails appears in status "hold" in the search mail option.
Is it normal ?
It should only happens when you have select mailscanner integration but did not configured,installed or started mailscanner daemon

Does it mean that a copy of all emails is kept in postfix ?
No, it means that messages will stay on disk until mailscanner finishes his job on these messages.

In the "third party antispam settings" of postfix, the message hold mode is "auto mode".
Is it a recommended configuration ?
What the advantage of manual mode ? And what should we put in ACL headers in such a mode (I'm a newbie)?
I use manual mode as I can do some tests or choose the way I hold messages to mailscanner
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 02, 2012, 03:31:28 pm
Sorry if this has been covered in the many pages before; I took a skim through and didn't find anything. I want to intercept all SMTP traffic (port 25) from the LAN side and redirect it to my own remote mail server, which requires SMTP authentication.
Not implemented on this package. All features were included to act as an inbound smtp server to protect your exchange/internal server.
Title: Re: Postfix - antispam and relay package
Post by: expert_az on May 03, 2012, 02:23:35 am
hello,

i entered some sender restritions like

ymail.com REJECT
dengediksiyon_seti@yahoo.com REJECT
best_tanitim_sektorel@rocketmail.com REJECT

in access lits>>sender  section of the postfix package.

But can't see these settings on main.cf ?any sync problem between this section of the postfix package and main.cf?

here is part of my main.cf

local_recipient_maps =
mydestination =
mynetworks_style = host
message_size_limit = 15728640
default_process_limit = 100
#Just reject after helo,sender,client,recipient tests
smtpd_delay_reject = yes
   
# Don't talk to mail systems that don't know their own hostname.
smtpd_helo_required = yes
smtpd_helo_restrictions =

smtpd_sender_restrictions = reject_unknown_sender_domain,
            permit


Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 03, 2012, 03:44:33 pm
On current config, sender restrictions are applied on sender_access

smtpd_recipient_restrictions = permit_mynetworks,
                                check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
                                check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
                                reject_invalid_helo_hostname,
                                reject_unknown_recipient_domain,
                                reject_non_fqdn_helo_hostname,
                                reject_non_fqdn_recipient,
                                reject_unauth_destination,
                                reject_unauth_pipelining,
                                reject_multi_recipient_bounce,
                                check_sender_access hash:/usr/local/etc/postfix/sender_access,
                                reject_spf_invalid_sender,
                                permit
Title: Re: Postfix - antispam and relay package
Post by: expert_az on May 07, 2012, 01:39:13 am
marcelloc i don't see in my main.cf sender_access ,any mistake in my config?

here is my cf.


# Allow connections from specified local clients and rbl check everybody else if rbl check are set.
smtpd_client_restrictions = check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
            check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
            permit


# Whitelisting: local clients may specify any destination domain.
#,
smtpd_recipient_restrictions = permit_mynetworks,
            reject_unauth_destination,
            permit

postscreen_disable_vrfy_command = yes
postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_action = enforce
postscreen_pipelining_enable = yes
postscreen_pipelining_action = enforce
postscreen_bare_newline_enable = yes
postscreen_bare_newline_action = enforce
postscreen_greet_action = enforce
postscreen_access_list = permit_mynetworks,
         cidr:/usr/local/etc/postfix/cal_cidr
postscreen_dnsbl_action= enforce
postscreen_blacklist_action= enforce
postscreen_dnsbl_sites=b.barracudacentral.org,zen.spamhaus.org,bl.spamcop.net
postscreen_dnsbl_threshold=1
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 07, 2012, 02:43:44 am
Did you checked antipam settings on postfix gui? Your config looks short
Title: Re: Postfix - antispam and relay package
Post by: expert_az on May 07, 2012, 03:31:33 am
i'm using Header verification in basic mode,
Title: Re: Postfix - antispam and relay package
Post by: expert_az on May 07, 2012, 08:15:16 am
marcelloc any way to change position of the lines ?

smtpd_recipient_restrictions = permit_mynetworks,
                                check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
                                check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
                                reject_invalid_helo_hostname,
                                reject_unknown_recipient_domain,
                                reject_non_fqdn_helo_hostname,
                                reject_non_fqdn_recipient,
                                reject_unauth_destination,
                                reject_unauth_pipelining,
                                reject_multi_recipient_bounce,
                                check_sender_access hash:/usr/local/etc/postfix/sender_access,
                                reject_spf_invalid_sender,
                                permit

smtpd_recipient_restrictions = permit_mynetworks,
                                check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
                                check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
                                check_sender_access hash:/usr/local/etc/postfix/sender_access,
                                reject_invalid_helo_hostname,
                                reject_unknown_recipient_domain,
                                reject_non_fqdn_helo_hostname,
                                reject_non_fqdn_recipient,
                                reject_unauth_destination,
                                reject_unauth_pipelining,
                                reject_multi_recipient_bounce,
                                reject_spf_invalid_sender,
                                permit
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 07, 2012, 09:22:02 am
Yes, it could be done but don't you think it will reduce security if you config for example @hotmail.com on sender_access?

All forged emails from @hotmail.com will be accepted.

Maybe two fields, one to be on top, with no sender restrictions and another after header spam checks.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 07, 2012, 10:22:44 am
I've pushed an update without version change putting sender_check above other tests.

Postfix docs says:
Be sure to specify check_sender_access and check_policy_service AFTER reject_unauth_destination or else your system could become an open mail relay., so I did configure reject_unauth_destination on top to prevent open relay configs.
Title: Re: Postfix - antispam and relay package
Post by: expert_az on May 11, 2012, 12:45:44 am
marcelloc,i'm going fetch recipients  from zimbra ldap,but as described on web gui to enable ldap fetch  p5-perl-ldap package must be installed.
when i tried install p5-perl-ldap package from console i'm getting this error:


Error: Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.1-release/Latest/p5-perl-ldap.tbz: File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.1-release/Latest/p5-perl-ldap.tbz' by URL


any idea?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 11, 2012, 12:47:48 am
any idea?

try from my repo:

pkg_add -r http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-perl-ldap-0.4300.tbz
Title: Re: Postfix - antispam and relay package
Post by: expert_az on May 11, 2012, 12:56:07 am
i get this output ,is this normal?


Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-perl-ldap-0.4300.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-XML-NamespaceSupport-1.11.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-XML-SAX-0.96.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-XML-Filter-BufferText-1.01.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-XML-SAX-Writer-0.53.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-GSSAPI-0.28.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-Net-SSLeay-1.42.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-IO-Socket-SSL-1.53.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-URI-1.59.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-Digest-HMAC-1.03.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-Authen-SASL-2.15.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Fetching http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-Convert-ASN1-0.22.tbz... Done.
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
pkg_add: the package info for package 'postfix-2.8.7,1' is corrupt
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 11, 2012, 12:57:10 am
are you on amd64 or i386?
Title: Re: Postfix - antispam and relay package
Post by: expert_az on May 11, 2012, 12:58:11 am
2.0.1-RELEASE (amd64)
built on Mon Dec 12 18:43:51 EST 2011
FreeBSD 8.1-RELEASE-p6
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 11, 2012, 12:59:39 am
I've never seen this error during package install.

check if pkg_info return two postfix installs or something.

EDIT:

Let me know if this feature works with zimbra ldap.
It's written for Active directory ldap search.

att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: expert_az on May 11, 2012, 01:03:21 am
by the way i can't see postfix package describtion propoerly,see attached screeshot

bsdinstaller-2.0.2011.0913 BSD Installer mega-package
cyrus-sasl-2.1.25_1 RFC 2222 SASL (Simple Authentication and Security Layer)
daq-0.6.2           Data Acquisition abstraction library for snort 2.9+
gettext-0.18.1.1    GNU gettext package
libdnet-1.11_3      A simple interface to low level networking routines
libiconv-1.13.1_1   A character set conversion library
libnet11-1.1.2.1_3,1 A C library for creating IP packets
libpcap-1.1.1_1     Ubiquitous network traffic capture library
libspf2-1.2.9_1     Sender Rewriting Scheme 2 C Implementation
mysql-client-5.1.53 Multithreaded SQL database (client)
p5-Authen-SASL-2.15 Perl5 module for SASL authentication
p5-Convert-ASN1-0.22 Perl5 module to encode and decode ASN.1 data structures
p5-Digest-HMAC-1.03 Perl5 interface to HMAC Message-Digest Algorithms
p5-GSSAPI-0.28      Perl extension providing access to the GSSAPIv2 library
p5-IO-Socket-SSL-1.53 Perl5 interface to SSL sockets
p5-Net-SSLeay-1.42  Perl5 interface to SSL
p5-URI-1.59         Perl5 interface to Uniform Resource Identifier (URI) refere
p5-XML-Filter-BufferText-1.01 Filter to put all characters() in one event
p5-XML-NamespaceSupport-1.11 A simple generic namespace support class
p5-XML-SAX-0.96     Simple API for XML
p5-XML-SAX-Writer-0.53 SAX2 XML Writer
p5-perl-ldap-0.4300 A Client interface to LDAP (includes Net::LDAP)
pcre-8.21_1         Perl Compatible Regular Expressions library
perl-5.12.4_3       Practical Extraction and Report Language
perl-threaded-5.10.1_3 Practical Extraction and Report Language
pkg_info: the package info for package 'postfix-2.8.7,1' is corrupt
snort-2.9.0.5       Lightweight network intrusion detection system
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 11, 2012, 01:06:43 am
That's the corrupt info you see on pkg_add.

if you want to try, this is the cmd to force postfix package reinstall

pkg_add -rf http://files.pfsense.org/packages/amd64/8/All/postfix-2.8.7%2c1.tbz
Title: Re: Postfix - antispam and relay package
Post by: expert_az on May 11, 2012, 01:09:52 am
thank you marcelloc,
i will try it after operational hours.
Title: Re: Postfix - antispam and relay package
Post by: expert_az on May 11, 2012, 01:10:51 am
but it seems perl ldap installed?am i right?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 11, 2012, 01:16:58 am
but it seems perl ldap installed?am i right?

yes.

p5-perl-ldap-0.4300 A Client interface to LDAP (includes Net::LDAP)

I saw you have two perl versions installed
perl-5.12.4_3       Practical Extraction and Report Language
perl-threaded-5.10.1_3 Practical Extraction and Report Language


If you have missing modules messages on this function, you will need to force a perl version on first line of the script.
Title: Re: Postfix - antispam and relay package
Post by: zlyzwy on May 12, 2012, 06:18:29 am
Hi,

I received the following error in Search mail.
Message:Status: hold
Log type:NOQUEUE

Code: [Select]
Warning: sqlite_query(): no such column: mail_status.info in /usr/local/www/postfix.php on line 599 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603 Warning: sqlite_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/www/postfix.php on line 603
Any idea how this will happen?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 13, 2012, 08:56:19 am
zlyzwy,

I'll try to include this check on next release.

NOQUEUE logs only messages that was rejected duing header receive, so it will not have hold status.

att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: Sensible on May 14, 2012, 05:44:11 am
Hi,

at first thank you for this postfix-package!

I updated the postfix-package from v.2.3.3_1  to v.2.3.4.
After update each client could only sent to email-domains which was included in the "Domains to Forward". No mails to other domains  was possibility. The error-message is 571 Relay denied.
I looked in the main.cf and found the different to the v.2.3.3_1:
v.2.3.3_1
smtpd_client_restrictions = check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
                                check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
                                permit

v.2.3.4
smtpd_client_restrictions = reject_unauth_destination,
                                check_sender_access hash:/usr/local/etc/postfix/sender_access,
                                check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
                                check_client_access cidr:/usr/local/etc/postfix/cal_cidr
                                permit

After i added permit_mynetworks to smtpd_client_restrictions and restarted postfix on the commandline our clients could send Mails again.

Is this a bug in the v.2.3.4 or a feature, or forgot i to enter something in a new web-field? I yet added in "Access-List -> Client Access List -> MyNetworks 192.168.0.0/16 in the v.2.3.3-1, is there now a addional field in the webinterface to insert this to? I can't found any new fields.

To edit some  fields with the webinterface and not lose the change for smtpd_client_restrictions, i added  permit_my_networks in the /usr/local/pkg/postfix.inc

smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination,
                                check_sender_access hash:/usr/local/etc/postfix/sender_access,
                                check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
                                check_client_access cidr:/usr/local/etc/postfix/cal_cidr
                                RBLRBLRBL
Regards
Gerd

P.S. Sorry for my bad english!
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 14, 2012, 05:38:47 pm
Sensible,

Thanks for your detailed feedback,

I'll check it as soon as possible.

att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: Sensible on May 15, 2012, 02:42:39 am
Hi,

there is an other little mistake in the postfix-Package.

In the tab "Recioients" is something wrong with the field "Frequency".
If I add 5m (for five minutes) and look in the crontab, there is the following entry:

*     *     *     */5     *     root     /usr/local/bin/php -q /usr/local/www/postfix_recipients.php 

but it should be

*/5     *     *     *     *     root     /usr/local/bin/php -q /usr/local/www/postfix_recipients.php 

Please, can you check this too?
Thanks
Gerd
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 15, 2012, 10:20:45 am
pkg v.2.3.4_1 is out with:


Gerd,

Check if with this version, you have a working system without open relay or missing features.

att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: Sensible on May 16, 2012, 04:55:19 am
Marcello,

thanks for the new package.

I have tested it, and it looks good.

Gerd
Title: Re: Postfix - antispam and relay package
Post by: LinuxTracker on May 16, 2012, 03:38:31 pm
I'm preparing to move email services, from a hosting company to on site.
(The MX records currently point to the hosting company.)

Current config:
Our pfSense+Postfix box is the LAN gateway for the mail server = x.x.1.199

(The rest of LAN uses a SonicWall gateway = x.x.1.1)

I have confirmed Postfix receives mail and forwards it to our email server.

There will be one email server; a Win2k8 box running MailEnable = x.x.1.29

I can securely relay off-site email clients through the email server - over port 587 - via the pfSense gateway.

My Problem:
We have users in the field, whose email clients relayed through the existing SMTP server - via Port 25.
It will take time to round up those users and change their configs.

Since Port 25 is pointed at the loopback, I can't figure out how to setup a Port 25 relay for them.

If I bring relay traffic through the x.x.1.1 gateway; the email server gets it but is pointed at the wrong gateway to reply properly.

I'm uncertain how to proceed. Can someone point me in the right direction?

Thanks.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 16, 2012, 04:08:26 pm
Since Port 25 is pointed at the loopback, I can't figure out how to setup a Port 25 relay for them.

use a port forward from psense external/internal ip to loopback.
I use these config to listen postfix on virtual/carp ips

Title: Failed to start the postfix after rebooting
Post by: zlyzwy on May 16, 2012, 07:40:11 pm
Hi Marcelloc,

I upgraded the pkg to latest version, then I tried to reboot the system.

however the postfix doesn't start properly.

Here is the system log output about postfix.

Code: [Select]
May 16 23:33:18 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was ''
May 16 23:33:18 postfix/postfix-script[9984]: fatal: the Postfix mail system is not running
May 16 23:33:18 php: : Stopping postfix
May 16 23:33:17 php: : Writing rc_file
May 16 23:33:15 php: : Writing out configuration
May 16 23:33:15 php: : The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
May 16 23:33:15 postfix/postfix-script[2109]: fatal: the Postfix mail system is not running
May 16 23:33:14 syslogd: kernel boot file is /boot/kernel/kernel
May 16 23:33:13 syslogd: exiting on signal 15
May 16 23:33:13 check_reload_status: Syncing firewall
May 16 23:33:11 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was ''
May 16 23:33:11 postfix/postfix-script[42209]: fatal: the Postfix mail system is not running
May 16 23:33:11 php: : Stopping postfix
May 16 23:33:10 php: : Writing rc_file
May 16 23:33:08 php: : Writing out configuration
May 16 23:33:08 php: : The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
May 16 23:33:08 postfix/postfix-script[39471]: fatal: the Postfix mail system is not running
May 16 23:33:08 syslogd: kernel boot file is /boot/kernel/kernel
May 16 23:33:08 syslogd: exiting on signal 15
May 16 23:33:08 check_reload_status: Syncing firewall
May 16 23:33:05 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was ''
May 16 23:33:05 postfix/postfix-script[32222]: fatal: the Postfix mail system is not running
May 16 23:33:05 php: : Stopping postfix
May 16 23:33:04 php: : Writing rc_file
May 16 23:33:02 php: : Writing out configuration
May 16 23:33:02 php: : The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
May 16 23:33:02 postfix/postfix-script[28641]: fatal: the Postfix mail system is not running
May 16 23:33:02 syslogd: kernel boot file is /boot/kernel/kernel
May 16 23:33:02 syslogd: exiting on signal 15
May 16 23:33:01 check_reload_status: Syncing firewall
May 16 23:32:59 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was ''
May 16 23:32:59 postfix/postfix-script[19574]: fatal: the Postfix mail system is not running
May 16 23:32:59 php: : Stopping postfix
May 16 23:32:58 php: : Writing rc_file
May 16 23:32:56 php: : Writing out configuration
May 16 23:32:56 php: : The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
May 16 23:32:56 postfix/postfix-script[10197]: fatal: the Postfix mail system is not running
May 16 23:32:56 syslogd: kernel boot file is /boot/kernel/kernel
May 16 23:32:55 syslogd: exiting on signal 15
May 16 23:32:55 check_reload_status: Syncing firewall
May 16 23:32:52 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was ''
May 16 23:32:52 postfix/postfix-script[59889]: fatal: the Postfix mail system is not running
May 16 23:32:52 php: : Stopping postfix
May 16 23:32:50 php: : Writing rc_file
May 16 23:32:48 php: : Writing out configuration
May 16 23:32:48 php: : The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
May 16 23:32:48 postfix/postfix-script[45738]: fatal: the Postfix mail system is not running
May 16 23:32:46 syslogd: kernel boot file is /boot/kernel/kernel
May 16 23:32:45 syslogd: exiting on signal 15
May 16 23:32:44 check_reload_status: Syncing firewall
May 16 23:32:38 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was ''
May 16 23:32:38 postfix/postfix-script[24906]: fatal: the Postfix mail system is not running
May 16 23:32:37 php: : Stopping postfix
May 16 23:32:36 php: : Writing rc_file
May 16 23:32:33 php: : Writing out configuration
May 16 23:32:32 php: : The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
May 16 23:32:32 postfix/postfix-script[11313]: fatal: the Postfix mail system is not running
May 16 23:32:31 syslogd: kernel boot file is /boot/kernel/kernel
May 16 23:32:30 syslogd: exiting on signal 15
May 16 23:32:28 check_reload_status: Syncing firewall
May 16 23:31:44 php: : The command '/usr/local/etc/rc.d/mailscanner stop' returned exit code '1', the output was 'mailscanner not running? (check /var/run/MailScanner.pid).'
May 16 23:31:43 php: : Reload mailscanner
May 16 23:31:42 root: /usr/local/etc/rc.d/clamav-clamd: WARNING: failed to start clamav_clamd
May 16 23:31:39 check_reload_status: Reloading filter
May 16 23:31:38 sshlockout[28940]: sshlockout/webConfigurator v3.0 starting up
May 16 23:31:37 check_reload_status: Syncing firewall
May 16 23:31:37 login: login on ttyv0 as root
May 16 23:31:37 php: : IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing.
May 16 23:31:36 kernel: VMware memory control driver initialized
May 16 23:31:32 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was ''
May 16 23:31:32 postfix/postfix-script[16854]: fatal: the Postfix mail system is not running
May 16 23:31:32 php: : Stopping postfix
May 16 23:31:31 php: : Writing rc_file
May 16 23:31:29 php: : Writing out configuration
May 16 23:31:29 php: : The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
May 16 23:31:29 postfix/postfix-script[13014]: fatal: the Postfix mail system is not running
May 16 23:31:29 syslogd: kernel boot file is /boot/kernel/kernel
May 16 23:31:29 syslogd: exiting on signal 15
May 16 23:31:27 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was ''
May 16 23:31:27 postfix/postfix-script[6934]: fatal: the Postfix mail system is not running
May 16 23:31:27 php: : Stopping postfix
May 16 23:31:27 php: : The command '/usr/local/etc/rc.d/mailscanner stop' returned exit code '1', the output was 'mailscanner not running? (check /var/run/MailScanner.pid).'
May 16 23:31:26 php: : Writing rc_file
May 16 23:31:26 php: : Reload mailscanner
May 16 23:31:25 root: /usr/local/etc/rc.d/clamav-clamd: WARNING: failed to start clamav_clamd
May 16 23:31:24 php: : Writing out configuration
May 16 23:31:24 php: : The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
May 16 23:31:24 postfix/postfix-script[61012]: fatal: the Postfix mail system is not running
May 16 23:31:23 syslogd: kernel boot file is /boot/kernel/kernel
May 16 23:31:23 syslogd: exiting on signal 15
May 16 23:31:23 check_reload_status: Syncing firewall
May 16 23:31:22 check_reload_status: Syncing firewall
May 16 23:31:17 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was ''
May 16 23:31:17 postfix/postfix-script[53921]: fatal: the Postfix mail system is not running
May 16 23:31:17 php: : Stopping postfix
May 16 23:31:16 php: : Writing rc_file
May 16 23:31:15 php: : The command '/usr/local/etc/rc.d/mailscanner stop' returned exit code '1', the output was 'mailscanner not running? (check /var/run/MailScanner.pid).'
May 16 23:31:14 php: : Writing out configuration
May 16 23:31:14 php: : The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
May 16 23:31:14 postfix/postfix-script[44179]: fatal: the Postfix mail system is not running
May 16 23:31:13 php: : Reload mailscanner
May 16 23:31:13 root: /usr/local/etc/rc.d/clamav-clamd: WARNING: failed to start clamav_clamd
May 16 23:31:12 syslogd: kernel boot file is /boot/kernel/kernel
May 16 23:31:08 syslogd: exiting on signal 15
May 16 23:31:07 check_reload_status: Syncing firewall
May 16 23:31:06 check_reload_status: Syncing firewall
May 16 23:31:03 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was ''
May 16 23:31:03 postfix/postfix-script[15989]: fatal: the Postfix mail system is not running
May 16 23:31:03 php: : Stopping postfix
May 16 23:31:02 php: : Writing rc_file
May 16 23:31:00 php: : Writing out configuration
May 16 23:30:59 php: : The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
May 16 23:30:59 postfix/postfix-script[5918]: fatal: the Postfix mail system is not running
May 16 23:30:59 syslogd: kernel boot file is /boot/kernel/kernel
May 16 23:30:59 syslogd: exiting on signal 15
May 16 23:30:59 check_reload_status: Syncing firewall
May 16 23:30:57 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was ''
May 16 23:30:57 postfix/postfix-script[60750]: fatal: the Postfix mail system is not running
May 16 23:30:57 php: : Stopping postfix
May 16 23:30:56 php: : Writing rc_file
May 16 23:30:54 php: : Writing out configuration
May 16 23:30:54 php: : The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
May 16 23:30:54 postfix/postfix-script[57897]: fatal: the Postfix mail system is not running
May 16 23:30:54 syslogd: kernel boot file is /boot/kernel/kernel
May 16 23:30:54 syslogd: exiting on signal 15
May 16 23:30:53 check_reload_status: Syncing firewall
May 16 23:30:49 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was ''
May 16 23:30:49 postfix/postfix-script[39943]: fatal: the Postfix mail system is not running
May 16 23:30:49 php: : Stopping postfix
May 16 23:30:48 php: : Writing rc_file
May 16 23:30:47 php: : Reload mailscanner
May 16 23:30:45 php: : Writing out configuration
May 16 23:30:45 root: /usr/local/etc/rc.d/clamav-clamd: WARNING: failed to start clamav_clamd
May 16 23:30:44 php: : The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
May 16 23:30:44 postfix/postfix-script[28765]: fatal: the Postfix mail system is not running
May 16 23:30:42 syslogd: kernel boot file is /boot/kernel/kernel
May 16 23:30:41 syslogd: exiting on signal 15
May 16 23:30:40 check_reload_status: Syncing firewall
May 16 23:30:35 check_reload_status: Syncing firewall
May 16 23:30:04 php: : Reload mailscanner
May 16 23:30:04 php: : The command '/usr/local/etc/rc.d/clamav-clamd stop' returned exit code '1', the output was 'mkdir: /var/run/clamav: File exists clamav_clamd not running?'
May 16 23:30:02 php: : Reload mailscanner
May 16 23:30:02 check_reload_status: Syncing firewall
May 16 23:29:58 root: /usr/local/etc/rc.d/clamav-clamd: WARNING: failed to start clamav_clamd
May 16 23:29:52 php: : Reload mailscanner
May 16 23:29:51 root: /usr/local/etc/rc.d/clamav-clamd: WARNING: failed to start clamav_clamd
May 16 23:29:50 check_reload_status: Syncing firewall
May 16 23:29:50 check_reload_status: Syncing firewall
May 16 23:29:31 php: : The command '/usr/local/etc/rc.d/mailscanner stop' returned exit code '1', the output was 'mailscanner not running? (check /var/run/MailScanner.pid).'
May 16 23:29:31 php: : Reload mailscanner
May 16 23:29:31 root: /usr/local/etc/rc.d/clamav-clamd: WARNING: failed to start clamav_clamd
May 16 23:29:30 check_reload_status: Syncing firewall
May 16 23:29:20 php: : The command '/usr/local/etc/rc.d/mailscanner stop' returned exit code '1', the output was 'mailscanner not running? (check /var/run/MailScanner.pid).'
May 16 23:29:19 php: : Reload mailscanner
May 16 23:29:19 php: : Reload mailscanner
May 16 23:29:19 php: : The command '/usr/local/etc/rc.d/clamav-clamd stop' returned exit code '1', the output was 'mkdir: /var/run/clamav: File exists clamav_clamd not running?'
May 16 23:29:17 check_reload_status: Syncing firewall
May 16 23:29:15 root: /usr/local/etc/rc.d/clamav-clamd: WARNING: failed to start clamav_clamd
May 16 23:29:08 php: : Reload mailscanner
May 16 23:29:08 root: /usr/local/etc/rc.d/clamav-clamd: WARNING: failed to start clamav_clamd
May 16 23:29:04 check_reload_status: Syncing firewall
May 16 23:29:03 check_reload_status: Syncing firewall
May 16 23:28:42 php: : Reload mailscanner
May 16 23:28:41 root: /usr/local/etc/rc.d/clamav-clamd: WARNING: failed to start clamav_clamd
May 16 23:28:39 php: : The command '/usr/local/etc/rc.d/mailscanner stop' returned exit code '1', the output was 'mailscanner not running? (check /var/run/MailScanner.pid).'
May 16 23:28:38 check_reload_status: Syncing firewall
May 16 23:28:34 php: : Reload mailscanner
May 16 23:28:32 php: : The command '/usr/local/etc/rc.d/clamav-clamd stop' returned exit code '1', the output was 'mkdir: /var/run/clamav: File exists Stopping clamav_clamd. kill: 10995: No such process'
May 16 23:28:31 php: : The command '/usr/local/etc/rc.d/mailscanner stop' returned exit code '1', the output was 'mailscanner not running? (check /var/run/MailScanner.pid).'
May 16 23:28:31 php: : Reload mailscanner
May 16 23:28:30 root: /usr/local/etc/rc.d/clamav-clamd: WARNING: failed to start clamav_clamd
May 16 23:28:28 check_reload_status: Syncing firewall
May 16 23:28:22 php: : The command '/usr/local/etc/rc.d/mailscanner stop' returned exit code '1', the output was 'mailscanner not running? (check /var/run/MailScanner.pid).'
May 16 23:28:22 php: : Reload mailscanner
May 16 23:28:21 root: /usr/local/etc/rc.d/clamav-clamd: WARNING: failed to start clamav_clamd
May 16 23:28:17 check_reload_status: Syncing firewall
May 16 23:28:16 check_reload_status: Syncing firewall
May 16 23:28:04 root: /usr/local/etc/rc.d/clamav-clamd: WARNING: failed to start clamav_clamd
May 16 23:28:04 php: : The command '/usr/local/etc/rc.d/mailscanner stop' returned exit code '1', the output was 'mailscanner not running? (check /var/run/MailScanner.pid).'
May 16 23:28:04 php: : Reload mailscanner

Thanks a lot:)
Zlyzwy

===============================================
Update:

I can go to Services --> postfix and recheck the Enable Postfix to start the postfix.
It seems to be fine.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 18, 2012, 09:30:21 am
zlyzwy,

I'm not getting this error, but I'll try it on a clean install on vm.

Are you using pfsense 32 or 64 bits


att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: zlyzwy on May 18, 2012, 09:40:54 am
zlyzwy,

I'm not getting this error, but I'll try it on a clean install on vm.

Are you using pfsense 32 or 64 bits


att,
Marcello Coutinho

Hi Marcello,
Version:
Code: [Select]
2.0.1-RELEASE (i386)
built on Mon Dec 12 18:24:17 EST 2011

I have some other pkgs installed:
freeradius2
Pfblocker
Unbound
bandwidthd


Thanks.
Zlyzwy


Title: Re: Postfix - antispam and relay package
Post by: RobinGill on May 19, 2012, 01:47:34 pm
Hi Marcello,

Many thanks for this package - great addition to pfSense.

I've just set a box up that I was hoping to set this box up using LDAP to import list of users. The two issues I have are:

1. I tried running /usr/sbin/pkg_add -r p5-perl-ldap but I get the error unable to fetch ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.1-release/Latest/p5-perl-ldap.tbz. In fact it appears the whole packages-8.1-release directory has been depreciated.

2. If it is possible to get this running, is there any way to import user information using LDAP from multiple servers?

Also I was wondering if there are plans to add SMTP authentication in the future?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 19, 2012, 09:25:11 pm
1. I tried running /usr/sbin/pkg_add -r p5-perl-ldap but I get the error unable to fetch ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.1-release/Latest/p5-perl-ldap.tbz. In fact it appears the whole packages-8.1-release directory has been depreciated.
get it from my personal repo
http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-perl-ldap-0.4300.tbz

2. If it is possible to get this running, is there any way to import user information using LDAP from multiple servers?
It's already on the package code, just click on "+" button to add the other servers.
Note that this ldap fetch code was fetched from postfix website to run with active directory, I did no teste with openldap.

Also I was wondering if there are plans to add SMTP authentication in the future?
Plans: yes, time to do it: almost none  :)
Title: Re: Postfix - antispam and relay package
Post by: nahid on May 20, 2012, 03:01:44 pm
Hay all,

I have a question related with WebClient of SMTP Server. I have configured postfix with pfsense as my spam filter. Everything is working well except when I want send email from webclient of my Mail server it gives me error with "SMTP Authenticaion Error" while I can send email from other webclient like mail2web.

Is there any config error from where I could give the access my webclient to send mails through email server?

Nahid
Title: Re: Postfix - antispam and relay package
Post by: nahid on May 20, 2012, 05:30:03 pm
I figure out the problem that I am facing.

If I choose my mail server as local internal server ip 10.10.1.5 in outlook then it works with no problem. However, when I choose the External IP 94.55.x.x or the domain name of my mailserver from my home it is unable to connect with the server.

When I remove postfix it works but after putting the postfix it works only locally. How could I solve this problem?
Title: Re: Postfix - antispam and relay package
Post by: RobinGill on May 20, 2012, 05:34:47 pm
Many thanks for the help Marcello, I managed to install it using the link you provided  :)

I noticed I was getting errors due to already having a version of Perl installed - I'm guessing Open VMware tools installed perl-5.10.1_3.

Anyway, I wiped it and started again this time just pfSense and Postfix, p5-perl-ldap installed this time without errors.

However I noticed once I configured a domain on the Domains tab which should correspond with the LDAP server, postfix would accept emails to invalid users at that domain. This didn't change if I added or removed @domain.com from Custom Valid recipients on the Recipients tab.

Then I wiped it again and only installed pfSense and postfix and not p5-perl-ldap. Again once I've configured a domain, even without adding the domain to Custom Valid recipients, it accepts emails for any user at the configured domain. The relay_recipients file is empty.

Checking this with another other install, if I configure a domain on the Domains tab but don't enter the domain under Custom Valid recipients, there I get 550 5.1.1 <anyuser@domain.com>: Recipient address rejected: User unknown in relay recipient table.

The only difference I can think of is that the new installation is brand new installed today while the old one was installed a few months ago and only upgraded to latest version a few days ago.


Any ideas on where to look for problems would be very much appreciated.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 20, 2012, 08:01:42 pm
RobinGill,

check the difference from postfix config file from old verison to this latest version.

The Custom Valid recipients need an OK at end of email addresses.

What antispam settings did you selected on both installs?

This file should have all valid recipients fetched from ldap as well from custom field.
/usr/local/etc/postfix/relay_recipients

run /usr/local/bin/php -q /usr/local/www/postfix_recipients.php  on console/ssh and check if there are running erros.

att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: nahid on May 21, 2012, 05:01:46 am
This is the log that I getting while want to send emails through Webclient:

May 21 13:00:33 pfsense postfix/postscreen[55796]: CONNECT from [127.0.0.1]:27215
May 21 13:00:33 pfsense postfix/postscreen[55796]: PASS OLD [127.0.0.1]:27215
May 21 13:00:33 pfsense postfix/smtpd[55803]: connect from localhost[127.0.0.1]
May 21 13:00:33 pfsense postfix/smtpd[55803]: lost connection after AUTH from localhost[127.0.0.1]
May 21 13:00:33 pfsense postfix/smtpd[55803]: disconnect from localhost[127.0.0.1]
May 21 13:00:36 pfsense postfix/postscreen[55796]: CONNECT from [209.85.217.170]:64486
May 21 13:00:36 pfsense postfix/postscreen[55796]: PASS OLD [209.85.217.170]:64486

SMTP error is attached.
Title: Re: Postfix - antispam and relay package
Post by: nahid on May 21, 2012, 05:19:43 am
But when I connect from other webclient like http://www.mail2web.com (http://www.mail2web.com) I got the following logs:

May 21 13:17:09 pfsense postfix/postscreen[55796]: CONNECT from [168.144.250.170]:36591
May 21 13:17:15 pfsense postfix/postscreen[55796]: NOQUEUE: reject: RCPT from [168.144.250.170]:36591: 450 4.3.2 Service currently unavailable; from=<networkadmin@sesric.org>, to=<anhuda@sesric.org>, proto=SMTP, helo=<xsmtp07.mail2web.com>
May 21 13:17:16 pfsense postfix/postscreen[55796]: PASS NEW [168.144.250.170]:36591
May 21 13:17:16 pfsense postfix/postscreen[55796]: DISCONNECT [168.144.250.170]:36591
May 21 13:17:21 pfsense postfix/postscreen[55796]: CONNECT from [168.144.250.170]:36739
May 21 13:17:21 pfsense postfix/postscreen[55796]: PASS OLD [168.144.250.170]:36739
May 21 13:17:22 pfsense postfix/smtpd[55803]: connect from xsmtp07.mail2web.com[168.144.250.170]
May 21 13:17:22 pfsense postfix/smtpd[55803]: 7E2BFBFEB82: client=xsmtp07.mail2web.com[168.144.250.170]
May 21 13:17:22 pfsense postfix/cleanup[4869]: 7E2BFBFEB82: hold: header Received: from xsmtp07.mail2web.com (xsmtp07.mail2web.com [168.144.250.170])??by pfsense.localdomain (Postfix) with ESMTP id 7E2BFBFEB82??for <anhuda@sesric.org>; Mon, 21 May 2012 13:17:22 +0300 (EEST from xsmtp07.mail2web.com[168.144.250.170]; from=<networkadmin@sesric.org> to=<anhuda@sesric.org> proto=ESMTP helo=<xsmtp07.mail2web.com>
May 21 13:17:22 pfsense postfix/cleanup[4869]: 7E2BFBFEB82: message-id=<380-22012512110189682@M2W107.mail2web.com>

So the problem is when I want to send mail from my webclient it gives me the error with SMTP Authentication error. But I am not using any TLS/SASL protocol.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 21, 2012, 08:38:44 am
But when I connect from other webclient like http://www.mail2web.com (http://www.mail2web.com) I got the following logs:

This log means that you are using postscreen and he is doing his job, first connect of each ip after service start(on boot for example) will be rejected, next connections from this ip will be accepted.

att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 21, 2012, 08:40:23 am
This is the log that I getting while want to send emails through Webclient:
May 21 13:00:33 pfsense postfix/smtpd[55803]: lost connection after AUTH from localhost[127.0.0.1]

I did not included any authentication feature to this package yet. If you have this config on other server, just paste postfix authentication options on custom field at gui.

att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: nahid on May 21, 2012, 08:45:36 am
Marcello,

I am getting emails through my Internal Mail Server IP and unable to get those emails through external email server such as 94.55.59.130 or mail2.sesric.org. When I configure Outlook with local mail server ip with 10.10.1.5 it works but it doesn't worh with external ip. Thats the problem I am facing. I can only get email in office but unable to get them at home.

best regards,
Nahid
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 21, 2012, 09:05:38 am
nahid,

This package is just a mail forwarder with antispam features, it will not replace your internal server, if you need external access to your internal server, use a nat rule for it on another ip/port and leave postfix filtering messages from internet to your internal server.

att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: nahid on May 21, 2012, 09:23:32 am
Marcello,

My problem is that I can access from Webclient like mail2web and send mail via my mailserver but unable to connect through mail my external outgoing mail server. Thats problem I am getting. My incoming and outgoing server is same. Thats why I cant change to access from external through another IP.

best regards
Nahid
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 21, 2012, 09:27:59 am
My incoming and outgoing server is same. Thats why I cant change to access from external through another IP.

Create a nat from external port 587 redirecting it to your internal server. This way you can use auth to send email to your internal server.

att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: nahid on May 21, 2012, 09:32:36 am
This is the log when I choose my external mail server ip:

May 21 17:33:33 pfsense postfix/postscreen[16712]: CONNECT from [127.0.0.1]:7002
May 21 17:33:39 pfsense postfix/postscreen[16712]: PASS OLD [127.0.0.1]:7002
May 21 17:33:39 pfsense postfix/smtpd[30639]: connect from localhost[127.0.0.1]
May 21 17:33:39 pfsense postfix/smtpd[30639]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.7.1 <ABUNASER>: Helo command rejected: Host not found; from=<anhuda@sesric.org> to=<networkadmin@sesric.org> proto=ESMTP helo=<ABUNASER>
May 21 17:33:39 pfsense postfix/smtpd[30639]: disconnect from localhost[127.0.0.1]
May 21 17:34:39 pfsense postfix/postscreen[16712]: CONNECT from [127.0.0.1]:58545
May 21 17:34:39 pfsense postfix/postscreen[16712]: PASS OLD [127.0.0.1]:58545
May 21 17:34:39 pfsense postfix/smtpd[30639]: connect from localhost[127.0.0.1]
May 21 17:34:39 pfsense postfix/smtpd[30639]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.7.1 <ABUNASER>: Helo command rejected: Host not found; from=<anhuda@sesric.org> to=<networkadmin@sesric.org> proto=ESMTP helo=<ABUNASER>
May 21 17:34:39 pfsense postfix/smtpd[30639]: disconnect from localhost[127.0.0.1]

Even I couldn't send between my networks.

Nahid
Title: Re: Postfix - antispam and relay package
Post by: nahid on May 21, 2012, 09:38:20 am
Marcello,

I will try with 587 port. But could you please look over the logs I posted. Even I want to send emails between my network it rejected as "Helo command rejected: Host not found; from=<anhuda@sesric.org> to=<networkadmin@sesric.org> proto=ESMTP helo=<ABUNASER>"

But my domain is sesric.org. Even I have passed my network by given 10.10.1.0/24 to my client access list. ıs there anything wrong with the config?

Nahid
Title: Re: Postfix - antispam and relay package
Post by: nahid on May 21, 2012, 11:22:32 am
Marcello,

When I uncheck "Use SMTP Authentication" I get the following logs:

May 21 19:23:28 pfsense postfix/postscreen[8009]: CONNECT from [127.0.0.1]:29580
May 21 19:23:28 pfsense postfix/postscreen[8009]: PASS OLD [127.0.0.1]:29580
May 21 19:23:28 pfsense postfix/smtpd[3010]: connect from localhost[127.0.0.1]
May 21 19:23:28 pfsense postfix/smtpd[3010]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.7.1 <sesric.org?[10.10.1.254]>: Helo command rejected: Host not found; from=<networkadmin@sesric.org> to=<anhuda@sesric.org> proto=ESMTP helo=<sesric.org?[10.10.1.254]>
May 21 19:23:28 pfsense postfix/smtpd[3010]: lost connection after RCPT from localhost[127.0.0.1]
May 21 19:23:28 pfsense postfix/smtpd[3010]: disconnect from localhost[127.0.0.1]

And I think it is something wrong with my config that is not going to accept my domain name. Because here also I just tried to send mail inside my domain.

Best regards,
Nahid
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 21, 2012, 01:42:29 pm
Helo command rejected: Host not found; from=<networkadmin@sesric.org> to=<anhuda@sesric.org> proto=ESMTP helo=<sesric.org?[10.10.1.254]>

This is your error.

Change your client helo info to a valid dns name(internal or external).

If you want, you can disable the helo check on antispam settings too.(I do not recomend, but in some cases this is the easier way to workaround misconfigured servers)

att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: nahid on May 21, 2012, 02:14:45 pm
Marcello,

As you recommend to use helo. In the doamin tab I wrote my domain name as "sesric.org" and the internal ip 10.10.1.5. My mail server is "mail2.sesric.org". So do I need to change my domain with mail server.  Or how can I convert helo to a valid dns name with Internal / External mail server name.

Best regards,
Nahid
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 21, 2012, 03:35:07 pm
Marcello,

As you recommend to use helo. In the doamin tab I wrote my domain name as "sesric.org" and the internal ip 10.10.1.5. My mail server is "mail2.sesric.org". So do I need to change my domain with mail server.  Or how can I convert helo to a valid dns name with Internal / External mail server name.


No domain tab modification is required. Each smtp client has it's own config options. I have no idea how to fix the helo info on your client.
Title: Re: Postfix - antispam and relay package
Post by: nahid on May 21, 2012, 03:51:25 pm
Marcello,

After inspecting Postfix configuration I added myhostname and smtpd_banner through which I solved the rDNS. Now I get the real mail server name when I connect through telnet over 25 port.

Actually here I think there is something unusual with my webclient as always it tries to connect through 127.0.0.1. Every time I tried to connect through webclient I inspect the logs of postfix shows that it tries to connect from 127.0.0.1. If I make a port forward on 25 where the source address would be the localhost(127.0.0.1) and forward them to Internal mail server (10.10.1.5) will it work?

What do you think? If I do so will cause any problem on postfix?

Nahid
Title: Re: Postfix - antispam and relay package
Post by: nahid on May 22, 2012, 01:46:56 am
From yesterday I am getting the following error and unable to get emails.

(mail for [10.10.1.5] loops back to myself) It bounced the emails.

Need help.
Title: Re: Postfix - antispam and relay package
Post by: RobinGill on May 22, 2012, 04:45:48 pm
Hi Marcello,


Many thanks for the information! I've managed to get LDAP working - problem turned out to be a space in a user name. Just thought I would also mention that once the import has worked, I can see all the entries in the GUI when looking at view config/relay_recipients.

Also after reinstalling yet again it seems to be working perfectly! Thanks again for the package :)
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 22, 2012, 09:53:01 pm
RobinGill,

all working now? I was trying to reproduce your no valid recipients check you've posted today.
The reinstall did the trick?

att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: fogelholk on May 25, 2012, 03:57:42 am
Hi marcelloc,

I'm sorry if this really doesn't concern you, but I would love if you could either point me in some direction or something about this matter;
I'm using your postfix forwarder just for relaying messages because my net is blocked, works wonderfully, but...
I realized today that messages over just a couple of megabytes is a no-go sending through the forwarder, I upped the limit to ~100mb (102400000 bytes).
I just tried sending a message that is just over 10 megabytes in size and I get this message:
Quote
May 25 10:55:22 princesscelestia postfix/smtpd[3713]: NOQUEUE: reject: MAIL from twilightsparkle.fogelholk.se[192.168.11.11]: 452 4.3.1 Insufficient system storage; proto=SMTP helo=<derpy.fogelholk.se>
May 25 10:55:22 princesscelestia postfix/smtpd[3713]: warning: not enough free space in mail queue: 47714304 bytes < 1.5*message size limit
I use the 4gb nanoBSD-image build on a usb-stick, and on the dashboard it says I have only used 17% of the total disk space, is it possible to, I don't know, use another folder or something with more space for Postfix Forwarder?
I must admit I'm not very good with BSD-commands, but I get around somewhat and you should be able to get quite techy in your description if you decide to help me :)

Thanks for a great addon otherwise, has worked great so far!

Edit: Did some more testing and the error above apperently means that postfix can't allocate the 102400000 bytes that I set, if I for example decrease it to 20480000 bytes (~20mb) I can send messages larger than 10 megabytes.
Though I would like to increase the limit to about 100 megabytes or around there, is this possible with either moving the postfix folder or where it allocates the space in some way or another?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 25, 2012, 10:17:41 am
The problem is that /var is ram drive and /usr is read only on nanobsd.

you can symlink postfix folder to /usr but you will need to leave /usr writable all the time.

Title: Re: Postfix - antispam and relay package
Post by: fogelholk on May 25, 2012, 10:40:43 am
The problem is that /var is ram drive and /usr is read only on nanobsd.

you can symlink postfix folder to /usr but you will need to leave /usr writable all the time.
Alright, thanks for your answer.

Would it be possible to give it more ram or increase the size of /var or something? The tiny beast has 2GB of total ram, and currently about 11% in use.
Title: Re: Postfix - antispam and relay package
Post by: nahid on May 25, 2012, 07:08:26 pm
Marcello,

My SMTP Test report as follows:
EHLO please-read-policy.mxtoolbox.com
250-firewall.sesric.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN [187 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 2.1.0 Ok [203 ms]
RCPT TO: <test@example.com>
554 5.7.1 <test@example.com>: Relay access denied [187 ms]
QUIT
221 2.0.0 Bye [203 ms]


I want to convert the local address (red marked) to mail2.sesric.org.
Is there any way to solve this.

Best regards,
Nahid
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 25, 2012, 09:19:19 pm
Nahid,

I think you just need to add

myhostname=mail2.sesric.org
smtp_helo_name=mail2.sesric.org

to genereal -> custom main.cf options

att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: nahid on May 26, 2012, 04:09:25 am
Mercello,

In that case I got the following log that shows the messages were bounced and it doesn't deliver.

May 26 12:10:19   nahid05@gmail.com   anhuda@sesric.org   0.63   bounced   (mail for [10.10.1.5] loops back to myself)
May 26 12:09:23   nashanahid@yahoo.com   anhuda@sesric.org   0.69   bounced   (mail for [10.10.1.5] loops back to myself)

Best regards,
Nahid
Title: Re: Postfix - antispam and relay package
Post by: RobinGill on May 27, 2012, 03:14:55 pm
RobinGill,

all working now? I was trying to reproduce your no valid recipients check you've posted today.
The reinstall did the trick?

att,
Marcello Coutinho

Hi Marcello,

Yes it's all working now that I've reinstalled. Strange thing is I tried a few times until I got it working. If I can figure out how to reproduce the problem I had I will let you know.

Also it's no major deal, but I'm wondering if on the next update it may be worth modifying the package to add quote marks to allow ldap authentication with a username with a space in it. I tried adding the quote marks in the gui but they are automatically removed.

Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 27, 2012, 06:01:16 pm
but I'm wondering if on the next update it may be worth modifying the package to add quote marks to allow ldap authentication with a username with a space in it. I tried adding the quote marks in the gui but they are automatically removed.

I leave only letters and number to avoid code on the field.
Title: Re: Postfix - antispam and relay package
Post by: nahid on May 28, 2012, 01:37:01 am
"Mercello,

In that case I got the following log that shows the messages were bounced and it doesn't deliver.

May 26 12:10:19   nahid05@gmail.com   anhuda@sesric.org   0.63   bounced   (mail for [10.10.1.5] loops back to myself)
May 26 12:09:23   nashanahid@yahoo.com   anhuda@sesric.org   0.69   bounced   (mail for [10.10.1.5] loops back to myself)

Best regards,
Nahid"


Marcello,

Is there any way to solve this?

Nahid
Title: Re: Postfix - antispam and relay package
Post by: zlyzwy on May 28, 2012, 02:48:23 am
Hi Marcelloc,

I have one question, some mail server is continuing sending spam email to my server.
It brings me a lot of useless log in Search Mail(NOQUEUE).
Code: [Select]
May 28 15:41:58 xxx@xxx.com aaa@aaa.cn reject
May 28 15:42:58 xxx@xxx.com aaa@aaa.cn reject
May 28 15:43:58 xxx@xxx.com aaa@aaa.cn reject
May 28 15:44:58 xxx@xxx.com aaa@aaa.cn reject
May 28 15:45:58 xxx@xxx.com aaa@aaa.cn reject
May 28 15:46:58 xxx@xxx.com aaa@aaa.cn reject
May 28 15:47:58 xxx@xxx.com aaa@aaa.cn reject

I add the rule in Access List --> Sender
Code: [Select]
xxx@xxx.com RJECT
bbb.com REJECT
But I found I still can see these log in Search Mail.

Can I just block these mail address somewhere? Or maybe there will have a filter for log?

Thanks for your great work!
Zlyzwy
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 28, 2012, 10:16:27 am
The noqueue log means that the message was rejected before mail data.

To do not receive this error, you will need to configure a firewall rule for these ips.

att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: zlyzwy on May 28, 2012, 07:32:34 pm
The noqueue log means that the message was rejected before mail data.

To do not receive this error, you will need to configure a firewall rule for these ips.

att,
Marcello Coutinho

In fact, I has tried this method already, however it seems it doesn't work.
I have pfBlocker installed, I put the spam ip into the Custom list, eg:
Code: [Select]
111.222.333.444/32  #xxx@xxx.comThen I still see the NOQUEUE log...
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 28, 2012, 10:54:09 pm
In fact, I has tried this method already, however it seems it doesn't work.
I have pfBlocker installed, I put the spam ip into the Custom list, eg:
111.222.333.444/32  #xxx@xxx.com

can you check on diagnostics table if this ip is listed on pfblocker alias?
what action did you selected on pfblocker?

pfBlocker is a nice package  ;), but for this rule, you need just an alias and a rule on wan.

att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: zlyzwy on May 29, 2012, 12:17:46 am
Quote
can you check on diagnostics table if this ip is listed on pfblocker alias?
Yes, it's.
Quote
what action did you selected on pfblocker?
Deny Inbound

I can see the packets which has been blocked by PFblocker from Dashboard..
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 29, 2012, 06:33:41 am
Check the log, it may be coming from more than one ip.
Title: Re: Postfix - antispam and relay package
Post by: zlyzwy on May 29, 2012, 07:36:41 pm
Check the log, it maybe comming from more then one ip.
You are right... there are three ips from one address.

I blocked them all and it's now OK~

Thanks for your help~
Title: Re: Postfix - antispam and relay package
Post by: ics on May 31, 2012, 09:26:35 am
Hi,

In Postfix, is it possible to forward emails to specific servers depending on the recipient email address (not only on the domain) ?

Thank you
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 31, 2012, 11:00:28 am
not yet.  :(
Title: Re: Postfix - antispam and relay package
Post by: zlyzwy on June 19, 2012, 06:26:30 am
Hi Marcelloc,

Can I add the NOQUEUE email address to Whitelist?
Some of mail server can't pass 'Helo Hostname' check....

As my understanding, the "access lists" will only work with QUEUE email address.

Thanks in advance~

Zlyzwy
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on June 19, 2012, 03:31:33 pm
The noqueue info in log file are for messages that failed during header check.

to workaround it,you can:

But the best way is to ask remote site admin to fix his smtp configuration.
Title: Re: Postfix - antispam and relay package
Post by: ics on June 29, 2012, 02:47:27 am
Hi,

In Search Mail some emails have status "sent" even if it's detected as spam (maillog).
And for some other emails status "spam" is obviously correct. :)

Any explanation ?

Another question :
the subject displayed is the original subject of the email. Is it possible to view the modified subject also ?

Thanks
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on June 29, 2012, 08:08:34 am
Any explanation ?

Are you using mailscanner too? if so, there are som actions that sends the spam message just changing the subject, so the last action of this message_id is sent as postfix sent it to user.

the subject displayed is the original subject of the email. Is it possible to view the modified subject also ?

Not yet, the databased is filled by maillog file, the subject is logged only when messages arrives.
Title: Re: Postfix - antispam and relay package
Post by: biggsy on July 03, 2012, 04:00:20 am
Hi Marcello,

I have an IronPort box that's been trying to bounce the same mail to my mail server, on the hour for nearly three days.

The sender address is being rejected for obvious reasons:

NOQUEUE: reject: RCPT from ironport2-out.teksavvy.com[206.248.154.182]: 450 4.1.8 <mailman-bounces@localhost.localdomain>: Sender address rejected: Domain not found; from=<mailman-bounces@localhost.localdomain> ...
 
I tried to whitelist the server, blacklist it and a bunch of other things but the reject_unknown_sender_domain still kicks in and, becasue it's only a 450 response, they try again an hour later.

I thought I'd try "soft_bounce=no" but the GUI won't allow me to set that.   

I can get soft_bounce=yes by setting soft bounce to "enabled" in the GUI but selecting either "Only in PostScreen" or "Disabled" just clears soft_bounce from main.cf. 

I thought Disabled should set soft_bounce=no but wanted to ask what you think?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on July 03, 2012, 08:39:04 am
The best way to receive this bounce is to send an email to remote site sysadmin explaining his server misconfiguration.
To workaround for this misconfigured server, enable dns forwarder service and add missing domain/host as a Host Override.

Quote
I thought Disabled should set soft_bounce=no but wanted to ask what you think?
postfix documentation  (http://www.postfix.org/postconf.5.html) says that soft_bounce default value is no, so if it's not declared, then soft_bounce=no.

soft_bounce (default: no)
Safety net to keep mail queued that would otherwise be returned to the sender. This parameter disables locally-generated bounces, and prevents the Postfix SMTP server from rejecting mail permanently, by changing 5xx reply codes into 4xx. However, soft_bounce is no cure for address rewriting mistakes or mail routing mistakes.

Example:

soft_bounce = yes


att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: ics on July 04, 2012, 07:45:16 am
Hi,

My Postfix rejects emails from a server with the error : "Client host rejected: cannot find your hostname"
However, the IP address is perfectly resolvable.
And in maillog :
"warning: **.**.***.***: hostname domain.net verification failed: hostname nor servname provided, or not known"

I tried to add the IP address in MyNetworks, no change.

Do you know what is misconfigured ?

Thanks
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on July 04, 2012, 08:23:00 am
The ip address is resolvable, but hostname that server sent on smtp header is?

Sometimes this wrong hostname is sent on servername or helo info.
Title: Re: Postfix - antispam and relay package
Post by: ics on July 04, 2012, 08:45:02 am
postfix says :
RCPT from unknown[IP_Address]: 450 4.7.1 Client host rejected: cannot find your hostname
The helo is correct and correspond to the IP address when resolved.

The hostname in smtp header is the HELO ?
If not where can I find it in the log ?

Anyway, why is it still rejected while the IP is in MyNetworks ?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on July 04, 2012, 11:40:52 am
Anyway, why is it still rejected while the IP is in MyNetworks ?

even on MyNetworks, the email must be correct.
The mynetworks will allow this ip to relay to any domain.

Add this ipname on dns forwarder host override list and check if it pass the resolv test.

att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: ics on July 05, 2012, 06:15:06 am
Add this ipname on dns forwarder host override list and check if it pass the resolv test.

It works.

Thank you
Title: Re: Postfix - antispam and relay package
Post by: arosenau on July 12, 2012, 07:03:09 pm
Has anyone been able to get this to work using Gmail as a relay? I get the following errors when I try and relay through gmail using this package



Jul 12 23:50:51
postfix/smtp[17005]: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
 
Jul 12 23:50:51
postfix/smtp[17005]: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"
 
Jul 12 23:50:51
postfix/smtp[17005]: cannot load Certificate Authority data: disabling TLS support

Jul 12 23:50:51
postfix/smtp[17005]: warning: TLS library problem: 17005:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:126:fopen('/etc/pki/tls/certs/ca-bundle.crt','r'):
 
Jul 12 23:50:51
postfix/smtp[17005]: warning: TLS library problem: 17005:error:2006D080:BIO routines:BIO_new_file:no such file:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:129:
 
Jul 12 23:50:51
postfix/smtp[17005]: warning: TLS library problem: 17005:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/x509/by_file.c:274:


I think the most important error is this one
postfix/smtp[17005]: cannot load Certificate Authority data: disabling TLS support

and I would assume that is because it can't find the smtp_tls_CAfile which I also can't find anywhere on the pfsense box, so I can't specify the correct path in my main.cf file.

Any ideas? I'm sure its something simple i missed.  :P
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on July 12, 2012, 10:34:01 pm
Any ideas? I'm sure its something simple i missed.  :P

you will need some libs from freebsd to get it working.

take a look on my repo.
i386
http://e-sac.siteseguro.ws/pfsense/8/All/ldd/

amd64
http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/
Title: Re: Postfix - antispam and relay package
Post by: arosenau on July 16, 2012, 10:20:40 am
Any ideas? I'm sure its something simple i missed.  :P

you will need some libs from freebsd to get it working.

take a look on my repo.
i386
http://e-sac.siteseguro.ws/pfsense/8/All/ldd/

amd64
http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/


Can you point me in the right direction on how to get these installed? I am familiar with apt and yum in the Linux world, but I don't know how package management works in the freebsd/pfsense world.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on July 16, 2012, 10:32:48 am
Can you point me in the right direction on how to get these installed?

Just download the missing libs to /usr/local/lib using fetch cmd on console/ssh and try again.

att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: arosenau on July 16, 2012, 04:49:24 pm
Just download the missing libs to /usr/local/lib using fetch cmd on console/ssh and try again.

att,
Marcello Coutinho

So I got those packages downloaded and stopped and started post fix but I'm still having the same errors. Also I didn't mention in my first post that I also get an error that says " Must issue a STARTTLS command first. y5sm20759670igb.11 (in reply to MAIL FROM command))" I would assume I"m getting this error because it can't load the Certificate Authority data and it disabled TLS support.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on July 16, 2012, 05:02:40 pm
Jul 12 23:50:51
postfix/smtp[17005]: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: Shared object "libgssapi.so.10" not found, required by "libgssapiv2.so.2"

The postfix message looks for libs on /usr/local/lib/sasl2/ instead of  /usr/local/lib like I've posted.

can you try to copy these libs to /usr/local/lib/sasl2/ and teste again?

att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: arosenau on July 16, 2012, 05:11:08 pm
The postfix message looks for libs on /usr/local/lib/sasl2/ instead of  /usr/local/lib like I've posted.

can you try to copy these libs to /usr/local/lib/sasl2/ and teste again?

att,
Marcello Coutinho

Still doesn't work, although the error now looks slightly different "unsupported file layout"

Code: [Select]
Jul 16 22:12:40 postfix/smtp[9495]: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: /usr/local/lib/libgssapi.so.10: unsupported file layout
Jul 16 22:12:40 postfix/smtp[9495]: unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: /usr/local/lib/libgssapi.so.10: unsupported file layout
Jul 16 22:12:40 postfix/smtp[9495]: cannot load Certificate Authority data: disabling TLS support
Jul 16 22:12:40 postfix/smtp[9495]: warning: TLS library problem: 9495:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:126:fopen('/etc/pki/tls/certs/ca-bundle.crt','r'):
Jul 16 22:12:40 postfix/smtp[9495]: warning: TLS library problem: 9495:error:2006D080:BIO routines:BIO_new_file:no such file:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:129:
Jul 16 22:12:40 postfix/smtp[9495]: warning: TLS library problem: 9495:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/x509/by_file.c:274:
Jul 16 22:12:40 postfix/smtp[9495]: 0EE7440B28F: to=<armyreciepent@gmail.com>, relay=smtp.gmail.com[209.85.225.108]:587, delay=0.64, delays=0.37/0.02/0.21/0.04, dsn=5.7.0, status=bounced (host smtp.gmail.com[209.85.225.108] said: 530 5.7.0 Must issue a STARTTLS command first. ud8sm20864816igb.4 (in reply to MAIL FROM command))
Jul 16 22:12:40 postfix/cleanup[9348]: A5BBD40B298: message-id=<20120716221240.A5BBD40B298@relay>
Jul 16 22:12:40 postfix/bounce[9782]: 0EE7440B28F: sender non-delivery notification: A5BBD40B298
Jul 16 22:12:40 postfix/qmgr[53688]: A5BBD40B298: from=<>, size=2493, nrcpt=1 (queue active)
Jul 16 22:12:40 postfix/qmgr[53688]: 0EE7440B28F: removed
Jul 16 22:12:40 postfix/smtp[9495]: A5BBD40B298: to=<xxx@mydomain.com>, relay=smtp.gmail.com[209.85.225.109]:587, delay=0.16, delays=0.01/0/0.12/0.04, dsn=5.7.0, status=bounced (host smtp.gmail.com[209.85.225.109] said: 530 5.7.0 Must issue a STARTTLS command first. k5sm9875094igq.12 (in reply to MAIL FROM command))
Jul 16 22:12:40 postfix/qmgr[53688]: A5BBD40B298: removed
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on July 16, 2012, 05:42:18 pm
Still doesn't work, although the error now looks slightly different "unsupported file layout"

It normally means you have copied files from a different arch. (i386 files on amd64 for example)
Title: Re: Postfix - antispam and relay package
Post by: arosenau on July 16, 2012, 07:47:08 pm
It normally means you have copied files from a different arch. (i386 files on amd64 for example)

Yep that was the issue there. I didn't build this box and just assumed it was 64 bit and turns out it is only 32 bit. So that solved those errors although it still doesn't work and I have the below errors, all concerning TLS.

Code: [Select]
Jul 17 00:47:50 postfix/smtp[11692]: cannot load Certificate Authority data: disabling TLS support
Jul 17 00:47:50 postfix/smtp[11692]: warning: TLS library problem: 11692:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:126:fopen('/etc/pki/tls/certs/ca-bundle.crt','r'):
Jul 17 00:47:50 postfix/smtp[11692]: warning: TLS library problem: 11692:error:2006D080:BIO routines:BIO_new_file:no such file:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:129:
Jul 17 00:47:50 postfix/smtp[11692]: warning: TLS library problem: 11692:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/x509/by_file.c:274:
Jul 17 00:47:50 postfix/smtp[11692]: DDAE740B293: to=<myrecipient@gmail.com>, relay=smtp.gmail.com[209.85.225.109]:587, delay=0.65, delays=0.37/0.08/0.17/0.04, dsn=5.7.0, status=bounced (host smtp.gmail.com[209.85.225.109] said: 530 5.7.0 Must issue a STARTTLS command first. g5sm10214882ign.4 (in reply to MAIL FROM command))
Jul 17 00:47:50 postfix/cleanup[11555]: 841B240B29D: message-id=<20120717004750.841B240B29D@relay>
Jul 17 00:47:50 postfix/bounce[11894]: DDAE740B293: sender non-delivery notification: 841B240B29D
Jul 17 00:47:50 postfix/qmgr[56809]: 841B240B29D: from=<>, size=2491, nrcpt=1 (queue active)
Jul 17 00:47:50 postfix/qmgr[56809]: DDAE740B293: removed
Jul 17 00:47:50 postfix/smtp[11692]: 841B240B29D: to=<myuser@mydomain.com>, relay=smtp.gmail.com[209.85.225.108]:587, delay=0.17, delays=0.01/0/0.12/0.04, dsn=5.7.0, status=bounced (host smtp.gmail.com[209.85.225.108] said: 530 5.7.0 Must issue a STARTTLS command first. pp4sm21477529igb.5 (in reply to MAIL FROM command))
Jul 17 00:47:50 postfix/qmgr[56809]: 841B240B29D: removed
Title: Re: Postfix - antispam and relay package
Post by: arosenau on July 16, 2012, 08:23:51 pm
So I ended up solving the TLS errors by downloading the following cert bundle. Is this the correct bundle? It is working now but is this the long term solution?

http://curl.haxx.se/ca/cacert.pem (http://curl.haxx.se/ca/cacert.pem)
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on July 16, 2012, 10:54:05 pm
I think this TLS ca missing cert is from remote site certificate.

the ca_root certificate package on freebsd ports is ca_root_nss-3.13.5 (http://www.freebsd.org/cgi/ports.cgi?query=ca_root&stype=name&sektion=all)

Mailscanner package installs it, but the way you did(if you trust http://curl.haxx.se site) also installed the ca bundle certs file.

schedule from time to time an ca_bundle file update.
Title: Re: Postfix - antispam and relay package
Post by: Unubtanium on July 26, 2012, 07:02:00 am
So if i am not way leftfield, would i go about stopping backscatter coming in with something like this:
OR have i blown a logic fuse  :P

By put this in header check under ACL
Quote

/^(From|Return-Path):.*\b(user@domain\.tld)\b/
        reject forged sender address in $1: header: $2


And putting this in body checks
Quote
   /^[> ]*(From|Return-Path):.*\b(user@domain\.tld)\b/
        reject forged sender address in $1: header: $2


I am a bit confused after reading this: http://www.postfix.org/BACKSCATTER_README.html
DO i have to manually have to change the user@domain to my local domain users so it would be user@mydomain.com and or will
it check my Valid recipients and block ALL external emails that comes from the internet with my Valid recipients as from field?
 ???

And would this also help stopping me from being a source for backscatter? or again have i blown a fuse??
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on July 26, 2012, 09:29:54 am
I am a bit confused after reading this: http://www.postfix.org/BACKSCATTER_README.html
DO i have to manually have to change the user@domain to my local domain users so it would be user@mydomain.com and or will
it check my Valid recipients and block ALL external emails that comes from the internet with my Valid recipients as from field?
 ???
All postfix antispam settings(spf checks, helo checks, etc..) and valid recipients can do a really good job on rejecting junk/misconfigured mail servers.
If you want to apply these backscatter rules, you need to change user@domain to your domain.

And would this also help stopping me from being a source for backscatter? or again have i blown a fuse??
Do you have any postfix log with these backscatter on your domain?

att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: Unubtanium on July 26, 2012, 09:41:12 am

Do you have any postfix log with these backscatter on your domain?

att,
Marcello Coutinho

No i do not, it is just me being very worried about it and want to take any steps to stop it.

So i guess it is all smooth sailing for now.
Just need to figure this one out:
Quote
07-26-2012   15:40:28   Mail.Info   lanip   Jul 26 15:42:50 postfix/postscreen[13438]: DISCONNECT [49.236.198.230]:64766
07-26-2012   15:40:28   Mail.Info   lanip   Jul 26 15:42:50 postfix/postscreen[13438]: HANGUP after 1.1 from [49.236.198.230]:64766 in tests after SMTP handshake
07-26-2012   15:40:27   Mail.Info   lanip   Jul 26 15:42:49 postfix/postscreen[13438]: CONNECT from [49.236.198.230]:64766
07-26-2012   15:40:27   Local0.Info   lanip   Jul 26 15:42:49 pf:     49.236.198.230.64766 > wanip.25: Flags [ S ], cksum 0xa6f8 (correct), seq 652894980, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0


And then finaly i can enjoy the Olympic :)
Title: Re: Postfix - antispam and relay package
Post by: zlyzwy on July 27, 2012, 01:38:46 am
Hi Marcelloc,

I got these error message from maillog:
Quote
Jul 27 14:40:59 pfsense MailScanner[9782]: You want to use SpamAssassin but have not installed it.
Jul 27 14:40:59 pfsense MailScanner[9782]: Please download http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz and unpack it and run ./install.sh to install it, then restart MailScanner.
Jul 27 14:40:59 pfsense MailScanner[9782]: I will run without SpamAssassin for now, you will not detect much spam until you install SpamAssassin.
All the email has been hold by postfix...
Do you know any reason why this will happen?
Thanks~

Zlyzwy
Title: Re: Postfix - antispam and relay package
Post by: Unubtanium on July 27, 2012, 01:59:43 am
Hi Marcelloc,

I got these error message from maillog:
Quote
Jul 27 14:40:59 pfsense MailScanner[9782]: You want to use SpamAssassin but have not installed it.
Jul 27 14:40:59 pfsense MailScanner[9782]: Please download http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz and unpack it and run ./install.sh to install it, then restart MailScanner.
Jul 27 14:40:59 pfsense MailScanner[9782]: I will run without SpamAssassin for now, you will not detect much spam until you install SpamAssassin.
All the email has been hold by postfix...
Do you know any reason why this will happen?
Thanks~

Zlyzwy


I am not a expert on this, but have you tried to fix SpamAssassin first to see if that has anything to do with it?

And if you run sa-update does it run without any errors?
Title: Re: Postfix - antispam and relay package
Post by: zlyzwy on July 27, 2012, 02:26:24 am
Hi Unubtantium,

I tried to fix this problem:
1. restart the PF --> NG
2. Reinstall the MailScanner and restart again -->NG

The mail is still holding in postfix....

Here is the maillog after restart my PF.

Quote
Jul 27 15:14:38 pfsense postfix/postfix-script[28704]: fatal: the Postfix mail system is not running
Jul 27 15:14:40 pfsense postfix/postfix-script[34423]: fatal: the Postfix mail system is not running
Jul 27 15:14:43 pfsense postfix/postfix-script[52464]: fatal: the Postfix mail system is not running
Jul 27 15:14:46 pfsense postfix/postfix-script[2013]: fatal: the Postfix mail system is not running
Jul 27 15:14:48 pfsense postfix/postfix-script[11927]: warning: not owned by root: /var/spool/postfix
Jul 27 15:14:48 pfsense postfix/postfix-script[14440]: fatal: the Postfix mail system is not running
Jul 27 15:14:50 pfsense postfix/postfix-script[16474]: warning: not owned by postfix: /var/db/postfix/./2012-04-25.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17029]: warning: not owned by postfix: /var/db/postfix/./2012-04-26.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17082]: warning: not owned by postfix: /var/db/postfix/./2012-05-02.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17087]: warning: not owned by postfix: /var/db/postfix/./2012-05-03.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17153]: warning: not owned by postfix: /var/db/postfix/./2012-05-11.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17327]: warning: not owned by postfix: /var/db/postfix/./2012-05-12.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17611]: warning: not owned by postfix: /var/db/postfix/./2012-05-13.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17745]: warning: not owned by postfix: /var/db/postfix/./2012-05-14.db
Jul 27 15:14:50 pfsense postfix/postfix-script[18650]: warning: not owned by postfix: /var/db/postfix/./2012-05-15.db
Jul 27 15:14:50 pfsense postfix/postfix-script[19266]: warning: not owned by postfix: /var/db/postfix/./2012-05-16.db
Jul 27 15:14:50 pfsense postfix/postfix-script[19442]: warning: not owned by postfix: /var/db/postfix/./2012-05-17.db
Jul 27 15:14:50 pfsense postfix/postfix-script[19527]: warning: not owned by postfix: /var/db/postfix/./2012-05-18.db
Jul 27 15:14:50 pfsense postfix/postfix-script[19827]: warning: not owned by postfix: /var/db/postfix/./2012-05-19.db
Jul 27 15:14:50 pfsense postfix/postfix-script[19951]: warning: not owned by postfix: /var/db/postfix/./2012-05-20.db
Jul 27 15:14:50 pfsense postfix/postfix-script[20242]: warning: not owned by postfix: /var/db/postfix/./2012-05-21.db
Jul 27 15:14:50 pfsense postfix/postfix-script[20537]: warning: not owned by postfix: /var/db/postfix/./2012-05-22.db
Jul 27 15:14:50 pfsense postfix/postfix-script[20871]: warning: not owned by postfix: /var/db/postfix/./2012-05-23.db
Jul 27 15:14:50 pfsense postfix/postfix-script[20874]: warning: not owned by postfix: /var/db/postfix/./2012-05-24.db
Jul 27 15:14:50 pfsense postfix/postfix-script[21110]: warning: not owned by postfix: /var/db/postfix/./2012-05-25.db
Jul 27 15:14:51 pfsense postfix/postfix-script[21323]: warning: not owned by postfix: /var/db/postfix/./2012-05-26.db
Jul 27 15:14:51 pfsense postfix/postfix-script[21325]: warning: not owned by postfix: /var/db/postfix/./2012-05-27.db
Jul 27 15:14:51 pfsense postfix/postfix-script[21486]: warning: not owned by postfix: /var/db/postfix/./2012-05-28.db
Jul 27 15:14:51 pfsense postfix/postfix-script[21803]: warning: not owned by postfix: /var/db/postfix/./2012-05-29.db
Jul 27 15:14:51 pfsense postfix/postfix-script[21905]: warning: not owned by postfix: /var/db/postfix/./2012-05-30.db
Jul 27 15:14:51 pfsense postfix/postfix-script[22291]: warning: not owned by postfix: /var/db/postfix/./2012-05-31.db
Jul 27 15:14:51 pfsense postfix/postfix-script[22372]: warning: not owned by postfix: /var/db/postfix/./2012-06-01.db
Jul 27 15:14:51 pfsense postfix/postfix-script[22604]: warning: not owned by postfix: /var/db/postfix/./2012-06-02.db
Jul 27 15:14:51 pfsense postfix/postfix-script[22681]: warning: not owned by postfix: /var/db/postfix/./2012-06-03.db
Jul 27 15:14:51 pfsense postfix/postfix-script[22692]: warning: not owned by postfix: /var/db/postfix/./2012-06-04.db
Jul 27 15:14:51 pfsense postfix/postfix-script[22989]: warning: not owned by postfix: /var/db/postfix/./2012-06-05.db
Jul 27 15:14:51 pfsense postfix/postfix-script[23335]: warning: not owned by postfix: /var/db/postfix/./2012-06-06.db
Jul 27 15:14:51 pfsense postfix/postfix-script[23403]: warning: not owned by postfix: /var/db/postfix/./2012-06-07.db
Jul 27 15:14:51 pfsense postfix/postfix-script[23470]: warning: not owned by postfix: /var/db/postfix/./2012-06-08.db
Jul 27 15:14:51 pfsense postfix/postfix-script[23810]: warning: not owned by postfix: /var/db/postfix/./2012-06-09.db
Jul 27 15:14:51 pfsense postfix/postfix-script[23944]: warning: not owned by postfix: /var/db/postfix/./2012-06-10.db
Jul 27 15:14:51 pfsense postfix/postfix-script[23975]: warning: not owned by postfix: /var/db/postfix/./2012-06-11.db
Jul 27 15:14:51 pfsense postfix/postfix-script[24206]: warning: not owned by postfix: /var/db/postfix/./2012-06-12.db
Jul 27 15:14:51 pfsense postfix/postfix-script[24376]: warning: not owned by postfix: /var/db/postfix/./2012-06-13.db
Jul 27 15:14:51 pfsense postfix/postfix-script[24427]: warning: not owned by postfix: /var/db/postfix/./2012-06-14.db
Jul 27 15:14:51 pfsense postfix/postfix-script[24510]: warning: not owned by postfix: /var/db/postfix/./2012-06-15.db
Jul 27 15:14:51 pfsense postfix/postfix-script[24584]: warning: not owned by postfix: /var/db/postfix/./2012-06-16.db
Jul 27 15:14:51 pfsense postfix/postfix-script[24894]: warning: not owned by postfix: /var/db/postfix/./2012-06-17.db
Jul 27 15:14:51 pfsense postfix/postfix-script[25224]: warning: not owned by postfix: /var/db/postfix/./2012-06-18.db
Jul 27 15:14:51 pfsense postfix/postfix-script[25520]: warning: not owned by postfix: /var/db/postfix/./2012-06-19.db
Jul 27 15:14:51 pfsense postfix/postfix-script[25860]: warning: not owned by postfix: /var/db/postfix/./2012-06-20.db
Jul 27 15:14:51 pfsense postfix/postfix-script[26134]: warning: not owned by postfix: /var/db/postfix/./2012-06-21.db
Jul 27 15:14:51 pfsense postfix/postfix-script[26365]: warning: not owned by postfix: /var/db/postfix/./2012-06-22.db
Jul 27 15:14:51 pfsense postfix/postfix-script[26540]: warning: not owned by postfix: /var/db/postfix/./2012-06-23.db
Jul 27 15:14:51 pfsense postfix/postfix-script[26868]: warning: not owned by postfix: /var/db/postfix/./2012-06-26.db
Jul 27 15:14:51 pfsense postfix/postfix-script[27165]: warning: not owned by postfix: /var/db/postfix/./2012-06-27.db
Jul 27 15:14:51 pfsense postfix/postfix-script[27382]: warning: not owned by postfix: /var/db/postfix/./2012-06-28.db
Jul 27 15:14:51 pfsense postfix/postfix-script[27467]: warning: not owned by postfix: /var/db/postfix/./2012-06-29.db
Jul 27 15:14:51 pfsense postfix/postfix-script[27795]: warning: not owned by postfix: /var/db/postfix/./2012-06-30.db
Jul 27 15:14:51 pfsense postfix/postfix-script[28029]: warning: not owned by postfix: /var/db/postfix/./2012-07-01.db
Jul 27 15:14:51 pfsense postfix/postfix-script[28261]: warning: not owned by postfix: /var/db/postfix/./2012-07-02.db
Jul 27 15:14:51 pfsense postfix/postfix-script[28765]: warning: not owned by postfix: /var/db/postfix/./2012-07-03.db
Jul 27 15:14:51 pfsense postfix/postfix-script[28961]: warning: not owned by postfix: /var/db/postfix/./2012-07-04.db
Jul 27 15:14:51 pfsense postfix/postfix-script[29197]: warning: not owned by postfix: /var/db/postfix/./2012-07-05.db
Jul 27 15:14:51 pfsense postfix/postfix-script[29762]: warning: not owned by postfix: /var/db/postfix/./2012-07-06.db
Jul 27 15:14:51 pfsense postfix/postfix-script[30563]: warning: not owned by postfix: /var/db/postfix/./2012-07-07.db
Jul 27 15:14:52 pfsense postfix/postfix-script[30648]: warning: not owned by postfix: /var/db/postfix/./2012-07-08.db
Jul 27 15:14:52 pfsense postfix/postfix-script[30703]: warning: not owned by postfix: /var/db/postfix/./2012-07-09.db
Jul 27 15:14:52 pfsense postfix/postfix-script[31192]: warning: not owned by postfix: /var/db/postfix/./2012-07-10.db
Jul 27 15:14:52 pfsense postfix/postfix-script[31482]: warning: not owned by postfix: /var/db/postfix/./2012-07-11.db
Jul 27 15:14:52 pfsense postfix/postfix-script[31971]: warning: not owned by postfix: /var/db/postfix/./2012-07-12.db
Jul 27 15:14:52 pfsense postfix/postfix-script[32840]: warning: not owned by postfix: /var/db/postfix/./2012-07-13.db
Jul 27 15:14:52 pfsense postfix/postfix-script[33442]: warning: not owned by postfix: /var/db/postfix/./2012-07-14.db
Jul 27 15:14:52 pfsense postfix/postfix-script[33904]: fatal: the Postfix mail system is not running
Jul 27 15:14:52 pfsense postfix/postfix-script[33606]: warning: not owned by postfix: /var/db/postfix/./2012-07-15.db
Jul 27 15:14:52 pfsense postfix/postfix-script[33922]: warning: not owned by postfix: /var/db/postfix/./2012-07-16.db
Jul 27 15:14:52 pfsense postfix/postfix-script[34663]: warning: not owned by postfix: /var/db/postfix/./2012-07-17.db
Jul 27 15:14:52 pfsense postfix/postfix-script[35204]: warning: not owned by postfix: /var/db/postfix/./2012-07-18.db
Jul 27 15:14:52 pfsense postfix/postfix-script[35502]: warning: not owned by postfix: /var/db/postfix/./2012-07-19.db
Jul 27 15:14:52 pfsense postfix/postfix-script[35939]: warning: not owned by postfix: /var/db/postfix/./2012-07-20.db
Jul 27 15:14:52 pfsense postfix/postfix-script[36238]: warning: not owned by postfix: /var/db/postfix/./2012-07-21.db
Jul 27 15:14:52 pfsense postfix/postfix-script[36648]: warning: not owned by postfix: /var/db/postfix/./2012-07-22.db
Jul 27 15:14:52 pfsense postfix/postfix-script[37238]: warning: not owned by postfix: /var/db/postfix/./2012-07-23.db
Jul 27 15:14:52 pfsense postfix/postfix-script[37583]: warning: not owned by postfix: /var/db/postfix/./2012-07-24.db
Jul 27 15:14:52 pfsense postfix/postfix-script[38040]: warning: not owned by postfix: /var/db/postfix/./2012-07-25.db
Jul 27 15:14:53 pfsense postfix/postfix-script[38674]: warning: not owned by postfix: /var/db/postfix/./2012-07-26.db
Jul 27 15:14:53 pfsense postfix/postfix-script[39545]: warning: not owned by postfix: /var/db/postfix/./2012-07-27.db
Jul 27 15:14:53 pfsense postfix/postfix-script[43603]: starting the Postfix mail system
Jul 27 15:14:54 pfsense postfix/master[43991]: daemon started -- version 2.8.7, configuration /usr/local/etc/postfix
Jul 27 15:14:55 pfsense postfix/postfix-script[49140]: warning: not owned by root: /var/spool/postfix
Jul 27 15:14:55 pfsense postfix/postfix-script[51197]: warning: not owned by postfix: /var/db/postfix/./2012-04-25.db
Jul 27 15:14:55 pfsense postfix/postfix-script[51368]: warning: not owned by postfix: /var/db/postfix/./2012-04-26.db
Jul 27 15:14:55 pfsense postfix/postfix-script[51669]: warning: not owned by postfix: /var/db/postfix/./2012-05-02.db
Jul 27 15:14:55 pfsense postfix/postfix-script[52332]: warning: not owned by postfix: /var/db/postfix/./2012-05-03.db
Jul 27 15:14:55 pfsense postfix/postfix-script[52537]: warning: not owned by postfix: /var/db/postfix/./2012-05-11.db
Jul 27 15:14:55 pfsense postfix/postfix-script[53072]: warning: not owned by postfix: /var/db/postfix/./2012-05-12.db
Jul 27 15:14:55 pfsense postfix/postfix-script[53442]: warning: not owned by postfix: /var/db/postfix/./2012-05-13.db
Jul 27 15:14:55 pfsense postfix/postfix-script[53574]: warning: not owned by postfix: /var/db/postfix/./2012-05-14.db
Jul 27 15:14:55 pfsense postfix/postfix-script[53784]: warning: not owned by postfix: /var/db/postfix/./2012-05-15.db
Jul 27 15:14:55 pfsense postfix/postfix-script[54017]: warning: not owned by postfix: /var/db/postfix/./2012-05-16.db
Jul 27 15:14:55 pfsense postfix/postfix-script[54835]: warning: not owned by postfix: /var/db/postfix/./2012-05-17.db
Jul 27 15:14:55 pfsense postfix/postfix-script[55254]: warning: not owned by postfix: /var/db/postfix/./2012-05-18.db
Jul 27 15:14:55 pfsense postfix/postfix-script[55580]: warning: not owned by postfix: /var/db/postfix/./2012-05-19.db
Jul 27 15:14:55 pfsense postfix/postfix-script[55918]: warning: not owned by postfix: /var/db/postfix/./2012-05-20.db
Jul 27 15:14:56 pfsense postfix/postfix-script[59300]: warning: not owned by postfix: /var/db/postfix/./2012-05-26.db
Jul 27 15:14:56 pfsense postfix/postfix-script[59665]: warning: not owned by postfix: /var/db/postfix/./2012-05-27.db
Jul 27 15:14:56 pfsense postfix/postfix-script[59707]: warning: not owned by postfix: /var/db/postfix/./2012-05-28.db
Jul 27 15:14:56 pfsense postfix/postfix-script[59954]: warning: not owned by postfix: /var/db/postfix/./2012-05-29.db
Jul 27 15:14:56 pfsense postfix/postfix-script[60144]: warning: not owned by postfix: /var/db/postfix/./2012-05-30.db
Jul 27 15:14:56 pfsense postfix/postfix-script[60707]: warning: not owned by postfix: /var/db/postfix/./2012-05-31.db
Jul 27 15:14:56 pfsense postfix/postfix-script[61564]: warning: not owned by postfix: /var/db/postfix/./2012-06-01.db
Jul 27 15:14:56 pfsense postfix/postfix-script[61687]: warning: not owned by postfix: /var/db/postfix/./2012-06-02.db
Jul 27 15:14:56 pfsense postfix/postfix-script[61844]: warning: not owned by postfix: /var/db/postfix/./2012-06-03.db
Jul 27 15:14:56 pfsense postfix/postfix-script[62243]: refreshing the Postfix mail system
Jul 27 15:14:56 pfsense postfix/postfix-script[62461]: warning: not owned by postfix: /var/db/postfix/./2012-06-04.db
Jul 27 15:14:56 pfsense postfix/postfix-script[62684]: warning: not owned by postfix: /var/db/postfix/./2012-06-05.db
Jul 27 15:14:56 pfsense postfix/postfix-script[62729]: warning: not owned by postfix: /var/db/postfix/./2012-06-06.db
Jul 27 15:14:56 pfsense postfix/postfix-script[62869]: warning: not owned by postfix: /var/db/postfix/./2012-06-07.db
Jul 27 15:14:56 pfsense postfix/master[43991]: reload -- version 2.8.7, configuration /usr/local/etc/postfix
Jul 27 15:14:56 pfsense postfix/postfix-script[63473]: warning: not owned by postfix: /var/db/postfix/./2012-06-08.db
Jul 27 15:14:56 pfsense postfix/postfix-script[118]: warning: not owned by postfix: /var/db/postfix/./2012-06-09.db
Jul 27 15:14:56 pfsense postfix/postfix-script[610]: warning: not owned by postfix: /var/db/postfix/./2012-06-10.db
Jul 27 15:14:56 pfsense postfix/postfix-script[827]: warning: not owned by postfix: /var/db/postfix/./2012-06-11.db
Jul 27 15:14:56 pfsense postfix/postfix-script[1266]: warning: not owned by postfix: /var/db/postfix/./2012-06-12.db
Jul 27 15:14:57 pfsense postfix/postfix-script[1555]: warning: not owned by postfix: /var/db/postfix/./2012-06-13.db
Jul 27 15:14:59 pfsense postfix/postfix-script[4830]: refreshing the Postfix mail system
Jul 27 15:14:59 pfsense postfix/master[43991]: reload -- version 2.8.7, configuration /usr/local/etc/postfix
Jul 27 15:14:59 pfsense postfix/postfix-script[1561]: warning: not owned by postfix: /var/db/postfix/./2012-06-14.db
Jul 27 15:14:59 pfsense postfix/postfix-script[5938]: warning: not owned by postfix: /var/db/postfix/./2012-06-15.db
Jul 27 15:14:59 pfsense postfix/postfix-script[5964]: warning: not owned by postfix: /var/db/postfix/./2012-06-16.db
Jul 27 15:14:59 pfsense postfix/postfix-script[5996]: warning: not owned by postfix: /var/db/postfix/./2012-06-17.db
Jul 27 15:14:59 pfsense postfix/postfix-script[6213]: warning: not owned by postfix: /var/db/postfix/./2012-06-18.db
Jul 27 15:14:59 pfsense postfix/postfix-script[6376]: warning: not owned by postfix: /var/db/postfix/./2012-06-19.db
Jul 27 15:14:59 pfsense postfix/postfix-script[6579]: warning: not owned by postfix: /var/db/postfix/./2012-06-20.db
Jul 27 15:14:59 pfsense postfix/postfix-script[6835]: warning: not owned by postfix: /var/db/postfix/./2012-06-21.db
Jul 27 15:14:59 pfsense postfix/postfix-script[6979]: warning: not owned by postfix: /var/db/postfix/./2012-06-22.db
Jul 27 15:14:59 pfsense postfix/postfix-script[7266]: warning: not owned by postfix: /var/db/postfix/./2012-06-23.db
Jul 27 15:14:59 pfsense postfix/postfix-script[7283]: warning: not owned by postfix: /var/db/postfix/./2012-06-26.db
Jul 27 15:14:59 pfsense postfix/postfix-script[7585]: warning: not owned by postfix: /var/db/postfix/./2012-06-27.db
Jul 27 15:14:59 pfsense postfix/postfix-script[7834]: warning: not owned by postfix: /var/db/postfix/./2012-06-28.db
Jul 27 15:14:59 pfsense postfix/postfix-script[7930]: warning: not owned by postfix: /var/db/postfix/./2012-06-29.db
Jul 27 15:14:59 pfsense postfix/postfix-script[7952]: warning: not owned by postfix: /var/db/postfix/./2012-06-30.db
Jul 27 15:15:00 pfsense postfix/postfix-script[8283]: warning: not owned by postfix: /var/db/postfix/./2012-07-01.db
Jul 27 15:15:00 pfsense postfix/postfix-script[8416]: warning: not owned by postfix: /var/db/postfix/./2012-07-02.db
Jul 27 15:15:00 pfsense postfix/postfix-script[8693]: warning: not owned by postfix: /var/db/postfix/./2012-07-03.db
Jul 27 15:15:00 pfsense postfix/postfix-script[8929]: warning: not owned by postfix: /var/db/postfix/./2012-07-04.db
Jul 27 15:15:00 pfsense postfix/postfix-script[8933]: warning: not owned by postfix: /var/db/postfix/./2012-07-05.db
Jul 27 15:15:00 pfsense postfix/postfix-script[9146]: warning: not owned by postfix: /var/db/postfix/./2012-07-06.db
Jul 27 15:15:00 pfsense postfix/postfix-script[9456]: warning: not owned by postfix: /var/db/postfix/./2012-07-07.db
Jul 27 15:15:00 pfsense postfix/postfix-script[9801]: warning: not owned by postfix: /var/db/postfix/./2012-07-08.db
Jul 27 15:15:00 pfsense postfix/postfix-script[10089]: warning: not owned by postfix: /var/db/postfix/./2012-07-09.db
Jul 27 15:15:00 pfsense postfix/postfix-script[10345]: warning: not owned by postfix: /var/db/postfix/./2012-07-10.db
Jul 27 15:15:00 pfsense postfix/postfix-script[10533]: warning: not owned by postfix: /var/db/postfix/./2012-07-11.db
Jul 27 15:15:00 pfsense postfix/postfix-script[10852]: warning: not owned by postfix: /var/db/postfix/./2012-07-12.db
Jul 27 15:15:00 pfsense postfix/postfix-script[11081]: warning: not owned by postfix: /var/db/postfix/./2012-07-13.db
Jul 27 15:15:00 pfsense postfix/postfix-script[11090]: warning: not owned by postfix: /var/db/postfix/./2012-07-14.db
Jul 27 15:15:00 pfsense postfix/postfix-script[13246]: warning: not owned by postfix: /var/db/postfix/./2012-07-15.db
Jul 27 15:15:00 pfsense postfix/postfix-script[13471]: warning: not owned by postfix: /var/db/postfix/./2012-07-16.db
Jul 27 15:15:01 pfsense postfix/postfix-script[13700]: warning: not owned by postfix: /var/db/postfix/./2012-07-17.db
Jul 27 15:15:01 pfsense postfix/postfix-script[14150]: warning: not owned by postfix: /var/db/postfix/./2012-07-18.db
Jul 27 15:15:01 pfsense postfix/postfix-script[14374]: warning: not owned by postfix: /var/db/postfix/./2012-07-19.db
Jul 27 15:15:01 pfsense postfix/postfix-script[14794]: warning: not owned by postfix: /var/db/postfix/./2012-07-20.db
Jul 27 15:15:01 pfsense postfix/postfix-script[15639]: warning: not owned by postfix: /var/db/postfix/./2012-07-21.db
Jul 27 15:15:01 pfsense postfix/postfix-script[16575]: warning: not owned by postfix: /var/db/postfix/./2012-07-22.db
Jul 27 15:15:01 pfsense postfix/postfix-script[16846]: warning: not owned by postfix: /var/db/postfix/./2012-07-23.db
Jul 27 15:15:01 pfsense postfix/postfix-script[17362]: warning: not owned by postfix: /var/db/postfix/./2012-07-24.db
Jul 27 15:15:01 pfsense postfix/postfix-script[17257]: refreshing the Postfix mail system
Jul 27 15:15:01 pfsense postfix/postfix-script[17971]: warning: not owned by postfix: /var/db/postfix/./2012-07-25.db
Jul 27 15:15:02 pfsense postfix/master[43991]: reload -- version 2.8.7, configuration /usr/local/etc/postfix
Jul 27 15:15:02 pfsense postfix/postfix-script[18611]: warning: not owned by postfix: /var/db/postfix/./2012-07-26.db
Jul 27 15:15:02 pfsense postfix/postfix-script[19461]: warning: not owned by postfix: /var/db/postfix/./2012-07-27.db
Jul 27 15:15:02 pfsense postfix/postfix-script[21654]: starting the Postfix mail system
Jul 27 15:15:02 pfsense postfix/master[21972]: fatal: open lock file pid/master.pid: unable to set exclusive lock: Resource temporarily unavailable
Jul 27 15:15:04 pfsense postfix/postfix-script[25319]: warning: not owned by root: /var/spool/postfix
Jul 27 15:15:04 pfsense postfix/postfix-script[26790]: warning: not owned by postfix: /var/db/postfix/./2012-04-25.db
Jul 27 15:15:04 pfsense postfix/postfix-script[26944]: warning: not owned by postfix: /var/db/postfix/./2012-04-26.db
Jul 27 15:15:04 pfsense postfix/postfix-script[27224]: warning: not owned by postfix: /var/db/postfix/./2012-05-02.db
Jul 27 15:15:04 pfsense postfix/postfix-script[27489]: warning: not owned by postfix: /var/db/postfix/./2012-05-03.db
Jul 27 15:15:04 pfsense postfix/postfix-script[27538]: warning: not owned by postfix: /var/db/postfix/./2012-05-11.db
Jul 27 15:15:04 pfsense postfix/postfix-script[27662]: warning: not owned by postfix: /var/db/postfix/./2012-05-12.db
Jul 27 15:15:04 pfsense postfix/postfix-script[27821]: warning: not owned by postfix: /var/db/postfix/./2012-05-13.db
Jul 27 15:15:04 pfsense postfix/postfix-script[27829]: warning: not owned by postfix: /var/db/postfix/./2012-05-14.db
Jul 27 15:15:04 pfsense postfix/postfix-script[28115]: warning: not owned by postfix: /var/db/postfix/./2012-05-15.db
Jul 27 15:15:04 pfsense postfix/postfix-script[28226]: warning: not owned by postfix: /var/db/postfix/./2012-05-16.db
Jul 27 15:15:05 pfsense postfix/postfix-script[28561]: warning: not owned by postfix: /var/db/postfix/./2012-05-17.db
Jul 27 15:15:05 pfsense postfix/postfix-script[28799]: warning: not owned by postfix: /var/db/postfix/./2012-05-18.db
Jul 27 15:15:05 pfsense postfix/postfix-script[29360]: warning: not owned by postfix: /var/db/postfix/./2012-05-19.db
Jul 27 15:15:05 pfsense postfix/postfix-script[29579]: warning: not owned by postfix: /var/db/postfix/./2012-05-20.db
Jul 27 15:15:05 pfsense postfix/postfix-script[29809]: warning: not owned by postfix: /var/db/postfix/./2012-05-21.db
Jul 27 15:15:05 pfsense postfix/postfix-script[30076]: warning: not owned by postfix: /var/db/postfix/./2012-05-22.db
Jul 27 15:15:05 pfsense postfix/postfix-script[30092]: warning: not owned by postfix: /var/db/postfix/./2012-05-23.db
Jul 27 15:15:05 pfsense postfix/postfix-script[30309]: warning: not owned by postfix: /var/db/postfix/./2012-05-24.db
Jul 27 15:15:05 pfsense postfix/postfix-script[30479]: warning: not owned by postfix: /var/db/postfix/./2012-05-25.db
Jul 27 15:15:05 pfsense postfix/postfix-script[30719]: warning: not owned by postfix: /var/db/postfix/./2012-05-26.db
Jul 27 15:15:05 pfsense postfix/postfix-script[31045]: warning: not owned by postfix: /var/db/postfix/./2012-05-27.db
Jul 27 15:15:05 pfsense postfix/postfix-script[31303]: warning: not owned by postfix: /var/db/postfix/./2012-05-28.db
Jul 27 15:15:05 pfsense postfix/postfix-script[31372]: warning: not owned by postfix: /var/db/postfix/./2012-05-29.db
Jul 27 15:15:05 pfsense postfix/postfix-script[31608]: warning: not owned by postfix: /var/db/postfix/./2012-05-30.db
Jul 27 15:15:05 pfsense postfix/postfix-script[31925]: warning: not owned by postfix: /var/db/postfix/./2012-05-31.db
Jul 27 15:15:05 pfsense postfix/postfix-script[32115]: warning: not owned by postfix: /var/db/postfix/./2012-06-01.db
Jul 27 15:15:05 pfsense postfix/postfix-script[32450]: warning: not owned by postfix: /var/db/postfix/./2012-06-02.db
Jul 27 15:15:05 pfsense postfix/postfix-script[32547]: warning: not owned by postfix: /var/db/postfix/./2012-06-03.db
Jul 27 15:15:05 pfsense postfix/postfix-script[32851]: warning: not owned by postfix: /var/db/postfix/./2012-06-04.db
Jul 27 15:15:05 pfsense postfix/postfix-script[32903]: warning: not owned by postfix: /var/db/postfix/./2012-06-05.db
Jul 27 15:15:05 pfsense postfix/postfix-script[33210]: warning: not owned by postfix: /var/db/postfix/./2012-06-06.db
Jul 27 15:15:05 pfsense postfix/postfix-script[33606]: warning: not owned by postfix: /var/db/postfix/./2012-06-07.db
Jul 27 15:15:05 pfsense postfix/postfix-script[34219]: warning: not owned by postfix: /var/db/postfix/./2012-06-08.db
Jul 27 15:15:05 pfsense postfix/postfix-script[34316]: warning: not owned by postfix: /var/db/postfix/./2012-06-09.db
Jul 27 15:15:06 pfsense postfix/postfix-script[35014]: warning: not owned by postfix: /var/db/postfix/./2012-06-10.db
Jul 27 15:15:07 pfsense postfix/postfix-script[35536]: warning: not owned by postfix: /var/db/postfix/./2012-06-11.db
Jul 27 15:15:07 pfsense postfix/postfix-script[35834]: refreshing the Postfix mail system
Jul 27 15:15:07 pfsense postfix/postfix-script[36150]: warning: not owned by postfix: /var/db/postfix/./2012-06-12.db
Jul 27 15:15:07 pfsense postfix/postfix-script[36653]: warning: not owned by postfix: /var/db/postfix/./2012-06-13.db
Jul 27 15:15:07 pfsense postfix/master[43991]: reload -- version 2.8.7, configuration /usr/local/etc/postfix
Jul 27 15:15:08 pfsense postfix/postfix-script[37663]: warning: not owned by postfix: /var/db/postfix/./2012-06-14.db
Jul 27 15:15:08 pfsense postfix/postfix-script[37983]: warning: not owned by postfix: /var/db/postfix/./2012-06-15.db
Jul 27 15:15:08 pfsense postfix/postfix-script[38606]: warning: not owned by postfix: /var/db/postfix/./2012-06-16.db
Jul 27 15:15:08 pfsense postfix/postfix-script[38863]: warning: not owned by postfix: /var/db/postfix/./2012-06-17.db
Jul 27 15:15:08 pfsense postfix/postfix-script[39132]: warning: not owned by postfix: /var/db/postfix/./2012-06-18.db
Jul 27 15:15:08 pfsense postfix/postfix-script[41845]: warning: not owned by postfix: /var/db/postfix/./2012-06-19.db
Jul 27 15:15:08 pfsense postfix/postfix-script[41853]: warning: not owned by postfix: /var/db/postfix/./2012-06-20.db
Jul 27 15:15:08 pfsense postfix/postfix-script[42233]: warning: not owned by postfix: /var/db/postfix/./2012-06-21.db
Jul 27 15:15:08 pfsense postfix/postfix-script[42348]: warning: not owned by postfix: /var/db/postfix/./2012-06-22.db
Jul 27 15:15:08 pfsense postfix/postfix-script[42544]: warning: not owned by postfix: /var/db/postfix/./2012-06-23.db
Jul 27 15:15:08 pfsense postfix/postfix-script[42896]: warning: not owned by postfix: /var/db/postfix/./2012-06-26.db
Jul 27 15:15:08 pfsense postfix/postfix-script[43189]: warning: not owned by postfix: /var/db/postfix/./2012-06-27.db
Jul 27 15:15:08 pfsense postfix/postfix-script[43251]: warning: not owned by postfix: /var/db/postfix/./2012-06-28.db
Jul 27 15:15:08 pfsense postfix/postfix-script[43433]: warning: not owned by postfix: /var/db/postfix/./2012-06-29.db
Jul 27 15:15:08 pfsense postfix/postfix-script[43531]: warning: not owned by postfix: /var/db/postfix/./2012-06-30.db
Jul 27 15:15:08 pfsense postfix/postfix-script[43806]: warning: not owned by postfix: /var/db/postfix/./2012-07-01.db
Jul 27 15:15:08 pfsense postfix/postfix-script[43979]: warning: not owned by postfix: /var/db/postfix/./2012-07-02.db
Jul 27 15:15:08 pfsense postfix/postfix-script[44227]: warning: not owned by postfix: /var/db/postfix/./2012-07-03.db
Jul 27 15:15:08 pfsense postfix/postfix-script[44454]: warning: not owned by postfix: /var/db/postfix/./2012-07-04.db
Jul 27 15:15:08 pfsense postfix/postfix-script[44758]: warning: not owned by postfix: /var/db/postfix/./2012-07-05.db
Jul 27 15:15:08 pfsense postfix/postfix-script[44888]: warning: not owned by postfix: /var/db/postfix/./2012-07-06.db
Jul 27 15:15:08 pfsense postfix/postfix-script[45217]: warning: not owned by postfix: /var/db/postfix/./2012-07-07.db
Jul 27 15:15:08 pfsense postfix/postfix-script[45356]: warning: not owned by postfix: /var/db/postfix/./2012-07-08.db
Jul 27 15:15:08 pfsense postfix/postfix-script[45471]: warning: not owned by postfix: /var/db/postfix/./2012-07-09.db
Jul 27 15:15:09 pfsense postfix/postfix-script[45548]: warning: not owned by postfix: /var/db/postfix/./2012-07-10.db
Jul 27 15:15:09 pfsense postfix/postfix-script[46971]: warning: not owned by postfix: /var/db/postfix/./2012-07-11.db
Jul 27 15:15:09 pfsense postfix/postfix-script[47981]: warning: not owned by postfix: /var/db/postfix/./2012-07-12.db
Jul 27 15:15:09 pfsense postfix/postfix-script[48405]: warning: not owned by postfix: /var/db/postfix/./2012-07-13.db
Jul 27 15:15:09 pfsense postfix/postfix-script[50760]: warning: not owned by postfix: /var/db/postfix/./2012-07-14.db
Jul 27 15:15:09 pfsense postfix/postfix-script[50876]: warning: not owned by postfix: /var/db/postfix/./2012-07-15.db
Jul 27 15:15:09 pfsense postfix/postfix-script[51073]: warning: not owned by postfix: /var/db/postfix/./2012-07-16.db
Jul 27 15:15:09 pfsense postfix/postfix-script[51123]: warning: not owned by postfix: /var/db/postfix/./2012-07-17.db
Jul 27 15:15:09 pfsense postfix/postfix-script[51368]: warning: not owned by postfix: /var/db/postfix/./2012-07-18.db
Jul 27 15:15:09 pfsense postfix/postfix-script[51715]: warning: not owned by postfix: /var/db/postfix/./2012-07-19.db
Jul 27 15:15:09 pfsense postfix/postfix-script[51795]: warning: not owned by postfix: /var/db/postfix/./2012-07-20.db
Jul 27 15:15:09 pfsense postfix/postfix-script[52058]: warning: not owned by postfix: /var/db/postfix/./2012-07-21.db
Jul 27 15:15:09 pfsense postfix/postfix-script[52216]: warning: not owned by postfix: /var/db/postfix/./2012-07-22.db
Jul 27 15:15:09 pfsense postfix/postfix-script[52292]: warning: not owned by postfix: /var/db/postfix/./2012-07-23.db
Jul 27 15:15:09 pfsense postfix/postfix-script[52440]: warning: not owned by postfix: /var/db/postfix/./2012-07-24.db
Jul 27 15:15:09 pfsense postfix/postfix-script[52759]: warning: not owned by postfix: /var/db/postfix/./2012-07-25.db
Jul 27 15:15:09 pfsense postfix/postfix-script[52836]: warning: not owned by postfix: /var/db/postfix/./2012-07-26.db
Jul 27 15:15:09 pfsense postfix/postfix-script[53003]: warning: not owned by postfix: /var/db/postfix/./2012-07-27.db
Jul 27 15:15:09 pfsense postfix/postfix-script[55174]: starting the Postfix mail system
Jul 27 15:15:09 pfsense postfix/master[55449]: fatal: open lock file pid/master.pid: unable to set exclusive lock: Resource temporarily unavailable
Jul 27 15:15:11 pfsense dccifd[56162]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:15:28 pfsense dccifd[56162]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:15:11
Jul 27 15:15:28 pfsense dccifd[8225]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:15:35 pfsense dccifd[8225]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:15:28
Jul 27 15:15:41 pfsense dccifd[21521]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:15:50 pfsense dccifd[21521]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:15:41
Jul 27 15:15:50 pfsense dccifd[32033]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:15:58 pfsense dccifd[32033]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:15:50
Jul 27 15:16:04 pfsense dccifd[56166]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:16:17 pfsense dccifd[56166]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:16:04
Jul 27 15:16:18 pfsense dccifd[14583]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:16:21 pfsense dccifd[14583]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:16:18
Jul 27 15:16:21 pfsense dccifd[26305]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:16:28 pfsense dccifd[26305]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:16:21
Jul 27 15:16:33 pfsense dccifd[36914]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:16:46 pfsense dccifd[36914]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:16:33
Jul 27 15:16:47 pfsense dccifd[47211]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:16:54 pfsense dccifd[47211]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:16:47
Jul 27 15:16:59 pfsense dccifd[61438]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:17:12 pfsense dccifd[61438]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:16:58
Jul 27 15:17:12 pfsense dccifd[10405]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:17:20 pfsense dccifd[10405]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:17:12
Jul 27 15:17:24 pfsense dccifd[23867]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:17:37 pfsense dccifd[23867]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:17:24
Jul 27 15:17:37 pfsense dccifd[53345]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:17:45 pfsense dccifd[53345]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:17:37
Jul 27 15:17:49 pfsense dccifd[5294]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:18:04 pfsense dccifd[5294]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:17:49
Jul 27 15:18:04 pfsense dccifd[18315]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:18:08 pfsense postfix/postfix-script[31268]: fatal: the Postfix mail system is already running
Jul 27 15:18:37 pfsense dccifd[18315]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:18:04
Jul 27 15:18:37 pfsense dccifd[28412]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:19:06 pfsense dccifd[28412]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:18:37
Jul 27 15:19:06 pfsense dccifd[32362]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:19:28 pfsense dccifd[32362]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:19:06
Jul 27 15:19:28 pfsense dccifd[52155]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:19:31 pfsense postfix/postfix-script[63456]: fatal: the Postfix mail system is already running
Jul 27 15:20:27 pfsense postfix/postscreen[11353]: CONNECT from [ipaddress]:34662
Jul 27 15:20:27 pfsense postfix/postscreen[11353]: PASS OLD [ipaddress]:34662
Jul 27 15:20:30 pfsense postfix/smtpd[11470]: connect from corp.forptr.xxxx.com[ipaddress]
Jul 27 15:20:32 pfsense postfix/smtpd[11470]: DF71F173EA: client=corp.forptr.xxxx.com[ipaddress]
Jul 27 15:20:33 pfsense postfix/cleanup[23583]: DF71F173EA: hold: header Received: from corp.xxxx.com (corp.forptr.xxxx.com [ipaddress])??by pfsense.aaa.bbb (Postfix) with ESMTP id DF71F173EA??for <zlyzwy@aaa.bbb>; Fri, 27 Jul 2012 15:20:30 +0800 (CST) from corp.forptr.xxxx.com[ipaddress]; from=<williamzhou@satochina.com> to=<zlyzwy@aaa.bbb> proto=ESMTP helo=<corp.xxxx.com>
Jul 27 15:20:33 pfsense postfix/cleanup[23583]: DF71F173EA: warning: header Subject: =?utf-8?Q?=E8=BD=AC=E5=8F=91:_=E7=AD=94=3F:=5FFW:=5FFedEx=5Flabel?= from corp.forptr.xxxx.com[ipaddress]; from=<williamzhou@satochina.com> to=<zlyzwy@aaa.bbb> proto=ESMTP helo=<corp.xxxx.com>
Jul 27 15:20:33 pfsense postfix/cleanup[23583]: DF71F173EA: message-id=<004601cd6bc8$52352be0$f69f83a0$@com>
Jul 27 15:20:34 pfsense postfix/smtpd[11470]: disconnect from corp.forptr.xxxx.com[ipaddress]

I think the mailscanner didn't startup correctly. How can I start the mailscaner in cmd?

Thanks
Zlyzwy
Title: Re: Postfix - antispam and relay package
Post by: Unubtanium on July 27, 2012, 02:43:51 am

I think the mailscanner didn't startup correctly. How can I start the mailscaner in cmd?

Thanks
Zlyzwy

TO Me (Still noob on this field) it looks like a user problem. but again i might be wrong.
Have you checked that everything runs as the correct users? I know i had to change a user from clamd to postfix somewhere, not sure if that was to do with av or not.
Anyway
Have a look here: http://www.mailscanner.info/postfix.html i think it could help, again not 100%
U might have to wait and see if O great Guru Marcello has  a tip or two.  ;D
Title: Re: Postfix - antispam and relay package
Post by: zlyzwy on July 27, 2012, 03:20:20 am
sa-update doesn't work for me, but freeclam does work perfect.

Quote
# ps ax | grep -i mailscanner
 2021   0  S+     0:00.01 grep -i mailscanner
# sa-update
sa-update: Command not found.
# freshclam
ClamAV update process started at Fri Jul 27 16:20:52 2012
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.97.3 Recommended version: 0.97.5
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 211.239.150.206)
Trying host database.clamav.net (218.44.253.75)...
WARNING: getfile: daily-14873.cdiff not found on remote server (IP: 218.44.253.7                                                                              5)
WARNING: getpatch: Can't download daily-14873.cdiff from database.clamav.net
WARNING: getfile: daily-14873.cdiff not found on remote server (IP: 203.178.137.                                                                              175)
WARNING: getpatch: Can't download daily-14873.cdiff from database.clamav.net
WARNING: getfile: daily-14873.cdiff not found on remote server (IP: 120.29.176.1                                                                              26)
WARNING: getpatch: Can't download daily-14873.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 219.106.242.51)
Trying host database.clamav.net (219.94.128.99)...
Downloading daily.cvd [100%]
daily.cvd updated (version: 15183, sigs: 239669, f-level: 63, builder: guitar)
Downloading bytecode-170.cdiff [100%]
Downloading bytecode-171.cdiff [100%]
Downloading bytecode-172.cdiff [100%]
Downloading bytecode-173.cdiff [100%]
Downloading bytecode-174.cdiff [100%]
Downloading bytecode-175.cdiff [100%]
Downloading bytecode-176.cdiff [100%]
Downloading bytecode-177.cdiff [100%]
Downloading bytecode-178.cdiff [100%]
Downloading bytecode-179.cdiff [100%]
Downloading bytecode-180.cdiff [100%]
WARNING: getfile: Unknown response from remote server (IP: 219.94.128.99)
WARNING: getpatch: Can't download bytecode-181.cdiff from database.clamav.net
Downloading bytecode-181.cdiff [100%]
Downloading bytecode-182.cdiff [100%]
Downloading bytecode-183.cdiff [100%]
Downloading bytecode-184.cdiff [100%]
Downloading bytecode-185.cdiff [100%]
Downloading bytecode-186.cdiff [100%]
Downloading bytecode-187.cdiff [100%]
Downloading bytecode-188.cdiff [100%]
bytecode.cld updated (version: 188, sigs: 38, f-level: 63, builder: neo)
Database updated (1284094 signatures) from database.clamav.net (IP: 27.96.54.66)
Clamd successfully notified about the update.
Title: Re: Postfix - antispam and relay package
Post by: zlyzwy on July 27, 2012, 06:00:58 am
I think I have the idea why this error will happen here.
The MailScanner requires perl-5.10.1_3, however I have the following version only:

# pkg_info | grep perl
p5-DBI-1.616_1      The perl5 Database Interface.  Required for DBD::* modules
p5-Error-0.17016    Perl module to provide Error/exception support for perl: Er
p5-MIME-Tools-5.502,2 A set of perl5 modules for MIME
perl-5.12.3         Practical Extraction and Report Language
perl-5.12.4         Practical Extraction and Report Language
perl-5.12.4_3       Practical Extraction and Report Language

Because I have freeradius-2.1.12 installed, I can't just remove this perl-5.1.2.4_3..
How could I fix this?
Thanks
Title: Re: Postfix - antispam and relay package
Post by: Unubtanium on July 27, 2012, 06:12:54 am
I think I have the idea why this error will happen here.
The MailScanner requires perl-5.10.1_3, however I have the following version only:

# pkg_info | grep perl
p5-DBI-1.616_1      The perl5 Database Interface.  Required for DBD::* modules
p5-Error-0.17016    Perl module to provide Error/exception support for perl: Er
p5-MIME-Tools-5.502,2 A set of perl5 modules for MIME
perl-5.12.3         Practical Extraction and Report Language
perl-5.12.4         Practical Extraction and Report Language
perl-5.12.4_3       Practical Extraction and Report Language

Because I have freeradius-2.1.12 installed, I can't just remove this perl-5.1.2.4_3..
How could I fix this?
Thanks

I am glad that you are homing in on your problem, but this is far beyond what i know, so lets hope someone with a bit more know how gives u a hint or two
Title: Re: Postfix - antispam and relay package
Post by: mschiek01 on July 27, 2012, 06:35:17 am
sa-update doesn't work for me, but freeclam does work perfect.

Quote
# ps ax | grep -i mailscanner
 2021   0  S+     0:00.01 grep -i mailscanner
# sa-update
sa-update: Command not found.
# freshclam
ClamAV update process started at Fri Jul 27 16:20:52 2012
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.97.3 Recommended version: 0.97.5
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 211.239.150.206)
Trying host database.clamav.net (218.44.253.75)...
WARNING: getfile: daily-14873.cdiff not found on remote server (IP: 218.44.253.7                                                                              5)
WARNING: getpatch: Can't download daily-14873.cdiff from database.clamav.net
WARNING: getfile: daily-14873.cdiff not found on remote server (IP: 203.178.137.                                                                              175)
WARNING: getpatch: Can't download daily-14873.cdiff from database.clamav.net
WARNING: getfile: daily-14873.cdiff not found on remote server (IP: 120.29.176.1                                                                              26)
WARNING: getpatch: Can't download daily-14873.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 219.106.242.51)
Trying host database.clamav.net (219.94.128.99)...
Downloading daily.cvd [100%]
daily.cvd updated (version: 15183, sigs: 239669, f-level: 63, builder: guitar)
Downloading bytecode-170.cdiff [100%]
Downloading bytecode-171.cdiff [100%]
Downloading bytecode-172.cdiff [100%]
Downloading bytecode-173.cdiff [100%]
Downloading bytecode-174.cdiff [100%]
Downloading bytecode-175.cdiff [100%]
Downloading bytecode-176.cdiff [100%]
Downloading bytecode-177.cdiff [100%]
Downloading bytecode-178.cdiff [100%]
Downloading bytecode-179.cdiff [100%]
Downloading bytecode-180.cdiff [100%]
WARNING: getfile: Unknown response from remote server (IP: 219.94.128.99)
WARNING: getpatch: Can't download bytecode-181.cdiff from database.clamav.net
Downloading bytecode-181.cdiff [100%]
Downloading bytecode-182.cdiff [100%]
Downloading bytecode-183.cdiff [100%]
Downloading bytecode-184.cdiff [100%]
Downloading bytecode-185.cdiff [100%]
Downloading bytecode-186.cdiff [100%]
Downloading bytecode-187.cdiff [100%]
Downloading bytecode-188.cdiff [100%]
bytecode.cld updated (version: 188, sigs: 38, f-level: 63, builder: neo)
Database updated (1284094 signatures) from database.clamav.net (IP: 27.96.54.66)
Clamd successfully notified about the update.



In postfix did you go to the antispam tab at the bottom of the page and enable.
Use Third part antispam
&
Software "mailscanner + spamassassin + clamav"



Title: Re: Postfix - antispam and relay package
Post by: mschiek01 on July 27, 2012, 06:42:20 am
I think I have the idea why this error will happen here.
The MailScanner requires perl-5.10.1_3, however I have the following version only:

# pkg_info | grep perl
p5-DBI-1.616_1      The perl5 Database Interface.  Required for DBD::* modules
p5-Error-0.17016    Perl module to provide Error/exception support for perl: Er
p5-MIME-Tools-5.502,2 A set of perl5 modules for MIME
perl-5.12.3         Practical Extraction and Report Language
perl-5.12.4         Practical Extraction and Report Language
perl-5.12.4_3       Practical Extraction and Report Language

Because I have freeradius-2.1.12 installed, I can't just remove this perl-5.1.2.4_3..
How could I fix this?
Thanks

The easiest way to fix this is to uninstall postfix from the package manager.  Then reinstall it in the package manager.  All of your settings will still be there after reinstall, re-enable on the general page and save.

or you can try just installing perl-5.10.1_3

amd64 only
pkg_add -f http://files.pfsense.org/packages/amd64/8/All/perl-5.10.1_3.tbz


i386 only
pkg_add -f http://files.pfsense.org/packages/8/All/perl-5.10.1_3.tbz

Title: Re: Postfix - antispam and relay package
Post by: mschiek01 on July 27, 2012, 06:48:01 am
Hi Unubtantium,

I tried to fix this problem:
1. restart the PF --> NG
2. Reinstall the MailScanner and restart again -->NG

The mail is still holding in postfix....

Here is the maillog after restart my PF.

Quote
Jul 27 15:14:38 pfsense postfix/postfix-script[28704]: fatal: the Postfix mail system is not running
Jul 27 15:14:40 pfsense postfix/postfix-script[34423]: fatal: the Postfix mail system is not running
Jul 27 15:14:43 pfsense postfix/postfix-script[52464]: fatal: the Postfix mail system is not running
Jul 27 15:14:46 pfsense postfix/postfix-script[2013]: fatal: the Postfix mail system is not running
Jul 27 15:14:48 pfsense postfix/postfix-script[11927]: warning: not owned by root: /var/spool/postfix
Jul 27 15:14:48 pfsense postfix/postfix-script[14440]: fatal: the Postfix mail system is not running
Jul 27 15:14:50 pfsense postfix/postfix-script[16474]: warning: not owned by postfix: /var/db/postfix/./2012-04-25.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17029]: warning: not owned by postfix: /var/db/postfix/./2012-04-26.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17082]: warning: not owned by postfix: /var/db/postfix/./2012-05-02.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17087]: warning: not owned by postfix: /var/db/postfix/./2012-05-03.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17153]: warning: not owned by postfix: /var/db/postfix/./2012-05-11.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17327]: warning: not owned by postfix: /var/db/postfix/./2012-05-12.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17611]: warning: not owned by postfix: /var/db/postfix/./2012-05-13.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17745]: warning: not owned by postfix: /var/db/postfix/./2012-05-14.db
Jul 27 15:14:50 pfsense postfix/postfix-script[18650]: warning: not owned by postfix: /var/db/postfix/./2012-05-15.db
Jul 27 15:14:50 pfsense postfix/postfix-script[19266]: warning: not owned by postfix: /var/db/postfix/./2012-05-16.db
Jul 27 15:14:50 pfsense postfix/postfix-script[19442]: warning: not owned by postfix: /var/db/postfix/./2012-05-17.db
Jul 27 15:14:50 pfsense postfix/postfix-script[19527]: warning: not owned by postfix: /var/db/postfix/./2012-05-18.db
Jul 27 15:14:50 pfsense postfix/postfix-script[19827]: warning: not owned by postfix: /var/db/postfix/./2012-05-19.db
Jul 27 15:14:50 pfsense postfix/postfix-script[19951]: warning: not owned by postfix: /var/db/postfix/./2012-05-20.db
Jul 27 15:14:50 pfsense postfix/postfix-script[20242]: warning: not owned by postfix: /var/db/postfix/./2012-05-21.db
Jul 27 15:14:50 pfsense postfix/postfix-script[20537]: warning: not owned by postfix: /var/db/postfix/./2012-05-22.db
Jul 27 15:14:50 pfsense postfix/postfix-script[20871]: warning: not owned by postfix: /var/db/postfix/./2012-05-23.db
Jul 27 15:14:50 pfsense postfix/postfix-script[20874]: warning: not owned by postfix: /var/db/postfix/./2012-05-24.db
Jul 27 15:14:50 pfsense postfix/postfix-script[21110]: warning: not owned by postfix: /var/db/postfix/./2012-05-25.db
Jul 27 15:14:51 pfsense postfix/postfix-script[21323]: warning: not owned by postfix: /var/db/postfix/./2012-05-26.db
Jul 27 15:14:51 pfsense postfix/postfix-script[21325]: warning: not owned by postfix: /var/db/postfix/./2012-05-27.db
Jul 27 15:14:51 pfsense postfix/postfix-script[21486]: warning: not owned by postfix: /var/db/postfix/./2012-05-28.db
Jul 27 15:14:51 pfsense postfix/postfix-script[21803]: warning: not owned by postfix: /var/db/postfix/./2012-05-29.db
Jul 27 15:14:51 pfsense postfix/postfix-script[21905]: warning: not owned by postfix: /var/db/postfix/./2012-05-30.db
Jul 27 15:14:51 pfsense postfix/postfix-script[22291]: warning: not owned by postfix: /var/db/postfix/./2012-05-31.db
Jul 27 15:14:51 pfsense postfix/postfix-script[22372]: warning: not owned by postfix: /var/db/postfix/./2012-06-01.db
Jul 27 15:14:51 pfsense postfix/postfix-script[22604]: warning: not owned by postfix: /var/db/postfix/./2012-06-02.db
Jul 27 15:14:51 pfsense postfix/postfix-script[22681]: warning: not owned by postfix: /var/db/postfix/./2012-06-03.db
Jul 27 15:14:51 pfsense postfix/postfix-script[22692]: warning: not owned by postfix: /var/db/postfix/./2012-06-04.db
Jul 27 15:14:51 pfsense postfix/postfix-script[22989]: warning: not owned by postfix: /var/db/postfix/./2012-06-05.db
Jul 27 15:14:51 pfsense postfix/postfix-script[23335]: warning: not owned by postfix: /var/db/postfix/./2012-06-06.db
Jul 27 15:14:51 pfsense postfix/postfix-script[23403]: warning: not owned by postfix: /var/db/postfix/./2012-06-07.db
Jul 27 15:14:51 pfsense postfix/postfix-script[23470]: warning: not owned by postfix: /var/db/postfix/./2012-06-08.db
Jul 27 15:14:51 pfsense postfix/postfix-script[23810]: warning: not owned by postfix: /var/db/postfix/./2012-06-09.db
Jul 27 15:14:51 pfsense postfix/postfix-script[23944]: warning: not owned by postfix: /var/db/postfix/./2012-06-10.db
Jul 27 15:14:51 pfsense postfix/postfix-script[23975]: warning: not owned by postfix: /var/db/postfix/./2012-06-11.db
Jul 27 15:14:51 pfsense postfix/postfix-script[24206]: warning: not owned by postfix: /var/db/postfix/./2012-06-12.db
Jul 27 15:14:51 pfsense postfix/postfix-script[24376]: warning: not owned by postfix: /var/db/postfix/./2012-06-13.db
Jul 27 15:14:51 pfsense postfix/postfix-script[24427]: warning: not owned by postfix: /var/db/postfix/./2012-06-14.db
Jul 27 15:14:51 pfsense postfix/postfix-script[24510]: warning: not owned by postfix: /var/db/postfix/./2012-06-15.db
Jul 27 15:14:51 pfsense postfix/postfix-script[24584]: warning: not owned by postfix: /var/db/postfix/./2012-06-16.db
Jul 27 15:14:51 pfsense postfix/postfix-script[24894]: warning: not owned by postfix: /var/db/postfix/./2012-06-17.db
Jul 27 15:14:51 pfsense postfix/postfix-script[25224]: warning: not owned by postfix: /var/db/postfix/./2012-06-18.db
Jul 27 15:14:51 pfsense postfix/postfix-script[25520]: warning: not owned by postfix: /var/db/postfix/./2012-06-19.db
Jul 27 15:14:51 pfsense postfix/postfix-script[25860]: warning: not owned by postfix: /var/db/postfix/./2012-06-20.db
Jul 27 15:14:51 pfsense postfix/postfix-script[26134]: warning: not owned by postfix: /var/db/postfix/./2012-06-21.db
Jul 27 15:14:51 pfsense postfix/postfix-script[26365]: warning: not owned by postfix: /var/db/postfix/./2012-06-22.db
Jul 27 15:14:51 pfsense postfix/postfix-script[26540]: warning: not owned by postfix: /var/db/postfix/./2012-06-23.db
Jul 27 15:14:51 pfsense postfix/postfix-script[26868]: warning: not owned by postfix: /var/db/postfix/./2012-06-26.db
Jul 27 15:14:51 pfsense postfix/postfix-script[27165]: warning: not owned by postfix: /var/db/postfix/./2012-06-27.db
Jul 27 15:14:51 pfsense postfix/postfix-script[27382]: warning: not owned by postfix: /var/db/postfix/./2012-06-28.db
Jul 27 15:14:51 pfsense postfix/postfix-script[27467]: warning: not owned by postfix: /var/db/postfix/./2012-06-29.db
Jul 27 15:14:51 pfsense postfix/postfix-script[27795]: warning: not owned by postfix: /var/db/postfix/./2012-06-30.db
Jul 27 15:14:51 pfsense postfix/postfix-script[28029]: warning: not owned by postfix: /var/db/postfix/./2012-07-01.db
Jul 27 15:14:51 pfsense postfix/postfix-script[28261]: warning: not owned by postfix: /var/db/postfix/./2012-07-02.db
Jul 27 15:14:51 pfsense postfix/postfix-script[28765]: warning: not owned by postfix: /var/db/postfix/./2012-07-03.db
Jul 27 15:14:51 pfsense postfix/postfix-script[28961]: warning: not owned by postfix: /var/db/postfix/./2012-07-04.db
Jul 27 15:14:51 pfsense postfix/postfix-script[29197]: warning: not owned by postfix: /var/db/postfix/./2012-07-05.db
Jul 27 15:14:51 pfsense postfix/postfix-script[29762]: warning: not owned by postfix: /var/db/postfix/./2012-07-06.db
Jul 27 15:14:51 pfsense postfix/postfix-script[30563]: warning: not owned by postfix: /var/db/postfix/./2012-07-07.db
Jul 27 15:14:52 pfsense postfix/postfix-script[30648]: warning: not owned by postfix: /var/db/postfix/./2012-07-08.db
Jul 27 15:14:52 pfsense postfix/postfix-script[30703]: warning: not owned by postfix: /var/db/postfix/./2012-07-09.db
Jul 27 15:14:52 pfsense postfix/postfix-script[31192]: warning: not owned by postfix: /var/db/postfix/./2012-07-10.db
Jul 27 15:14:52 pfsense postfix/postfix-script[31482]: warning: not owned by postfix: /var/db/postfix/./2012-07-11.db
Jul 27 15:14:52 pfsense postfix/postfix-script[31971]: warning: not owned by postfix: /var/db/postfix/./2012-07-12.db
Jul 27 15:14:52 pfsense postfix/postfix-script[32840]: warning: not owned by postfix: /var/db/postfix/./2012-07-13.db
Jul 27 15:14:52 pfsense postfix/postfix-script[33442]: warning: not owned by postfix: /var/db/postfix/./2012-07-14.db
Jul 27 15:14:52 pfsense postfix/postfix-script[33904]: fatal: the Postfix mail system is not running
Jul 27 15:14:52 pfsense postfix/postfix-script[33606]: warning: not owned by postfix: /var/db/postfix/./2012-07-15.db
Jul 27 15:14:52 pfsense postfix/postfix-script[33922]: warning: not owned by postfix: /var/db/postfix/./2012-07-16.db
Jul 27 15:14:52 pfsense postfix/postfix-script[34663]: warning: not owned by postfix: /var/db/postfix/./2012-07-17.db
Jul 27 15:14:52 pfsense postfix/postfix-script[35204]: warning: not owned by postfix: /var/db/postfix/./2012-07-18.db
Jul 27 15:14:52 pfsense postfix/postfix-script[35502]: warning: not owned by postfix: /var/db/postfix/./2012-07-19.db
Jul 27 15:14:52 pfsense postfix/postfix-script[35939]: warning: not owned by postfix: /var/db/postfix/./2012-07-20.db
Jul 27 15:14:52 pfsense postfix/postfix-script[36238]: warning: not owned by postfix: /var/db/postfix/./2012-07-21.db
Jul 27 15:14:52 pfsense postfix/postfix-script[36648]: warning: not owned by postfix: /var/db/postfix/./2012-07-22.db
Jul 27 15:14:52 pfsense postfix/postfix-script[37238]: warning: not owned by postfix: /var/db/postfix/./2012-07-23.db
Jul 27 15:14:52 pfsense postfix/postfix-script[37583]: warning: not owned by postfix: /var/db/postfix/./2012-07-24.db
Jul 27 15:14:52 pfsense postfix/postfix-script[38040]: warning: not owned by postfix: /var/db/postfix/./2012-07-25.db
Jul 27 15:14:53 pfsense postfix/postfix-script[38674]: warning: not owned by postfix: /var/db/postfix/./2012-07-26.db
Jul 27 15:14:53 pfsense postfix/postfix-script[39545]: warning: not owned by postfix: /var/db/postfix/./2012-07-27.db
Jul 27 15:14:53 pfsense postfix/postfix-script[43603]: starting the Postfix mail system
Jul 27 15:14:54 pfsense postfix/master[43991]: daemon started -- version 2.8.7, configuration /usr/local/etc/postfix
Jul 27 15:14:55 pfsense postfix/postfix-script[49140]: warning: not owned by root: /var/spool/postfix
Jul 27 15:14:55 pfsense postfix/postfix-script[51197]: warning: not owned by postfix: /var/db/postfix/./2012-04-25.db
Jul 27 15:14:55 pfsense postfix/postfix-script[51368]: warning: not owned by postfix: /var/db/postfix/./2012-04-26.db
Jul 27 15:14:55 pfsense postfix/postfix-script[51669]: warning: not owned by postfix: /var/db/postfix/./2012-05-02.db
Jul 27 15:14:55 pfsense postfix/postfix-script[52332]: warning: not owned by postfix: /var/db/postfix/./2012-05-03.db
Jul 27 15:14:55 pfsense postfix/postfix-script[52537]: warning: not owned by postfix: /var/db/postfix/./2012-05-11.db
Jul 27 15:14:55 pfsense postfix/postfix-script[53072]: warning: not owned by postfix: /var/db/postfix/./2012-05-12.db
Jul 27 15:14:55 pfsense postfix/postfix-script[53442]: warning: not owned by postfix: /var/db/postfix/./2012-05-13.db
Jul 27 15:14:55 pfsense postfix/postfix-script[53574]: warning: not owned by postfix: /var/db/postfix/./2012-05-14.db
Jul 27 15:14:55 pfsense postfix/postfix-script[53784]: warning: not owned by postfix: /var/db/postfix/./2012-05-15.db
Jul 27 15:14:55 pfsense postfix/postfix-script[54017]: warning: not owned by postfix: /var/db/postfix/./2012-05-16.db
Jul 27 15:14:55 pfsense postfix/postfix-script[54835]: warning: not owned by postfix: /var/db/postfix/./2012-05-17.db
Jul 27 15:14:55 pfsense postfix/postfix-script[55254]: warning: not owned by postfix: /var/db/postfix/./2012-05-18.db
Jul 27 15:14:55 pfsense postfix/postfix-script[55580]: warning: not owned by postfix: /var/db/postfix/./2012-05-19.db
Jul 27 15:14:55 pfsense postfix/postfix-script[55918]: warning: not owned by postfix: /var/db/postfix/./2012-05-20.db
Jul 27 15:14:56 pfsense postfix/postfix-script[59300]: warning: not owned by postfix: /var/db/postfix/./2012-05-26.db
Jul 27 15:14:56 pfsense postfix/postfix-script[59665]: warning: not owned by postfix: /var/db/postfix/./2012-05-27.db
Jul 27 15:14:56 pfsense postfix/postfix-script[59707]: warning: not owned by postfix: /var/db/postfix/./2012-05-28.db
Jul 27 15:14:56 pfsense postfix/postfix-script[59954]: warning: not owned by postfix: /var/db/postfix/./2012-05-29.db
Jul 27 15:14:56 pfsense postfix/postfix-script[60144]: warning: not owned by postfix: /var/db/postfix/./2012-05-30.db
Jul 27 15:14:56 pfsense postfix/postfix-script[60707]: warning: not owned by postfix: /var/db/postfix/./2012-05-31.db
Jul 27 15:14:56 pfsense postfix/postfix-script[61564]: warning: not owned by postfix: /var/db/postfix/./2012-06-01.db
Jul 27 15:14:56 pfsense postfix/postfix-script[61687]: warning: not owned by postfix: /var/db/postfix/./2012-06-02.db
Jul 27 15:14:56 pfsense postfix/postfix-script[61844]: warning: not owned by postfix: /var/db/postfix/./2012-06-03.db
Jul 27 15:14:56 pfsense postfix/postfix-script[62243]: refreshing the Postfix mail system
Jul 27 15:14:56 pfsense postfix/postfix-script[62461]: warning: not owned by postfix: /var/db/postfix/./2012-06-04.db
Jul 27 15:14:56 pfsense postfix/postfix-script[62684]: warning: not owned by postfix: /var/db/postfix/./2012-06-05.db
Jul 27 15:14:56 pfsense postfix/postfix-script[62729]: warning: not owned by postfix: /var/db/postfix/./2012-06-06.db
Jul 27 15:14:56 pfsense postfix/postfix-script[62869]: warning: not owned by postfix: /var/db/postfix/./2012-06-07.db
Jul 27 15:14:56 pfsense postfix/master[43991]: reload -- version 2.8.7, configuration /usr/local/etc/postfix
Jul 27 15:14:56 pfsense postfix/postfix-script[63473]: warning: not owned by postfix: /var/db/postfix/./2012-06-08.db
Jul 27 15:14:56 pfsense postfix/postfix-script[118]: warning: not owned by postfix: /var/db/postfix/./2012-06-09.db
Jul 27 15:14:56 pfsense postfix/postfix-script[610]: warning: not owned by postfix: /var/db/postfix/./2012-06-10.db
Jul 27 15:14:56 pfsense postfix/postfix-script[827]: warning: not owned by postfix: /var/db/postfix/./2012-06-11.db
Jul 27 15:14:56 pfsense postfix/postfix-script[1266]: warning: not owned by postfix: /var/db/postfix/./2012-06-12.db
Jul 27 15:14:57 pfsense postfix/postfix-script[1555]: warning: not owned by postfix: /var/db/postfix/./2012-06-13.db
Jul 27 15:14:59 pfsense postfix/postfix-script[4830]: refreshing the Postfix mail system
Jul 27 15:14:59 pfsense postfix/master[43991]: reload -- version 2.8.7, configuration /usr/local/etc/postfix
Jul 27 15:14:59 pfsense postfix/postfix-script[1561]: warning: not owned by postfix: /var/db/postfix/./2012-06-14.db
Jul 27 15:14:59 pfsense postfix/postfix-script[5938]: warning: not owned by postfix: /var/db/postfix/./2012-06-15.db
Jul 27 15:14:59 pfsense postfix/postfix-script[5964]: warning: not owned by postfix: /var/db/postfix/./2012-06-16.db
Jul 27 15:14:59 pfsense postfix/postfix-script[5996]: warning: not owned by postfix: /var/db/postfix/./2012-06-17.db
Jul 27 15:14:59 pfsense postfix/postfix-script[6213]: warning: not owned by postfix: /var/db/postfix/./2012-06-18.db
Jul 27 15:14:59 pfsense postfix/postfix-script[6376]: warning: not owned by postfix: /var/db/postfix/./2012-06-19.db
Jul 27 15:14:59 pfsense postfix/postfix-script[6579]: warning: not owned by postfix: /var/db/postfix/./2012-06-20.db
Jul 27 15:14:59 pfsense postfix/postfix-script[6835]: warning: not owned by postfix: /var/db/postfix/./2012-06-21.db
Jul 27 15:14:59 pfsense postfix/postfix-script[6979]: warning: not owned by postfix: /var/db/postfix/./2012-06-22.db
Jul 27 15:14:59 pfsense postfix/postfix-script[7266]: warning: not owned by postfix: /var/db/postfix/./2012-06-23.db
Jul 27 15:14:59 pfsense postfix/postfix-script[7283]: warning: not owned by postfix: /var/db/postfix/./2012-06-26.db
Jul 27 15:14:59 pfsense postfix/postfix-script[7585]: warning: not owned by postfix: /var/db/postfix/./2012-06-27.db
Jul 27 15:14:59 pfsense postfix/postfix-script[7834]: warning: not owned by postfix: /var/db/postfix/./2012-06-28.db
Jul 27 15:14:59 pfsense postfix/postfix-script[7930]: warning: not owned by postfix: /var/db/postfix/./2012-06-29.db
Jul 27 15:14:59 pfsense postfix/postfix-script[7952]: warning: not owned by postfix: /var/db/postfix/./2012-06-30.db
Jul 27 15:15:00 pfsense postfix/postfix-script[8283]: warning: not owned by postfix: /var/db/postfix/./2012-07-01.db
Jul 27 15:15:00 pfsense postfix/postfix-script[8416]: warning: not owned by postfix: /var/db/postfix/./2012-07-02.db
Jul 27 15:15:00 pfsense postfix/postfix-script[8693]: warning: not owned by postfix: /var/db/postfix/./2012-07-03.db
Jul 27 15:15:00 pfsense postfix/postfix-script[8929]: warning: not owned by postfix: /var/db/postfix/./2012-07-04.db
Jul 27 15:15:00 pfsense postfix/postfix-script[8933]: warning: not owned by postfix: /var/db/postfix/./2012-07-05.db
Jul 27 15:15:00 pfsense postfix/postfix-script[9146]: warning: not owned by postfix: /var/db/postfix/./2012-07-06.db
Jul 27 15:15:00 pfsense postfix/postfix-script[9456]: warning: not owned by postfix: /var/db/postfix/./2012-07-07.db
Jul 27 15:15:00 pfsense postfix/postfix-script[9801]: warning: not owned by postfix: /var/db/postfix/./2012-07-08.db
Jul 27 15:15:00 pfsense postfix/postfix-script[10089]: warning: not owned by postfix: /var/db/postfix/./2012-07-09.db
Jul 27 15:15:00 pfsense postfix/postfix-script[10345]: warning: not owned by postfix: /var/db/postfix/./2012-07-10.db
Jul 27 15:15:00 pfsense postfix/postfix-script[10533]: warning: not owned by postfix: /var/db/postfix/./2012-07-11.db
Jul 27 15:15:00 pfsense postfix/postfix-script[10852]: warning: not owned by postfix: /var/db/postfix/./2012-07-12.db
Jul 27 15:15:00 pfsense postfix/postfix-script[11081]: warning: not owned by postfix: /var/db/postfix/./2012-07-13.db
Jul 27 15:15:00 pfsense postfix/postfix-script[11090]: warning: not owned by postfix: /var/db/postfix/./2012-07-14.db
Jul 27 15:15:00 pfsense postfix/postfix-script[13246]: warning: not owned by postfix: /var/db/postfix/./2012-07-15.db
Jul 27 15:15:00 pfsense postfix/postfix-script[13471]: warning: not owned by postfix: /var/db/postfix/./2012-07-16.db
Jul 27 15:15:01 pfsense postfix/postfix-script[13700]: warning: not owned by postfix: /var/db/postfix/./2012-07-17.db
Jul 27 15:15:01 pfsense postfix/postfix-script[14150]: warning: not owned by postfix: /var/db/postfix/./2012-07-18.db
Jul 27 15:15:01 pfsense postfix/postfix-script[14374]: warning: not owned by postfix: /var/db/postfix/./2012-07-19.db
Jul 27 15:15:01 pfsense postfix/postfix-script[14794]: warning: not owned by postfix: /var/db/postfix/./2012-07-20.db
Jul 27 15:15:01 pfsense postfix/postfix-script[15639]: warning: not owned by postfix: /var/db/postfix/./2012-07-21.db
Jul 27 15:15:01 pfsense postfix/postfix-script[16575]: warning: not owned by postfix: /var/db/postfix/./2012-07-22.db
Jul 27 15:15:01 pfsense postfix/postfix-script[16846]: warning: not owned by postfix: /var/db/postfix/./2012-07-23.db
Jul 27 15:15:01 pfsense postfix/postfix-script[17362]: warning: not owned by postfix: /var/db/postfix/./2012-07-24.db
Jul 27 15:15:01 pfsense postfix/postfix-script[17257]: refreshing the Postfix mail system
Jul 27 15:15:01 pfsense postfix/postfix-script[17971]: warning: not owned by postfix: /var/db/postfix/./2012-07-25.db
Jul 27 15:15:02 pfsense postfix/master[43991]: reload -- version 2.8.7, configuration /usr/local/etc/postfix
Jul 27 15:15:02 pfsense postfix/postfix-script[18611]: warning: not owned by postfix: /var/db/postfix/./2012-07-26.db
Jul 27 15:15:02 pfsense postfix/postfix-script[19461]: warning: not owned by postfix: /var/db/postfix/./2012-07-27.db
Jul 27 15:15:02 pfsense postfix/postfix-script[21654]: starting the Postfix mail system
Jul 27 15:15:02 pfsense postfix/master[21972]: fatal: open lock file pid/master.pid: unable to set exclusive lock: Resource temporarily unavailable
Jul 27 15:15:04 pfsense postfix/postfix-script[25319]: warning: not owned by root: /var/spool/postfix
Jul 27 15:15:04 pfsense postfix/postfix-script[26790]: warning: not owned by postfix: /var/db/postfix/./2012-04-25.db
Jul 27 15:15:04 pfsense postfix/postfix-script[26944]: warning: not owned by postfix: /var/db/postfix/./2012-04-26.db
Jul 27 15:15:04 pfsense postfix/postfix-script[27224]: warning: not owned by postfix: /var/db/postfix/./2012-05-02.db
Jul 27 15:15:04 pfsense postfix/postfix-script[27489]: warning: not owned by postfix: /var/db/postfix/./2012-05-03.db
Jul 27 15:15:04 pfsense postfix/postfix-script[27538]: warning: not owned by postfix: /var/db/postfix/./2012-05-11.db
Jul 27 15:15:04 pfsense postfix/postfix-script[27662]: warning: not owned by postfix: /var/db/postfix/./2012-05-12.db
Jul 27 15:15:04 pfsense postfix/postfix-script[27821]: warning: not owned by postfix: /var/db/postfix/./2012-05-13.db
Jul 27 15:15:04 pfsense postfix/postfix-script[27829]: warning: not owned by postfix: /var/db/postfix/./2012-05-14.db
Jul 27 15:15:04 pfsense postfix/postfix-script[28115]: warning: not owned by postfix: /var/db/postfix/./2012-05-15.db
Jul 27 15:15:04 pfsense postfix/postfix-script[28226]: warning: not owned by postfix: /var/db/postfix/./2012-05-16.db
Jul 27 15:15:05 pfsense postfix/postfix-script[28561]: warning: not owned by postfix: /var/db/postfix/./2012-05-17.db
Jul 27 15:15:05 pfsense postfix/postfix-script[28799]: warning: not owned by postfix: /var/db/postfix/./2012-05-18.db
Jul 27 15:15:05 pfsense postfix/postfix-script[29360]: warning: not owned by postfix: /var/db/postfix/./2012-05-19.db
Jul 27 15:15:05 pfsense postfix/postfix-script[29579]: warning: not owned by postfix: /var/db/postfix/./2012-05-20.db
Jul 27 15:15:05 pfsense postfix/postfix-script[29809]: warning: not owned by postfix: /var/db/postfix/./2012-05-21.db
Jul 27 15:15:05 pfsense postfix/postfix-script[30076]: warning: not owned by postfix: /var/db/postfix/./2012-05-22.db
Jul 27 15:15:05 pfsense postfix/postfix-script[30092]: warning: not owned by postfix: /var/db/postfix/./2012-05-23.db
Jul 27 15:15:05 pfsense postfix/postfix-script[30309]: warning: not owned by postfix: /var/db/postfix/./2012-05-24.db
Jul 27 15:15:05 pfsense postfix/postfix-script[30479]: warning: not owned by postfix: /var/db/postfix/./2012-05-25.db
Jul 27 15:15:05 pfsense postfix/postfix-script[30719]: warning: not owned by postfix: /var/db/postfix/./2012-05-26.db
Jul 27 15:15:05 pfsense postfix/postfix-script[31045]: warning: not owned by postfix: /var/db/postfix/./2012-05-27.db
Jul 27 15:15:05 pfsense postfix/postfix-script[31303]: warning: not owned by postfix: /var/db/postfix/./2012-05-28.db
Jul 27 15:15:05 pfsense postfix/postfix-script[31372]: warning: not owned by postfix: /var/db/postfix/./2012-05-29.db
Jul 27 15:15:05 pfsense postfix/postfix-script[31608]: warning: not owned by postfix: /var/db/postfix/./2012-05-30.db
Jul 27 15:15:05 pfsense postfix/postfix-script[31925]: warning: not owned by postfix: /var/db/postfix/./2012-05-31.db
Jul 27 15:15:05 pfsense postfix/postfix-script[32115]: warning: not owned by postfix: /var/db/postfix/./2012-06-01.db
Jul 27 15:15:05 pfsense postfix/postfix-script[32450]: warning: not owned by postfix: /var/db/postfix/./2012-06-02.db
Jul 27 15:15:05 pfsense postfix/postfix-script[32547]: warning: not owned by postfix: /var/db/postfix/./2012-06-03.db
Jul 27 15:15:05 pfsense postfix/postfix-script[32851]: warning: not owned by postfix: /var/db/postfix/./2012-06-04.db
Jul 27 15:15:05 pfsense postfix/postfix-script[32903]: warning: not owned by postfix: /var/db/postfix/./2012-06-05.db
Jul 27 15:15:05 pfsense postfix/postfix-script[33210]: warning: not owned by postfix: /var/db/postfix/./2012-06-06.db
Jul 27 15:15:05 pfsense postfix/postfix-script[33606]: warning: not owned by postfix: /var/db/postfix/./2012-06-07.db
Jul 27 15:15:05 pfsense postfix/postfix-script[34219]: warning: not owned by postfix: /var/db/postfix/./2012-06-08.db
Jul 27 15:15:05 pfsense postfix/postfix-script[34316]: warning: not owned by postfix: /var/db/postfix/./2012-06-09.db
Jul 27 15:15:06 pfsense postfix/postfix-script[35014]: warning: not owned by postfix: /var/db/postfix/./2012-06-10.db
Jul 27 15:15:07 pfsense postfix/postfix-script[35536]: warning: not owned by postfix: /var/db/postfix/./2012-06-11.db
Jul 27 15:15:07 pfsense postfix/postfix-script[35834]: refreshing the Postfix mail system
Jul 27 15:15:07 pfsense postfix/postfix-script[36150]: warning: not owned by postfix: /var/db/postfix/./2012-06-12.db
Jul 27 15:15:07 pfsense postfix/postfix-script[36653]: warning: not owned by postfix: /var/db/postfix/./2012-06-13.db
Jul 27 15:15:07 pfsense postfix/master[43991]: reload -- version 2.8.7, configuration /usr/local/etc/postfix
Jul 27 15:15:08 pfsense postfix/postfix-script[37663]: warning: not owned by postfix: /var/db/postfix/./2012-06-14.db
Jul 27 15:15:08 pfsense postfix/postfix-script[37983]: warning: not owned by postfix: /var/db/postfix/./2012-06-15.db
Jul 27 15:15:08 pfsense postfix/postfix-script[38606]: warning: not owned by postfix: /var/db/postfix/./2012-06-16.db
Jul 27 15:15:08 pfsense postfix/postfix-script[38863]: warning: not owned by postfix: /var/db/postfix/./2012-06-17.db
Jul 27 15:15:08 pfsense postfix/postfix-script[39132]: warning: not owned by postfix: /var/db/postfix/./2012-06-18.db
Jul 27 15:15:08 pfsense postfix/postfix-script[41845]: warning: not owned by postfix: /var/db/postfix/./2012-06-19.db
Jul 27 15:15:08 pfsense postfix/postfix-script[41853]: warning: not owned by postfix: /var/db/postfix/./2012-06-20.db
Jul 27 15:15:08 pfsense postfix/postfix-script[42233]: warning: not owned by postfix: /var/db/postfix/./2012-06-21.db
Jul 27 15:15:08 pfsense postfix/postfix-script[42348]: warning: not owned by postfix: /var/db/postfix/./2012-06-22.db
Jul 27 15:15:08 pfsense postfix/postfix-script[42544]: warning: not owned by postfix: /var/db/postfix/./2012-06-23.db
Jul 27 15:15:08 pfsense postfix/postfix-script[42896]: warning: not owned by postfix: /var/db/postfix/./2012-06-26.db
Jul 27 15:15:08 pfsense postfix/postfix-script[43189]: warning: not owned by postfix: /var/db/postfix/./2012-06-27.db
Jul 27 15:15:08 pfsense postfix/postfix-script[43251]: warning: not owned by postfix: /var/db/postfix/./2012-06-28.db
Jul 27 15:15:08 pfsense postfix/postfix-script[43433]: warning: not owned by postfix: /var/db/postfix/./2012-06-29.db
Jul 27 15:15:08 pfsense postfix/postfix-script[43531]: warning: not owned by postfix: /var/db/postfix/./2012-06-30.db
Jul 27 15:15:08 pfsense postfix/postfix-script[43806]: warning: not owned by postfix: /var/db/postfix/./2012-07-01.db
Jul 27 15:15:08 pfsense postfix/postfix-script[43979]: warning: not owned by postfix: /var/db/postfix/./2012-07-02.db
Jul 27 15:15:08 pfsense postfix/postfix-script[44227]: warning: not owned by postfix: /var/db/postfix/./2012-07-03.db
Jul 27 15:15:08 pfsense postfix/postfix-script[44454]: warning: not owned by postfix: /var/db/postfix/./2012-07-04.db
Jul 27 15:15:08 pfsense postfix/postfix-script[44758]: warning: not owned by postfix: /var/db/postfix/./2012-07-05.db
Jul 27 15:15:08 pfsense postfix/postfix-script[44888]: warning: not owned by postfix: /var/db/postfix/./2012-07-06.db
Jul 27 15:15:08 pfsense postfix/postfix-script[45217]: warning: not owned by postfix: /var/db/postfix/./2012-07-07.db
Jul 27 15:15:08 pfsense postfix/postfix-script[45356]: warning: not owned by postfix: /var/db/postfix/./2012-07-08.db
Jul 27 15:15:08 pfsense postfix/postfix-script[45471]: warning: not owned by postfix: /var/db/postfix/./2012-07-09.db
Jul 27 15:15:09 pfsense postfix/postfix-script[45548]: warning: not owned by postfix: /var/db/postfix/./2012-07-10.db
Jul 27 15:15:09 pfsense postfix/postfix-script[46971]: warning: not owned by postfix: /var/db/postfix/./2012-07-11.db
Jul 27 15:15:09 pfsense postfix/postfix-script[47981]: warning: not owned by postfix: /var/db/postfix/./2012-07-12.db
Jul 27 15:15:09 pfsense postfix/postfix-script[48405]: warning: not owned by postfix: /var/db/postfix/./2012-07-13.db
Jul 27 15:15:09 pfsense postfix/postfix-script[50760]: warning: not owned by postfix: /var/db/postfix/./2012-07-14.db
Jul 27 15:15:09 pfsense postfix/postfix-script[50876]: warning: not owned by postfix: /var/db/postfix/./2012-07-15.db
Jul 27 15:15:09 pfsense postfix/postfix-script[51073]: warning: not owned by postfix: /var/db/postfix/./2012-07-16.db
Jul 27 15:15:09 pfsense postfix/postfix-script[51123]: warning: not owned by postfix: /var/db/postfix/./2012-07-17.db
Jul 27 15:15:09 pfsense postfix/postfix-script[51368]: warning: not owned by postfix: /var/db/postfix/./2012-07-18.db
Jul 27 15:15:09 pfsense postfix/postfix-script[51715]: warning: not owned by postfix: /var/db/postfix/./2012-07-19.db
Jul 27 15:15:09 pfsense postfix/postfix-script[51795]: warning: not owned by postfix: /var/db/postfix/./2012-07-20.db
Jul 27 15:15:09 pfsense postfix/postfix-script[52058]: warning: not owned by postfix: /var/db/postfix/./2012-07-21.db
Jul 27 15:15:09 pfsense postfix/postfix-script[52216]: warning: not owned by postfix: /var/db/postfix/./2012-07-22.db
Jul 27 15:15:09 pfsense postfix/postfix-script[52292]: warning: not owned by postfix: /var/db/postfix/./2012-07-23.db
Jul 27 15:15:09 pfsense postfix/postfix-script[52440]: warning: not owned by postfix: /var/db/postfix/./2012-07-24.db
Jul 27 15:15:09 pfsense postfix/postfix-script[52759]: warning: not owned by postfix: /var/db/postfix/./2012-07-25.db
Jul 27 15:15:09 pfsense postfix/postfix-script[52836]: warning: not owned by postfix: /var/db/postfix/./2012-07-26.db
Jul 27 15:15:09 pfsense postfix/postfix-script[53003]: warning: not owned by postfix: /var/db/postfix/./2012-07-27.db
Jul 27 15:15:09 pfsense postfix/postfix-script[55174]: starting the Postfix mail system
Jul 27 15:15:09 pfsense postfix/master[55449]: fatal: open lock file pid/master.pid: unable to set exclusive lock: Resource temporarily unavailable
Jul 27 15:15:11 pfsense dccifd[56162]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:15:28 pfsense dccifd[56162]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:15:11
Jul 27 15:15:28 pfsense dccifd[8225]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:15:35 pfsense dccifd[8225]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:15:28
Jul 27 15:15:41 pfsense dccifd[21521]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:15:50 pfsense dccifd[21521]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:15:41
Jul 27 15:15:50 pfsense dccifd[32033]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:15:58 pfsense dccifd[32033]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:15:50
Jul 27 15:16:04 pfsense dccifd[56166]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:16:17 pfsense dccifd[56166]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:16:04
Jul 27 15:16:18 pfsense dccifd[14583]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:16:21 pfsense dccifd[14583]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:16:18
Jul 27 15:16:21 pfsense dccifd[26305]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:16:28 pfsense dccifd[26305]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:16:21
Jul 27 15:16:33 pfsense dccifd[36914]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:16:46 pfsense dccifd[36914]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:16:33
Jul 27 15:16:47 pfsense dccifd[47211]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:16:54 pfsense dccifd[47211]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:16:47
Jul 27 15:16:59 pfsense dccifd[61438]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:17:12 pfsense dccifd[61438]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:16:58
Jul 27 15:17:12 pfsense dccifd[10405]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:17:20 pfsense dccifd[10405]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:17:12
Jul 27 15:17:24 pfsense dccifd[23867]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:17:37 pfsense dccifd[23867]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:17:24
Jul 27 15:17:37 pfsense dccifd[53345]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:17:45 pfsense dccifd[53345]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:17:37
Jul 27 15:17:49 pfsense dccifd[5294]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:18:04 pfsense dccifd[5294]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:17:49
Jul 27 15:18:04 pfsense dccifd[18315]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:18:08 pfsense postfix/postfix-script[31268]: fatal: the Postfix mail system is already running
Jul 27 15:18:37 pfsense dccifd[18315]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:18:04
Jul 27 15:18:37 pfsense dccifd[28412]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:19:06 pfsense dccifd[28412]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:18:37
Jul 27 15:19:06 pfsense dccifd[32362]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:19:28 pfsense dccifd[32362]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:19:06
Jul 27 15:19:28 pfsense dccifd[52155]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:19:31 pfsense postfix/postfix-script[63456]: fatal: the Postfix mail system is already running
Jul 27 15:20:27 pfsense postfix/postscreen[11353]: CONNECT from [ipaddress]:34662
Jul 27 15:20:27 pfsense postfix/postscreen[11353]: PASS OLD [ipaddress]:34662
Jul 27 15:20:30 pfsense postfix/smtpd[11470]: connect from corp.forptr.xxxx.com[ipaddress]
Jul 27 15:20:32 pfsense postfix/smtpd[11470]: DF71F173EA: client=corp.forptr.xxxx.com[ipaddress]
Jul 27 15:20:33 pfsense postfix/cleanup[23583]: DF71F173EA: hold: header Received: from corp.xxxx.com (corp.forptr.xxxx.com [ipaddress])??by pfsense.aaa.bbb (Postfix) with ESMTP id DF71F173EA??for <zlyzwy@aaa.bbb>; Fri, 27 Jul 2012 15:20:30 +0800 (CST) from corp.forptr.xxxx.com[ipaddress]; from=<williamzhou@satochina.com> to=<zlyzwy@aaa.bbb> proto=ESMTP helo=<corp.xxxx.com>
Jul 27 15:20:33 pfsense postfix/cleanup[23583]: DF71F173EA: warning: header Subject: =?utf-8?Q?=E8=BD=AC=E5=8F=91:_=E7=AD=94=3F:=5FFW:=5FFedEx=5Flabel?= from corp.forptr.xxxx.com[ipaddress]; from=<williamzhou@satochina.com> to=<zlyzwy@aaa.bbb> proto=ESMTP helo=<corp.xxxx.com>
Jul 27 15:20:33 pfsense postfix/cleanup[23583]: DF71F173EA: message-id=<004601cd6bc8$52352be0$f69f83a0$@com>
Jul 27 15:20:34 pfsense postfix/smtpd[11470]: disconnect from corp.forptr.xxxx.com[ipaddress]

I think the mailscanner didn't startup correctly. How can I start the mailscaner in cmd?

Thanks
Zlyzwy

According to the log above the mailscanner is running.  The rest is it just complaining it is not the owner.

Type this command from the console:

/usr/local/etc/rc.d/mailscanner

you will see this:/usr/local/etc/rc.d/mailscanner [fast|force|one](start|stop|restart|rcvar|status|poll)

you can use any of the commands that you wish.

if you type /usr/local/etc/rc.d/mailscanner status
you should see this: mailscanner is running as pid #####
Title: Re: Postfix - antispam and relay package
Post by: mschiek01 on July 27, 2012, 06:53:37 am
Hi Unubtantium,

I tried to fix this problem:
1. restart the PF --> NG
2. Reinstall the MailScanner and restart again -->NG

The mail is still holding in postfix....

Here is the maillog after restart my PF.

Quote
Jul 27 15:14:38 pfsense postfix/postfix-script[28704]: fatal: the Postfix mail system is not running
Jul 27 15:14:40 pfsense postfix/postfix-script[34423]: fatal: the Postfix mail system is not running
Jul 27 15:14:43 pfsense postfix/postfix-script[52464]: fatal: the Postfix mail system is not running
Jul 27 15:14:46 pfsense postfix/postfix-script[2013]: fatal: the Postfix mail system is not running
Jul 27 15:14:48 pfsense postfix/postfix-script[11927]: warning: not owned by root: /var/spool/postfix
Jul 27 15:14:48 pfsense postfix/postfix-script[14440]: fatal: the Postfix mail system is not running
Jul 27 15:14:50 pfsense postfix/postfix-script[16474]: warning: not owned by postfix: /var/db/postfix/./2012-04-25.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17029]: warning: not owned by postfix: /var/db/postfix/./2012-04-26.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17082]: warning: not owned by postfix: /var/db/postfix/./2012-05-02.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17087]: warning: not owned by postfix: /var/db/postfix/./2012-05-03.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17153]: warning: not owned by postfix: /var/db/postfix/./2012-05-11.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17327]: warning: not owned by postfix: /var/db/postfix/./2012-05-12.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17611]: warning: not owned by postfix: /var/db/postfix/./2012-05-13.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17745]: warning: not owned by postfix: /var/db/postfix/./2012-05-14.db
Jul 27 15:14:50 pfsense postfix/postfix-script[18650]: warning: not owned by postfix: /var/db/postfix/./2012-05-15.db
Jul 27 15:14:50 pfsense postfix/postfix-script[19266]: warning: not owned by postfix: /var/db/postfix/./2012-05-16.db
Jul 27 15:14:50 pfsense postfix/postfix-script[19442]: warning: not owned by postfix: /var/db/postfix/./2012-05-17.db
Jul 27 15:14:50 pfsense postfix/postfix-script[19527]: warning: not owned by postfix: /var/db/postfix/./2012-05-18.db
Jul 27 15:14:50 pfsense postfix/postfix-script[19827]: warning: not owned by postfix: /var/db/postfix/./2012-05-19.db
Jul 27 15:14:50 pfsense postfix/postfix-script[19951]: warning: not owned by postfix: /var/db/postfix/./2012-05-20.db
Jul 27 15:14:50 pfsense postfix/postfix-script[20242]: warning: not owned by postfix: /var/db/postfix/./2012-05-21.db
Jul 27 15:14:50 pfsense postfix/postfix-script[20537]: warning: not owned by postfix: /var/db/postfix/./2012-05-22.db
Jul 27 15:14:50 pfsense postfix/postfix-script[20871]: warning: not owned by postfix: /var/db/postfix/./2012-05-23.db
Jul 27 15:14:50 pfsense postfix/postfix-script[20874]: warning: not owned by postfix: /var/db/postfix/./2012-05-24.db
Jul 27 15:14:50 pfsense postfix/postfix-script[21110]: warning: not owned by postfix: /var/db/postfix/./2012-05-25.db
Jul 27 15:14:51 pfsense postfix/postfix-script[21323]: warning: not owned by postfix: /var/db/postfix/./2012-05-26.db
Jul 27 15:14:51 pfsense postfix/postfix-script[21325]: warning: not owned by postfix: /var/db/postfix/./2012-05-27.db
Jul 27 15:14:51 pfsense postfix/postfix-script[21486]: warning: not owned by postfix: /var/db/postfix/./2012-05-28.db
Jul 27 15:14:51 pfsense postfix/postfix-script[21803]: warning: not owned by postfix: /var/db/postfix/./2012-05-29.db
Jul 27 15:14:51 pfsense postfix/postfix-script[21905]: warning: not owned by postfix: /var/db/postfix/./2012-05-30.db
Jul 27 15:14:51 pfsense postfix/postfix-script[22291]: warning: not owned by postfix: /var/db/postfix/./2012-05-31.db
Jul 27 15:14:51 pfsense postfix/postfix-script[22372]: warning: not owned by postfix: /var/db/postfix/./2012-06-01.db
Jul 27 15:14:51 pfsense postfix/postfix-script[22604]: warning: not owned by postfix: /var/db/postfix/./2012-06-02.db
Jul 27 15:14:51 pfsense postfix/postfix-script[22681]: warning: not owned by postfix: /var/db/postfix/./2012-06-03.db
Jul 27 15:14:51 pfsense postfix/postfix-script[22692]: warning: not owned by postfix: /var/db/postfix/./2012-06-04.db
Jul 27 15:14:51 pfsense postfix/postfix-script[22989]: warning: not owned by postfix: /var/db/postfix/./2012-06-05.db
Jul 27 15:14:51 pfsense postfix/postfix-script[23335]: warning: not owned by postfix: /var/db/postfix/./2012-06-06.db
Jul 27 15:14:51 pfsense postfix/postfix-script[23403]: warning: not owned by postfix: /var/db/postfix/./2012-06-07.db
Jul 27 15:14:51 pfsense postfix/postfix-script[23470]: warning: not owned by postfix: /var/db/postfix/./2012-06-08.db
Jul 27 15:14:51 pfsense postfix/postfix-script[23810]: warning: not owned by postfix: /var/db/postfix/./2012-06-09.db
Jul 27 15:14:51 pfsense postfix/postfix-script[23944]: warning: not owned by postfix: /var/db/postfix/./2012-06-10.db
Jul 27 15:14:51 pfsense postfix/postfix-script[23975]: warning: not owned by postfix: /var/db/postfix/./2012-06-11.db
Jul 27 15:14:51 pfsense postfix/postfix-script[24206]: warning: not owned by postfix: /var/db/postfix/./2012-06-12.db
Jul 27 15:14:51 pfsense postfix/postfix-script[24376]: warning: not owned by postfix: /var/db/postfix/./2012-06-13.db
Jul 27 15:14:51 pfsense postfix/postfix-script[24427]: warning: not owned by postfix: /var/db/postfix/./2012-06-14.db
Jul 27 15:14:51 pfsense postfix/postfix-script[24510]: warning: not owned by postfix: /var/db/postfix/./2012-06-15.db
Jul 27 15:14:51 pfsense postfix/postfix-script[24584]: warning: not owned by postfix: /var/db/postfix/./2012-06-16.db
Jul 27 15:14:51 pfsense postfix/postfix-script[24894]: warning: not owned by postfix: /var/db/postfix/./2012-06-17.db
Jul 27 15:14:51 pfsense postfix/postfix-script[25224]: warning: not owned by postfix: /var/db/postfix/./2012-06-18.db
Jul 27 15:14:51 pfsense postfix/postfix-script[25520]: warning: not owned by postfix: /var/db/postfix/./2012-06-19.db
Jul 27 15:14:51 pfsense postfix/postfix-script[25860]: warning: not owned by postfix: /var/db/postfix/./2012-06-20.db
Jul 27 15:14:51 pfsense postfix/postfix-script[26134]: warning: not owned by postfix: /var/db/postfix/./2012-06-21.db
Jul 27 15:14:51 pfsense postfix/postfix-script[26365]: warning: not owned by postfix: /var/db/postfix/./2012-06-22.db
Jul 27 15:14:51 pfsense postfix/postfix-script[26540]: warning: not owned by postfix: /var/db/postfix/./2012-06-23.db
Jul 27 15:14:51 pfsense postfix/postfix-script[26868]: warning: not owned by postfix: /var/db/postfix/./2012-06-26.db
Jul 27 15:14:51 pfsense postfix/postfix-script[27165]: warning: not owned by postfix: /var/db/postfix/./2012-06-27.db
Jul 27 15:14:51 pfsense postfix/postfix-script[27382]: warning: not owned by postfix: /var/db/postfix/./2012-06-28.db
Jul 27 15:14:51 pfsense postfix/postfix-script[27467]: warning: not owned by postfix: /var/db/postfix/./2012-06-29.db
Jul 27 15:14:51 pfsense postfix/postfix-script[27795]: warning: not owned by postfix: /var/db/postfix/./2012-06-30.db
Jul 27 15:14:51 pfsense postfix/postfix-script[28029]: warning: not owned by postfix: /var/db/postfix/./2012-07-01.db
Jul 27 15:14:51 pfsense postfix/postfix-script[28261]: warning: not owned by postfix: /var/db/postfix/./2012-07-02.db
Jul 27 15:14:51 pfsense postfix/postfix-script[28765]: warning: not owned by postfix: /var/db/postfix/./2012-07-03.db
Jul 27 15:14:51 pfsense postfix/postfix-script[28961]: warning: not owned by postfix: /var/db/postfix/./2012-07-04.db
Jul 27 15:14:51 pfsense postfix/postfix-script[29197]: warning: not owned by postfix: /var/db/postfix/./2012-07-05.db
Jul 27 15:14:51 pfsense postfix/postfix-script[29762]: warning: not owned by postfix: /var/db/postfix/./2012-07-06.db
Jul 27 15:14:51 pfsense postfix/postfix-script[30563]: warning: not owned by postfix: /var/db/postfix/./2012-07-07.db
Jul 27 15:14:52 pfsense postfix/postfix-script[30648]: warning: not owned by postfix: /var/db/postfix/./2012-07-08.db
Jul 27 15:14:52 pfsense postfix/postfix-script[30703]: warning: not owned by postfix: /var/db/postfix/./2012-07-09.db
Jul 27 15:14:52 pfsense postfix/postfix-script[31192]: warning: not owned by postfix: /var/db/postfix/./2012-07-10.db
Jul 27 15:14:52 pfsense postfix/postfix-script[31482]: warning: not owned by postfix: /var/db/postfix/./2012-07-11.db
Jul 27 15:14:52 pfsense postfix/postfix-script[31971]: warning: not owned by postfix: /var/db/postfix/./2012-07-12.db
Jul 27 15:14:52 pfsense postfix/postfix-script[32840]: warning: not owned by postfix: /var/db/postfix/./2012-07-13.db
Jul 27 15:14:52 pfsense postfix/postfix-script[33442]: warning: not owned by postfix: /var/db/postfix/./2012-07-14.db
Jul 27 15:14:52 pfsense postfix/postfix-script[33904]: fatal: the Postfix mail system is not running
Jul 27 15:14:52 pfsense postfix/postfix-script[33606]: warning: not owned by postfix: /var/db/postfix/./2012-07-15.db
Jul 27 15:14:52 pfsense postfix/postfix-script[33922]: warning: not owned by postfix: /var/db/postfix/./2012-07-16.db
Jul 27 15:14:52 pfsense postfix/postfix-script[34663]: warning: not owned by postfix: /var/db/postfix/./2012-07-17.db
Jul 27 15:14:52 pfsense postfix/postfix-script[35204]: warning: not owned by postfix: /var/db/postfix/./2012-07-18.db
Jul 27 15:14:52 pfsense postfix/postfix-script[35502]: warning: not owned by postfix: /var/db/postfix/./2012-07-19.db
Jul 27 15:14:52 pfsense postfix/postfix-script[35939]: warning: not owned by postfix: /var/db/postfix/./2012-07-20.db
Jul 27 15:14:52 pfsense postfix/postfix-script[36238]: warning: not owned by postfix: /var/db/postfix/./2012-07-21.db
Jul 27 15:14:52 pfsense postfix/postfix-script[36648]: warning: not owned by postfix: /var/db/postfix/./2012-07-22.db
Jul 27 15:14:52 pfsense postfix/postfix-script[37238]: warning: not owned by postfix: /var/db/postfix/./2012-07-23.db
Jul 27 15:14:52 pfsense postfix/postfix-script[37583]: warning: not owned by postfix: /var/db/postfix/./2012-07-24.db
Jul 27 15:14:52 pfsense postfix/postfix-script[38040]: warning: not owned by postfix: /var/db/postfix/./2012-07-25.db
Jul 27 15:14:53 pfsense postfix/postfix-script[38674]: warning: not owned by postfix: /var/db/postfix/./2012-07-26.db
Jul 27 15:14:53 pfsense postfix/postfix-script[39545]: warning: not owned by postfix: /var/db/postfix/./2012-07-27.db
Jul 27 15:14:53 pfsense postfix/postfix-script[43603]: starting the Postfix mail system
Jul 27 15:14:54 pfsense postfix/master[43991]: daemon started -- version 2.8.7, configuration /usr/local/etc/postfix
Jul 27 15:14:55 pfsense postfix/postfix-script[49140]: warning: not owned by root: /var/spool/postfix
Jul 27 15:14:55 pfsense postfix/postfix-script[51197]: warning: not owned by postfix: /var/db/postfix/./2012-04-25.db
Jul 27 15:14:55 pfsense postfix/postfix-script[51368]: warning: not owned by postfix: /var/db/postfix/./2012-04-26.db
Jul 27 15:14:55 pfsense postfix/postfix-script[51669]: warning: not owned by postfix: /var/db/postfix/./2012-05-02.db
Jul 27 15:14:55 pfsense postfix/postfix-script[52332]: warning: not owned by postfix: /var/db/postfix/./2012-05-03.db
Jul 27 15:14:55 pfsense postfix/postfix-script[52537]: warning: not owned by postfix: /var/db/postfix/./2012-05-11.db
Jul 27 15:14:55 pfsense postfix/postfix-script[53072]: warning: not owned by postfix: /var/db/postfix/./2012-05-12.db
Jul 27 15:14:55 pfsense postfix/postfix-script[53442]: warning: not owned by postfix: /var/db/postfix/./2012-05-13.db
Jul 27 15:14:55 pfsense postfix/postfix-script[53574]: warning: not owned by postfix: /var/db/postfix/./2012-05-14.db
Jul 27 15:14:55 pfsense postfix/postfix-script[53784]: warning: not owned by postfix: /var/db/postfix/./2012-05-15.db
Jul 27 15:14:55 pfsense postfix/postfix-script[54017]: warning: not owned by postfix: /var/db/postfix/./2012-05-16.db
Jul 27 15:14:55 pfsense postfix/postfix-script[54835]: warning: not owned by postfix: /var/db/postfix/./2012-05-17.db
Jul 27 15:14:55 pfsense postfix/postfix-script[55254]: warning: not owned by postfix: /var/db/postfix/./2012-05-18.db
Jul 27 15:14:55 pfsense postfix/postfix-script[55580]: warning: not owned by postfix: /var/db/postfix/./2012-05-19.db
Jul 27 15:14:55 pfsense postfix/postfix-script[55918]: warning: not owned by postfix: /var/db/postfix/./2012-05-20.db
Jul 27 15:14:56 pfsense postfix/postfix-script[59300]: warning: not owned by postfix: /var/db/postfix/./2012-05-26.db
Jul 27 15:14:56 pfsense postfix/postfix-script[59665]: warning: not owned by postfix: /var/db/postfix/./2012-05-27.db
Jul 27 15:14:56 pfsense postfix/postfix-script[59707]: warning: not owned by postfix: /var/db/postfix/./2012-05-28.db
Jul 27 15:14:56 pfsense postfix/postfix-script[59954]: warning: not owned by postfix: /var/db/postfix/./2012-05-29.db
Jul 27 15:14:56 pfsense postfix/postfix-script[60144]: warning: not owned by postfix: /var/db/postfix/./2012-05-30.db
Jul 27 15:14:56 pfsense postfix/postfix-script[60707]: warning: not owned by postfix: /var/db/postfix/./2012-05-31.db
Jul 27 15:14:56 pfsense postfix/postfix-script[61564]: warning: not owned by postfix: /var/db/postfix/./2012-06-01.db
Jul 27 15:14:56 pfsense postfix/postfix-script[61687]: warning: not owned by postfix: /var/db/postfix/./2012-06-02.db
Jul 27 15:14:56 pfsense postfix/postfix-script[61844]: warning: not owned by postfix: /var/db/postfix/./2012-06-03.db
Jul 27 15:14:56 pfsense postfix/postfix-script[62243]: refreshing the Postfix mail system
Jul 27 15:14:56 pfsense postfix/postfix-script[62461]: warning: not owned by postfix: /var/db/postfix/./2012-06-04.db
Jul 27 15:14:56 pfsense postfix/postfix-script[62684]: warning: not owned by postfix: /var/db/postfix/./2012-06-05.db
Jul 27 15:14:56 pfsense postfix/postfix-script[62729]: warning: not owned by postfix: /var/db/postfix/./2012-06-06.db
Jul 27 15:14:56 pfsense postfix/postfix-script[62869]: warning: not owned by postfix: /var/db/postfix/./2012-06-07.db
Jul 27 15:14:56 pfsense postfix/master[43991]: reload -- version 2.8.7, configuration /usr/local/etc/postfix
Jul 27 15:14:56 pfsense postfix/postfix-script[63473]: warning: not owned by postfix: /var/db/postfix/./2012-06-08.db
Jul 27 15:14:56 pfsense postfix/postfix-script[118]: warning: not owned by postfix: /var/db/postfix/./2012-06-09.db
Jul 27 15:14:56 pfsense postfix/postfix-script[610]: warning: not owned by postfix: /var/db/postfix/./2012-06-10.db
Jul 27 15:14:56 pfsense postfix/postfix-script[827]: warning: not owned by postfix: /var/db/postfix/./2012-06-11.db
Jul 27 15:14:56 pfsense postfix/postfix-script[1266]: warning: not owned by postfix: /var/db/postfix/./2012-06-12.db
Jul 27 15:14:57 pfsense postfix/postfix-script[1555]: warning: not owned by postfix: /var/db/postfix/./2012-06-13.db
Jul 27 15:14:59 pfsense postfix/postfix-script[4830]: refreshing the Postfix mail system
Jul 27 15:14:59 pfsense postfix/master[43991]: reload -- version 2.8.7, configuration /usr/local/etc/postfix
Jul 27 15:14:59 pfsense postfix/postfix-script[1561]: warning: not owned by postfix: /var/db/postfix/./2012-06-14.db
Jul 27 15:14:59 pfsense postfix/postfix-script[5938]: warning: not owned by postfix: /var/db/postfix/./2012-06-15.db
Jul 27 15:14:59 pfsense postfix/postfix-script[5964]: warning: not owned by postfix: /var/db/postfix/./2012-06-16.db
Jul 27 15:14:59 pfsense postfix/postfix-script[5996]: warning: not owned by postfix: /var/db/postfix/./2012-06-17.db
Jul 27 15:14:59 pfsense postfix/postfix-script[6213]: warning: not owned by postfix: /var/db/postfix/./2012-06-18.db
Jul 27 15:14:59 pfsense postfix/postfix-script[6376]: warning: not owned by postfix: /var/db/postfix/./2012-06-19.db
Jul 27 15:14:59 pfsense postfix/postfix-script[6579]: warning: not owned by postfix: /var/db/postfix/./2012-06-20.db
Jul 27 15:14:59 pfsense postfix/postfix-script[6835]: warning: not owned by postfix: /var/db/postfix/./2012-06-21.db
Jul 27 15:14:59 pfsense postfix/postfix-script[6979]: warning: not owned by postfix: /var/db/postfix/./2012-06-22.db
Jul 27 15:14:59 pfsense postfix/postfix-script[7266]: warning: not owned by postfix: /var/db/postfix/./2012-06-23.db
Jul 27 15:14:59 pfsense postfix/postfix-script[7283]: warning: not owned by postfix: /var/db/postfix/./2012-06-26.db
Jul 27 15:14:59 pfsense postfix/postfix-script[7585]: warning: not owned by postfix: /var/db/postfix/./2012-06-27.db
Jul 27 15:14:59 pfsense postfix/postfix-script[7834]: warning: not owned by postfix: /var/db/postfix/./2012-06-28.db
Jul 27 15:14:59 pfsense postfix/postfix-script[7930]: warning: not owned by postfix: /var/db/postfix/./2012-06-29.db
Jul 27 15:14:59 pfsense postfix/postfix-script[7952]: warning: not owned by postfix: /var/db/postfix/./2012-06-30.db
Jul 27 15:15:00 pfsense postfix/postfix-script[8283]: warning: not owned by postfix: /var/db/postfix/./2012-07-01.db
Jul 27 15:15:00 pfsense postfix/postfix-script[8416]: warning: not owned by postfix: /var/db/postfix/./2012-07-02.db
Jul 27 15:15:00 pfsense postfix/postfix-script[8693]: warning: not owned by postfix: /var/db/postfix/./2012-07-03.db
Jul 27 15:15:00 pfsense postfix/postfix-script[8929]: warning: not owned by postfix: /var/db/postfix/./2012-07-04.db
Jul 27 15:15:00 pfsense postfix/postfix-script[8933]: warning: not owned by postfix: /var/db/postfix/./2012-07-05.db
Jul 27 15:15:00 pfsense postfix/postfix-script[9146]: warning: not owned by postfix: /var/db/postfix/./2012-07-06.db
Jul 27 15:15:00 pfsense postfix/postfix-script[9456]: warning: not owned by postfix: /var/db/postfix/./2012-07-07.db
Jul 27 15:15:00 pfsense postfix/postfix-script[9801]: warning: not owned by postfix: /var/db/postfix/./2012-07-08.db
Jul 27 15:15:00 pfsense postfix/postfix-script[10089]: warning: not owned by postfix: /var/db/postfix/./2012-07-09.db
Jul 27 15:15:00 pfsense postfix/postfix-script[10345]: warning: not owned by postfix: /var/db/postfix/./2012-07-10.db
Jul 27 15:15:00 pfsense postfix/postfix-script[10533]: warning: not owned by postfix: /var/db/postfix/./2012-07-11.db
Jul 27 15:15:00 pfsense postfix/postfix-script[10852]: warning: not owned by postfix: /var/db/postfix/./2012-07-12.db
Jul 27 15:15:00 pfsense postfix/postfix-script[11081]: warning: not owned by postfix: /var/db/postfix/./2012-07-13.db
Jul 27 15:15:00 pfsense postfix/postfix-script[11090]: warning: not owned by postfix: /var/db/postfix/./2012-07-14.db
Jul 27 15:15:00 pfsense postfix/postfix-script[13246]: warning: not owned by postfix: /var/db/postfix/./2012-07-15.db
Jul 27 15:15:00 pfsense postfix/postfix-script[13471]: warning: not owned by postfix: /var/db/postfix/./2012-07-16.db
Jul 27 15:15:01 pfsense postfix/postfix-script[13700]: warning: not owned by postfix: /var/db/postfix/./2012-07-17.db
Jul 27 15:15:01 pfsense postfix/postfix-script[14150]: warning: not owned by postfix: /var/db/postfix/./2012-07-18.db
Jul 27 15:15:01 pfsense postfix/postfix-script[14374]: warning: not owned by postfix: /var/db/postfix/./2012-07-19.db
Jul 27 15:15:01 pfsense postfix/postfix-script[14794]: warning: not owned by postfix: /var/db/postfix/./2012-07-20.db
Jul 27 15:15:01 pfsense postfix/postfix-script[15639]: warning: not owned by postfix: /var/db/postfix/./2012-07-21.db
Jul 27 15:15:01 pfsense postfix/postfix-script[16575]: warning: not owned by postfix: /var/db/postfix/./2012-07-22.db
Jul 27 15:15:01 pfsense postfix/postfix-script[16846]: warning: not owned by postfix: /var/db/postfix/./2012-07-23.db
Jul 27 15:15:01 pfsense postfix/postfix-script[17362]: warning: not owned by postfix: /var/db/postfix/./2012-07-24.db
Jul 27 15:15:01 pfsense postfix/postfix-script[17257]: refreshing the Postfix mail system
Jul 27 15:15:01 pfsense postfix/postfix-script[17971]: warning: not owned by postfix: /var/db/postfix/./2012-07-25.db
Jul 27 15:15:02 pfsense postfix/master[43991]: reload -- version 2.8.7, configuration /usr/local/etc/postfix
Jul 27 15:15:02 pfsense postfix/postfix-script[18611]: warning: not owned by postfix: /var/db/postfix/./2012-07-26.db
Jul 27 15:15:02 pfsense postfix/postfix-script[19461]: warning: not owned by postfix: /var/db/postfix/./2012-07-27.db
Jul 27 15:15:02 pfsense postfix/postfix-script[21654]: starting the Postfix mail system
Jul 27 15:15:02 pfsense postfix/master[21972]: fatal: open lock file pid/master.pid: unable to set exclusive lock: Resource temporarily unavailable
Jul 27 15:15:04 pfsense postfix/postfix-script[25319]: warning: not owned by root: /var/spool/postfix
Jul 27 15:15:04 pfsense postfix/postfix-script[26790]: warning: not owned by postfix: /var/db/postfix/./2012-04-25.db
Jul 27 15:15:04 pfsense postfix/postfix-script[26944]: warning: not owned by postfix: /var/db/postfix/./2012-04-26.db
Jul 27 15:15:04 pfsense postfix/postfix-script[27224]: warning: not owned by postfix: /var/db/postfix/./2012-05-02.db
Jul 27 15:15:04 pfsense postfix/postfix-script[27489]: warning: not owned by postfix: /var/db/postfix/./2012-05-03.db
Jul 27 15:15:04 pfsense postfix/postfix-script[27538]: warning: not owned by postfix: /var/db/postfix/./2012-05-11.db
Jul 27 15:15:04 pfsense postfix/postfix-script[27662]: warning: not owned by postfix: /var/db/postfix/./2012-05-12.db
Jul 27 15:15:04 pfsense postfix/postfix-script[27821]: warning: not owned by postfix: /var/db/postfix/./2012-05-13.db
Jul 27 15:15:04 pfsense postfix/postfix-script[27829]: warning: not owned by postfix: /var/db/postfix/./2012-05-14.db
Jul 27 15:15:04 pfsense postfix/postfix-script[28115]: warning: not owned by postfix: /var/db/postfix/./2012-05-15.db
Jul 27 15:15:04 pfsense postfix/postfix-script[28226]: warning: not owned by postfix: /var/db/postfix/./2012-05-16.db
Jul 27 15:15:05 pfsense postfix/postfix-script[28561]: warning: not owned by postfix: /var/db/postfix/./2012-05-17.db
Jul 27 15:15:05 pfsense postfix/postfix-script[28799]: warning: not owned by postfix: /var/db/postfix/./2012-05-18.db
Jul 27 15:15:05 pfsense postfix/postfix-script[29360]: warning: not owned by postfix: /var/db/postfix/./2012-05-19.db
Jul 27 15:15:05 pfsense postfix/postfix-script[29579]: warning: not owned by postfix: /var/db/postfix/./2012-05-20.db
Jul 27 15:15:05 pfsense postfix/postfix-script[29809]: warning: not owned by postfix: /var/db/postfix/./2012-05-21.db
Jul 27 15:15:05 pfsense postfix/postfix-script[30076]: warning: not owned by postfix: /var/db/postfix/./2012-05-22.db
Jul 27 15:15:05 pfsense postfix/postfix-script[30092]: warning: not owned by postfix: /var/db/postfix/./2012-05-23.db
Jul 27 15:15:05 pfsense postfix/postfix-script[30309]: warning: not owned by postfix: /var/db/postfix/./2012-05-24.db
Jul 27 15:15:05 pfsense postfix/postfix-script[30479]: warning: not owned by postfix: /var/db/postfix/./2012-05-25.db
Jul 27 15:15:05 pfsense postfix/postfix-script[30719]: warning: not owned by postfix: /var/db/postfix/./2012-05-26.db
Jul 27 15:15:05 pfsense postfix/postfix-script[31045]: warning: not owned by postfix: /var/db/postfix/./2012-05-27.db
Jul 27 15:15:05 pfsense postfix/postfix-script[31303]: warning: not owned by postfix: /var/db/postfix/./2012-05-28.db
Jul 27 15:15:05 pfsense postfix/postfix-script[31372]: warning: not owned by postfix: /var/db/postfix/./2012-05-29.db
Jul 27 15:15:05 pfsense postfix/postfix-script[31608]: warning: not owned by postfix: /var/db/postfix/./2012-05-30.db
Jul 27 15:15:05 pfsense postfix/postfix-script[31925]: warning: not owned by postfix: /var/db/postfix/./2012-05-31.db
Jul 27 15:15:05 pfsense postfix/postfix-script[32115]: warning: not owned by postfix: /var/db/postfix/./2012-06-01.db
Jul 27 15:15:05 pfsense postfix/postfix-script[32450]: warning: not owned by postfix: /var/db/postfix/./2012-06-02.db
Jul 27 15:15:05 pfsense postfix/postfix-script[32547]: warning: not owned by postfix: /var/db/postfix/./2012-06-03.db
Jul 27 15:15:05 pfsense postfix/postfix-script[32851]: warning: not owned by postfix: /var/db/postfix/./2012-06-04.db
Jul 27 15:15:05 pfsense postfix/postfix-script[32903]: warning: not owned by postfix: /var/db/postfix/./2012-06-05.db
Jul 27 15:15:05 pfsense postfix/postfix-script[33210]: warning: not owned by postfix: /var/db/postfix/./2012-06-06.db
Jul 27 15:15:05 pfsense postfix/postfix-script[33606]: warning: not owned by postfix: /var/db/postfix/./2012-06-07.db
Jul 27 15:15:05 pfsense postfix/postfix-script[34219]: warning: not owned by postfix: /var/db/postfix/./2012-06-08.db
Jul 27 15:15:05 pfsense postfix/postfix-script[34316]: warning: not owned by postfix: /var/db/postfix/./2012-06-09.db
Jul 27 15:15:06 pfsense postfix/postfix-script[35014]: warning: not owned by postfix: /var/db/postfix/./2012-06-10.db
Jul 27 15:15:07 pfsense postfix/postfix-script[35536]: warning: not owned by postfix: /var/db/postfix/./2012-06-11.db
Jul 27 15:15:07 pfsense postfix/postfix-script[35834]: refreshing the Postfix mail system
Jul 27 15:15:07 pfsense postfix/postfix-script[36150]: warning: not owned by postfix: /var/db/postfix/./2012-06-12.db
Jul 27 15:15:07 pfsense postfix/postfix-script[36653]: warning: not owned by postfix: /var/db/postfix/./2012-06-13.db
Jul 27 15:15:07 pfsense postfix/master[43991]: reload -- version 2.8.7, configuration /usr/local/etc/postfix
Jul 27 15:15:08 pfsense postfix/postfix-script[37663]: warning: not owned by postfix: /var/db/postfix/./2012-06-14.db
Jul 27 15:15:08 pfsense postfix/postfix-script[37983]: warning: not owned by postfix: /var/db/postfix/./2012-06-15.db
Jul 27 15:15:08 pfsense postfix/postfix-script[38606]: warning: not owned by postfix: /var/db/postfix/./2012-06-16.db
Jul 27 15:15:08 pfsense postfix/postfix-script[38863]: warning: not owned by postfix: /var/db/postfix/./2012-06-17.db
Jul 27 15:15:08 pfsense postfix/postfix-script[39132]: warning: not owned by postfix: /var/db/postfix/./2012-06-18.db
Jul 27 15:15:08 pfsense postfix/postfix-script[41845]: warning: not owned by postfix: /var/db/postfix/./2012-06-19.db
Jul 27 15:15:08 pfsense postfix/postfix-script[41853]: warning: not owned by postfix: /var/db/postfix/./2012-06-20.db
Jul 27 15:15:08 pfsense postfix/postfix-script[42233]: warning: not owned by postfix: /var/db/postfix/./2012-06-21.db
Jul 27 15:15:08 pfsense postfix/postfix-script[42348]: warning: not owned by postfix: /var/db/postfix/./2012-06-22.db
Jul 27 15:15:08 pfsense postfix/postfix-script[42544]: warning: not owned by postfix: /var/db/postfix/./2012-06-23.db
Jul 27 15:15:08 pfsense postfix/postfix-script[42896]: warning: not owned by postfix: /var/db/postfix/./2012-06-26.db
Jul 27 15:15:08 pfsense postfix/postfix-script[43189]: warning: not owned by postfix: /var/db/postfix/./2012-06-27.db
Jul 27 15:15:08 pfsense postfix/postfix-script[43251]: warning: not owned by postfix: /var/db/postfix/./2012-06-28.db
Jul 27 15:15:08 pfsense postfix/postfix-script[43433]: warning: not owned by postfix: /var/db/postfix/./2012-06-29.db
Jul 27 15:15:08 pfsense postfix/postfix-script[43531]: warning: not owned by postfix: /var/db/postfix/./2012-06-30.db
Jul 27 15:15:08 pfsense postfix/postfix-script[43806]: warning: not owned by postfix: /var/db/postfix/./2012-07-01.db
Jul 27 15:15:08 pfsense postfix/postfix-script[43979]: warning: not owned by postfix: /var/db/postfix/./2012-07-02.db
Jul 27 15:15:08 pfsense postfix/postfix-script[44227]: warning: not owned by postfix: /var/db/postfix/./2012-07-03.db
Jul 27 15:15:08 pfsense postfix/postfix-script[44454]: warning: not owned by postfix: /var/db/postfix/./2012-07-04.db
Jul 27 15:15:08 pfsense postfix/postfix-script[44758]: warning: not owned by postfix: /var/db/postfix/./2012-07-05.db
Jul 27 15:15:08 pfsense postfix/postfix-script[44888]: warning: not owned by postfix: /var/db/postfix/./2012-07-06.db
Jul 27 15:15:08 pfsense postfix/postfix-script[45217]: warning: not owned by postfix: /var/db/postfix/./2012-07-07.db
Jul 27 15:15:08 pfsense postfix/postfix-script[45356]: warning: not owned by postfix: /var/db/postfix/./2012-07-08.db
Jul 27 15:15:08 pfsense postfix/postfix-script[45471]: warning: not owned by postfix: /var/db/postfix/./2012-07-09.db
Jul 27 15:15:09 pfsense postfix/postfix-script[45548]: warning: not owned by postfix: /var/db/postfix/./2012-07-10.db
Jul 27 15:15:09 pfsense postfix/postfix-script[46971]: warning: not owned by postfix: /var/db/postfix/./2012-07-11.db
Jul 27 15:15:09 pfsense postfix/postfix-script[47981]: warning: not owned by postfix: /var/db/postfix/./2012-07-12.db
Jul 27 15:15:09 pfsense postfix/postfix-script[48405]: warning: not owned by postfix: /var/db/postfix/./2012-07-13.db
Jul 27 15:15:09 pfsense postfix/postfix-script[50760]: warning: not owned by postfix: /var/db/postfix/./2012-07-14.db
Jul 27 15:15:09 pfsense postfix/postfix-script[50876]: warning: not owned by postfix: /var/db/postfix/./2012-07-15.db
Jul 27 15:15:09 pfsense postfix/postfix-script[51073]: warning: not owned by postfix: /var/db/postfix/./2012-07-16.db
Jul 27 15:15:09 pfsense postfix/postfix-script[51123]: warning: not owned by postfix: /var/db/postfix/./2012-07-17.db
Jul 27 15:15:09 pfsense postfix/postfix-script[51368]: warning: not owned by postfix: /var/db/postfix/./2012-07-18.db
Jul 27 15:15:09 pfsense postfix/postfix-script[51715]: warning: not owned by postfix: /var/db/postfix/./2012-07-19.db
Jul 27 15:15:09 pfsense postfix/postfix-script[51795]: warning: not owned by postfix: /var/db/postfix/./2012-07-20.db
Jul 27 15:15:09 pfsense postfix/postfix-script[52058]: warning: not owned by postfix: /var/db/postfix/./2012-07-21.db
Jul 27 15:15:09 pfsense postfix/postfix-script[52216]: warning: not owned by postfix: /var/db/postfix/./2012-07-22.db
Jul 27 15:15:09 pfsense postfix/postfix-script[52292]: warning: not owned by postfix: /var/db/postfix/./2012-07-23.db
Jul 27 15:15:09 pfsense postfix/postfix-script[52440]: warning: not owned by postfix: /var/db/postfix/./2012-07-24.db
Jul 27 15:15:09 pfsense postfix/postfix-script[52759]: warning: not owned by postfix: /var/db/postfix/./2012-07-25.db
Jul 27 15:15:09 pfsense postfix/postfix-script[52836]: warning: not owned by postfix: /var/db/postfix/./2012-07-26.db
Jul 27 15:15:09 pfsense postfix/postfix-script[53003]: warning: not owned by postfix: /var/db/postfix/./2012-07-27.db
Jul 27 15:15:09 pfsense postfix/postfix-script[55174]: starting the Postfix mail system
Jul 27 15:15:09 pfsense postfix/master[55449]: fatal: open lock file pid/master.pid: unable to set exclusive lock: Resource temporarily unavailable
Jul 27 15:15:11 pfsense dccifd[56162]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:15:28 pfsense dccifd[56162]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:15:11
Jul 27 15:15:28 pfsense dccifd[8225]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:15:35 pfsense dccifd[8225]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:15:28
Jul 27 15:15:41 pfsense dccifd[21521]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:15:50 pfsense dccifd[21521]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:15:41
Jul 27 15:15:50 pfsense dccifd[32033]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:15:58 pfsense dccifd[32033]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:15:50
Jul 27 15:16:04 pfsense dccifd[56166]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:16:17 pfsense dccifd[56166]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:16:04
Jul 27 15:16:18 pfsense dccifd[14583]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:16:21 pfsense dccifd[14583]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:16:18
Jul 27 15:16:21 pfsense dccifd[26305]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:16:28 pfsense dccifd[26305]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:16:21
Jul 27 15:16:33 pfsense dccifd[36914]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:16:46 pfsense dccifd[36914]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:16:33
Jul 27 15:16:47 pfsense dccifd[47211]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:16:54 pfsense dccifd[47211]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:16:47
Jul 27 15:16:59 pfsense dccifd[61438]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:17:12 pfsense dccifd[61438]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:16:58
Jul 27 15:17:12 pfsense dccifd[10405]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:17:20 pfsense dccifd[10405]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:17:12
Jul 27 15:17:24 pfsense dccifd[23867]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:17:37 pfsense dccifd[23867]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:17:24
Jul 27 15:17:37 pfsense dccifd[53345]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:17:45 pfsense dccifd[53345]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:17:37
Jul 27 15:17:49 pfsense dccifd[5294]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:18:04 pfsense dccifd[5294]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:17:49
Jul 27 15:18:04 pfsense dccifd[18315]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:18:08 pfsense postfix/postfix-script[31268]: fatal: the Postfix mail system is already running
Jul 27 15:18:37 pfsense dccifd[18315]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:18:04
Jul 27 15:18:37 pfsense dccifd[28412]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:19:06 pfsense dccifd[28412]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:18:37
Jul 27 15:19:06 pfsense dccifd[32362]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:19:28 pfsense dccifd[32362]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 0 targets since 07/27/12 15:19:06
Jul 27 15:19:28 pfsense dccifd[52155]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Jul 27 15:19:31 pfsense postfix/postfix-script[63456]: fatal: the Postfix mail system is already running
Jul 27 15:20:27 pfsense postfix/postscreen[11353]: CONNECT from [ipaddress]:34662
Jul 27 15:20:27 pfsense postfix/postscreen[11353]: PASS OLD [ipaddress]:34662
Jul 27 15:20:30 pfsense postfix/smtpd[11470]: connect from corp.forptr.xxxx.com[ipaddress]
Jul 27 15:20:32 pfsense postfix/smtpd[11470]: DF71F173EA: client=corp.forptr.xxxx.com[ipaddress]
Jul 27 15:20:33 pfsense postfix/cleanup[23583]: DF71F173EA: hold: header Received: from corp.xxxx.com (corp.forptr.xxxx.com [ipaddress])??by pfsense.aaa.bbb (Postfix) with ESMTP id DF71F173EA??for <zlyzwy@aaa.bbb>; Fri, 27 Jul 2012 15:20:30 +0800 (CST) from corp.forptr.xxxx.com[ipaddress]; from=<williamzhou@satochina.com> to=<zlyzwy@aaa.bbb> proto=ESMTP helo=<corp.xxxx.com>
Jul 27 15:20:33 pfsense postfix/cleanup[23583]: DF71F173EA: warning: header Subject: =?utf-8?Q?=E8=BD=AC=E5=8F=91:_=E7=AD=94=3F:=5FFW:=5FFedEx=5Flabel?= from corp.forptr.xxxx.com[ipaddress]; from=<williamzhou@satochina.com> to=<zlyzwy@aaa.bbb> proto=ESMTP helo=<corp.xxxx.com>
Jul 27 15:20:33 pfsense postfix/cleanup[23583]: DF71F173EA: message-id=<004601cd6bc8$52352be0$f69f83a0$@com>
Jul 27 15:20:34 pfsense postfix/smtpd[11470]: disconnect from corp.forptr.xxxx.com[ipaddress]

I think the mailscanner didn't startup correctly. How can I start the mailscaner in cmd?

Thanks
Zlyzwy

Did you setup: message hold?


Select how postfix will hold messages to mailscanner.
When using auto mode, postfix will hold all messages.
When using manual mode, include options like this in acl headers:
/^to:.*admin@mydomain.com/ OK
/^from:.*user@extdomain.com/ OK
/^from:/ HOLD
/^to:.*@mydomain.com/ HOLD

if so what are you using?
Title: Re: Postfix - antispam and relay package
Post by: zlyzwy on July 27, 2012, 07:10:10 am
Quote
In postfix did you go to the antispam tab at the bottom of the page and enable.
Use Third part antispam
&
Software "mailscanner + spamassassin + clamav"
Yes, I am sure I enable this option. Actually I have been used Postfix + MailScanner for more than a month without issue.


Quote
# /usr/local/etc/rc.d/mailscanner start
Starting mailscanner.
Can't load '/usr/local/lib/perl5/site_perl/5.12.4/mach/auto/Filesys/Df/Df.so' for module Filesys::Df: /usr/local/lib/perl5/site_perl/5.12.4/mach/auto/Filesys/Df/Df.so: Undefined symbol "PL_stack_max" at /usr/local/lib/perl5/5.12.4/mach/DynaLoader.pm line 200.
 at /usr/local/sbin/mailscanner line 91
Compilation failed in require at /usr/local/sbin/mailscanner line 91.
BEGIN failed--compilation aborted at /usr/local/sbin/mailscanner line 91.
/usr/local/etc/rc.d/mailscanner: WARNING: failed to start mailscanner
I can't start it from console...

According to the error, I found this topic:
http://forum.pfsense.org/index.php?topic=51391.0

It will be great appreciate if  anyone give some idea to clean up this perl version issue?
I really don't want to re-install this PF...

Zlyzwy
Title: Re: Postfix - antispam and relay package
Post by: mschiek01 on July 27, 2012, 07:28:56 am
Quote
In postfix did you go to the antispam tab at the bottom of the page and enable.
Use Third part antispam
&
Software "mailscanner + spamassassin + clamav"
Yes, I am sure I enable this option. Actually I have been used Postfix + MailScanner for more than a month without issue.


Quote
# /usr/local/etc/rc.d/mailscanner start
Starting mailscanner.
Can't load '/usr/local/lib/perl5/site_perl/5.12.4/mach/auto/Filesys/Df/Df.so' for module Filesys::Df: /usr/local/lib/perl5/site_perl/5.12.4/mach/auto/Filesys/Df/Df.so: Undefined symbol "PL_stack_max" at /usr/local/lib/perl5/5.12.4/mach/DynaLoader.pm line 200.
 at /usr/local/sbin/mailscanner line 91
Compilation failed in require at /usr/local/sbin/mailscanner line 91.
BEGIN failed--compilation aborted at /usr/local/sbin/mailscanner line 91.
/usr/local/etc/rc.d/mailscanner: WARNING: failed to start mailscanner
I can't start it from console...

According to the error, I found this topic:
http://forum.pfsense.org/index.php?topic=51391.0

It will be great appreciate if  anyone give some idea to clean up this perl version issue?
I really don't want to re-install this PF...

Zlyzwy


Force the perl version:

change the first line of /usr/local/sbin/mailscanner

From:
#!/usr/bin/perl -U -I/usr/local/lib/MailScanner

To:
#!/usr/local/bin/perl5.12.4 -U -I/usr/local/lib/MailScanner


Then try to start from the command line.  This should work but if you still receive the error run this command from the console:

i386 only
pkg_add -f http://files.pfsense.org/packages/8/All/perl-5.12.4.tbz

amd64 only
pkg_add -f http://files.pfsense.org/packages/amd64/8/All/perl-5.12.4.tbz
Title: Re: Postfix - antispam and relay package
Post by: zlyzwy on July 27, 2012, 08:04:09 am
Force the perl version:

change the first line of /usr/local/sbin/mailscanner

From:
#!/usr/bin/perl -U -I/usr/local/lib/MailScanner

To:
#!/usr/local/bin/perl5.12.4 -U -I/usr/local/lib/MailScanner


Then try to start from the command line.  This should work

from

The first line is already "#!/usr/local/bin/perl5.12.4 -U -I/usr/local/lib/MailScanner".
I changed to "/usr/local/bin/perl5.12.4 -U -I/usr/local/lib/MailScanner" or "/usr/local/bin/perl5.10.1 -U -I/usr/local/lib/MailScanner"
There is no error if I tried to start the mailscanner. but it seems that the process is stuck at starting..
Quote
# /usr/local/etc/rc.d/mailscanner start
Starting mailscanner.


Thanks very much for help:)

Zlyzwy
Title: Re: Postfix - antispam and relay package
Post by: mschiek01 on July 27, 2012, 08:06:29 am
Force the perl version:

change the first line of /usr/local/sbin/mailscanner

From:
#!/usr/bin/perl -U -I/usr/local/lib/MailScanner

To:
#!/usr/local/bin/perl5.12.4 -U -I/usr/local/lib/MailScanner


Then try to start from the command line.  This should work

from

The first line is already "#!/usr/local/bin/perl5.12.4 -U -I/usr/local/lib/MailScanner".
I changed to "/usr/local/bin/perl5.12.4 -U -I/usr/local/lib/MailScanner" or "/usr/local/bin/perl5.10.1 -U -I/usr/local/lib/MailScanner"
There is no error if I tried to start the mailscanner. but it seems that the process is stuck at starting..
Quote
# /usr/local/etc/rc.d/mailscanner start
Starting mailscanner.


Thanks very much for help:)

Zlyzwy

That won't work change it back to:

#!/usr/local/bin/perl5.12.4 -U -I/usr/local/lib/MailScanner

Then from the command line enter one of the following after it finishes try to start.

i386 only
pkg_add -f http://files.pfsense.org/packages/8/All/perl-5.12.4.tbz

amd64 only
pkg_add -f http://files.pfsense.org/packages/amd64/8/All/perl-5.12.4.tbz
Title: Re: Postfix - antispam and relay package
Post by: zlyzwy on July 27, 2012, 08:29:59 am
Force the perl version:

change the first line of /usr/local/sbin/mailscanner

From:
#!/usr/bin/perl -U -I/usr/local/lib/MailScanner

To:
#!/usr/local/bin/perl5.12.4 -U -I/usr/local/lib/MailScanner


Then try to start from the command line.  This should work

from

The first line is already "#!/usr/local/bin/perl5.12.4 -U -I/usr/local/lib/MailScanner".
I changed to "/usr/local/bin/perl5.12.4 -U -I/usr/local/lib/MailScanner" or "/usr/local/bin/perl5.10.1 -U -I/usr/local/lib/MailScanner"
There is no error if I tried to start the mailscanner. but it seems that the process is stuck at starting..
Quote
# /usr/local/etc/rc.d/mailscanner start
Starting mailscanner.


Thanks very much for help:)

Zlyzwy

That won't work change it back to:

#!/usr/local/bin/perl5.12.4 -U -I/usr/local/lib/MailScanner

Then from the command line enter one of the following after it finishes try to start.

i386 only
pkg_add -f http://files.pfsense.org/packages/8/All/perl-5.12.4.tbz

amd64 only
pkg_add -f http://files.pfsense.org/packages/amd64/8/All/perl-5.12.4.tbz
HAHAHAHA~~~
Thank you very much~~~
It solved my problem totally....

Thanks again!
Zlyzwy
Title: Re: Postfix - antispam and relay package
Post by: mschiek01 on July 27, 2012, 08:59:41 am
Glad I could help :)
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on July 27, 2012, 09:32:53 am
Jul 27 15:14:50 pfsense postfix/postfix-script[16474]: warning: not owned by postfix: /var/db/postfix/./2012-04-25.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17029]: warning: not owned by postfix: /var/db/postfix/./2012-04-26.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17082]: warning: not owned by postfix: /var/db/postfix/./2012-05-02.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17087]: warning: not owned by postfix: /var/db/postfix/./2012-05-03.db
Jul 27 15:14:50 pfsense postfix/postfix-script[17153]: warning: not owned by postfix: /var/db/postfix/./2012-05-11.db

You can ignore these warnings.
These db files are the log files for mail search gui tab. Postfix complaint about it because it's on postfix db dir.

About the perl version, pfsense package forces version 5.12.4 but multiple perl version still need some checks/attention.

att,
Marcello Coutinho

note: Just to get easier to read the forum, prefer using [ code ] instead of [ quote ] when you need to include some logs on post.  ;)   
Title: Re: Postfix - antispam and relay package
Post by: ermal on July 31, 2012, 02:38:34 am
Marcello,

since i was going through the package today, allow me some improvement comments.

- Recipients (Get recipients from AD), can't this be integrated with the 2.0 Server manager?
   There is all the code you need there!
- Access Lists, can't you make an alias like interface so its easy to integrate and for consistency?
- Just hid the complexity of postfix in the GUI and make it simple mail proxy? Look at endian for example for user interface guidelines.

Just my 2 cents.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on July 31, 2012, 09:30:36 am
Thanks ermal,

I'll take a look on this since I finish modsecurity and varnish3 new gui version.

att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: ics on August 07, 2012, 03:43:03 am
Hi,

I've noticed that when a server is blocked because of its presence in a DNSBL, it is not logged in sqlite files.
We can only see that it has been blocked in maillog.

Is there a way to view it in search mail ?

Could  we send logs to external syslog and keep track in sqlite ?

Thanks
Title: Re: Postfix - antispam and relay package
Post by: mrfairsquare on August 07, 2012, 07:44:44 am
I'm reposting here, as i think it's a better location than as it's own lonesome thread here --> http://forum.pfsense.org/index.php/topic,52293.0.html (http://forum.pfsense.org/index.php/topic,52293.0.html)
---


Hello to all who read this. After many days investigating and chewing on this particular issue, i have reached the conclusion, i need help... HELP!

-------
ISSUE:
-------
The postfix log db file is empty, and postfix does not or can not write to the db file.

Location i'm looking at:   /var/db/postfix


---------------
TRIED SO FAR:
---------------
1. Initially i found an error on line 54 when running this: /usr/local/bin/php -q /usr/local/www/postfix.php 01min - I fixed that, by changing the sync setting to "disabled", as was set to something else. So now it outputs just fine.

2. I made sure that sqlite was installed, by using the touch command as in an earlier post. -
"touch /etc/php_dynamodules/pdo
touch /etc/php_dynamodules/pdo_sqlite"

3. Discovered differences in permission in the /var/db/postfix folder, and attempted setting any any rules on file and folder permissions to no success or noticable effect, since reverted back to previous permissions.

4. Increased debugging level to 6, in an attempt to get more information.

5. Can find no errors or notable problems when using: # tail -f /var/log/mailog

6. Deleting the db files, restarting postfix and recieving a test e-mail to trigger a new db file.

7. Ensured set as follows: "Choose how often pfSense will transfer log files to Sqlite database.
To use Diagnostics -> Search mail you need to:
Select Loggin Destination to /var/log/maillog
Select update Sqlite frequency
Inlcude /^Subject:/ WARN line in Acl Headers after all your Subject rules. "



---------------------
PROCESS INVOLVED:
---------------------
This is the flow of what happens:

1. New e-mail comes in and shows in tail -f /var/log/maillog
2. If not already created, a db file is created for the current day in the /var/db/postfix folder
3. DB is created at 38,912 bytes.
4. 5 more e-mails come in, DB is still 38,912 bytes.


---------
THEORY:
---------
Postfix is not writing data to the log file, therefore either sqlite issue or permissions.

If anyone can help you'll be making me a very happy man, possibly enough to add a little spring in my step.  ;D


----------
VERSION:
----------
2.0.1-RELEASE (i386)
FreeBSD pfsense-vm.***.com 8.1-RELEASE-p6 FreeBSD 8.1-RELEASE-p6


Peace. x
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on August 07, 2012, 10:11:53 am
I've noticed that when a server is blocked because of its presence in a DNSBL, it is not logged in sqlite files.
We can only see that it has been blocked in maillog.

Is there a way to view it in search mail ?
Did you tried to search it on noqueue ?


Could  we send logs to external syslog and keep track in sqlite ?

Not on current package version.
Title: Re: Postfix - antispam and relay package
Post by: ics on August 08, 2012, 01:20:05 am
I've noticed that when a server is blocked because of its presence in a DNSBL, it is not logged in sqlite files.
We can only see that it has been blocked in maillog.

Is there a way to view it in search mail ?
Did you tried to search it on noqueue ?

Of course I did  :)
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on August 10, 2012, 05:11:33 pm
Quote
"touch /etc/php_dynamodules/pdo
touch /etc/php_dynamodules/pdo_sqlite"

current package version use sqlite version2, so no need to enable pdo_sqlite.

you have selected update every minute, as well selected subject warn on access lists?
Title: Re: Postfix - antispam and relay package
Post by: mrfairsquare on August 11, 2012, 02:27:30 am
Hi Marcel,

I can confirm that i have settings set to update every minute and configured subject warn on access lists.
Title: Re: Postfix - antispam and relay package
Post by: Unubtanium on August 24, 2012, 06:49:32 am
I have two strange problems and hope someone can help to point me in the right direction of the solution to it!

Here goes:
On Page:   In Services -> Postfix forwarder -> Access List (both problems are related to this page)

NR1: In the box/field Sender i have entered an email like this on its on line: info@club108.co.uk REJECT
BUT
still on the 18th aug i got an email from them:
Code: [Select]
2012-08-18 15:01:28 Mail.Info LANIP Aug 18 15:05:41 postfix/postscreen[55280]: CONNECT from [216.75.30.240]:56243
2012-08-18 15:01:28 Mail.Info LANIP Aug 18 15:05:41 postfix/postscreen[55280]: PASS OLD [216.75.30.240]:56243
2012-08-18 15:01:28 Mail.Info LANIP Aug 18 15:05:41 postfix/smtpd[55431]: connect from mail.zoneedit.com[216.75.30.240]
2012-08-18 15:01:28 Mail.Info LANIP Aug 18 15:05:42 postfix/smtpd[55431]: 148B811D31: client=mail.zoneedit.com[216.75.30.240]
2012-08-18 15:01:28 Local0.Info LANIP Aug 18 15:05:42 pf: 00:00:32.461734 rule 27/0(match): pass in on de0: (tos 0x0, ttl 49, id 16506, offset 0, flags [DF], proto TCP (6), length 60)
2012-08-18 15:01:28 Local0.Info LANIP Aug 18 15:05:42 pf:     216.75.30.240.56243 > WANIP.25: Flags [S], cksum 0xdc33 (correct), seq 1302170047, win 5840, options [mss 1460,sackOK,TS val 3096627653 ecr 0,nop,wscale 7], length 0
2012-08-18 15:01:28 Mail.Info LANIP Aug 18 15:05:42 postfix/cleanup[56044]: 148B811D31: warning: header Subject: CLUB 108 from mail.zoneedit.com[216.75.30.240]; from=<user29223@lws05.ldn5.groupnbt.net> to=<my@email.com> proto=ESMTP helo=<mail.zoneedit.com>
2012-08-18 15:01:28 Mail.Info LANIP Aug 18 15:05:42 postfix/cleanup[56044]: 148B811D31: hold: header From: Club 108 <info@club108.co.uk>  from mail.zoneedit.com[216.75.30.240]; from=<user29223@lws05.ldn5.groupnbt.net> to=<my@email.com> proto=ESMTP helo=<mail.zoneedit.com>
2012-08-18 15:01:28 Mail.Info LANIP Aug 18 15:05:42 postfix/cleanup[56044]: 148B811D31: message-id=<E1T2jem-0008Eb-M2@lws05.ldn5.groupnbt.net>
2012-08-18 15:01:28 Mail.Info LANIP Aug 18 15:05:42 postfix/smtpd[55431]: disconnect from mail.zoneedit.com[216.75.30.240]
2012-08-18 15:01:29 Mail.Info LANIP Aug 18 15:05:42 MailScanner[61380]: New Batch: Scanning 1 messages, 1769 bytes
2012-08-18 15:01:29 Mail.Info LANIP Aug 18 15:05:42 MailScanner[61380]: Filename Checks: Allowing 148B811D31.ACD2F msg-61380-1.txt
2012-08-18 15:01:29 Mail.Info LANIP Aug 18 15:05:43 MailScanner[61380]: Filetype Checks: Allowing 148B811D31.ACD2F msg-61380-1.txt
2012-08-18 15:01:29 Mail.Info LANIP Aug 18 15:05:43 MailScanner[61380]: Virus and Content Scanning: Starting
2012-08-18 15:01:29 Mail.Info LANIP Aug 18 15:05:43 MailScanner[61380]: Virus Scanning completed at 6753 bytes per second
2012-08-18 15:01:29 Mail.Info LANIP Aug 18 15:05:43 MailScanner[61380]: Spam Checks: Starting
2012-08-18 15:01:29 Mail.Info LANIP Aug 18 15:05:43 MailScanner[61380]: SpamAssassin cache hit for message 148B811D31.ACD2F
2012-08-18 15:01:29 Mail.Info LANIP Aug 18 15:05:43 MailScanner[61380]: Message 148B811D31.ACD2F from 216.75.30.240 (user29223@lws05.ldn5.groupnbt.net) to evensen-it.com is not spam, SpamAssassin (cached, score=1.989, required 6, DKIM_ADSP_NXDOMAIN 0.80, RCVD_IN_DNSWL_NONE -0.00, UPPERCASE_75_100 1.19)
2012-08-18 15:01:29 Mail.Notice LANIP Aug 18 15:05:43 MailScanner[61380]: Delivery of nonspam: message 148B811D31.ACD2F from user29223@lws05.ldn5.groupnbt.net to my@email.com with subject CLUB 108
2012-08-18 15:01:29 Mail.Info LANIP Aug 18 15:05:43 MailScanner[61380]: Spam Checks completed at 75498 bytes per second
2012-08-18 15:01:29 Mail.Info LANIP Aug 18 15:05:43 MailScanner[61380]: Requeue: 148B811D31.ACD2F to 52D8711D36
2012-08-18 15:01:29 Mail.Info LANIP Aug 18 15:05:43 MailScanner[61380]: Uninfected: Delivered 1 messages
2012-08-18 15:01:29 Mail.Info LANIP Aug 18 15:05:43 MailScanner[61380]: Virus Processing completed at 10632 bytes per second
2012-08-18 15:01:29 Mail.Info LANIP Aug 18 15:05:43 postfix/qmgr[42867]: 52D8711D36: from=<user29223@lws05.ldn5.groupnbt.net>, size=1084, nrcpt=1 (queue active)
2012-08-18 15:01:29 Mail.Info LANIP Aug 18 15:05:43 MailScanner[61380]: Deleted 1 messages from processing-database
2012-08-18 15:01:29 Mail.Info LANIP Aug 18 15:05:43 MailScanner[61380]: Batch completed at 3563 bytes per second (1769 / 0)
2012-08-18 15:01:29 Mail.Info LANIP Aug 18 15:05:43 MailScanner[61380]: Batch (1 message) processed in 0.50 seconds
2012-08-18 15:01:30 Mail.Info LANIP Aug 18 15:05:43 postfix/smtp[61179]: 52D8711D36: to=<my@email.com>, relay=MailServerLanIP[MailServerLanIP]:25, delay=1.6, delays=1.4/0/0.01/0.23, dsn=2.6.0, status=sent (250 2.6.0 <E1T2jem-0008Eb-M2@lws05.ldn5.groupnbt.net> [InternalId=218] Queued mail for delivery)
2012-08-18 15:01:30 Mail.Info LANIP Aug 18 15:05:43 postfix/qmgr[42867]: 52D8711D36: removed



SO my question is, how can i make SURE that it uses my sender rules or is it using it but the email is not in the from field and
this email info@club108.co.uk are presented in the header because this a forwarded email and i have to put this email in the MIME filed/box?



And NR2:

I have entered this domain in CIDR box/field on its own line:
venus.aleo.no OK

But when i check the log  see this??
Code: [Select]
postfix/postscreen[30282]: warning: cidr map /usr/local/etc/postfix/cal_cidr, line 4: bad address pattern: "venus.aleo.no": skipping this rule

But in the description for the CIDR it says that i can use a domain but is this wrong?
Because the IPs i have entered there are all oki?

Thanks to reading..

  ;D
Title: Re: Postfix - antispam and relay package
Post by: louis-m on August 24, 2012, 07:20:51 am
if you are using 2.1_x64, your gui config could show you one thing while postfix is doing another thing due to where it reads it's config from.
i don't think the package has been updated for 2.1_x64 yet if that's what you are using.
every time i do an upgrade of pfsense_x64, i have to copy /usr/local/etc/postfix to /usr/pbi/postfix-amd64/etc/postfix and then it works.
Title: Re: Postfix - antispam and relay package
Post by: Unubtanium on August 24, 2012, 07:31:47 am
Thanks for the heads up louis-m, but i am using 2.0.1 Release i386 .
Title: Re: Postfix - antispam and relay package
Post by: Unubtanium on August 24, 2012, 09:07:51 am
And one last question!  8)
how or why are an ip that are in a RBL being PASS NEW and not just automatically dropped after it is confirmed that the ip is on a rbl to save resources ?????????????



Code: [Select]

postfix/postscreen[8038]: DISCONNECT [190.167.194.178]:64340
postfix/postscreen[8038]: PASS NEW [190.167.194.178]:64340
postfix/postscreen[8038]: HANGUP after 2.2 from [190.167.194.178]:64340 in tests after SMTP handshake
postfix/postscreen[8038]: NOQUEUE: reject: RCPT from [190.167.194.178]:64340: 450 4.3.2 Service currently unavailable; from=<services@us-ups.com>, to=<noValidrecipients@domain.com>, proto=SMTP, helo=<us-ups.com>
postfix/dnsblog[50328]: addr 190.167.194.178 listed by domain b.barracudacentral.org as 127.0.0.2
pf:     190.167.194.178.64340 > WANIP.25: Flags [S], cksum 0xf8f6 (correct), seq 5162395, win 8192, options [mss 1260,nop,nop,sackOK], length 0
postfix/postscreen[8038]: CONNECT from [190.167.194.178]:64340

Title: Re: Postfix - antispam and relay package
Post by: voona on August 29, 2012, 02:21:30 am
Anyone? What permissions am i meant to use?

Code: [Select]
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
Title: Re: Postfix - antispam and relay package
Post by: Unubtanium on August 29, 2012, 02:46:18 am
Anyone? What permissions am i meant to use?

Code: [Select]
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).

I did not even have this file when i did a fresh install so i created the file and just gave it rw-rw-rw-, maby not the smartest to do but it works.. and it is only my clamlog..  ;D
Title: Re: Postfix - antispam and relay package
Post by: voona on August 29, 2012, 06:22:31 pm
Ok Clamd seems to be running now but im having issues with mail scanner actually enforcing the policy

For example i set the maximum attachment size to 0 (Blocking any attachments) and mail still flows through Postfix without being scanned / processed by mail scanner

Code: [Select]
Aug 30 10:08:13 postfix/postscreen[3173]: CONNECT from [209.85.210.178]:38820
Aug 30 10:08:13 postfix/postscreen[3173]: PASS OLD [209.85.210.178]:38820
Aug 30 10:08:13 postfix/smtpd[3358]: connect from mail-iy0-f178.google.com[209.85.210.178]
Aug 30 10:08:14 postfix/smtpd[3358]: 770AC739A6: client=mail-iy0-f178.google.com[209.85.210.178]
Aug 30 10:08:14 postfix/cleanup[3948]: 770AC739A6: message-id=<CANygpjxCk1VXv3SzxTdz-VM-e8HQBjaS5B3wTnnFVTvUb_HjOQ@mail.gmail.com>
Aug 30 10:08:15 postfix/qmgr[3429]: 770AC739A6: from=<xxxxxxxxxxxxxxx@gmail.com>, size=130538, nrcpt=1 (queue active)
Aug 30 10:08:16 postfix/smtp[4255]: 770AC739A6: to=<xxxxxxxxxxxxxxxxxxxx@xxxxxxxxxxxxxxxxxxxxxxx.com.au>, relay=10.100.100.2[10.100.100.2]:25, delay=2.2, delays=2/0.02/0/0.23, dsn=2.6.0, status=sent (250 2.6.0 <CANygpjxCk1VXv3SzxTdz-VM-e8HQBjaS5B3wTnnFVTvUb_HjOQ@mail.gmail.com> [InternalId=27] Queued mail for delivery)
Aug 30 10:08:16 postfix/qmgr[3429]: 770AC739A6: removed
Aug 30 10:08:45 postfix/smtpd[3358]: disconnect from mail-iy0-f178.google.com[209.85.210.178]


Code: [Select]
Aug 30 10:09:59 check_reload_status: Syncing firewall
Aug 30 10:09:59 check_reload_status: Syncing firewall
Aug 30 10:10:00 php: /pkg_edit.php: Restarting clamav-clamd daemon
Aug 30 10:10:07 php: /pkg_edit.php: Restarting dccifd
Aug 30 10:10:07 dccifd[56724]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 5 targets since 08/30/12 10:00:13
Aug 30 10:10:07 dccifd[15470]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Aug 30 10:10:07 php: /pkg_edit.php: Restarting MailScanner
Aug 30 10:10:11 MailScanner[28826]: MailScanner E-Mail Virus Scanner version 4.83.5 starting...
Aug 30 10:10:11 MailScanner[28826]: Reading configuration file /usr/local/etc/MailScanner/MailScanner.conf
Aug 30 10:10:11 MailScanner[28826]: Reading configuration file /usr/local/etc/MailScanner/conf.d/README
Aug 30 10:10:11 MailScanner[28826]: Using SpamAssassin results cache
Aug 30 10:10:11 MailScanner[28826]: Connected to SpamAssassin cache database
Aug 30 10:10:11 MailScanner[28826]: Enabling SpamAssassin auto-whitelist functionality...
Aug 30 10:10:16 MailScanner[29081]: MailScanner E-Mail Virus Scanner version 4.83.5 starting...
Aug 30 10:10:16 MailScanner[29081]: Reading configuration file /usr/local/etc/MailScanner/MailScanner.conf
Aug 30 10:10:16 MailScanner[29081]: Reading configuration file /usr/local/etc/MailScanner/conf.d/README
Aug 30 10:10:16 MailScanner[29081]: Using SpamAssassin results cache
Aug 30 10:10:16 MailScanner[29081]: Connected to SpamAssassin cache database
Aug 30 10:10:16 MailScanner[29081]: Enabling SpamAssassin auto-whitelist functionality...
Aug 30 10:10:21 MailScanner[37257]: MailScanner E-Mail Virus Scanner version 4.83.5 starting...
Aug 30 10:10:21 MailScanner[37257]: Reading configuration file /usr/local/etc/MailScanner/MailScanner.conf
Aug 30 10:10:21 MailScanner[37257]: Reading configuration file /usr/local/etc/MailScanner/conf.d/README
Aug 30 10:10:21 MailScanner[37257]: Using SpamAssassin results cache
Aug 30 10:10:21 MailScanner[37257]: Connected to SpamAssassin cache database
Aug 30 10:10:21 MailScanner[37257]: Enabling SpamAssassin auto-whitelist functionality...
Aug 30 10:10:26 MailScanner[44670]: MailScanner E-Mail Virus Scanner version 4.83.5 starting...
Aug 30 10:10:26 MailScanner[44670]: Reading configuration file /usr/local/etc/MailScanner/MailScanner.conf
Aug 30 10:10:26 MailScanner[44670]: Reading configuration file /usr/local/etc/MailScanner/conf.d/README
Aug 30 10:10:26 MailScanner[44670]: Using SpamAssassin results cache
Aug 30 10:10:26 MailScanner[44670]: Connected to SpamAssassin cache database
Aug 30 10:10:26 MailScanner[44670]: Enabling SpamAssassin auto-whitelist functionality...
Aug 30 10:10:31 MailScanner[52918]: MailScanner E-Mail Virus Scanner version 4.83.5 starting...
Aug 30 10:10:31 MailScanner[52918]: Reading configuration file /usr/local/etc/MailScanner/MailScanner.conf
Aug 30 10:10:31 MailScanner[52918]: Reading configuration file /usr/local/etc/MailScanner/conf.d/README
Aug 30 10:10:31 MailScanner[52918]: Using SpamAssassin results cache
Aug 30 10:10:31 MailScanner[52918]: Connected to SpamAssassin cache database
Aug 30 10:10:31 MailScanner[52918]: Enabling SpamAssassin auto-whitelist functionality...

Code: [Select]
postfix 28643  0.0  1.9 21916 19280  ??  Is   10:10AM   0:00.01 MailScanner: master waiting for children, sleeping (perl5.12.4)
postfix 28826  0.0  5.0 63832 51228  ??  S    10:10AM   0:02.13 MailScanner: waiting for messages (perl5.12.4)
postfix 29081  0.0  5.0 63832 51228  ??  S    10:10AM   0:02.14 MailScanner: waiting for messages (perl5.12.4)
postfix 37257  0.0  5.0 63832 51272  ??  S    10:10AM   0:02.16 MailScanner: waiting for messages (perl5.12.4)
postfix 44670  0.0  5.0 63832 51272  ??  S    10:10AM   0:02.23 MailScanner: waiting for messages (perl5.12.4)
postfix 52918  0.0  5.0 63832 51228  ??  S    10:10AM   0:02.17 MailScanner: waiting for messages (perl5.12.4)

I have ticked the use 3rd Party Anti-Spam box in the postfix configuration. Anyone got a quick run through guide to get this setup and working properly ?
Title: Re: Postfix - antispam and relay package
Post by: Unubtanium on August 30, 2012, 02:34:28 am
Ok Clamd seems to be running now but im having issues with mail scanner actually enforcing the policy

For example i set the maximum attachment size to 0 (Blocking any attachments) and mail still flows through Postfix without being scanned / processed by mail scanner

Code: [Select]
Aug 30 10:08:13 postfix/postscreen[3173]: CONNECT from [209.85.210.178]:38820
Aug 30 10:08:13 postfix/postscreen[3173]: PASS OLD [209.85.210.178]:38820
Aug 30 10:08:13 postfix/smtpd[3358]: connect from mail-iy0-f178.google.com[209.85.210.178]
Aug 30 10:08:14 postfix/smtpd[3358]: 770AC739A6: client=mail-iy0-f178.google.com[209.85.210.178]
Aug 30 10:08:14 postfix/cleanup[3948]: 770AC739A6: message-id=<CANygpjxCk1VXv3SzxTdz-VM-e8HQBjaS5B3wTnnFVTvUb_HjOQ@mail.gmail.com>
Aug 30 10:08:15 postfix/qmgr[3429]: 770AC739A6: from=<xxxxxxxxxxxxxxx@gmail.com>, size=130538, nrcpt=1 (queue active)
Aug 30 10:08:16 postfix/smtp[4255]: 770AC739A6: to=<xxxxxxxxxxxxxxxxxxxx@xxxxxxxxxxxxxxxxxxxxxxx.com.au>, relay=10.100.100.2[10.100.100.2]:25, delay=2.2, delays=2/0.02/0/0.23, dsn=2.6.0, status=sent (250 2.6.0 <CANygpjxCk1VXv3SzxTdz-VM-e8HQBjaS5B3wTnnFVTvUb_HjOQ@mail.gmail.com> [InternalId=27] Queued mail for delivery)
Aug 30 10:08:16 postfix/qmgr[3429]: 770AC739A6: removed
Aug 30 10:08:45 postfix/smtpd[3358]: disconnect from mail-iy0-f178.google.com[209.85.210.178]


Code: [Select]
Aug 30 10:09:59 check_reload_status: Syncing firewall
Aug 30 10:09:59 check_reload_status: Syncing firewall
Aug 30 10:10:00 php: /pkg_edit.php: Restarting clamav-clamd daemon
Aug 30 10:10:07 php: /pkg_edit.php: Restarting dccifd
Aug 30 10:10:07 dccifd[56724]: 1.3.140 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for 5 targets since 08/30/12 10:00:13
Aug 30 10:10:07 dccifd[15470]: 1.3.140 listening to /usr/local/dcc/dccifd for ASCII protocol
Aug 30 10:10:07 php: /pkg_edit.php: Restarting MailScanner
Aug 30 10:10:11 MailScanner[28826]: MailScanner E-Mail Virus Scanner version 4.83.5 starting...
Aug 30 10:10:11 MailScanner[28826]: Reading configuration file /usr/local/etc/MailScanner/MailScanner.conf
Aug 30 10:10:11 MailScanner[28826]: Reading configuration file /usr/local/etc/MailScanner/conf.d/README
Aug 30 10:10:11 MailScanner[28826]: Using SpamAssassin results cache
Aug 30 10:10:11 MailScanner[28826]: Connected to SpamAssassin cache database
Aug 30 10:10:11 MailScanner[28826]: Enabling SpamAssassin auto-whitelist functionality...
Aug 30 10:10:16 MailScanner[29081]: MailScanner E-Mail Virus Scanner version 4.83.5 starting...
Aug 30 10:10:16 MailScanner[29081]: Reading configuration file /usr/local/etc/MailScanner/MailScanner.conf
Aug 30 10:10:16 MailScanner[29081]: Reading configuration file /usr/local/etc/MailScanner/conf.d/README
Aug 30 10:10:16 MailScanner[29081]: Using SpamAssassin results cache
Aug 30 10:10:16 MailScanner[29081]: Connected to SpamAssassin cache database
Aug 30 10:10:16 MailScanner[29081]: Enabling SpamAssassin auto-whitelist functionality...
Aug 30 10:10:21 MailScanner[37257]: MailScanner E-Mail Virus Scanner version 4.83.5 starting...
Aug 30 10:10:21 MailScanner[37257]: Reading configuration file /usr/local/etc/MailScanner/MailScanner.conf
Aug 30 10:10:21 MailScanner[37257]: Reading configuration file /usr/local/etc/MailScanner/conf.d/README
Aug 30 10:10:21 MailScanner[37257]: Using SpamAssassin results cache
Aug 30 10:10:21 MailScanner[37257]: Connected to SpamAssassin cache database
Aug 30 10:10:21 MailScanner[37257]: Enabling SpamAssassin auto-whitelist functionality...
Aug 30 10:10:26 MailScanner[44670]: MailScanner E-Mail Virus Scanner version 4.83.5 starting...
Aug 30 10:10:26 MailScanner[44670]: Reading configuration file /usr/local/etc/MailScanner/MailScanner.conf
Aug 30 10:10:26 MailScanner[44670]: Reading configuration file /usr/local/etc/MailScanner/conf.d/README
Aug 30 10:10:26 MailScanner[44670]: Using SpamAssassin results cache
Aug 30 10:10:26 MailScanner[44670]: Connected to SpamAssassin cache database
Aug 30 10:10:26 MailScanner[44670]: Enabling SpamAssassin auto-whitelist functionality...
Aug 30 10:10:31 MailScanner[52918]: MailScanner E-Mail Virus Scanner version 4.83.5 starting...
Aug 30 10:10:31 MailScanner[52918]: Reading configuration file /usr/local/etc/MailScanner/MailScanner.conf
Aug 30 10:10:31 MailScanner[52918]: Reading configuration file /usr/local/etc/MailScanner/conf.d/README
Aug 30 10:10:31 MailScanner[52918]: Using SpamAssassin results cache
Aug 30 10:10:31 MailScanner[52918]: Connected to SpamAssassin cache database
Aug 30 10:10:31 MailScanner[52918]: Enabling SpamAssassin auto-whitelist functionality...

Code: [Select]
postfix 28643  0.0  1.9 21916 19280  ??  Is   10:10AM   0:00.01 MailScanner: master waiting for children, sleeping (perl5.12.4)
postfix 28826  0.0  5.0 63832 51228  ??  S    10:10AM   0:02.13 MailScanner: waiting for messages (perl5.12.4)
postfix 29081  0.0  5.0 63832 51228  ??  S    10:10AM   0:02.14 MailScanner: waiting for messages (perl5.12.4)
postfix 37257  0.0  5.0 63832 51272  ??  S    10:10AM   0:02.16 MailScanner: waiting for messages (perl5.12.4)
postfix 44670  0.0  5.0 63832 51272  ??  S    10:10AM   0:02.23 MailScanner: waiting for messages (perl5.12.4)
postfix 52918  0.0  5.0 63832 51228  ??  S    10:10AM   0:02.17 MailScanner: waiting for messages (perl5.12.4)

I have ticked the use 3rd Party Anti-Spam box in the postfix configuration. Anyone got a quick run through guide to get this setup and working properly ?



Have a look here:
http://forum.pfsense.org/index.php/topic,43687.0.html
There might be some info there that might help.
Title: Re: Postfix - antispam and relay package
Post by: RobinGill on September 05, 2012, 12:32:42 pm
I've noticed that when a server is blocked because of its presence in a DNSBL, it is not logged in sqlite files.
We can only see that it has been blocked in maillog.

Is there a way to view it in search mail ?
Did you tried to search it on noqueue ?

Of course I did  :)

I'm getting the same issue here.

The only way of me detecting these events is to packet capture port 25 on WAN and then manually look through it.

Edit: looking through /var/log/mailog is much easier than capturing port 25 on WAN
Title: Re: Postfix - antispam and relay package
Post by: zlyzwy on September 11, 2012, 06:54:32 am
Hi Marcelloc,

I unchecked "Helo Hostname" in antispam page, but it seems that the postfix is still reject the mail from unknown host.

Code: [Select]
RCPT from unknown[114.251.18.30]: 450 4.7.1 Client host rejected: cannot find your hostname, [114.251.18.30]
I've already restart the PF once so I think the setting should be applied.

thanks for any advice.

Zlyzwy
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on September 11, 2012, 10:56:43 am
I unchecked "Helo Hostname" in antispam page, but it seems that the postfix is still reject the mail from unknown host.

Code: [Select]
RCPT from unknown[114.251.18.30]: 450 4.7.1 Client host rejected: cannot find your hostname, [114.251.18.30]

The helo check verifies the helo info, the log you sent is the host check. The best way is to ask remote admin to fix his dns or if you trust remote domain insert his dns on pfsense dns overide or include this host on my_network.
Title: Re: Postfix - antispam and relay package
Post by: JesusQ on October 14, 2012, 03:25:09 pm
Hi Marcello,

In the Postfix Forwarder, I cannot search mail.
I set the logging destination and the sqlite update freq. but in the search mail tab the sqlite files box is empty.
And when starting a search it says 'Please select at least one file' which I am not able to do...
Looks like sqlite is not functioning?

Ideas?
Thanks!
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on October 14, 2012, 08:40:54 pm
did you included subject log on acls?

what happens when you run postfix updade database script on console?
Title: Re: Postfix - antispam and relay package
Post by: JesusQ on October 15, 2012, 07:46:40 am
Hi Marcello,

I reinstalled the package and all is working fine now,

Thanks for your time!
Title: Re: Postfix - antispam and relay package and sasl solved
Post by: mauricioniñoavella on October 19, 2012, 11:59:56 am
Hello everyone following took help of our partner Marcello Coutinho.

No solution had written, excuse me for not having done so before. This is the step by step solution

Marcello Coutinho,

Thanks for all the hard work!


sasl on postfix?

x64
missing dependencies for saslpasswd2 (place it on /usr/lib/ dir)
http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/
additional package for sasl
http://e-sac.siteseguro.ws/pfsense/8/amd64/All/cyrus-sasl-saslauthd-2.1.25.tbz

i386
missing dependencies for saslpasswd2 (place it on /usr/lib/ dir)
http://e-sac.siteseguro.ws/pfsense/8/All/ldd/
additional package for sasl
http://e-sac.siteseguro.ws/pfsense/8/All/cyrus-sasl-saslauthd-2.1.25.tbz

=====================================================================================

Configuration postfix sasl pfsense x64

1. I check dependencies for saslpasswd2


[2.0.1-RELEASE]/root(1): ldd /usr/local/sbin/saslpasswd2
/usr/local/sbin/saslpasswd2:

   libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x800647000)
   libcrypto.so.6 => /lib/libcrypto.so.6 (0x800761000)
   libgssapi.so.10 => not found (0x0)
   libheimntlm.so.10 => not found (0x0)
   libkrb5.so.10 => not found (0x0)
   libhx509.so.10 => not found (0x0)
   libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x8009fb000)
   libasn1.so.10 => not found (0x0)
   libroken.so.10 => not found (0x0)
   libcrypt.so.5 => /lib/libcrypt.so.5 (0x800afd000)
   libopie.so.6 => /usr/lib/libopie.so.6 (0x800c16000)
   libc.so.7 => /lib/libc.so.7 (0x800d1f000)
   libmd.so.5 => /lib/libmd.so.5 (0x800f5b000)


2. Download dependencies for saslpasswd2   and copied in /usr/lib/

link   dependencies for saslpasswd2  http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/

libgssapi.so.10   
libheimntlm.so.10   
libhx509.so.10   
libkrb5.so.10   
libroken.so.10   

3. I copy these files to the following path /usr/lib/

[2.0.1-RELEASE]/root(1): ls
libasn1.so.10  libgssapi.so.10  libheimntlm.so.10  libhx509.so.10  libkrb5.so.10  libroken.so.10

[2.0.1-RELEASE]/root(1): cp *.10 /usr/lib/

libasn1.so.10                                                                                                                
libgssapi.so.10                                                                                                              
libheimntlm.so.10                                                                                                          
libhx509.so.10                                                                                                                
libkrb5.so.10                                                                                                                
libroken.so.10            

4. Download additional package for sasl (cyrus-sasl-saslauthd-2.1.25.tbz)

link Download additional package for sasl  http://e-sac.siteseguro.ws/pfsense/8/amd64/All/cyrus-sasl-saslauthd-2.1.25.tbz


5. Install the package with the command pkg_add  cyrus-sasl-saslauthd-2.1.25.tbz

 link Install packages frebsd

 http://www.freebsd.org/doc/es/books/handbook/packages-using.html
 http://docs.freebsd.org/doc/4.9-RELEASE/usr/share/doc/es/books/handbook/packages-using.html

[2.0.1-RELEASE]/root(1): pkg_add cyrus-sasl-saslauthd-2.1.25.tbz

****************************************************************************

To run saslauthd from startup, add saslauthd_enable="YES" in your
/etc/rc.conf.

****************************************************************************

6. I check dependencies for saslpasswd2

[2.0.1-RELEASE]/root(1): ldd /usr/local/sbin/saslpasswd2
/usr/local/sbin/saslpasswd2:
   libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x800647000)
   libcrypto.so.6 => /lib/libcrypto.so.6 (0x800761000)
   libgssapi.so.10 => /usr/lib/libgssapi.so.10 (0x8009fb000)
   libheimntlm.so.10 => /usr/lib/libheimntlm.so.10 (0x800b04000)
   libkrb5.so.10 => /usr/lib/libkrb5.so.10 (0x800c09000)
   libhx509.so.10 => /usr/lib/libhx509.so.10 (0x800d76000)
   libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x800eb5000)
   libasn1.so.10 => /usr/lib/libasn1.so.10 (0x800fb7000)
   libroken.so.10 => /usr/lib/libroken.so.10 (0x801136000)
   libcrypt.so.5 => /lib/libcrypt.so.5 (0x801247000)
   libopie.so.6 => /usr/lib/libopie.so.6 (0x801360000)
   libc.so.7 => /lib/libc.so.7 (0x801469000)
   libmd.so.5 => /lib/libmd.so.5 (0x8016a5000)

7. Dependencies and additional package for sasl. are already

Thanks.  :)  Marcello Coutinho,

Mauricio Niño.
Title: Re: NEW Postfix antispam and relay package
Post by: mauricioniñoavella on October 19, 2012, 12:06:08 pm
This is for
Forum and BSD developers pfSense
I do not understand why people who work in this great project, such as pfSense, stop the publication of a package, which is not compatible with pfSense.
Please do not degrade this great software such as pfSense without offending anyone, first of all congratulate marcelloc and Postfix antispam and relay package has problems.
But I do recommend working to improve, and we who belong to the family of pfSense, are the ones who try and give them guidelines for improving pfSense.
PfSense do not compare with other systems or software firewalls, for there is but I have reviewed (ClearOs Linux), and has a very simple setup SMTP Relay with Authentication. (relay host)
I hope this is taken into account
regards


excuse me to everyone in the forum especially Marcello Coutinho, so writing here

Mauricio Niño
Title: Re: Postfix - antispam and relay package
Post by: Dragyn on December 29, 2012, 06:07:24 pm
Postfix relay and 2.0.2

I recently upgraded to 2.0.2 and now postfix will not start, I scanned the forums and this thread for anything similar but I didn't see anything.

After upgrade reboot, postfix didn't even appear, I uninstalled and reinstalled and now it shows up under services but it will not start.  When I SSH into the console and try to start it I get:

[2.0.2-RELEASE][peter@]/usr(13): /usr/local/etc/rc.d/mailscanner start
eval: cannot open /var/run/MailScanner.pid: Permission denied
Starting mailscanner.
Can't call method "close" on an undefined value at /usr/local/libexec/MailScanner/mailscanner_create_locks line 69.
Error: Attempt to create locks in /var/spool/MailScanner/incoming/Locks failed!
Can't set GID 125 at /usr/local/sbin/mailscanner line 1541.
/usr/local/etc/rc.d/mailscanner: WARNING: failed to start mailscanner
[2.0.2-RELEASE][peter@]/usr(14):


Any help with this would be appreciated, I love using this to relay my mail.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on December 30, 2012, 07:13:24 am
Mailscanner runs with postfix user, check it user exists on pfsense and then try to reinstall mailscanner.
Title: Re: Postfix - antispam and relay package
Post by: Dragyn on December 30, 2012, 09:50:29 am
Sorry I didn't post full info, I am running postfix as well, and the user is there.  This all worked fine under 2.0.1 so it has to do with whatever changes came with 2.0.2 to pfSense.  I am also getting log entries of:
mailscanner: Cannot write pid file /var/run/MailScanner.pid, Permission denied
in the system log when trying to call mailscanner from the command prompt.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on January 07, 2013, 07:30:32 am
try to create these missing folders and permissions.

Title: Re: Postfix - antispam and relay package
Post by: chris32lr on January 08, 2013, 12:43:01 pm
Marcelloc,

Thank you so much for taking the time to put this package together and help so many of us. Being new to PFSense, I just want to make sure I configure it properly because this is our only firewall. Here's what I'm a little concerned about:

1. Right now I have a NAT Port Forward configured as:
         Interface: WAN
         Protocol: TCP
         Destination: WAN Address
         Destination Port: SMTP
         Redirect Target IP: My internal exchange server IP
         Redirect Target Port: SMTP
      - I read here: http://forum.pfsense.org/index.php/topic,46196.0.html you say "remember to remove nat from port 25 and allow access on wan firewall rules to postfix." So I delete this port forward? If so, can you tell me how to properly configure the rule such as the Interface, Protocol, Source, Destination, etc.?

Thanks again!!
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on January 08, 2013, 09:47:21 pm
Just take a look on current rule your nat has created and replace internal destination IP to wan address.

Make sure your Postfix is configured and running before using it with real traffic.
Title: Re: Postfix - antispam and relay package
Post by: chris32lr on January 09, 2013, 07:45:29 am
Just take a look on current rule your nat has created and replace internal destination IP to wan address.

Make sure your Postfix is configured and running before using it with real traffic.

Thank you!  :)
Title: Re: Postfix - antispam and relay package
Post by: Ludo on January 10, 2013, 10:16:02 am
Hi,

I have Pfsense version 2.0.1 and I just installed postfix package.
I do that because i need a relay smtp.
I have many temporary users on my network. They all have an Internet access provider different (Orange, Free, etc ...).
I can not change the configuration in their smtp mailer.
This is why I would like to add a rule on my router so they can all go through the SMTP server of my ISP.
Can you do it with your package postfix?
Thank you in advance.

Hi all,

I've just finished postfix package version 2.3.

Postfix is an amazing mail forwarder that really keep away any misconfigured server or server trying to forge email.
Postfix Forwarder package at pfsense has many antispam features but for now, no SASL support for remote authentication.

  • Zombie blocker (postscreen)
  • Header chekcs
  • Body checks
  • Access lists
  • RBL checks
  • SPF checks
  • Dashboard widgets with mail stats
  • Sqlite logs support
  • Sqlite logs forward to use only one box to search mail
  • Package permissions to allow users to just search mail or view queue
  • Search mail tool
  • view postfix queue in gui

And you can also use an third part antispam engine like mailscanner or policyd v2 for a complete antispam solution.



note: NEVER try to install policydv2 freebsd package, it will break out your pfsense.
if you plan to use policydv2 you must put it on other server or in a jail.

The mailscanner tutorial(or package) is under development, for now you can configure by hand using pkg_add -r MailScanner.


att,
Marcello Coutinho
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on January 10, 2013, 07:45:45 pm
This is why I would like to add a rule on my router so they can all go through the SMTP server of my ISP.
Can you do it with your package postfix?

I think you will need authentication for these clients.

You can manually install and configure sasl as current version does not has this integrations on gui.
Title: Re: Postfix - antispam and relay package
Post by: Ludo on January 11, 2013, 04:50:15 am
This is why I would like to add a rule on my router so they can all go through the SMTP server of my ISP.
Can you do it with your package postfix?

I think you will need authentication for these clients.

You can manually install and configure sasl as current version does not has this integrations on gui.

ok, thank you!
Title: Re: Postfix - antispam and relay package
Post by: Redtooth on January 17, 2013, 12:21:18 pm
Hi

I've just installed postfix, everything is working fine except an error keeps feeling my logs..


Jan 17 19:20:26
postfix/smtpd[25463]: D17FD62D47C: client=addmail.nu[212.247.84.186]
Jan 17 19:20:26
postfix/cleanup[28013]: D17FD62D47C: message-id=<729443A7-32CE-41B4-A908-11E46BA2CBD9@site.se>
Jan 17 19:20:26
postfix/qmgr[46843]: D17FD62D47C: from=<firstname.lastname@site.se>, size=1225, nrcpt=1 (queue active)
Jan 17 19:20:27
postfix/smtp[28014]: D17FD62D47C: to=<myname@mydomain.org>, relay=10.10.1.100[10.10.1.100]:25, delay=0.2, delays=0.03/0.01/0.02/0.13, dsn=2.0.0, status=sent (250 Queued (0.016 seconds))
Jan 17 19:20:27
postfix/qmgr[46843]: D17FD62D47C: removed
Jan 17 19:20:31
postfix/smtpd[25463]: warning: connect to private/anvil: Connection refused
Jan 17 19:20:31
postfix/smtpd[25463]: warning: problem talking to server private/anvil: Connection refused
Jan 17 19:20:32
postfix/smtpd[25463]: warning: connect to private/anvil: Connection refused
Jan 17 19:20:32
postfix/smtpd[25463]: warning: problem talking to server private/anvil: Connection refused
Jan 17 19:20:32
postfix/smtpd[25463]: disconnect from addmail.nu[212.247.84.186]

Any clue how to fix this?


** SOLVED **
Had to have Anvil Daemon enabled in Postfix Forwarder under AntiSpam for the problem to go away.
Title: Re: Postfix - antispam and relay package
Post by: RChadwick on March 01, 2013, 10:55:17 am
Can you tell me if this can forward to a port besides 25? I have pfsense at work, and I run an email server at home, but Comcast just decided to block port 25. Was hoping to configure the mx records to point to my office, and it would forward all mail to my home email server.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on March 01, 2013, 11:43:55 am
Can you tell me if this can forward to a port besides 25? I have pfsense at work, and I run an email server at home, but Comcast just decided to block port 25. Was hoping to configure the mx records to point to my office, and it would forward all mail to my home email server.


It will not filter based ou source ip as all your mail will have your comany address as source.
Title: Re: Postfix - antispam and relay package
Post by: vbela on March 16, 2013, 12:39:46 pm
ISSUE:
-------
The postfix log db file is empty, and postfix does not or can not write to the db file.

Location i'm looking at:   /var/db/postfix
I have the same problem.

Loggin is turned on
Destination /var/log/maillog
Update Sqlite Every minute
/^Subject:/ WARN is in the right place

But mail search is not working. DB is created, but it's empty ((

Pfsense ver 2.0.2 i386

Title: Re: Postfix - antispam and relay package
Post by: marcelloc on March 19, 2013, 09:04:39 am
But mail search is not working. DB is created, but it's empty ((

What you get on postfix logs? Can you see the subject warn message on logs and postfix database script on cron?

Title: Re: Postfix - antispam and relay package
Post by: biggsy on April 05, 2013, 01:29:39 am
I've set up a new VM to try and test Postfix and some other packages.

2.1-BETA1 (amd64) built on Tue Apr 2 16:21:22 EDT 2013  +  Postfix 2.8.7,1 pkg v.2.3.4_1

Two things noticed so far:

Edit: one more thing at start of package:
Title: Re: Postfix - antispam and relay package
Post by: biggsy on May 06, 2013, 03:38:32 am
The two main problems noted above now seem to be fixed with the latest version for pfSense 2.1 (amd64). 
Thank you marcelloc.

The last point, about /var/spool/postfix is still there but never caused any problems.

Just as an aside, I also discovered that I could copy the /var/db/postfix/postscreen_cache.db file from the existing 32-bit 2.0.2 install to the new 64-bit 2.1 Beta1 install.  

To avoid delayed delivery of all those "once every few weeks emails", I have a custom main.cf entry:
Code: [Select]
postscreen_cache_retention_time = 30d .  

Copying the postscreen_cache file saves having the new install re-learn all the whitelisted SMTP client IPs that the existing install knew about.    
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 07, 2013, 06:21:45 am
biggsy,

Thanks for your feedback  :)
Title: Re: Postfix - antispam and relay package
Post by: ics on May 07, 2013, 12:07:36 pm
Hi All,

I've just updated package mailscanner-dev to v4.84.5_3 and upgraded pFsense to v2.0.3.
Now memory usage is very high. I don't know if it's due to package or pfsense update.
Postfix processes take very high memory  (screen captures of sys activity in old and new version attached).

Do have an idea ?

Thanks

Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 07, 2013, 12:14:23 pm
It's a normal behavior. You have low memory machines.
Title: Re: Postfix - antispam and relay package
Post by: ics on May 08, 2013, 01:00:29 am
Thank you Marcelloc

Indeed I have 1024MB.
But why processes use so much memory now ?
This is a huge difference !
Title: Re: Postfix - antispam and relay package
Post by: biggsy on May 11, 2013, 03:38:35 am
A strange new problem today with postfix forwarder on 2.1BETA amd64 test system.  Config hadn't changed.

Received the following error:
 
Code: [Select]
postfix/smtpd[1783]: error: open /usr/local/etc/postfix/helo_check: No such file or directory
postfix/smtpd[1783]: connect from [i]mailserver.myisp[/i].com[[i]x.y.z.231[/i]]
postfix/smtpd[1783]: warning: pcre:/usr/local/etc/postfix/helo_check is unavailable. open /usr/local/etc/postfix/helo_check: No such file or directory
postfix/smtpd[1783]: warning: pcre:/usr/local/etc/postfix/helo_check: table lookup problem

EDIT:  looks like it should be "helo_checks"
Title: Re: Postfix - antispam and relay package
Post by: dhatz on May 11, 2013, 10:04:54 pm
Is the per process memory usage of 200M+ normal ?

I haven't used mailscanner before (just visited their website and they list some impressive installations), but for the past 6-7 years I have been running several Postfix systems using amavis to interface with antispam (spamassassin) and antiviruses (e.g. clamav) and postgrey and the overall memory usage is nowhere near those numbers ...
Title: Re: Postfix - antispam and relay package
Post by: biggsy on May 13, 2013, 05:05:02 am
Regarding my post above about /usr/local/etc/postfix/helo_check

I created a plain text file with one line similar to this:

Code: [Select]
/^my.domain.com/ REJECT
The error has gone away and postfix is forwarding mail again.  I have no idea why this file was suddenly wanted by postfix but it almost certainly happened after an upgrade to the latest 2.1 snap and the subsequent re-install of postfix. 

I also suspect the file should probably have been looked for in: /usr/pbi/postfix-amd64/etc/postfix/

(The code above also stops remote SMTP clients from trying to claim they are part of my own domain.)
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 13, 2013, 09:36:12 am
Regarding my post above about /usr/local/etc/postfix/helo_check
The error has gone away and postfix is forwarding mail again.  I have no idea why this file was suddenly wanted by postfix but it almost certainly happened after an upgrade to the latest 2.1 snap and the subsequent re-install of postfix. 

I also suspect the file should probably have been looked for in: /usr/pbi/postfix-amd64/etc/postfix/

(The code above also stops remote SMTP clients from trying to claim they are part of my own domain.)

I've included this helo check on latest version, but forgot to include folder check on it.

It's fixed now (https://github.com/pfsense/pfsense-packages/commit/d10fa5428841544605fc5768f0cd0305574ebf8d). 

Thanks for your feedback. :)
Title: Re: Postfix - antispam and relay package
Post by: biggsy on May 14, 2013, 03:37:45 am
Quote
It's fixed now.

Indeed it is. 

Thank you once again marcelloc  :)
Title: Re: Postfix - antispam and relay package
Post by: r00tm4n on May 15, 2013, 06:24:42 am
Hello Marcello,

Very nice work (um trabalho extraordinario!), congrats!

I would like to migrate my smtp proxy to something that
is able to count emails per user per minutes or hours and
be able to limit that.
Can pfSense do that?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 15, 2013, 08:11:31 am
Very nice work (um trabalho extraordinario!), congrats!
Thanks!:)

I would like to migrate my smtp proxy to something that
is able to count emails per user per minutes or hours and
be able to limit that.
Can pfSense do that?
Not on current version, but postfwd can do that.

http://www.postfix.org/SMTPD_POLICY_README.html
http://postfwd.org/
Title: Re: Postfix - antispam and relay package
Post by: biggsy on May 16, 2013, 04:42:58 am
Here's another one for you marcelloc:

I just noticed that postfix forwarder on 2.1 BETA 1 amd64 does not pick up descriptive names (e.g., "DMZ") for OPT interfaces. It does on my 2.0.2 install. 

Also, the package description is "Not available" under Status > Services.

Both of the above are only cosmetic changes but you may not have noticed them.   :)
Title: Re: Postfix - antispam and relay package
Post by: ics on May 17, 2013, 04:00:29 pm
I have an Exchange Server that sends outgoing emails through pfSense.
The recipient can see the local hostname and private IP address of the Exchange server in the header of the email.
Is there a way to hide this ?

Thanks
Title: Re: Postfix - antispam and relay package
Post by: dhatz on May 19, 2013, 11:07:33 am
I have an Exchange Server that sends outgoing emails through pfSense.
The recipient can see the local hostname and private IP address of the Exchange server in the header of the email.
Is there a way to hide this ?

It's not such as big deal, in fact even Google's Gmail "reveals" its internal IPs / hostnames in the Received headers.

Anyway, if you really want to remove all traces of your local hostnames & IPs, you can use Postfix's
header_checks =
to instruct Postfix to ignore (i.e. delete when forwarding mail) certain "Received: " lines.
However I don't know if pfSense's Postfix package allows you to configure this feature from the webGUI.

Btw could someone please comment on my question a few days ago: "Is the per process memory usage of 200M+ normal ?"
Title: Re: Postfix - antispam and relay package
Post by: ics on May 20, 2013, 03:23:37 am
It's not such as big deal, in fact even Google's Gmail "reveals" its internal IPs / hostnames in the Received headers.

Anyway, if you really want to remove all traces of your local hostnames & IPs, you can use Postfix's
header_checks =
to instruct Postfix to ignore (i.e. delete when forwarding mail) certain "Received: " lines.
However I don't know if pfSense's Postfix package allows you to configure this feature from the webGUI.

Btw could someone please comment on my question a few days ago: "Is the per process memory usage of 200M+ normal ?"

Thanks, I'll try that.

For me it's not normal that the process takes more than 200M as it was not the case in the previous version of pFsense.
But Marcello said that it's a normal behavior with low memory machines.
Then I added RAM up to 2GB and the process indeed takes about 68MB...

So now the process takes less RAM but for that I had to increase server RAM...Weird !
Title: Re: Postfix - antispam and relay package
Post by: virusbcn on May 21, 2013, 04:11:31 am
Hello Marcelo, i have one question, i have a mail server behind a pfsense, one postfix mail server with 20 domains and 200 users aprox, if i install this package what is the more easy way to config this, to make my first level barrier of spam in pfsense ¿???  i don't want put all domains or users or ldap sync with my server :-(   It is this possible ??
Title: Re: Postfix - antispam and relay package
Post by: biggsy on May 21, 2013, 04:37:59 am
Quote
...one postfix mail server with 20 domains and 200 users...

If you are running a postfix mailserver I doubt that you get much benefit from running the postfix forwarder in pfSense. (You didn't mention postfix in your other post.)  Maybe you just need to configure the postfix mailserver to do what you need.

Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 21, 2013, 05:58:02 am
what is the more easy way to config this, to make my first level barrier of spam in pfsense ¿???
Follow default options on gui, it will be easy  :)

I don't want put all domains or users or ldap sync with my server :-(   It is this possible ??

you have to configure it on pfsense to filter unknow domains, mailboxes, spf, forged sender domains, etc, etc ,etc during message header. this way, you save bandwidth while rejecting most spams before they send data.
Title: Re: Postfix - antispam and relay package
Post by: DQM on May 21, 2013, 11:13:08 am
Dear Marcello,

Thank you once again for the package ! My mail gateway is running well.

I have some questions:

- Did you updated it to 2.10.0 version? Is that correct? Because I saw on the Package Management of my pfsense box (pls see the attached file for more details).
- Does new version work smoothly? Does it has any new features? (Ex: SMTP Relay server by authentication or Trusted IPs methods)

Looking forward to hearing from you soon.

Best regards,
DQM
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 21, 2013, 12:55:02 pm
- Did you updated it to 2.10.0 version? Is that correct? Because I saw on the Package Management of my pfsense box (pls see the attached file for more details).
Yes. 2.10 is the latest stable version.

- Does new version work smoothly? Does it has any new features? (Ex: SMTP Relay server by authentication or Trusted IPs methods)
Yes. The new feature on gui is an helo acl and new sync code and also working on pfsense 2.1 .
I'll include some thay mem cache for postscreen. I'm running my antispam boxes without issues with postfix 2.10.
Title: Re: Postfix - antispam and relay package
Post by: DQM on May 21, 2013, 11:16:12 pm
- Did you updated it to 2.10.0 version? Is that correct? Because I saw on the Package Management of my pfsense box (pls see the attached file for more details).
Yes. 2.10 is the latest stable version.

- Does new version work smoothly? Does it has any new features? (Ex: SMTP Relay server by authentication or Trusted IPs methods)
Yes. The new feature on gui is an helo acl and new sync code and also working on pfsense 2.1 .
I'll include some thay mem cache for postscreen. I'm running my antispam boxes without issues with postfix 2.10.

Thanks for your information, Marcello !
Title: Re: Postfix - antispam and relay package
Post by: virusbcn on May 22, 2013, 02:59:36 am
what is the more easy way to config this, to make my first level barrier of spam in pfsense ¿???
Follow default options on gui, it will be easy  :)

I don't want put all domains or users or ldap sync with my server :-(   It is this possible ??

you have to configure it on pfsense to filter unknow domains, mailboxes, spf, forged sender domains, etc, etc ,etc during message header. this way, you save bandwidth while rejecting most spams before they send data.


Thank you Marcelo i try to search some information to sync ldap with my postfix server and try to make some tests, and search for get some free time :-(
Title: Re: Postfix - antispam and relay package
Post by: biggsy on May 24, 2013, 01:57:30 am
I decided to auto-start my test pfSense 2.1 VM when booting ESXi - postfix failed to start and left the following log entries:
  
Code: [Select]
User.Error 192.168.111.51 May 24 16:35:28 php: : Stopping postfix
User.Error 192.168.111.51 May 24 16:35:28 php: : Stopping postfix
Mail.Critical 192.168.111.51 May 24 16:35:28 postfix/postfix-script[17736]: fatal: the Postfix mail system is not running
User.Error 192.168.111.51 May 24 16:35:28 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was '/usr/pbi/postfix-amd64/sbin/postconf: warning: /usr/pbi/postfix-amd64/etc/postfix/master.cf: unused parameter: user=postfix'
Mail.Critical 192.168.111.51 May 24 16:35:28 postfix/postfix-script[17885]: fatal: the Postfix mail system is not running
User.Error 192.168.111.51 May 24 16:35:28 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was '/usr/pbi/postfix-amd64/sbin/postconf: warning: /usr/pbi/postfix-amd64/etc/postfix/master.cf: unused parameter: user=postfix'
Syslog.Error 192.168.111.51 May 24 16:35:29 syslogd: exiting on signal 15
Kernel.Info 192.168.111.51 May 24 16:35:30 syslogd: kernel boot file is /boot/kernel/kernel
User.Error 192.168.111.51 May 24 16:35:29 php: : Writing out configuration
Syslog.Error 192.168.111.51 May 24 16:35:30 syslogd: exiting on signal 15
Kernel.Info 192.168.111.51 May 24 16:35:30 syslogd: kernel boot file is /boot/kernel/kernel
User.Error 192.168.111.51 May 24 16:35:30 php: : Writing out configuration
User.Error 192.168.111.51 May 24 16:35:32 php: : Writing rc_file
User.Error 192.168.111.51 May 24 16:35:32 php: : Writing rc_file
User.Error 192.168.111.51 May 24 16:35:33 php: : Stopping postfix
Mail.Critical 192.168.111.51 May 24 16:35:33 postfix/postfix-script[27296]: fatal: the Postfix mail system is not running
User.Error 192.168.111.51 May 24 16:35:33 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was '/usr/pbi/postfix-amd64/sbin/postconf: warning: /usr/pbi/postfix-amd64/etc/postfix/master.cf: unused parameter: user=postfix'
User.Error 192.168.111.51 May 24 16:35:33 php: : Stopping postfix
User.Error 192.168.111.51 May 24 16:35:34 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '126', the output was '/usr/local/etc/rc.d/postfix.sh: Permission denied'
User.Notice 192.168.111.51 May 24 16:35:34 check_reload_status: Syncing firewall
Syslog.Error 192.168.111.51 May 24 16:35:34 syslogd: exiting on signal 15
Kernel.Info 192.168.111.51 May 24 16:35:35 syslogd: kernel boot file is /boot/kernel/kernel
User.Error 192.168.111.51 May 24 16:35:35 php: : Writing out configuration
Syslog.Error 192.168.111.51 May 24 16:35:35 syslogd: exiting on signal 15
Kernel.Info 192.168.111.51 May 24 16:35:36 syslogd: kernel boot file is /boot/kernel/kernel
User.Error 192.168.111.51 May 24 16:35:36 php: : Writing out configuration
User.Error 192.168.111.51 May 24 16:35:38 php: : Writing rc_file
User.Error 192.168.111.51 May 24 16:35:38 php: : Writing rc_file
User.Error 192.168.111.51 May 24 16:35:39 php: : Stopping postfix
User.Error 192.168.111.51 May 24 16:35:39 php: : Stopping postfix
Mail.Critical 192.168.111.51 May 24 16:35:39 postfix/postfix-script[39090]: fatal: the Postfix mail system is not running
User.Error 192.168.111.51 May 24 16:35:39 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was '/usr/pbi/postfix-amd64/sbin/postconf: warning: /usr/pbi/postfix-amd64/etc/postfix/master.cf: unused parameter: user=postfix'
User.Error 192.168.111.51 May 24 16:35:39 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '126', the output was '/usr/local/etc/rc.d/postfix.sh: Permission denied'
Syslog.Error 192.168.111.51 May 24 16:35:41 syslogd: exiting on signal 15
Kernel.Info 192.168.111.51 May 24 16:35:42 syslogd: kernel boot file is /boot/kernel/kernel
User.Error 192.168.111.51 May 24 16:35:41 php: : Writing out configuration
Syslog.Error 192.168.111.51 May 24 16:35:42 syslogd: exiting on signal 15
Kernel.Info 192.168.111.51 May 24 16:35:42 syslogd: kernel boot file is /boot/kernel/kernel
User.Error 192.168.111.51 May 24 16:35:42 php: : Writing out configuration
User.Error 192.168.111.51 May 24 16:35:44 php: : Writing rc_file
User.Error 192.168.111.51 May 24 16:35:44 php: : Writing rc_file
User.Error 192.168.111.51 May 24 16:35:45 php: : Stopping postfix
User.Error 192.168.111.51 May 24 16:35:45 php: : Stopping postfix
Mail.Critical 192.168.111.51 May 24 16:35:45 postfix/postfix-script[50014]: fatal: the Postfix mail system is not running
User.Error 192.168.111.51 May 24 16:35:45 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was '/usr/pbi/postfix-amd64/sbin/postconf: warning: /usr/pbi/postfix-amd64/etc/postfix/master.cf: unused parameter: user=postfix'
User.Error 192.168.111.51 May 24 16:35:45 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '126', the output was '/usr/local/etc/rc.d/postfix.sh: Permission denied'
User.Notice 192.168.111.51 May 24 16:35:46 check_reload_status: Syncing firewall
Syslog.Error 192.168.111.51 May 24 16:35:46 syslogd: exiting on signal 15
Kernel.Info 192.168.111.51 May 24 16:35:47 syslogd: kernel boot file is /boot/kernel/kernel
User.Error 192.168.111.51 May 24 16:35:47 php: : Writing out configuration
Syslog.Error 192.168.111.51 May 24 16:35:47 syslogd: exiting on signal 15
Kernel.Info 192.168.111.51 May 24 16:35:48 syslogd: kernel boot file is /boot/kernel/kernel
User.Error 192.168.111.51 May 24 16:35:47 php: : Writing out configuration
User.Error 192.168.111.51 May 24 16:35:49 php: : Writing rc_file
User.Error 192.168.111.51 May 24 16:35:49 php: : Writing rc_file
User.Error 192.168.111.51 May 24 16:35:50 php: : Stopping postfix
User.Error 192.168.111.51 May 24 16:35:50 php: : Stopping postfix
Mail.Critical 192.168.111.51 May 24 16:35:50 postfix/postfix-script[59480]: fatal: the Postfix mail system is not running
User.Error 192.168.111.51 May 24 16:35:50 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was '/usr/pbi/postfix-amd64/sbin/postconf: warning: /usr/pbi/postfix-amd64/etc/postfix/master.cf: unused parameter: user=postfix'
User.Error 192.168.111.51 May 24 16:35:50 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '126', the output was '/usr/local/etc/rc.d/postfix.sh: Permission denied'
Syslog.Error 192.168.111.51 May 24 16:35:51 syslogd: exiting on signal 15
Kernel.Info 192.168.111.51 May 24 16:35:51 syslogd: kernel boot file is /boot/kernel/kernel
User.Error 192.168.111.51 May 24 16:35:51 php: : Writing out configuration
Syslog.Error 192.168.111.51 May 24 16:35:51 syslogd: exiting on signal 15
Kernel.Info 192.168.111.51 May 24 16:35:51 syslogd: kernel boot file is /boot/kernel/kernel
User.Error 192.168.111.51 May 24 16:35:53 php: : Writing rc_file
User.Error 192.168.111.51 May 24 16:35:53 php: : Writing rc_file
User.Error 192.168.111.51 May 24 16:35:54 php: : Stopping postfix
Mail.Critical 192.168.111.51 May 24 16:35:54 postfix/postfix-script[70188]: fatal: the Postfix mail system is not running
User.Error 192.168.111.51 May 24 16:35:54 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was '/usr/pbi/postfix-amd64/sbin/postconf: warning: /usr/pbi/postfix-amd64/etc/postfix/master.cf: unused parameter: user=postfix'
User.Error 192.168.111.51 May 24 16:35:54 php: : Stopping postfix
User.Error 192.168.111.51 May 24 16:35:54 php: : The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '126', the output was '/usr/local/etc/rc.d/postfix.sh: Permission denied'
Kernel.Critical 192.168.111.51 May 24 16:35:56 kernel: VMware memory control driver initialized
Auth.Info 192.168.111.51 May 24 16:35:57 login: login on ttyv0 as root
System4.Notice 192.168.111.51 May 24 16:35:57 sshlockout[84092]: sshlockout/webConfigurator v3.0 starting up
Auth.Emerg 192.168.111.51 May 24 16:56:29 php: /index.php: Successful login for user 'admin' from: 192.168.111.7
Auth.Emerg 192.168.111.51 May 24 16:56:29 php: /index.php: Successful login for user 'admin' from: 192.168.111.7
Auth.Emerg 192.168.111.51 May 24 16:56:29 php: /index.php: Successful login for user 'admin' from: 192.168.111.7
User.Error 192.168.111.51 May 24 16:57:21 php: /status_services.php: The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '126', the output was '/usr/local/etc/rc.d/postfix.sh: Permission denied'
Mail.Warning 192.168.111.51 May 24 16:57:24 postfix/postfix-script[62930]: warning: not owned by root: /var/spool/postfix
Mail.Info 192.168.111.51 May 24 16:57:24 postfix/postfix-script[67208]: starting the Postfix mail system
Mail.Info 192.168.111.51 May 24 16:57:24 postfix/master[67631]: daemon started -- version 2.10.0, configuration /usr/pbi/postfix-amd64/etc/postfix

Started fine from the service status page though.
Title: Re: Postfix - antispam and relay package
Post by: biggsy on May 24, 2013, 02:23:18 am
Just realized that I did an update to the latest 2.1 snap last night and forgot to re-enable postfix and pfBlocker.

Why aren't these two packages re-enabled automatically after updating, if they were enabled before?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 24, 2013, 12:42:53 pm
Why aren't these two packages re-enabled automatically after updating, if they were enabled before?

The uninstall process disables it.
Title: Re: Postfix - antispam and relay package
Post by: buv on June 02, 2013, 07:19:15 am
Hi Marcello,

first of all thank you very much for this excellent module! It makes my work much easier, since I am not really a postfix specialist.

I've never seen this error during package install.

check if pkg_info return two postfix installs or something.

EDIT:

Let me know if this feature works with zimbra ldap.
It's written for Active directory ldap search.

att,
Marcello Coutinho

I am using the package in combination with the Zimbra mail server. When I try to do the recipient retrival via LDAP, I come to a limitation which has its cause in the different LDAP structure of Zimbra compared to MS AD. Looking at the query your module submits, I see that it is expecting a SAMAccount. This entity is not present in the Zimbra LDAP. The Zimbra LDAP structure looks like the following:


  dc=tld
    dc=mydomain
      ou=people
        uid=<user id1>
          mail=u1@b.c
          mail=u1_alias1@b.c
          mail=u1_alias2@b.c
          ...
        uid=<user id2>
          mail=u2@b.c
          mail=u2_alias1@b.c
          ...


uid is of types inetOrgPerson, zimbraAccount and amavisAccount. Is it possible for me to modify the query in one of the config files, or does it require a change in the source code? Would you be interested in extending the LDAP part to include Zimbra queries? If so, I could prepare the query and provide it to you.

Greetings,
Burkhard

Title: Re: Postfix - antispam and relay package
Post by: buv on June 03, 2013, 11:06:03 pm
Hi,

maybe I found the solution: The LDAP query is nicely wrapped in the /usr/local/bin/adexport.pl, so no recompile neccessary. I did the following modification:

Code: [Select]
56c56
< our $filter  = '(|(objectClass=publicFolder)(&(sAMAccountName=*)(mail=*)))';
---
> our $filter  = '(&(uid=*)(mail=*))';

It seems to work and only lists userIds with valid email addresses. The technical users like spam and ham do not get selected and are not forwarded.

Does it make sense to use the filter value a Perl script parameter and make it selectable from a drop down box for Exchange and Zimbra (and potentially further mail server types)?

Greetings,
Burkhard
Title: Re: Postfix - antispam and relay package
Post by: buv on June 04, 2013, 12:12:17 am
ok, was a bit more complicated:

Code: [Select]
56c56
< our $filter  = '(|(objectClass=publicFolder)(&(sAMAccountName=*)(mail=*)))';
---
> our $filter  = '(&(uid=*)(mail=*))';
92c92
<              attrs    => [ "proxyAddresses" ],
---
>              attrs    => [ "mail" ],
163,164c163,164
<   my @mails = grep { /^smtp:/i && !$gSeen{$_}++ }
<                    $data->get_value( "proxyAddresses" );
---
>   my @mails = grep { !$gSeen{$_}++ }
>                    $data->get_value( "mail" );
168c168
<     print map { s/^smtp:(.+)$/\L$1\n/i; $_ } @mails;
---
>     print map { s/^(.+)$/\L$1\n/i; $_ } @mails;

I did not recognize the problem that the recipient list remained empty because all mails got forwarded to the mail server then anyhow...

Greetings,
Burkhard
Title: Re: Postfix - antispam and relay package
Post by: ics on June 12, 2013, 05:31:08 am
I successfully upgraded to postfix v2.10  :)
I've noticed that with this new postfix package, the file /var/log/maillog is not deleted anymore after a reboot.

Does it mean that now there is a kind of logrotate configured for this file ? If yes how is it configured ?

This file is 238MB and keep growing...
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on June 12, 2013, 06:40:21 am
Does it mean that now there is a kind of logrotate configured for this file ? If yes how is it configured ?

No log rotate yet.
Title: Re: Postfix - antispam and relay package
Post by: expert_az on June 28, 2013, 04:30:17 am
hello

I'm getting this error after update postfix 2.10

postfix/postscreen[63302]: fatal: btree:/var/db/postfix/postscreen_cache: unable to get exclusive lock: Resource temporarily unavailable


any solution?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on June 28, 2013, 08:11:51 am
Did you tried stopping postfix process and removing current /var/db file to start a new one?
Title: Re: Postfix - antispam and relay package
Post by: expert_az on June 28, 2013, 08:45:58 am
Thank you marcelloc,after stoping postfix and deleting db file it's ok now,
I will monitor logs and will inform you if it happens again
Title: Re: Postfix - antispam and relay package
Post by: expert_az on June 29, 2013, 01:06:49 am
Marcello

It happened again:((

Jun 29 09:03:51   postfix/postscreen[54318]: fatal: btree:/var/db/postfix/postscreen_cache: unable to get exclusive lock: Resource temporarily unavailable
Jun 29 09:02:50   postfix/postscreen[61744]: fatal: btree:/var/db/postfix/postscreen_cache: unable to get exclusive lock: Resource temporarily unavailable
Jun 29 09:01:49   postfix/postscreen[63059]: fatal: btree:/var/db/postfix/postscreen_cache: unable to get exclusive lock: Resource temporarily unavailable
Title: Bypassing all checks for specific sender IP address
Post by: jemarti on July 10, 2013, 11:13:31 am
I need to configure PostFix to accept mail from a specific IP address even though that address is both blacklisted and is presenting a non-existent host name during HELO.

I have tried placing entries like this:
123.231.132.213 OK
in the "helo" section of the "Access Lists" tab, and also added them to /usr/local/etc/postfix/helo_check
but I am still getting the following reject message in the logs:
RCPT from unknown[123.231.132.213]: 550 5.7.1 Client host rejected: cannot find your hostname, [123.231.132.213]

Could anyone advise me on the correct way to configure PostFix so that it will bypass the helo and RBL checks for specific IP addresses?

Thanks.
Title: Re: Postfix - antispam and relay package
Post by: KriogenBoard on July 24, 2013, 03:52:18 pm
Hi guys! Sorry for my bad English. I found an interesting bug. The package is sensitive to the hostname. If you do not correct the host name does not occur the record in db file. Example: mail1.example.com working, mail-1.example.com not working. All the matter in the function function_grep_log in file /usr/local/www/postfix.php . Please note this bug in the next update. Thank you.  :)
Title: Re: Postfix - antispam and relay package
Post by: kwaci on July 26, 2013, 06:04:07 am
Hi All,

I`m new in this forum.
I`m just installing pfSense with Postfix and Mailscanner package as SMTP relay for our Exchange 2003 server.
It work very well. Postscreen and RBL checks are the day saver.  :)


One thing i want to ask, is it possible to block certain email  address from my trusted (mynetworks) SMTP client ?

I had put the email address in the Access List --> Sender, but it doestn`t have any effect.
I think it is because the order in the smtpd_client_restrictions and smtpd_recipient_restrictions started by permit_mynetworks and followed by other rules. So if the first rule is passed, it won`t check the following rules.
Also i`m trying to change the order from the shell, but when i`m reload the Postfix from the GUI the main.cf back to default order.


      
smtpd_recipient_restrictions = permit_mynetworks,
            reject_unauth_destination,
            reject_unauth_pipelining,
            check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
            check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
            check_sender_access hash:/usr/local/etc/postfix/sender_access,
            reject_non_fqdn_helo_hostname,
            reject_unknown_recipient_domain,
            reject_non_fqdn_recipient,
            reject_multi_recipient_bounce,
            reject_unverified_recipient,
            reject_spf_invalid_sender,
            permit





Thank you
Title: Re: Postfix - antispam and relay package
Post by: kwaci on July 26, 2013, 06:10:43 am
Marcello

It happened again:((

Jun 29 09:03:51   postfix/postscreen[54318]: fatal: btree:/var/db/postfix/postscreen_cache: unable to get exclusive lock: Resource temporarily unavailable
Jun 29 09:02:50   postfix/postscreen[61744]: fatal: btree:/var/db/postfix/postscreen_cache: unable to get exclusive lock: Resource temporarily unavailable
Jun 29 09:01:49   postfix/postscreen[63059]: fatal: btree:/var/db/postfix/postscreen_cache: unable to get exclusive lock: Resource temporarily unavailable


Hi expert_az,


I think you have configured the Postfix to listen on multiple interfaces.
You can workaround this issue by listening postfix on localhost only and then nat external ips to 127.0.0.1. (http://forum.pfsense.org/index.php/topic,46334.msg242753.html#msg242753 (http://forum.pfsense.org/index.php/topic,46334.msg242753.html#msg242753))




Title: Re: Postfix - antispam and relay package
Post by: expert_az on July 29, 2013, 01:48:29 am
kwaci thank you for reply,i will try solution
Title: Re: Postfix - antispam and relay package
Post by: expert_az on July 29, 2013, 01:55:06 am
hello marcelloc,after upgrade version 2.10.0 pkg v.2.3.5 all queued mails in Search Mail tab displayed as hold(status) mail.

but some of theme have  sent,spam or  hold  status,anyway to correct this issue?
Title: Re: Postfix - antispam and relay package
Post by: FlashPan on July 29, 2013, 04:15:54 am
Hi all,

I seem to having a little issue with the widget for this package.

Emails are flowing in and out fine but the widget does not show the number of emials which have been rejected etc.

The only disply the widget shows is the number of "Sent" emails which are emails that have passed through successfully and allowed into my exchange server.

I am not using the additional mailscanner and I am running pfsense 2.0.3 i386 and postfix forwarder 2.10.0 pkg v.2.3.5

Any ideas or tweaks I need to make?

Thanks and cheers all.
Title: Re: Bypassing all checks for specific sender IP address
Post by: kwaci on August 02, 2013, 08:29:58 pm
I need to configure PostFix to accept mail from a specific IP address even though that address is both blacklisted and is presenting a non-existent host name during HELO.

I have tried placing entries like this:
123.231.132.213 OK
in the "helo" section of the "Access Lists" tab, and also added them to /usr/local/etc/postfix/helo_check
but I am still getting the following reject message in the logs:
RCPT from unknown[123.231.132.213]: 550 5.7.1 Client host rejected: cannot find your hostname, [123.231.132.213]

Could anyone advise me on the correct way to configure PostFix so that it will bypass the helo and RBL checks for specific IP addresses?

Thanks.


Hi jemarti, try to put it in the Access List --> MyNetworks.


Title: Re: Postfix - antispam and relay package
Post by: biggsy on August 03, 2013, 02:00:26 am
Jemarti,

you can add that IP to mynetworks but it would be far better to email the owner of 123.231.132.213 and ask him to fix his DNS entries so that IP address resolves to the host name sent in the HELO/EHLO command. 
Title: Re: Postfix - antispam and relay package
Post by: ics on August 23, 2013, 01:50:39 am
Hi

My postfix db /var/db/postfix takes a huge space. I would like to purge postfix sqlite files.
Can I just remove old files ?

Title: Re: Postfix - antispam and relay package
Post by: doktornotor on August 23, 2013, 02:45:11 am
My postfix db /var/db/postfix takes a huge space. I would like to purge postfix sqlite files.
Can I just remove old files ?

Uhm, how about

Code: [Select]
sqlite3 database_name "VACUUM;"
Title: Re: Postfix - antispam and relay package
Post by: ics on August 23, 2013, 03:39:00 am
I don't know the database_name...
FYI, the folder contents many files [date].db

Also, as I understand, this command will reclaim space in the database This will not remove data.
I want to delete old entries.
As it is split in multiple files, would it be possible to keep some of the latest .db files and delete the oldest ones ?
Title: Re: Postfix - antispam and relay package
Post by: doktornotor on August 23, 2013, 04:05:31 am
I don't know the database_name...

Eh. It's the filename.

Also, as I understand, this command will reclaim space in the database This will not remove data.

Yes.

I want to delete old entries.

So delete them?

As it is split in multiple files, would it be possible to keep some of the latest .db files and delete the oldest ones ?

Yes, of course. man find (http://www.freebsd.org/cgi/man.cgi?query=find&sektion=1)
Title: Re: Postfix - antispam and relay package
Post by: brokendash on August 25, 2013, 12:57:41 pm
This might be off topic but I'm using this package to relay mail into and then outside of my network both using ipv4 and ipv6. I was wondering if there would be a way to change the webgui config's logic so that if you do not select an interface to listen to it would essentially populate the master.cf using one smtp service entry in the master.cf

ie:
smtp      inet  n       -       n       -       1       postscreen

I think technically using postscreen for inbound traffic & relaying outbound is not the correct method to implement but with my tiny MX environment I feel it's not an issue.


My setup also has the custom main.cf rules form filled in with the following also...

relayhost = [smtp.somewhere.net]
inet_protocols = all
inet_interfaces = 127.0.0.1, [::1], 192.168.1.254, [fd00:470:bce0:1::254]
smtp_bind_address = 0.0.0.0
smtp_bind_address6 = fd00:470:bce0:1::254


Every time I update to a recent snapshot it seems that I've had to resave all settings in the webgui, then hand tune the master.cf,  copy it and the rest of the /usr/local/etc/postfix/* configs over to the /usr/pbi/postfix-i386/etc/postfix dir. I essentially came to all of these a good while back when I moved from the stable release to a snapshot build and discovered everything was horridly broke.... :-)

My question now is basically, are there any plans to make this a bit more ipv6 friendly? and could I get some thoughts on the postscreen for in/out relaying as well? Perhaps there is some future changes that will ease my frustrations and/or I'm all for even assisting in the creation any changes. 


Cheers,
Brian
Title: Re: Postfix - antispam and relay package
Post by: Truster on September 04, 2013, 01:48:06 am
Hello Marcelloc, nice to see you again in another thread :-)

i have a little question about the postfix forwarder package, i'm getting the errro:
Code: [Select]
postfix/postfix-script[21723]: fatal: the Postfix mail system is not running
And another one: the file /usr/local/etc/rc.d/postfix.sh isn't executable, is this correct?

Best regards from Salzburg
Dave

Edit: Running on pfsense 2.0.2 i386, i'll upgrade it today at 12:00 CEST to the latest version
Title: Re: Postfix - antispam and relay package
Post by: Truster on September 04, 2013, 05:49:35 am
Truster, you are the greatest noop on this planet: check "Enable Postfix"-checkbox and get lucky.  ;D
Title: Re: Postfix - antispam and relay package
Post by: aslan1071 on September 18, 2013, 01:02:15 am
Quick question. I hope it has not been covered and I missed it I am sorry as am new to this tool. I have several Cpanel Boxes with several hundred domains on each that I would like to use this for. The Problem comes when I try to add more then 98 domains to the forwarding table it stops adding them. Is this a limit of postfix or pfSense? Please advise.

thanks
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on September 19, 2013, 03:04:08 pm
Quick question. I hope it has not been covered and I missed it I am sorry as am new to this tool. I have several Cpanel Boxes with several hundred domains on each that I would like to use this for. The Problem comes when I try to add more then 98 domains to the forwarding table it stops adding them. Is this a limit of postfix or pfSense? Please advise.

thanks

IIRC This limit is on package framework.

try this:

Title: Re: Postfix - antispam and relay package
Post by: biggsy on September 20, 2013, 02:30:16 am
Aslan1071,

Are you adding all those entries manually?

With the postmap command you should be able add them from a text file to /usr/local/etc/postfix/transport.db

Title: Re: Postfix - antispam and relay package
Post by: aslan1071 on September 26, 2013, 03:30:35 am
Thanks Guys... I will give this a try. I have tried both methods by had and from text file but it was cutting off the list at 98 no matter the input method.

I will let you know if this works.

thanks again.
Title: Re: Postfix - antispam and relay package
Post by: DQM on October 20, 2013, 05:40:10 am
Dear Marcello,

I have just installed PF 2.10 on new my box (2.0.3). But it seems not work with Active Directory ( I didn't see the adexport.pl file at /usr/local/etc/postfix).

Could you please show me how does it work with Active Directory to export recipients to the relay_recipients file?

Thank you and look forward to your reply.
DQM
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on October 20, 2013, 08:33:08 pm
adexport.pl stays on /usr/local/bin/ but you need first to install p5-perl-ldap package.

You can install it with pkg_add from my repo or from freebsd repo

amd64
pkg_add -r http://e-sac.siteseguro.ws/packages/amd64/8/All/p5-perl-ldap-0.4300.tbz

i386
pkg_add -r http://e-sac.siteseguro.ws/packages/8/All/p5-perl-ldap-0.4300.tbz
Title: Re: Postfix - antispam and relay package
Post by: DQM on October 21, 2013, 09:07:45 am
Thanks Marcello,

It works well now  :)
Title: Re: Postfix - antispam and relay package
Post by: JohnConnor on November 28, 2013, 05:08:36 am
Hi Marcelloc,

First thanks for your great job

I just want to ask you something, I have an issue in the configuration of the forwarding domains.
I have three domains to relay to my mailserver, but when I add them in the GUI, click save, it save only the last domain.
I tried to add them manually in the transport and main.cf file, but the change does not appear in the GUI

I have this issue in both i386/x64 release of pfsense 2.1
Postfix forwarder  2.10.0 pkg v.2.3.6

Do you have an idea ?

Regards
John


EDIT:

I found the problem is internet explorer.
Everything works with chrome, sorry for my mistake
Title: Re: Postfix - antispam and relay package
Post by: kwaci on November 30, 2013, 07:51:59 pm
Hi All,

I`m new in this forum.
I`m just installing pfSense with Postfix and Mailscanner package as SMTP relay for our Exchange 2003 server.
It work very well. Postscreen and RBL checks are the day saver.  :)



Thank you


Hi All and marcelloc,


It has been four months since i`m using this antispam and relay package.
And it still work very well.

Thank you  pfSense and marcelloc for creating such a good system.


tips : keep the maillog file rotated



Title: Re: Postfix - antispam and relay package
Post by: brokendash on December 05, 2013, 11:44:48 am
Any plans for some ipv6 support? also everytime I reboot I have to manually replace my master.cf config and restart the service...


I need postfix to listen on ipv6 so with no interfaces selected the within the web gui the /usr/pbi/postfix-i386/etc/postfix/master.cf ends up getting modified adding my wan ip info.

MY.WAN.IP:25   inet  n       -       n       -       1       postscreen

This means every reboot postfix starts up only listening to my a single address....

Im simply desiring the web gui to allow for one to select no interfaces allowing for the master.cf to contain the single smtp option.

smtp        inet  n       -       n       -       1       postscreen

This would essentially allow for my other ipv6 config details to be configured within the web gui's custom main.cf options area....
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on December 05, 2013, 03:07:28 pm
Im simply desiring the web gui to allow for one to select no interfaces allowing for the master.cf to contain the single smtp option.

I'll put it on my todo list.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on December 06, 2013, 04:16:38 pm
Done!  (https://github.com/pfsense/pfsense-packages/commit/6379357ef42d6d42067f3184a92c531405bc9c5a) :)

Install/upgrade to 2.10.2 pkg v.2.3.7  postfix-forward package version.

Do not forget to revise config tabs after upgrade.
Title: Re: Postfix - antispam and relay package
Post by: biggsy on December 07, 2013, 02:00:05 pm
Hi Marcello,

Since updating to 2.10.2 pkg v.2.3.7 no mail relayed and seeing these messages in the log:

Code: [Select]
Dec  8 06:57:44 postfix/smtp[2973]: connect to 192.168.11.2[192.168.11.2]:25: Operation timed out
Dec  8 06:57:44 postfix/smtp[2973]: 7AC81B934: to=<me@my.domain>, relay=none, delay=1065, delays=1035/0.01/30/0, dsn=4.4.1, status=deferred (connect to 192.168.11.2[192.168.11.2]:25: Operation timed out)

Have restarted postfix many times and tried both "IPv4 only" and "all" options.  Reinstalled, no change.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on December 07, 2013, 05:57:27 pm
Can you post part of main.cf(interface section) and output of netstat -an | grep -i listen?

Pfsense 2.1?
Title: Re: Postfix - antispam and relay package
Post by: biggsy on December 07, 2013, 06:12:22 pm
Thanks. 

Yes, 2.1-RELEASE (amd64) built on Wed Sep 11 18:17:48 EDT 2013

Not sure what you mean by "interface section".  Here is a sanitized version of main.cf:

Code: [Select]
/usr/pbi/postfix-amd64/etc/postfix/main.cf
#main.cf\
#Part of the Postfix package for pfSense
#Copyright (C) 2010 Erik Fonnesbeck
#Copyright (C) 2011-2013 Marcello Coutinho
#All rights reserved.
#DO NOT EDIT THIS FILE


mynetworks = /usr/pbi/postfix-amd64/etc/postfix/mynetwork_table
mynetworks_style = host
access_map_reject_code= 554
access_map_defer_code = 451
unverified_recipient_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
myhostname = <mail.my.domain>
bounce_queue_lifetime = 0s
postscreen_cache_retention_time = 30d
anvil_status_update_time = 1h
notify_classes = protocol
relay_domains = <first.domain> <second.domain>
transport_maps = hash:/usr/pbi/postfix-amd64/etc/postfix/transport
local_recipient_maps =
mydestination =
mynetworks_style = host
message_size_limit = 30000000
default_process_limit = 100
disable_vrfy_command = yes
strict_rfc821_envelopes = yes

#Just reject after helo,sender,client,recipient tests
smtpd_delay_reject = yes

# Don't talk to mail systems that don't know their own hostname.
smtpd_helo_required = yes
smtpd_helo_restrictions = check_helo_access pcre:/usr/pbi/postfix-amd64/etc/postfix/helo_check,
reject_unknown_helo_hostname,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
permit


smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit

# Allow connections from specified local clients and strong check everybody else.
smtpd_client_restrictions = permit_mynetworks,
reject_unauth_destination,
check_client_access pcre:/usr/pbi/postfix-amd64/etc/postfix/cal_pcre,
check_client_access cidr:/usr/pbi/postfix-amd64/etc/postfix/cal_cidr,
reject_unknown_client_hostname,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit

smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination,
reject_unauth_pipelining,
check_client_access pcre:/usr/pbi/postfix-amd64/etc/postfix/cal_pcre,
check_client_access cidr:/usr/pbi/postfix-amd64/etc/postfix/cal_cidr,
check_sender_access hash:/usr/pbi/postfix-amd64/etc/postfix/sender_access,
reject_non_fqdn_helo_hostname,
reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
reject_multi_recipient_bounce,
reject_unverified_recipient,
permit

inet_protocols = ipv4
inet_interfaces = <my.public.IP>
postscreen_disable_vrfy_command = yes
postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_action = enforce
postscreen_pipelining_enable = yes
postscreen_pipelining_action = enforce
postscreen_bare_newline_enable = yes
postscreen_bare_newline_action = enforce
postscreen_greet_action = enforce
postscreen_access_list = permit_mynetworks,
cidr:/usr/pbi/postfix-amd64/etc/postfix/cal_cidr
postscreen_dnsbl_action= enforce
postscreen_blacklist_action= enforce


and netstat output:

Code: [Select]
tcp4       0      0 <my.public.IP>.25       *.*                    LISTEN
tcp6       0      0 *.53                   *.*                    LISTEN
tcp4       0      0 *.53                   *.*                    LISTEN
tcp6       0      0 *.443                  *.*                    LISTEN
tcp4       0      0 *.443                  *.*                    LISTEN
tcp4       0      0 *.22                   *.*                    LISTEN
tcp6       0      0 *.22                   *.*                    LISTEN
Title: Re: Postfix - antispam and relay package
Post by: biggsy on December 07, 2013, 06:39:48 pm
I've been running WireShark on the mail server.  As expected, no connections to port 25.

May not be relevant but I just found these in syslog:

Code: [Select]
Dec  8 06:57:15 postfix/master[12027]: warning: ignoring inet_protocols parameter value change
Dec  8 06:57:15 postfix/master[12027]: warning: old value: "all", new value: "ipv4"
Dec  8 06:57:15 postfix/master[12027]: warning: to change inet_protocols, stop and start Postfix
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on December 07, 2013, 07:18:16 pm
That's why I have changed field info warning to restart postfix daemon after changing inet protocol or ip.

Netstat and config shows it listening on public address.
Title: Re: Postfix - antispam and relay package
Post by: biggsy on December 07, 2013, 07:59:41 pm
That's why I have changed field info warning to restart postfix daemon after changing inet protocol or ip.

That's why I thought it might not be relevant.  I have restarted many times.  Even rebooted pfSense.

Netstat and config shows it listening on public address.

Yes, postfix is receiving emails but can't forward them to the mail server, it's just queuing them. That was working perfectly prior to the update. 

Did you notice the "relay=none" in the log record?  Prior to the update it was "relay=192.168.11.2[192.168.11.2]:25"

The relay host is set in the GUI for both domains to 192.168.11.2 and I can telnet 192.168.11.2 25 from an ssh session to pfSense without any problem.
Title: Re: Postfix - antispam and relay package
Post by: biggsy on December 08, 2013, 12:23:18 am
Quote
Netstat and config shows it listening on public address.

Now I see what you were saying. 

I changed it to listen on loopback (instead of WAN) and it started delivering both queued and new emails.

I remembered you saying "choose at least wan loopback interfaces" when the package was very new but I have had postfix only listen on WAN since I first installed it.  That was the only way I could get it to work before this latest update.  I honestly don't remember the error I used to get if I listened on loopback.

Why would it need both WAN and loopback?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on December 08, 2013, 04:48:03 am
I've moved listening options from master.cf to main.cf on this latest update.

I'll test it here and update interface field info to warn about this behavior.

Thanks for your feedback.
Title: Re: Postfix - antispam and relay package
Post by: biggsy on December 09, 2013, 12:49:29 am

Without being restarted, is the postfix package somehow aware of changes in WAN IP?

It hasn't been a problem for me but I had thought about it this past couple of days.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on December 09, 2013, 10:11:02 am
It hasn't been a problem for me but I had thought about it this past couple of days.

It will work fine if you listen on loopback and create a nat rule from wan address to 127.0.0.1
Title: Re: Postfix - antispam and relay package
Post by: biggsy on December 09, 2013, 08:23:21 pm
It will work fine if you listen on loopback and create a nat rule from wan address to 127.0.0.1
no
Did you mean to say "nat rule"?  I've never had a NAT - just a rule: pass any source in to destination WAN net on port 25.

Although, I'm not using postfix for outbound.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on December 09, 2013, 08:53:14 pm
This is a common setup while using carp.

You configure the package(squid,snort,dansguardian,etc) to listen only on 127.0.0.1 and then create a nat rule to forward lan,wan,etc Carp address to 127.0.0.1.
This way you keep package running on both boxes without missing inet address startup errors.

If you configure this way on your wan, every time it changes ip, postfix will keep working as it's listening on lo0 and pfsense will keep the forward from wan address to it.
Title: Re: Postfix - antispam and relay package
Post by: biggsy on December 10, 2013, 01:55:08 am
Thank you, Marcello.  Your explanation was very instructive and helpful.

I guess I've never had a problem because I think the only time my cable IP has changed was when I rebooted pfSense - and that's very infrequent.

Title: Re: Postfix - antispam and relay package
Post by: elementalwindx on December 29, 2013, 08:39:55 am
Wish OP would update the original post with newest info so I dont have to go thru 28 pages of whatever to see what the newest changes/versions/etc are of this package...
Title: Re: Postfix - antispam and relay package
Post by: nekron on January 06, 2014, 10:24:22 am
Hi ...

I've some problem with Postfix Forwarder, it was installed on a new 2.1-RELEASE Install, the previous Version on a 2.1-BETA was functional (due HDD Crash i don't know the version
Code: [Select]
220 pfsense.xx ESMTP Postfix
HELO xxx
250 pfsense.xxx
MAIL FROM: <michael@xxx>
250 2.1.0 Ok
RCPT TO: <michael@xxx>
450 4.1.1 <michael@xxxx>: Recipient address rejected: unverified address: connect to 172.16.1.254[172.16.1.254]:25: No route to host


172.16.1.254 port 25 is reachable from the pfsense-Box !

Best regards,
michael
Title: Re: Postfix - antispam and relay package
Post by: expert_az on January 15, 2014, 03:00:36 am
Hello marcelloc,

I'm getting these errors when attempting to query from search mail tab.

instead of query results getting lines below.This happening only query with todays date(15/01/2014),when selecting another date it's working ok.

Warning: sqlite_open(): file is encrypted or is not a database in
/usr/local/www/postfix.php on line 544 Warning: sqlite_query() expects parameter 1 to be resource, string given in
/usr/local/www/postfix.php on line 606 Warning: sqlite_fetch_array() expects parameter 1 to be resource, null given in
/usr/local/www/postfix.php on line 610 Warning: sqlite_fetch_array() expects parameter 1 to be resource, null given in
/usr/local/www/postfix.php on line 610 Warning: sqlite_fetch_array() expects parameter 1 to be resource, null given in
/usr/local/www/postfix.php on line 610 Warning: sqlite_fetch_array() expects parameter 1 to be resource, null given in
/usr/local/www/postfix.php on line 610 Warning: sqlite_fetch_array() expects parameter 1 to be resource, null given in


in addidion to this problem i'm getting error below when starting,restrating postfix.

php: /status_services.php: The command '/usr/local/etc/rc.d/postfix.sh stop' returned exit code '1', the output was '/usr/pbi/postfix-amd64/sbin/postconf: warning: /usr/pbi/postfix-amd64/etc/postfix/master.cf: unused parameter: user=postfix'

Title: Re: Postfix - antispam and relay package
Post by: mauricioniñoavella on February 03, 2014, 12:17:59 pm
Hello friends, this is me showing this error.  in Package Version 2.10.2 pkg v.2.3.7

I confirm if Postfix - antispam and relay package, can confirgurar with tls

this is the error

February 3 12:23:57 postfix / smtp [40769]: instead, send to (port submission/587) WITH STARTTLS
February 3 12:23:57 postfix / smtp [40769]: CLIENT wrappermode (port smtps/465) is unimplemented


So I have add to main.cf:

smtp_sasl_auth_enable = yes
relayhost = [smtp.xxx.xx]: 465
smtp_sasl_password_maps = hash :/ etc / postfix / sasl_passwd
smtp_sasl_tls_security_options = noanonymous
smtp_tls_security_level = encrypt
smtp_tls_mandatory_protocols =

Thanks for you colaboration.

Mauricio Niño Avella.
Title: Re: Postfix - antispam and relay package
Post by: ics on February 12, 2014, 08:13:44 am
Hi,

I have multifuntion printers used for scan to email.
Is it possible to configure postfix/postscreen to not reply "service currently unavailable" at the first connection of these MFP without allowing them to relay to internet ?
I mean I don't want to add the IPs in the MyNetworks list because it also allows these IPs to relay to internet.

Thanks
Title: Re: Postfix - antispam and relay package
Post by: yaboc on February 13, 2014, 04:47:17 pm
hi Marcello

using this great tool and having some issues with the some good mails discarded by header checks because of mis-configured sender's server.

Feb 12 15:57:11    postfix/smtpd[10780]: connect from ms1.cernerasp.com[159.140.193.46]
Feb 12 15:57:11    postfix/smtpd[10780]: NOQUEUE: reject: RCPT from ms1.cernerasp.com[159.140.193.46]: 550 5.7.1 <taspmomail01.cmsext.com>: Helo command rejected: Host not found; from=<infoviewreport@hvhc.org> to=<me@mydomain.com> proto=ESMTP helo=<taspmomail01.cmsext.com>
Feb 12 15:57:16    postfix/smtpd[10780]: disconnect from ms1.cernerasp.com[159.140.193.46]

is there an easy workaround without disabling the spam checks? thanks

yaboc

Title: Re: Postfix - antispam and relay package
Post by: biggsy on February 13, 2014, 11:57:09 pm
Best thing to do is have the admin for that mail server fix the DNS entry but you could try adding this to your Access Lists, Header section:

Code: [Select]
/^From:.*@hvhc.org/ OK
Title: Re: Postfix - antispam and relay package
Post by: informatica_cmav on February 14, 2014, 09:24:56 am
Hello everybody,

We have postfix forwarder working for 1 year, yesterday I update pfsense from 2.0.1 to 2.1 and reinstall postfix. Today we do not receive external mails, in the maillog we have "Recipient address rejected: unverified address" in all msgs.

I search the forums and change the listen interfaces to loopback and create a nat to forward the traffic on port 25 from WAN to loopback. But the problem persists.

I found a topic (https://forum.pfsense.org/index.php/topic,70541.0.html) that says that I need to configure something on Recipient tab, I really don´t have anything on this tab before.

My questions are :
- With the update to postfix forwarder 2.10.2 pkg v.2.3.7 it is mandatory to put the list of mail in Recipients?
- We work with Zimbra the  LDAP fetch can be used with non AD enviroment?

Thanks a lot


Title: Re: Postfix - antispam and relay package
Post by: yaboc on February 28, 2014, 02:53:59 pm
Best thing to do is have the admin for that mail server fix the DNS entry but you could try adding this to your Access Lists, Header section:

Code: [Select]
/^From:.*@hvhc.org/ OK

i did add it and it's still dropping the mail sporadically. they company is using 3rd party server with their email as sender and i keep having problems with it. emails from their onsite server are coming in fine. so that be a misconfiguraed server. is disabling helo checks bad idea? it's becoming an issue now but i dont want to open doors to hell. i have a couple other mails that are good but i think their mail servers might be misconfigured. should i scan their domain with mx tool for mx server names and add those to "helo" part of access list ?
Title: Re: Postfix - antispam and relay package
Post by: Bittone66 on March 05, 2014, 11:47:54 am
Hello Guys,
I have been using Postfix Forwarder for more than a year with great success.
Now I moved the Pfsense VM to another server, upgraded to 2.1 and I have this problem:
Code: [Select]
Mar  5 18:38:08 pfsense postfix/smtpd[25953]: connect from www.archidata.it[87.241.18.18]
Mar  5 18:38:08 pfsense postfix/smtpd[25953]: warning: connect to private/anvil: Connection refused
Mar  5 18:38:08 pfsense postfix/smtpd[25953]: warning: problem talking to server private/anvil: Connection refused
Mar  5 18:38:09 pfsense postfix/smtpd[25953]: warning: connect to private/anvil: Connection refused
Mar  5 18:38:09 pfsense postfix/smtpd[25953]: warning: problem talking to server private/anvil: Connection refused
Mar  5 18:38:09 pfsense postfix/smtpd[25953]: NOQUEUE: reject: RCPT from www.archidata.it[87.241.18.18]: 450 4.1.1 <xxxx@alfa.it>: Recipient address rejected: unverified address: connect to 172.16.16.20[172.16.16.20]:25: Operation timed out; from=<xxxxxx@archidata.it> to=<xxxxxx@alfa.it> proto=ESMTP helo=<www.archidata.it>
Mar  5 18:38:09 pfsense postfix/smtpd[25953]: warning: connect to private/anvil: Connection refused
Mar  5 18:38:09 pfsense postfix/smtpd[25953]: warning: problem talking to server private/anvil: Connection refused
Mar  5 18:38:10 pfsense postfix/smtpd[25953]: warning: connect to private/anvil: Connection refused
Mar  5 18:38:10 pfsense postfix/smtpd[25953]: warning: problem talking to server private/anvil: Connection refused
Mar  5 18:38:10 pfsense postfix/smtpd[25953]: disconnect from www.archidata.it[87.241.18.18]

Looks similar to a previous problem in this forum flow, so I tried forwarding to localhost and setting Postifx to listen on localhost but the error remains.

Now I'm forwarding directly to the DMZ in order to have email delivered (yes, the real mail server listens and works on 172.16.16.20:25).
I did not setup the LDAP verification of recipient since I'll leave it to the mail server (no problem with load).
One more thing: I disabled anvil and always get the anvil communication error.
I already removed and re-installed the forwarder 3 times with no success.
Thanks for your kind attention and support

Alberto
Title: Re: Postfix - antispam and relay package
Post by: Bittone66 on March 10, 2014, 08:33:34 am
Hello,
I took a alook at the enrated main.cf and, as far as I know, the entire section on smtpd_recipient_restrictions should not be there since my reicipient tab is empty and this is just a relay server.

Is there a way to tell the package not to write the whole section?
Thanks

Alberto
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on March 11, 2014, 01:47:29 pm
this is just a relay server.

Inbound or outbound?

Is there a way to tell the package not to write the whole section?
you can edit snort.inc and comment this part.
Title: Re: Postfix - antispam and relay package
Post by: tfjelde on March 13, 2014, 02:38:47 pm
Hi all

I'm trying to get the mail search to work with no luck.

All setting are correct as fare as i know

Loggin Destination to /var/log/maillog
Update Sqlite frequency every minute
and i have inlcude /^Subject:/ WARN line in Acl Headers

doing a  tail -f /var/log/maillog shows lines like this
postfix/cleanup[22445]: 9249F114D0: warning: header Subject: test from mail.####.no

But no other db files than postscreen_cache.db and verify_cache.db
is showing up in /var/db/postfix

2.1-RELEASE (i386)
built on Wed Sep 11 18:16:22 EDT 2013
FreeBSD 8.3-RELEASE-p11
Postfix 2.10.2 pkg v.2.3.7

Any suggestions on what to try next ?
Title: Re: Postfix - antispam and relay package
Post by: Bittone66 on March 14, 2014, 04:09:24 am
Hi Marcello,
thanks for your kind attention.
It's juts an inboud relay to block spammers, I'm not uysing it as outbound relay.
One update: I removed the recipient section by editing postfx.inc file, still the problem of postfix not being able to communicate to the destination server on port 25 remains.
So I used the portforward to localhost and everything started working again.
Would you accept a "feature request" here like adding a "Don't verify recipients" checkbox to the interface in order not to generate thet part of the main.cf?
Bye

Alberto
Title: Re: Postfix - antispam and relay package
Post by: JJYVON on April 11, 2014, 10:06:00 am
Hi

Thanks Marcello for this great package.

someone can help me with the mail search function ?
I have made the configuration
Quote
To use Diagnostics -> Search mail you need to:
Select Loggin Destination to /var/log/maillog (done)
Select update Sqlite frequency (every minute)
Inlcude /^Subject:/ WARN line in Acl Headers after all your Subject rules (done)
.

In my var log i have the WARN for header
Quote
Apr 10 09:35:32 disbox-utm postfix/cleanup[9968]: D117313C4F4: warning: header Subject:
and some NOQUEUE
Quote
Apr 10 09:35:52 disbox-utm postfix/postscreen[8797]: NOQUEUE: reject: RCPT

yyyy-mm-dd.db are created in /var/db/postfix/ but they are empty

I dont understand what i'm doing wrong

Thanks for your help !
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on April 11, 2014, 11:22:14 am
check if cron is set and try to run it on console.
Title: Re: Postfix - antispam and relay package
Post by: JJYVON on April 14, 2014, 02:15:16 am
Hi marcelloc
check if cron is set and try to run it on console.

My cron is empty

where is the commande i need to run in console

I have another question can i modify the message add to every mail

Quote
Ce message a été vérifié par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a été trouvé.
MailScanner remercie transtec pour son soutien.



[update]

I have found the command normaly created with the GUI
I have found where i can edit the MailScanner
I think i  have an issue with the interface when i modify something in the configuration, nothing  change
I have add the LDAP in recipients no cron was created

My version of pfSENSE is : 2.1.2-RELEASE (amd64)
with this packages:
- Postfixe Forwarder is 2.10.2 pkg v.2.3.7
- MailScanner 4.84.6 pkg v.0.2.4
- HAVP Antivirus 0.91_1 pkg v1.01
- Squid3 0.91_1 pkg v1.01
- squidGuard-squid3 1.4_4 pkg v.1.9.5

I think i have an issu with the GUI

Thanks.
Title: Re: Postfix - antispam and relay package
Post by: dneuhaeuser on April 18, 2014, 11:37:17 am
Hi,

I think I found a small bug in the current version of the postfix forwarder package.


If I set postfix to only listen on my WAN interface, I get a not working configuration:

The connection to my internal mailserver is refused, although everything else is configured right and the mailserver is in fact reachable!
The log states "relay=none" (??)

----
Apr 18 17:41:03 fw postfix/smtp[40257]: connect to 192.168.135.10[192.168.135.10]:25: Connection refused
Apr 18 17:41:03 fw postfix/smtp[40257]: 8FAAE3C04BA: to=<administrator@mydomain.de>, relay=none, delay=566, delays=566/0.01/0.02/0, dsn=4.4.1, status=deferred (connect to 192.168.135.10[192.168.135.10]:25: Connection refused)

----


If I select "Listen on all interfaces/ip addresses" instead, it starts working and the mails are delivered:

----
Apr 18 17:50:53 fw postfix/postfix-script[921]: refreshing the Postfix mail system
Apr 18 17:50:53 fw postfix/master[9869]: reload -- version 2.10.2, configuration /usr/pbi/postfix-i386/etc/postfix
Apr 18 17:50:53 fw postfix/master[9869]: warning: service 25: ignoring inet_interfaces change
Apr 18 17:50:53 fw postfix/master[9869]: warning: to change inet_interfaces, stop and start Postfix
Apr 18 17:50:53 fw postfix/qmgr[1595]: 8FAAE3C04BA: from=<the@sender.de>, size=236, nrcpt=1 (queue active)
Apr 18 17:50:54 fw postfix/smtp[2007]: 8FAAE3C04BA: to=<administrator@mydomain.de>, relay=192.168.135.10[192.168.135.10]:25, delay=1156, delays=1156/0.01/0.03/0.51, dsn=2.6.0, status=sent (250 2.6.0 <0a3df1d7-0ec3-4338-ad9d-7bdd1509cc6f@SBS2011.company.local> [InternalId=7375] Queued mail for delivery)

----


BUT only until the next RESTART of postfix service!

Then I get this error:

-----
Apr 18 17:53:07 fw postfix/postfix-script[26351]: starting the Postfix mail system
Apr 18 17:53:07 fw postfix/master[26926]: fatal: /usr/pbi/postfix-i386/etc/postfix/master.cf: line 1: no valid IP address found: 25
Apr 18 17:53:08 fw postfix/master[26649]: fatal: daemon initialization failure
Apr 18 17:53:09 fw postfix/postfix-script[27153]: fatal: mail system startup failed

-----

The problem could be that the parameter "inet_interfaces" in main.cf is set to an empty value.
Shouldn't this be set to "all" in this case?


A currently working setup for me is to select all three "LAN + WAN + loopback" as listen interfaces!

In an older version of postfix package this wasn't necessary.


Regards
Dennis
Title: Re: Postfix - antispam and relay package
Post by: brokendash on April 18, 2014, 01:44:46 pm
I too am having the same issue after upgrading to 2.1.2 i386, gathering info for more detailed post. 

Title: Re: Postfix - antispam and relay package
Post by: biggsy on April 18, 2014, 03:43:03 pm
Listen on loopback instead. 

Have a read of this: https://forum.pfsense.org/index.php?topic=70541.0 (https://forum.pfsense.org/index.php?topic=70541.0)
Title: Re: Postfix - antispam and relay package
Post by: brokendash on April 25, 2014, 03:10:57 pm
How do you handle IPv6? My setup must listen on ipv6 as well as the IP4 addresses, not sure why things strayed from normal behavior of master.cf.  If you specify multiple postscreen master.cf entries as is done when selecting multiple interfaces in the gui in the past would produce errors if multiple postscreen processes trying to hit a single runtime db. So unless someone can suggest an alternative I think that restoring the master.cf functionality to what was previously no issue is t
Title: Re: Postfix - antispam and relay package
Post by: biggsy on April 26, 2014, 06:40:00 pm
postfix 2.11 was  released (http://permalink.gmane.org/gmane.mail.postfix.announce/146) in January and, among other things, it contains the following enhancement:
Quote
  * A new postscreen_dnsbl_whitelist_threshold feature to allow
    clients to skip postscreen tests based on their DNSBL score.
    This can eliminate email delays due to "after 220 greeting"
    protocol tests, which otherwise require that a client reconnects
    before it can deliver mail. Some providers such as Google don't
    retry from the same IP address, and that can result in large
    email delivery delays.

Any chance of an updated package based on postfix 2.11?
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on April 28, 2014, 02:39:41 am
postfix 2.11 was  released (http://permalink.gmane.org/gmane.mail.postfix.announce/146) in January and, among other things, it contains the following enhancement:
Quote
  * A new postscreen_dnsbl_whitelist_threshold feature to allow
    clients to skip postscreen tests based on their DNSBL score.
    This can eliminate email delays due to "after 220 greeting"
    protocol tests, which otherwise require that a client reconnects
    before it can deliver mail. Some providers such as Google don't
    retry from the same IP address, and that can result in large
    email delivery delays.

Any chance of an updated package based on postfix 2.11?
Oh yes please!
Title: Re: Postfix - antispam and relay package
Post by: childrenofsolium on May 22, 2014, 10:21:54 am
Hello

Is there any way to configure ssl authentication on the relay server? my mail server is configured to listen on port 465 with ssl and I don't know how to relay the messages to that port

Best regards, ChildrenOfSolium
Title: Re: Postfix - antispam and relay package
Post by: dsy on June 09, 2014, 04:21:11 am
Hello

I would like to disable all anti-spam in postfix because I use a custom Milter (https://en.wikipedia.org/wiki/Milter) plugin.
How can I disable reject_unknown_sender_domain or smtpd_helo_required ?

Thank you.

Parameters in "custom mail.cf" field are not applied because of precedence as you can see:
Code: [Select]
mynetworks = /usr/pbi/postfix-i386/etc/postfix/mynetwork_table
mynetworks_style = host
access_map_reject_code= 554
access_map_defer_code = 451
unverified_recipient_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
smtpd_sender_restrictions = permit # not applied!
smtpd_milters = inet:<milter IP>:7830
milter_default_action = reject
show_user_unknown_table_name = no
smtpd_helo_required = no # not applied!
bounce_queue_lifetime = 0d
relay_domains = mydomain.com
transport_maps = hash:/usr/pbi/postfix-i386/etc/postfix/transport
local_recipient_maps =
relay_recipient_maps = hash:/usr/pbi/postfix-i386/etc/postfix/relay_recipients
mydestination =
mynetworks_style = host
message_size_limit = 10240000
default_process_limit = 100
#Just reject after helo,sender,client,recipient tests
smtpd_delay_reject = yes

# Don't talk to mail systems that don't know their own hostname.
smtpd_helo_required = yes


smtpd_sender_restrictions = reject_unknown_sender_domain,
permit
Title: Re: Postfix - antispam and relay package
Post by: yaboc on June 11, 2014, 03:15:25 pm
postfix 2.11 was  released (http://permalink.gmane.org/gmane.mail.postfix.announce/146) in January and, among other things, it contains the following enhancement:
Quote
  * A new postscreen_dnsbl_whitelist_threshold feature to allow
    clients to skip postscreen tests based on their DNSBL score.
    This can eliminate email delays due to "after 220 greeting"
    protocol tests, which otherwise require that a client reconnects
    before it can deliver mail. Some providers such as Google don't
    retry from the same IP address, and that can result in large
    email delivery delays.

Any chance of an updated package based on postfix 2.11?
Oh yes please!

second that!
Title: Re: Postfix - antispam and relay package
Post by: biggsy on June 12, 2014, 02:40:12 am
Sorry, yaboc, Bismarck is second.  You'll have to go third  :)

If Google is your main problem and you missed this post (https://forum.pfsense.org/index.php?topic=73237.msg424108#msg424108), give it a try. 

It is a bit of a "broad brush" but it's been working well for me.
Title: Re: Postfix - antispam and relay package
Post by: wawawawa on June 12, 2014, 09:23:05 am
Hi All

I have the postfix package all set up and working, forwarding all incoming mail to a next hop internal MTA.

I would also like to BCC all mail to an address used by an external mail scanning system.

As far as I understand, this should be as easy as adding the following line to the custom main.cf section in the pfSense WebUI:

always_bcc = archive@<internal ip of mta>

However... It's not working.

Does anyone have any suggestions to troubleshoot this or an alternate way to achieve the same end-result.

Many thanks for your time!

Cheers

Title: Re: Postfix - antispam and relay package
Post by: malteG on June 16, 2014, 09:25:02 am
Hi Guys,

i am just new here although i am using pfsense since a while for different purposes in a vmware environment.
So far i am really happy.

But i have one concern & problem i discovered today around the postfix-forwarder package :

Domains added in the "forward" tab shouldn't be added to relay_domains in main.cf per default.
Since transports and relay_domains are two totally different things.

I'd suggest to run a regex over the aggregated relay_recipients and filter out the domain parts and include those automatically
or make a checkbox next to each domain to include it in relay_domains.
But still this doesn't make much sense and i cannot see the reason in defining a specific transport - and then delivery to these domains fails since the recipients in that domain are not listed in relay_recipients...

And yes it makes sense, to separate, just think about having several vpn connections - so you want to send mail from i.e. branch offices to main offices to the internal mail server via vpn, without knowing who is a valid recipient there.
Otherwise callback verify should be enabled, so on delivery attempts to domains in the transport section postfix runs a test against the defined mail server to check if that one is accepting mail for that recipient.

Anyway some might say this should be properly solved with DNS - but i tend to disagree since this is rendering the transports useless.

What do you guys think ?
For now, i fixed it by putting my actual relay_domains into postfix.inc and commented out the part where it adds the transport domains to relay_domains.
Title: Re: Postfix - antispam and relay package
Post by: wawawawa on June 16, 2014, 09:27:01 am
Hi All

I have the postfix package all set up and working, forwarding all incoming mail to a next hop internal MTA.

I would also like to BCC all mail to an address used by an external mail scanning system.

As far as I understand, this should be as easy as adding the following line to the custom main.cf section in the pfSense WebUI:

always_bcc = archive@<internal ip of mta>

However... It's not working.

Does anyone have any suggestions to troubleshoot this or an alternate way to achieve the same end-result.

Many thanks for your time!

Cheers

Hi All,

Maybe I can give a little more information here!

The config I add in the custom area in the WebUI is not seen when I use
Code: [Select]
postconf from the cli to check the active config of Postfix.

I have restarted postfix so it should be generating new config.

Any ideas?

Thanks
Title: Re: Postfix - antispam and relay package
Post by: yaboc on June 18, 2014, 01:19:21 pm
Sorry, yaboc, Bismarck is second.  You'll have to go third  :)

If Google is your main problem and you missed this post (https://forum.pfsense.org/index.php?topic=73237.msg424108#msg424108), give it a try. 

It is a bit of a "broad brush" but it's been working well for me.

ha as long as it gets implemented i can wait ;) thanks for the google list biggsy, but there are other emails that we get from same domain / multiple MTAs and it's annoying. sometimes it can take hours for the mail to finally come through.

also i noticed 'permit' is used per line whereas the HINT says to use OK / REJECT
i put OK and see if it works for google servers.

Thanks
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on June 23, 2014, 04:44:39 pm
Sorry, yaboc, Bismarck is second.  You'll have to go third  :)

If Google is your main problem and you missed this post (https://forum.pfsense.org/index.php?topic=73237.msg424108#msg424108), give it a try. 

It is a bit of a "broad brush" but it's been working well for me.
Thanks biggsy, but unfortunately google is not the only problem, I'm tweaking my whitelist (yahoo, hotmail etc...) since few days but its a demanding job over time, so postscreen_dnsbl_whitelist_threshold would be a great help here.
Title: Re: Postfix - antispam and relay package
Post by: jaredadams on June 24, 2014, 09:29:51 am
Hi, I'm looking for some clarification on settings.  Currently I have a good amount of legit email bouncing off the Helo tests

Code: [Select]
Jun 24 09:16:51 pfsense postfix/smtpd[47197]: NOQUEUE: reject: RCPT from outbound1.notrealdomain.com[12.xx.xxx.82]: 550 5.7.1 <ironport1.notrealdomain.com>: Helo command rejected: Host not found
I think our problem is the mismatch in hostnames.  I dont want to turn off the helo tests completely as they serve a good function for when no helo at all is recieved back, but I'd like to be able to ignore these mismatches.
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on June 24, 2014, 04:04:54 pm
Hi, I'm looking for some clarification on settings.  Currently I have a good amount of legit email bouncing off the Helo tests

Code: [Select]
Jun 24 09:16:51 pfsense postfix/smtpd[47197]: NOQUEUE: reject: RCPT from outbound1.notrealdomain.com[12.xx.xxx.82]: 550 5.7.1 <ironport1.notrealdomain.com>: Helo command rejected: Host not found
I think our problem is the mismatch in hostnames.  I dont want to turn off the helo tests completely as they serve a good function for when no helo at all is recieved back, but I'd like to be able to ignore these mismatches.

https://forum.pfsense.org/index.php?topic=63343.0

Try in helo acl field:

/ironport1.notrealdomain.com/ OK (this is for HELO)

and in CIDR field:

12.xx.xxx.82 OK (this is for legitimate clients without or wrong rDNS)
Title: Re: Postfix - antispam and relay package
Post by: gnordli on September 04, 2014, 06:05:31 pm
I am using the postfix forwarder on pfsense.

Outbound email sent to google is getting tagged as spam and ending up in people's spam folder.

I have done some testing using http://www.allaboutspam.com/email-server-test/ and it passes everything except for BATV and DKIM.

From what I have read the lack of DKIM can cause google to mark it as spam. 

Any ideas on setting DKIM up on pfsense?

thanks,

Geoff
Title: Re: Postfix - antispam and relay package
Post by: toddh on September 09, 2014, 06:17:47 pm

Hello,

I am new to pfSense and am looking at using it to replace some postfix - spamassassin - clam gateways.  We have a mail server behind and we want to forward several domains. 

For the Recipients we are exporting the user list to Postfix via clean text url and that is working perfectly. 

Does anyone have a way to automate/read the Forwarding Domains rather than enter them manually?

In our current system we export the transport file to the gateways.  The transport file is used for both the transport_map and the relay_domains.  I started working on this then realizes someone else probably has come across the same issue. 

Thanks!

Todd

Title: Re: Postfix - antispam and relay package
Post by: yaboc on September 18, 2014, 12:34:57 am
Hi,

I've been using postfix forwarder for about a year now which listens on loopback and delivers mail to internal exchange. However i can't telnet either the main WAN on 25 that postfix forwarder listens on on exchange (on it's own separate IP).

We must allow one host to be able to relay the mail. How would i set this up ?

Also not sure if this will make things easier or more complicated but we have the ability to connect with the host with IPSEC and relay directly to exchange however I can't telnet to exchange even via the IPSEC via the local exchange IP.

Would postfix forwarder have any say in it as well ? Catching mail on 25 that goes through VPN? Anything i have to set up to get this working?
 
Thanks

yaboc
Title: Re: Postfix - antispam and relay package
Post by: biggsy on September 18, 2014, 02:57:33 am
Toddh,

The list of relay domains and their corresponding destination IPs is held in /usr/pbi/postfix-amd64/etc/postfix/transport

I think this is just used to build /usr/pbi/postfix-amd64/etc/postfix/transport.db using the command

Code: [Select]
postmap  /usr/pbi/postfix-amd64/etc/postfix/transport
The transport.db file is then used by postfix, rather the plaintext transport file.

You could try creating a new transport file in the right format and run the above command but I suspect both would be overwritten if postfix is restarted. 
Title: Re: Postfix - antispam and relay package
Post by: biggsy on September 19, 2014, 05:03:22 pm
Yaboc,

Are you saying that you want an external host to go directly to your Exchange server, bypassing postfix?

If so, would it not be easier to create a rule on your WAN, above the postfix one, to pass port 25 from that source host to the Exchange server?
Title: Re: Postfix - antispam and relay package
Post by: yaboc on September 22, 2014, 08:37:38 am
biggsy,

that is correct, i have one host that i'd like to relay email through our exchange bypassing postfix, because it doesn't seem to work (relaying) with the default postfix forwarder setup.

i'd prefer to make it as secure as possible and have ipsec in place between the host and our exchange but i can't even telnet to exchange using local ip, which is strange because i can do it from through other tunnels i have set up and the rules are any/any among tunnels.

i'll try your suggestion and report back but preferably i'd like to get it to work over ipsec if possible.

thank you!
Title: Urgent: Is it possible to have StartTLS with PFS?
Post by: twaldorf on September 22, 2014, 08:49:54 am
Is it possible to have StartTLS with PFS on pfSense 2.1.5-RELEASE (i386) / FreeBSD 8.3-RELEASE-p16 with Postfix 2.10.2 pkg v.2.3.7?

If it's possible: What do I have to add to custom main.cf options and with which options I have to create a working self signed certificate/key?
Title: Re: Postfix - antispam and relay package
Post by: pyrodex on September 25, 2014, 11:53:20 am
Any chance of getting this to work in 2.2?
Title: Re: Postfix - antispam and relay package
Post by: FlashPan on September 26, 2014, 12:04:27 pm
Hi all,

Hoping someone can help me out with this type of spam I just cannot figure out how to stop.

Below is the message header for they type of emails I am getting

In outlook I see and email from Louie.Whaley@bt.com but obviously we can see it's not come from there but bondhub.

Is it possible to stop this "type" of email without having to manually enter each domain to be blocked/stopped?

Apologies if this is a rather vague question with little info on my setup as I am not sure what is pertinent to you chaps of what you require and I am the more click, install and depend on gui type to setup this type of stuff.

What I can say is that I am running:

pfsense 2.1.5 32 bit
postfix 2.10.2 pkg v.2.3.7
mailscanner 4.84.6 v.0.2.6

I do have other apps like pfblocker and snort running but would prefer to use mailscanner if possible to block this type of stuff.

Thanks in advance for any replies.  It is most appreciated.


Received: from mail.XXXX.co.uk (192.168.XXX.XXX) by XXXX.XXXX.corp
 (192.168.XXX.XXX) with Microsoft SMTP Server id 14.3.210.2; Fri, 26 Sep 2014
 14:07:08 +0100
Received: from 106.247.219.88.rev.sfr.net (106.247.219.88.rev.sfr.net
 [88.219.247.106])   by mail.XXXX.co.uk (Postfix) with ESMTP id E93C867BB   for
 <XXXX@XXXX.co.uk>; Fri, 26 Sep 2014 14:07:01 +0100 (BST)
Message-ID: <CK386WZL.3794015@bondhub.com>
Date: Fri, 26 Sep 2014 15:13:09 +0100
From: Louie Whaley <Louie.Whaley@bt.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: <XXXX@XXXX.co.uk>
Subject: Important - BT Digital File
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit
X-sufu-MailScanner-Information: Please contact the ISP for more information
X-sufu-MailScanner-ID: E93C867BB.A2828
X-sufu-MailScanner: Found to be clean
X-sufu-MailScanner-From: onyxnf@bondhub.com
X-Spam-Status: No
Return-Path: onyxnf@bondhub.com
X-MS-Exchange-Organization-AuthSource: XXXX.XXXX.corp
X-MS-Exchange-Organization-AuthAs: Anonymous
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on September 26, 2014, 11:34:42 pm
Hoping someone can help me out with this type of spam I just cannot figure out how to stop.

Hi FlashPan, this can be done easily with postfix:

1. Setup a proper RBL server List, you can combine as many as you wish if you set a higher RBL threshold. Which could block dynamic ips by default also = 106.247.219.88.rev.sfr.net [88.219.247.106])

2. Postfix > antispam > Header add this:

/^Received:.*rev.sfr.net / REJECT #will reject ALL dynamic ips from *rev.sfr.net

/^From:.*@bt.com/ REJECT #will reject all mail from *someone*@bt.com

/^Subject:.*(Important - BT Digital File):/ REJECT #will reject all mail with subject *Important - BT Digital File*

4. Subscribe additional rules for MailScanner/Spamassassin (google it)

https://wiki.apache.org/spamassassin/CustomRulesets

5. You also can write your own rules for MailScanner/Spamassassin:

https://wiki.apache.org/spamassassin/WritingRules

place your custom rules in /var/db/spamassassin/3.004000/70_myrules.cf and restart MailScanner. After adding new rules always check your mail log for errors or false positives! But Postfix is easier to handle, so start there.

Using pfblocker for spam prevention is a BAD idea, because you will miss if a legit email gets blocked etc....

Good luck!
Title: Re: Postfix - antispam and relay package
Post by: biggsy on September 27, 2014, 02:00:41 am

Subject: Important - BT Digital File


Hmmm, smells like phish.  Hope your users are clued up about that stuff.

An example of what Bismarck is recommending in point 1.

Paste this into your Postfix > Antispam > RBL Server list

Code: [Select]
zen.spamhaus.org*2, bl.spamcop.net, 0spam.fusionzero.com
and set your RBL threshold to 2.

spamhaus catches most of this sort of stuff on my system, hence the *2 to breach the threshold. 

88.219.247.106 is definitely listed.
Title: Re: Postfix - antispam and relay package
Post by: biggsy on September 27, 2014, 02:29:51 am
Any chance of getting this to work in 2.2?

Are you talking about Postfix forwarder on 2.2?  I have had some problems with that. 

Installing postfix on 2.2 (with a config restored from 2.1.5) I'm getting the following:

Code: [Select]
postfix/postfix-script[56365]: fatal: no Postfix daemon directory /usr/local/libexec/postfix!

and

Code: [Select]
php-fpm[7873]: /pkg_mgr_install.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory'
php-fpm[7873]: /pkg_mgr_install.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory'

Then the following repeats about 5 or 6 times:

Code: [Select]
php-fpm[8074]: /pkg_edit.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory'
php-fpm[8074]: /pkg_edit.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory'



All this could be due to the restored config but I don't know.
Title: Re: Postfix - antispam and relay package
Post by: FlashPan on September 27, 2014, 03:52:44 am
Thanks Bismark and biggsy,

I do have zen.spamhaus.org, bl.spamcop.net, dnsbl.sorbs.net set in my RBL list and the threshold is set to 2 already.  These options have been set for months.  On my firewall I'm set the automatic nat outbound rule generation so none of the rbl servers should be blocked to interogate.

Postfix is set the listen on LAN, WAN and loopback (quite a while back I only had Lan or Wan selected - if I remember correctly I think a version upgrade stop mail flowing through and only using all 3 got it working again).

Access Lists > Header:

/^Subject:/ WARN
/^From:/ HOLD
/^To:.*@MyDomain.co.uk/ HOLD

Antispam > Header verifiction: set to basic as when set to string alot of legit emails do not make it through.

Antispam > After greeting tests: all selected

In the Mailscanner app under AntiSpam > Spamchecks the only element I have selected is "Spam Checks (yes)"  Nothing else is selected or have a value entered.  Could that be causing some sort of clash?

Mailscanner > AntiSpam > Spam Assassin > Features:  All is selected except for Include Binary Attachments and Wait during bayes rebuild

Am still at a loss :)

One other thing I have noticed is that with the Postfix widget I only see values for Sent, nothing for Rejected etc. - actually I have never seen anything except for Sent.

Emails are being rejected as when I use the Search mail feature I can see entries like this:

Sep 26 10:12:00 wing@cybercatinc.com steve@XXXX.co.uk reject
Sep 26 09:22:16 tejedas@embarq.com steve@XXXX.co.uk reject
Sep 26 09:22:16 tejedas@embarq.com j6g05dt3po6rorq@XXXX.co.uk reject

(the top 2 recipients are valid the 3rd recipient does not exist)

Apologies now, as before I did not give much detail on my setup and now I could be overloading with all the wrong info.  :P

Cheers again all and thanks once again for your help.
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on September 27, 2014, 04:59:04 am
First in Search Mail > Message Fields: mark all and search again, this will show you much more information. Or even better you login via putty/ssh and watch the logs live:

Code: [Select]
tail -f /var/log/maillog
Quote
Access Lists > Header:
/^Subject:/ WARN
/^From:/ HOLD
/^To:.*@MyDomain.co.uk/ HOLD

scratch that, you have just c&p the example stuff there, this would be a valid list:

Code: [Select]
#Remove sensitive information from email headers
/^Received: from MTA.LOCAL*/ IGNORE
/^Received:.*with ESMTPS/ IGNORE
/^X-Originating-IP:/ IGNORE
/^User-Agent:/ IGNORE
# SPAM
/^Received:.*rev.sfr.net / REJECT
/^From:.*@bt.com/ REJECT
/^Subject:.*(Important - BT Digital File):/ REJECT
# HAM
/^From:.*@XXXX.co.uk / OK

Quote
Antispam > After greeting tests: all selected

You may take this (https://forum.pfsense.org/index.php?topic=73237.msg424108#msg424108) into account. (thanks biggsy)

Quote
Emails are being rejected as when I use the Search mail feature I can see entries like this:
Sep 26 10:12:00 wing@cybercatinc.com steve@XXXX.co.uk reject
Sep 26 09:22:16 tejedas@embarq.com steve@XXXX.co.uk reject
Sep 26 09:22:16 tejedas@embarq.com j6g05dt3po6rorq@XXXX.co.uk reject
(the top 2 recipients are valid the 3rd recipient does not exist)

Postfix  > Access Lists > MyNetworks

Your IPs should be listed here, like:

Code: [Select]
192.168.0.7 # internal mailhost
192.168.0.1 # pfs lan
127.0.0.1   # pfs loopback

and enable Postfix  > Recipients > AD etc..

Cheers!  ;)
Title: Re: Postfix - antispam and relay package
Post by: FlashPan on September 28, 2014, 04:06:21 am
Thanks for all the info Bismarck.  At the moment I'm not using the options uner #SPAM as I'm still; liking to get this tuff generally blocked without manual intervention...great info though for me in the future.

Am not sure why I would want to whitelist google servers?  Surely that is only going to effect email coming in from google/gmail and nothing else?

I've added my ip's under Postfix  > Access Lists > MyNetworks

Have been sending through some test spam/virus emials but it look like my logs have now randomly corrupted I think as when I search for anything the results are blank or give something starting with Warning: sqlite_query(): no such column: mail_status.info in /usr/local/www/postfix.php on line 606 Warning:

For Postfix  > Recipients I've set Custom Valid recipients as I've not installed the p5-perl-ldap package yet.

Cheers again  :D
Title: Re: Postfix - antispam and relay package
Post by: yaboc on September 28, 2014, 11:39:55 am
my postfix service doesn't stop from the services page and even when i disable the forwarder and rebbot pfsense it seems to be running. im on the current version (pf + package). any ideas why? can i kill it from cli?
Title: Re: Postfix - antispam and relay package
Post by: jaredadams on September 30, 2014, 10:36:54 am
Can someone enlighten me as to which setting(s) in the configuration causes this check?

NOQUEUE: reject: RCPT from unknown[X.X.X.X]: 550 5.7.1 Client host rejected: cannot find your hostname, [X.X.X.x]; from=<email@domain.com> to=<email@mycompany.com> proto=ESMTP helo=<[X.X.X.X]>
 
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on September 30, 2014, 01:07:19 pm
Can someone enlighten me as to which setting(s) in the configuration causes this check?

NOQUEUE: reject: RCPT from unknown[X.X.X.X]: 550 5.7.1 Client host rejected: cannot find your hostname, [X.X.X.x]; from=<email@domain.com> to=<email@mycompany.com> proto=ESMTP helo=<[X.X.X.X]>

Postfix > Antispam

Quote
Helo Hostname
   
Default: Checked

Reject unknow helo hostname during smtp communication.
Title: Re: Postfix - antispam and relay package
Post by: FlashPan on October 01, 2014, 03:50:02 pm
Hi,

Well after some reinstall (well many) and different configs I think I've mainly got this working to block spam (mainly).

I found this website http://www.crynwr.com/spam/ and from here you can send yourself test emails which should trigger a block etc and then this site will email you the conversation/outcome.

Sadly though I still seem to have a couple of issues .  My widget still does not show up anything but the Sent stats.  In Search Mail, No Queue, I can see emails being rejected (eg sent to a non existant emails address).  Ideas anyone?

I think I've found another issue as well.  I read this on another forum but I think it may have been quite old so not sure if still valid and of course I cannot find the page again as I did not save it.

Anyhow below you will see an email header that came into to me to day.  Go through Postfix and Mailsanner with no flags.


I think I read it correctly but postfix cannot block email if it passes through or relays through multiple email servers.

Anyone seen or aware of this type of thing?


As always of tip my cap to you call and thank  you very much for your help past, present and future :)

Cheers

Received: from xxx.xxx.co.uk (192.168.100.4) by xxx.xxx.corp
 (192.168.xxx.xxx) with Microsoft SMTP Server id 14.3.210.2; Wed, 1 Oct 2014
 13:17:22 +0100
Received: from ns5.lucidity.ie (ns5.lucidity.ie [69.36.8.164])   by
 xxx.xxx.co.uk (Postfix) with ESMTP id 0C678696B   for <XXXX@XXXX.co.uk>;
 Wed,  1 Oct 2014 13:17:10 +0100 (BST)
Received: from fieldandstream.ie ([::ffff:109.229.186.118])  (AUTH: LOGIN
 mick@fieldandstream.ie)  by ns5.lucidity.ie with esmtp; Wed, 01 Oct 2014
 13:11:58 +0100  id 0017605C.542BEF8E.00006496
Received: from rly04.hottestmile.com ([Wed, 01 Oct 2014 16:11:00 +0400])   by
 smtp.doneohx.com with ESMTP; Wed, 01 Oct 2014 16:11:00 +0400
Received: from [42.30.29.127] by mail.webhostings4u.com with SMTP; Wed, 01 Oct
 2014 16:06:05 +0400
Received: from relay.2yahoo.com ([200.137.192.220]) by mtu67.syds.piswix.net
 with SMTP; Wed, 01 Oct 2014 15:50:57 +0400
Received: from relay37.vosimerkam.net ([Wed, 01 Oct 2014 15:43:37 +0400])   by
 mailout.endmonthnow.com with ASMTP; Wed, 01 Oct 2014 15:43:37 +0400
Received: from unknown (HELO public.micromail.com.au) (Wed, 01 Oct 2014
 15:41:09 +0400)   by smtp18.yenddx.com with ESMTP; Wed, 01 Oct 2014 15:41:09
 +0400
Message-ID: <7D9E9F4C.AEEB6E0F@fieldandstream.ie>
Date: Wed, 1 Oct 2014 15:41:09 +0400
Reply-To: "Barclays@email.barclays.co.uk" <mick@fieldandstream.ie>
From: "Barclays@email.barclays.co.uk" <mick@fieldandstream.ie>
MIME-Version: 1.0
To: <steve@sueandsteves.co.uk>
CC: <steve@suej.co.uk>, <steve@suffolk.gov.uk>, <steve@suffolk.police.uk>,
   <steve@suffolkcartlodges.co.uk>, <steve@suffolkfada.co.uk>,
   <XXXX@XXXX.co.uk>, <steve@sugarhouse.co.uk>, <steve@sumarts.co.uk>,
   <steve@sumlock.co.uk>, <steve@summe.co.uk>, <steve@summerbreak.co.uk>,
   <steve@summerleaze.co.uk>, <steve@summerlin.co.uk>, <steve@summitbikes.co.uk>
Subject: =?ISO-8859-1?B?VHJhbnNhY3Rpb24gbm90IGNvbXBsZXRl?=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-sufu-MailScanner-Information: Please contact the ISP for more information
X-sufu-MailScanner-ID: 0C678696B.A7F57
X-sufu-MailScanner: Found to be clean
X-sufu-MailScanner-From: mick@fieldandstream.ie
X-Spam-Status: No
Return-Path: mick@fieldandstream.ie
X-MS-Exchange-Organization-AuthSource: xxx.xxx.corp
X-MS-Exchange-Organization-AuthAs: Anonymous



Title: Re: Postfix - antispam and relay package
Post by: Bismarck on October 01, 2014, 04:41:20 pm
Anyhow below you will see an email header that came into to me to day.  Go through Postfix and Mailsanner with no flags.

I think I read it correctly but postfix cannot block email if it passes through or relays through multiple email servers.

X-sufu-MailScanner-Information: Please contact the ISP for more information
X-sufu-MailScanner-ID: 0C678696B.A7F57
X-sufu-MailScanner: Found to be clean
X-sufu-MailScanner-From: mick@fieldandstream.ie
X-Spam-Status: No

Return-Path: mick@fieldandstream.ie
X-MS-Exchange-Organization-AuthSource: xxx.xxx.corp
X-MS-Exchange-Organization-AuthAs: Anonymous

Looks okay for me, this mail passed postfix and mailscanner.
Title: Re: Postfix - antispam and relay package
Post by: biggsy on October 02, 2014, 03:19:46 am


I think I read it correctly but postfix cannot block email if it passes through or relays through multiple email servers.



I don't think you read that correctly.  Do you have a reference? 

A lot of email will pass through multiple email servers en route - say, for example, from my mail server to my ISP's mail server to my friend's ISP's mail server and then to his mail server.   We both run postfix forwarder on pfSense.
Title: Re: Postfix - antispam and relay package
Post by: FlashPan on October 02, 2014, 05:24:18 am
Sadly no I cannot find the webpage again.

My suspicions arose just because of so many relays and the content was definitley spam (trying to make you think it was from Barclays bank- with a non Barclays bank weblink to click on) plus the sender emails address was poorly made to look like it was from the bank as well.
Title: Re: Postfix - antispam and relay package
Post by: pyrodex on October 02, 2014, 07:26:48 am
Any chance of getting this to work in 2.2?

Are you talking about Postfix forwarder on 2.2?  I have had some problems with that. 

Installing postfix on 2.2 (with a config restored from 2.1.5) I'm getting the following:

Code: [Select]
postfix/postfix-script[56365]: fatal: no Postfix daemon directory /usr/local/libexec/postfix!

and

Code: [Select]
php-fpm[7873]: /pkg_mgr_install.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory'
php-fpm[7873]: /pkg_mgr_install.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory'

Then the following repeats about 5 or 6 times:

Code: [Select]
php-fpm[8074]: /pkg_edit.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory'
php-fpm[8074]: /pkg_edit.php: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was 'cd: /usr/local/libexec/postfix: No such file or directory'



All this could be due to the restored config but I don't know.

Yup this is the same problem I had and I had the same issue on a fresh install too trying everything to get it to work.
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on October 02, 2014, 08:46:22 am
FlashPan you definitely need to fine tune your rbl list:

Quote
Received: from fieldandstream.ie ([::ffff:109.229.186.118])

Summary information for 109.229.186.118/32
Note: Times shown are for the latest entry only!
Found 2 network entries and 0 host/domain entries.
 
Problem Entries, (listings will cause email problems.)
1 "Hacked" entries [04:29:20 13 Sep 2011 GMT+00].    
6 "Spam" entries [17:17:17 30 Aug 2014 GMT+00].
http://www.anti-abuse.org/multi-rbl-check-results/?host=109.229.186.118

And how often do you update your spamassassin rule subscriptions?
Title: Re: Postfix - antispam and relay package
Post by: FlashPan on October 02, 2014, 09:21:40 am
Sigh  ???  this is what I am not understanding ;)

My options under Antispam > RBL Server List all seem correct.

zen.spamhaus.org*2, bl.spamcop.net, dnsbl.sorbs.net

As for spamassassin, you just gave me an answer in antoehr threas but think I may have borked the package as now it will not star for some reason.

Getting very close to pulling hair out time :)

Thanks Bismark you are going above and beyond here.
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on October 02, 2014, 10:37:11 am
Try this:

Quote
recent.spam.dnsbl.sorbs.net*2, zen.spamhaus.org, bl.spamcop.net, dnsbl.sorbs.net, b.barracudacentral.org, dnsbl-1.uceprotect.net, ix.dnsbl.manitu.net, bl.spameatingmonkey.net, list.dnswl.org*-5

And set RBL threshold 2.

This should keep the most nasty stuff away, you can add how many you like/fit your needs...

Watch it with

Code: [Select]
tail -f /var/log/maillog

BTW don't use google DNS as your system DNS, use those from your ISP.

http://blog.clairelogic.net/?p=67

cheers!
Title: Re: Postfix - antispam and relay package
Post by: FlashPan on October 02, 2014, 12:47:45 pm
 Thanks for that,

Yep I had my 3 rbls and threshold set to 2. 

Have updated to the rbls you've given but still no joy now.  Before MailScanner died on me emails were blocked from http://www.crynwr.com/spam.  Now MailScanner has gone these emails are getting through.

Sadly from Saturday I am away for the next 2 weeks.  I think I need to step back from this and completely remove postfix and mailscanner and re-install them from scratch (if only for my own sanity  :P)

I'm very sorry about this especially to you Bismarck as you have tried very hard to help me and I really do appreciate all your input and help.

Before I depart though I know that simply uninstalling both packages will not remove the config settings I've made.  I've been scouting around but from where would I find these configs to delete directly?  As I said want to start with a clean sheet.

So if I get the 2 packages removed expect me back here in about 2.5 weeks crying again :)

Cheers all
Title: Re: Postfix - antispam and relay package
Post by: FlashPan on October 03, 2014, 09:47:34 am
Well this will be my last reply before I disappear for the next couple of weeks.

My postfix is now working and the rbls are blocking as they should.  Removed postfix, removed anything left behind after uninstall and re-installed.  (My original config was still intact though - would still be nice to find out where that is stored?)

I also discovered a misprint for an acl section

Access Lists > MIME:

The example says to use    /^name=[^>]*\(com ...........etc to block certain file extensions.  For me this does not work.  I've used /name=[^>]*\(com ...........etc    remove the ^ and loose the text after /REJECT

I've tested this by emailing myself a test file with a safe extension like .bit  Added .bit into the string and that email does not get to me and a bounce back is received to the sender.

"Server refused mail at END OF DATA - 550 5.7.1 message content rejected"

If I didn't make the changes above the email and attachment would still come through.

Hope this helps someone :)

My Mailscanner is still shot, something to do with perl and EN language settings I think???  But that's for the other thread and when I get back.

Cheers
Title: Re: Postfix - antispam and relay package
Post by: ApolloDS on October 06, 2014, 02:50:34 am
If you need TLS Config you have to put the following into the "custom main.cf options" Field:

Code: [Select]
# 20141006 Add TLS
#
# SMTPD
#
smtpd_tls_cert_file = /cf/conf/cert.crt
smtpd_tls_key_file = /cf/conf/cert.key
smtpd_tls_CAfile = /etc/ssl/cert.pem
smtpd_tls_security_level = may
# SMTP Client
smtp_tls_security_level = may
smtp_tls_CAfile = /etc/ssl/cert.pem
# SSL-Certificate - Generate logfile entries
#
smtpd_tls_received_header = yes
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1

You need to upload the Cert Files to /cf/conf.
I hope this path is upgrade-save, I couldn't test it yet.

Maybe someday we can use the Cert Manager Certs of pfSense in Postfix Forwarder Package?  ;)

Best regards,
Peter
Title: Re: Postfix - antispam and relay package
Post by: BenKenobe on October 12, 2014, 01:20:49 pm
What am I doing wrong.

I found my first issue - my port 25 was still NAT'd ...

However I now have another issue users in the list of 'custom valid recipients' are getting bounced - the Postfix is saying that the 'recipient address' is rejected, unverified address.


postfix/smtpd[17570]: NOQUEUE: reject: RCPT from mail-qg0-f52.google.com[209.85.192.52]: 450 4.1.1 <***@***.co.uk>: Recipient address rejected: unverified address: connect to *.*.*.*[*.*.*.*]:25: Operation timed out; from=<*******@gmail.com> to=<***@***.co.uk> proto=ESMTP helo=<mail-qg0-f52.google.com>


why ? (there are no indications on the mail server that postfix has even tried)
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on October 13, 2014, 01:56:42 am
What am I doing wrong.

I found my first issue - my port 25 was still NAT'd ...

However I now have another issue users in the list of 'custom valid recipients' are getting bounced - the Postfix is saying that the 'recipient address' is rejected, unverified address.


postfix/smtpd[17570]: NOQUEUE: reject: RCPT from mail-qg0-f52.google.com[209.85.192.52]: 450 4.1.1 <***@***.co.uk>: Recipient address rejected: unverified address: connect to *.*.*.*[*.*.*.*]:25: Operation timed out; from=<*******@gmail.com> to=<***@***.co.uk> proto=ESMTP helo=<mail-qg0-f52.google.com>


why ? (there are no indications on the mail server that postfix has even tried)

Check in Postfix > View config > relay_recipients if you can see your recipients get bounced are in there or not, if not you need to check the Valid recipients config in the recipients tab.

Your server should just accept mail for valid recipients, which makes pretty sense.

Title: Re: Postfix - antispam and relay package
Post by: BenKenobe on October 13, 2014, 03:14:59 am
No trace of a bounce there, IP address is correct, authentication is needed only for sending.

I run two domains, have one public IP to which the public DNS points for both domains, I NAT these to two different IP addresses (internal).

Everything works fine if I go back to NAT'ing port 25 to the mail server directly.

I have the two domains with their respective internal IP address's listed on the domain tab, the user is defined in the 'custom recipients' using the format

user@domain.co.uk OK

I use no wildcards each 'valid' user has an entry.

I use a NAT rule to put port 25 onto 127.0.0.1 and them monitor loopback with Postfix, clearly postfix is receiving the message. I do have an internal DNS server, pFSense is configured to look at it and NOT a public DNS box, the domains resolve correctly to the public IP address - NOTE they DO NOT resolve to the internal IP address's and nor should they, resolving to the correct public IP address IS correct - the domain tab is explicit on the IP address to send mail to. The *.*.*.* is actually the correct internal IP address for the email address so I don't think it is DNS related anyway.

The messages say that they timed out but my mail server doesn't even log a connection attempt, I have read and read this thread and this should work OK - but it doesn't.
Title: Re: Postfix - antispam and relay package
Post by: BenKenobe on October 13, 2014, 03:50:39 am
I seem to have identified part of the issue and that is my 'tarpit' on the mail server, I had this set to 20 seconds so Postfix needs to be patient or I could do with knowing where to set how long it waits for the server to respond. For now I've reduced it to zero on the server and it seems to be working..

While playing with this to identify the issue I just identified another behaviour, but this one is totally 'unacceptable' - if the internal mail server REJECTS a message the Postfix duly responds to the sender with a reject message

The error that the other server returned was:
550 5.1.1 <user@domain.co.uk>: Recipient address rejected: undeliverable address: host 192.168.1.253[192.168.1.253] said: 553 5.1.8 Sender address <double-bounce@*.*.*> domain does not exist (in reply to MAIL FROM command)

The problem here is the message returned contains the internal IP address and NOT the public address - this needs to be changed - when sending messages like this the internal IP detail must not be revealed - the public IP must be substituted. This could also do with a mechanism to modify the 'Sender' e-mail address from double-bounce@*.*.* in the gui to whatever we want.

Note - I changed the double-bounce address using custom command double_bounce_sender to be from an invalid domain to produce this message, I've since changed it back to one that works OK - NOTE - if a message is REJECTED by the mail server regardless of the reason you must NOT reveal the internal IP details in the message - is this an easy fix?

AND - there's more ...

I have noticed that if I send a mail with multiple address's on the 'To' line that when it is pushed into my mailbox that each address is replaced with a copy of the destination i.e if I send to

user1@domain1.com, user1@domain2.com

when it appears in user1@domain1.com's inbox the 'To' line shows

user1@domain1.com, user1@domain1.com

and when it appears in user1@domain2.com's inbox the 'To' line shows

user1@domain2.com, user1@domain2.com


Another element that needs to be thought about is the response mechanism. If a user doesn't exist I want the system to 'swallow' the request and not to respond - by responding you leave the system open to harvesting attacks where a spammer sends lots of mails to 'random' account names within a domain and then vets the responses anything that doesn't generate a 'no such user' message being a positive, very soon after spam starts arriving, I proved this by setting up an account 'support' that they always seem to try but used it nowhere - and it soon started getting spam.

How can responses be 'tailored' or adjusted such that this kind of address harvesting doesn't work. You obviously can't hide a domain, you still need to work properly with SMTP senders so there must be a way to 'not respond' in a way that assists spammers - or to 'lie' - what about sending a 'no such domain' response for non existent users, this will fail permanently or sending a 'cannot deliver now try later' - the latter will choke their servers to death on retries. I can handle the rest by using 'non standard names for things such as sails instead of sales - or something even more cryptic.

What about configuring a block on any site / IP making more than X connection attempts to port 25 within X seconds.


Title: Re: Postfix - antispam and relay package
Post by: biggsy on October 14, 2014, 01:52:34 am

While playing with this to identify the issue I just identified another behaviour, but this one is totally 'unacceptable' - if the internal mail server REJECTS a message the Postfix duly responds to the sender with a reject message

The error that the other server returned was:
550 5.1.1 <user@domain.co.uk>: Recipient address rejected: undeliverable address: host 192.168.1.253[192.168.1.253] said: 553 5.1.8 Sender address <double-bounce@*.*.*> domain does not exist (in reply to MAIL FROM command)

The problem here is the message returned contains the internal IP address and NOT the public address - this needs to be changed - when sending messages like this the internal IP detail must not be revealed - the public IP must be substituted. This could also do with a mechanism to modify the 'Sender' e-mail address from double-bounce@*.*.* in the gui to whatever we want.

Note - I changed the double-bounce address using custom command double_bounce_sender to be from an invalid domain to produce this message, I've since changed it back to one that works OK - NOTE - if a message is REJECTED by the mail server regardless of the reason you must NOT reveal the internal IP details in the message - is this an easy fix?

You should be able to put something like this in your custom main.cf but I haven't tried it myself.  It should replace the "host ... said: ..." and not divulge the internal IP.

Code: [Select]
unverified_recipient_reject_reason = Recipient refused delivery


I have noticed that if I send a mail with multiple address's on the 'To' line that when it is pushed into my mailbox that each address is replaced with a copy of the destination i.e if I send to

user1@domain1.com, user1@domain2.com

when it appears in user1@domain1.com's inbox the 'To' line shows

user1@domain1.com, user1@domain1.com

and when it appears in user1@domain2.com's inbox the 'To' line shows

user1@domain2.com, user1@domain2.com

Sorry, no suggestion for that one.
Title: Re: Postfix - antispam and relay package
Post by: biggsy on October 14, 2014, 02:39:31 am
I tested this:

Code: [Select]
unverified_recipient_reject_reason = Recipient refused delivery
Sadly, it didn't work. 

The postfix documentation says, in relation to this parameter, "Do not specify the SMTP status code or enhanced status code."

No way in the package to override the default  unverified_recipient_reject_code = 550
Title: Re: Postfix - antispam and relay package
Post by: mschiek01 on October 15, 2014, 12:50:13 pm
I tested this:

Code: [Select]
unverified_recipient_reject_reason = Recipient refused delivery
Sadly, it didn't work. 

The postfix documentation says, in relation to this parameter, "Do not specify the SMTP status code or enhanced status code."

No way in the package to override the default  unverified_recipient_reject_code = 550

I think you need to specify the unverified_recipient_reject_reason = Recipient refused delivery first in the config to make it work as the order of the rules will affect the response. 

To do this try editing  /usr/local/pkg/postfix.inc 

line 543 "smtpd_recipient_restrictions = permit_mynetworks,"

put the reject BEFORE the "permit_mynetworks"

I don't think putting it in the custom config will work as the rules are not ordered in the correct sequence.

Note if you reinstall you will loose this setting.
Title: Re: Postfix - antispam and relay package
Post by: BenKenobe on October 15, 2014, 02:40:18 pm
Tried it, didn't work.

Surely this behaviour must have been spotted before, am I the only one that finds the revealing of internal IP address's unacceptable. This should be set to the 'domain' and public IP.
Title: Re: Postfix - antispam and relay package
Post by: biggsy on October 16, 2014, 02:42:24 am
Some more research turned up this (http://postfix.1071664.n5.nabble.com/hide-target-server-address-in-bounce-messages-td71122.html):

Quote
> Hello,
>
> I currently use relay_domains and relay_transport as a means to relay
> email on to another mail server which hands off to the MDA. Everything
> works well.  Occasionally there may be a delivery problem when talking
> to the relay_transport that results in a bounce being generated by
> postfix - an expected behavior of any MTA.  What I need to do is hide
> details (the IP address) of the relay_transport in the bounce message
> due to security concerns.  I tried using the bounce template
> configuration to do this, but postfix adds this information anyways.  Is
> there any way to hide this information?
... [show rest of quote]

Is this about the RECEIVED headers in the undeliverable message? If so
then you need a content filter or header_checks rule.

Is this about the remote hostname[address]:port in the server response?
If so then you need Postfix 2.12 with smtp_delivery_status_filter to
sanitise the delivery status message.


        Wietse

Current package is based on 2.10
Title: Re: Postfix - antispam and relay package
Post by: BenKenobe on October 16, 2014, 02:48:08 am
I shall explore and report, I did find smtpd_reject_footer but this appears one line below the 'offending' one and doesn't help to 'correct' the IP returned in the message.

Title: Re: Postfix - antispam and relay package
Post by: Bismarck on October 16, 2014, 04:08:07 am
The error that the other server returned was:
550 5.1.1 <user@domain.co.uk>: Recipient address rejected: undeliverable address: host 192.168.1.253[192.168.1.253] said: 553 5.1.8 Sender address <double-bounce@*.*.*> domain does not exist (in reply to MAIL FROM command)

Sorry but I can't reproduce this, your internal server (192.168.1.253) should never give such error (Recipient address rejected) since only valid email recipients/domains should pass postfix.
Quote
Another element that needs to be thought about is the response mechanism. If a user doesn't exist I want the system to 'swallow' the request and not to respond - by responding you leave the system open to harvesting attacks where a spammer sends lots of mails to 'random' account names within a domain and then vets the responses anything that doesn't generate a 'no such user' message being a positive, very soon after spam starts arriving, I proved this by setting up an account 'support' that they always seem to try but used it nowhere - and it soon started getting spam.

How can responses be 'tailored' or adjusted such that this kind of address harvesting doesn't work. You obviously can't hide a domain, you still need to work properly with SMTP senders so there must be a way to 'not respond' in a way that assists spammers - or to 'lie' - what about sending a 'no such domain' response for non existent users, this will fail permanently or sending a 'cannot deliver now try later' - the latter will choke their servers to death on retries. I can handle the rest by using 'non standard names for things such as sails instead of sales - or something even more cryptic.

I'm sure this would break some RFCs, 'swallow', 'not respond' or 'lie' would all be the same as 'no such user', there is just valid or not, no mater how you name it. And 'support@domain.com' is a very common account but eg. 'ranga.yogeshwar@domain.com' is not and guessing/harnessing such real mail accounts would be highly infective and take zillion of years. 

Quote
What about configuring a block on any site / IP making more than X connection attempts to port 25 within X seconds.

This can be easily abused and make your mail server DoS, think about it.

What's your internal MTA? I still believe you have some kind of misconfiguration here, try to keep your setup "simple" and make it work first and secure it second. Try to telnet or use SMTP diag, for me it looks like postfix and your internal server is accepting mails at the same time, thats why your internal server is responding that error, when postfix should do.

If you like to hide your internal MTAs IP from Headers just use IGNORE:

Quote
# Remove Sensitive Information from Headers
/^Received: from MyMTA.local*/ IGNORE
/^Received:.*with ESMTPS/ IGNORE
/^X-Originating-IP:/ IGNORE
/^User-Agent:/ IGNORE

But I think this is not really related to your problem...
Title: Re: Postfix - antispam and relay package
Post by: BenKenobe on October 16, 2014, 04:41:57 am
My problem here is that

a) Postfix is reporting the error but not correctly embedding the public IP in 'error' responses to the sender.

b) I know that what I want breaks a few rules but if a user account doesn't exist I want it to behave like spamd and tie up the senders 'server' by grey listing - I don't want to send a "doesn't exist" reject response.

c) I don't want a system that allows infinite login attempts with a different username from the same IP in a short time frame - brute force attack basically. I am aware of the DOS issue but there needs to be a solution to prevent this 'hammering' in an 'elegant' manner.
Title: Re: Postfix - antispam and relay package
Post by: mschiek01 on October 16, 2014, 09:39:44 am
Tried it, didn't work.

Surely this behaviour must have been spotted before, am I the only one that finds the revealing of internal IP address's unacceptable. This should be set to the 'domain' and public IP.

What does postix say is happening in the log when you see this behavior?

/var/log/maillog

Also I am not sure as to why you have your internal email server rejecting the message from postfix.  Maybe I am not just understanding you correctly.  Postfix should be rejecting the message not you email server. 

Postfix should be checking for valid receipents and rejecting them.  You should see this in the log "550 5.1.1 <*****@*****.com>: Recipient address rejected: User unknown in relay recipient table. 

You need to have a comand line in the access lists -> "filters while receiving mail"

It should be something like this "/^from:/ HOLD"

Otherwise postfix is not going to do anything.


Title: Re: Postfix - antispam and relay package
Post by: BenKenobe on October 16, 2014, 10:03:50 am
Config is as per previous posts. Listening on localhost which is NAT'd from the public IP, two domains each mapped to its own unique internal IP.  The detail appearing in the system status log is merely a cut down version of the one sent to the e-mail sender - but it contains the domains private local IP's and not the public one.

There's nothing wrong with my MTA's internal or external - this behaviour is coming from my mail server - but Postfix is simply repeating the message and it shouldn't - I need to find an expression to force the local IP to be replaced with the public IP - but ONLY where appropriate.

I DO NOT want reject responses for non existent user accounts - at least on the first attempt within a set period since most 'spammers' don't behave or retry in line with RFC guidelines. I want REJECT converted to TRY AGAIN LATER .. something that SpamD can do but using SpamD with postfix has proved less than successful.

 I'm stunned how hard this seems to be for Postfix - at least without hacking around in the code - I've tried numerous Postfix settings now and all have failed - presumably because of the order encountered - or I'm just not entering them as it expects - lets face it script lines full of 'regex' expressions aren't exactly easy to read, assuming that I'm even looking in the correct .inc files.

My mailserver is an enterprise class mailserver (Kerio) and even it seems unable to handle the simple concept of 'black hole' mailboxes and rejects instantly any mail for non existent accounts, it is very verbose in its response too. It won't block multiple failed login attempts from the same IP and will happily converse with a brute force script all day long - I have better things to waste CPU cycles and bandwidth on.

I am tentatively planning a move to hMailServer because it will block bad behaviour from IP address's, but not until it gets TLS sorted out, maintaining Kerio is just too expensive for our needs but I'm not prepared to go 'open text'.

With regards the mail log there is no such file in the var/log folder. I report messages to the system log and a syslog server.
Title: Re: Postfix - antispam and relay package
Post by: mschiek01 on October 16, 2014, 10:19:17 am
I am not sure what the log looks like when reporting to the system log.  As for the syslog server I don't this this is even an option in postifx.

If you go to the configuration page/general/logging/destination  select the second item var/log/maillog.  Then restart postfix  I think you will get a better ideal of what is going on in postfix.

also in the log level set it at least to 2. 

post the portion of the log as I would be interested to see it.
Title: Re: Postfix - antispam and relay package
Post by: BenKenobe on October 16, 2014, 10:28:02 am
syslog isn't an option in postfix and is why I send messages to the system log - because that can be sent to a syslog server. I'll try the log thing and see if the information's any different, my debug level is currently 2.
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on October 17, 2014, 05:00:08 am
Quote
There's nothing wrong with my MTA's internal or external - this behaviour is coming from my mail server - but Postfix is simply repeating the message and it shouldn't - I need to find an expression to force the local IP to be replaced with the public IP - but ONLY where appropriate.

We all said it more as once you need to stop forwarding mail addresses from postfix which are non-existing to your internal server, thats postfix job.

Quote
My mailserver is an enterprise class mailserver (Kerio) and even it seems unable to handle the simple concept of 'black hole' mailboxes and rejects instantly any mail for non existent accounts, it is very verbose in its response too. It won't block multiple failed login attempts from the same IP and will happily converse with a brute force script all day long - I have better things to waste CPU cycles and bandwidth on.

I am tentatively planning a move to hMailServer because it will block bad behaviour from IP address's, but not until it gets TLS sorted out, maintaining Kerio is just too expensive for our needs but I'm not prepared to go 'open text'.

BenKenobe, if I understand your intention right, you won't be happy with postfix. Postfix/Mailscanner should be the one and only layer of defence, since bad mails should be disarmed BEFORE the reach the internal server, but in your scenario your internal server looks like a second layer of defence, which will not work well in conjunction with Postfix/Mailscanner.

Title: Re: Postfix - antispam and relay package
Post by: BenKenobe on October 17, 2014, 05:55:16 am
I'm quite happy to drop the 'secondary' defenses once I'm satisfied that the primary are working well.

How do I stop Postfix forwarding or rejecting non existent address's though, and how do I make it substitute the local mail server IP for the 'correct' public one.

I have explicitly stated which accounts are acceptable on the 'Custom Valid Recipients' tab, by doing so would expect Postfix to deal with all others but it still checks against the mail server for 'account existence' and uses the message returned by the mail server so even though it doesn't pass the mail it still checks for the accounts presence every single time - which I don't think it should do, it should only attempt delivery of specifically identified accounts - all others need to be handled 100% by Postfix with no involvement of the mail server at all.

I have removed all the tarpitting and spam traps on the Kerio, but I have put SpamD back in front of Postfix - this has had the same effect it had before though - it can take hours for valid mails to hit the inbox because many vendors send from continually changing IP address's, I really don't like it much but it does some of what I need.

Incidentally I have had maillog enabled for 18 hours now and it is still empty !! - not something I expected at all because I'm still getting E-Mail.

Starting to wonder if I have a duff install.



Title: Re: Postfix - antispam and relay package
Post by: biggsy on October 17, 2014, 06:25:59 am
BenKenobe,

You could limit the number of connections from an IP in a given timeframe on the firewall rule you have for SMTP.  Under Advanced features.

I'm not arguing with what you're looking for but I don't think exposing an RFC 1918 address to the sending mailserver in those reject messages is really that worrying.  To exploit that knowledge would require compromise of your firewall or an internal host.  Then you would have much more to worry about.

I can't see how you get that reject on invalid domain message.  postfix should reject mail for any domain that it's not configured to relay for, without reference to your mailserver.

The double-bounce is used by postfix to check the validity of a recipient in a domain that it is configured to relay.  However, I think it does cache recent ones to avoid that extra effort.

Title: Re: Postfix - antispam and relay package
Post by: mschiek01 on October 17, 2014, 08:35:59 am
I'm quite happy to drop the 'secondary' defenses once I'm satisfied that the primary are working well.

How do I stop Postfix forwarding or rejecting non existent address's though, and how do I make it substitute the local mail server IP for the 'correct' public one.

I have explicitly stated which accounts are acceptable on the 'Custom Valid Recipients' tab, by doing so would expect Postfix to deal with all others but it still checks against the mail server for 'account existence' and uses the message returned by the mail server so even though it doesn't pass the mail it still checks for the accounts presence every single time - which I don't think it should do, it should only attempt delivery of specifically identified accounts - all others need to be handled 100% by Postfix with no involvement of the mail server at all.

Do you have a this line in your config?????

You need to have a comand line in the access lists -> "filters while receiving mail"

It should be something like this "/^from:/ HOLD"


You need the above line and I don't see where you ever said you had it?


With the mail log did you stop and restart postfix.  Don't do it from the gui as I am not sure that works or at least I have had problems with it.  Use the command line. 

/usr/local/etc/rc.d/postfix onestop

/usr/local/etc/rc.d/postfix onestart

This will also give you a better idea of any errors that are occurring during startup.

As soon as you do this if you go to /var/log/maillog  you should see activity.


Title: Re: Postfix - antispam and relay package
Post by: BenKenobe on October 17, 2014, 10:52:02 am
I restarted via the command line and the mail log is now populating ... I'll remember that one.

With regards the filter - I didn't add any - didn't see the need since I explicitly defined my recipients list, I'd have assumed that anything not in that list could be 'delayed' or 'rejected by default.

I see the filter mentioned has a /HOLD on it so maybe that's the missing link - although I fail to see how that works since the 'from' isn't what I'm trying to control - it is the 'to'. If I look at the examples they show 'sender' email address's not recipient address's - I don't really care who is sending.

I'll try to dig into the documentation a little deeper.
Title: Re: Postfix - antispam and relay package
Post by: mschiek01 on October 17, 2014, 10:59:05 am
Are you using postfix/mailscanner?  I assumed you were maybe you are not?

If not then you are correct you don't need that.
Title: Re: Postfix - antispam and relay package
Post by: BenKenobe on October 17, 2014, 11:10:35 am
No not using mailscanner - is it something worth using.

I currently have 'SpamD -> Postfix -> Mail Server' and it seems to be keeping the spammers at bay, has also stopped brute force attacks to port 25. I wish I didn't need SpamD because of the delays it creates with 'unknown' senders but I've not seen a single 'spammer' in any inbox today and only one brute force attempt to a mail port that I've since closed (I've now closed all NONE TLS ports except 25 - and that's routed through the filters)

I've got the mail server pretty well hardened, just need to resolve the reject message IP address now ...

Title: Re: Postfix - antispam and relay package
Post by: mschiek01 on October 17, 2014, 11:12:10 am
In the postix gui go to view config -> master cf and check and make sure you have this in the config


/sender_access,
            reject_non_fqdn_helo_hostname,
            reject_unknown_recipient_domain,
            reject_non_fqdn_recipient,
            reject_multi_recipient_bounce,
         ------->   reject_unverified_recipient,
            permit


also in client access list / my networks you only have your internal ip range listed correct?
Title: Re: Postfix - antispam and relay package
Post by: BenKenobe on October 17, 2014, 11:18:46 am
Only internal IP's correct, I commented out the 'reject' because I don't want it rejected - although it still gets rejected somehow - I even tried modifying the reject codes to 450 instead but it still returns the 550.1.1 which tells me it is using what the mail server sends back and not what I want it to. I've tried also the various SMTP privacy filters but it is hard to know which file to build them into - doesn't work in the custom commands for sure. 

Remember I'm trying to stop spammers figuring out which address's exist by sending many e-mails each to a different username - the reject message is a dead giveaway - I want the offender tarpit'd and messed about as much as possible.
Title: Re: Postfix - antispam and relay package
Post by: mschiek01 on October 17, 2014, 12:57:56 pm
This may be your problem although I am not even sure what you are trying to do will work.

In the postfix gui ->"Domains to Forward"  did you put information in here ?

In the postfix gui -> "Recipients"  did you put information here ?

If you did both that is most likely your problem.

Postfix is receiving an email connection request and the first thing it is doing is checking the relay domain table and contacting the server which is saying not a good address and that is what postfix is replying.  It doesn't matter what you put in the address verification as this is a second step not first.

You are basically using both methods.  Which obviously will not work for what you are trying to do.  Remove the information from the domains to forward and see what happens.

You will need to add a relayhost = [an.ip.add.ress]  to the config.


Title: Re: Postfix - antispam and relay package
Post by: garthk on November 14, 2014, 09:55:24 am
I've installed the Postfix package and all seems to be working fine. I then installed the Postfix widget and, while the PF widget bar shows up on the dashboard, there's no data displayed at all.

What did I do wrong?

Thanx,
GarthK
Title: Re: Postfix - antispam and relay package
Post by: mschiek01 on November 14, 2014, 10:02:45 am
I've installed the Postfix package and all seems to be working fine. I then installed the Postfix widget and, while the PF widget bar shows up on the dashboard, there's no data displayed at all.

What did I do wrong?

Thanx,
GarthK

Got to services/postfix/general at the bottom of the page
Widgets set
Title: Re: Postfix - antispam and relay package
Post by: garthk on November 18, 2014, 04:33:48 am
Thanx for the reply. I did what you suggested and even waited three days just to see if that would make a diff but no luck. The Postfix bar is there but no data is displayed. I also reinstalled it but no change.

Anything else I need to do?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on November 18, 2014, 05:00:39 pm
Widget works when you set logs to /var/log/maillog
Title: Re: Postfix - antispam and relay package
Post by: garthk on November 21, 2014, 08:48:25 am
That took care of it!

Thanx Much,
Garth
Title: Re: Postfix - antispam and relay package
Post by: sbillmann on November 26, 2014, 05:24:14 am
Hi guys,

I am using this package for a few days now and am very happy with it because the amount of spam was reduced drastically.

So first of all thank you for your work here, marcelloc.


I just encountered two problems which I couldn't solve for myself.

1. The "Search mail" function doesn't work for me. Probably because postfix can't find a sqlite database. Reinstallation of postfix didn't help.

2. Some mails take a very long time to get delivered to my actual mail server. I guess this is because some bigger companies with multiple mail servers send mails out through a different server once the message isn't accpeted instantly by postfix. (gmail or hrs for example)
Is there a way to accept e-mails faster even if the initial sender ip differs from the current sender ip in postfix?

And again thank you (in advance)

Many apologies if this has been asked and answered before.
Title: Re: Postfix - antispam and relay package
Post by: garthk on November 26, 2014, 08:28:15 am
Works great but I have a question. There is a company sending us email with a single MX record, say mail.company.com, but the email is actually being sent by one of multiple servers, mail1.company.com, mail2.company.com, and so on. None of these servers has a DNS record so can not be found by PF after the RCPT TO: is received. This causes the email to be rejected, correctly IMHO, but I need to figure out how to let this email thru. Can I whitelist these servers and, if so, how?

Thanx,
Garth
Title: Re: Postfix - antispam and relay package
Post by: garthk on November 26, 2014, 09:07:06 am
Sorry to reply to my own post but... the initial HELO is from mail.company.com and is resolvable. Prob is, that's not the server that actually sends the email and those servers are not resolvable.

Thanx,
Garth
Title: Re: Postfix - antispam and relay package
Post by: biggsy on November 27, 2014, 12:31:44 am
If you can tell whether they're in the same subnet you can whitelist that subnet under Access Lists > CIDR

Like:
Code: [Select]
10.20.30.0/24 permit

Title: Re: Postfix - antispam and relay package
Post by: Bismarck on November 27, 2014, 12:54:06 am
Sorry to reply to my own post but... the initial HELO is from mail.company.com and is resolvable. Prob is, that's not the server that actually sends the email and those servers are not resolvable.

Thanx,
Garth
https://forum.pfsense.org/index.php?topic=40622.msg428403#msg428403
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on November 27, 2014, 12:55:49 am
2. Some mails take a very long time to get delivered to my actual mail server. I guess this is because some bigger companies with multiple mail servers send mails out through a different server once the message isn't accpeted instantly by postfix. (gmail or hrs for example)
Is there a way to accept e-mails faster even if the initial sender ip differs from the current sender ip in postfix?

And again thank you (in advance)

Many apologies if this has been asked and answered before.
https://forum.pfsense.org/index.php?topic=40622.msg425790#msg425790
Title: Re: Postfix - antispam and relay package
Post by: azekiel on December 02, 2014, 03:58:32 am
Is the postscreen cache now persistent (normally it would be deleted after a restart of the service)?

If not, why not use postgrey then? This one works the same way as postscreen does and the persistent cache does work!

Greets
Title: Re: Postfix - antispam and relay package
Post by: azekiel on December 06, 2014, 05:37:25 pm
another question: how to disable the recipient check? i remove the part from smtpd_recipient_restrictions but is there a way in the gui?
Title: Re: Postfix - antispam and relay package
Post by: dene14 on December 08, 2014, 06:07:00 am
Pretty nice module! Thanks for your great work...

+1 for CertManager's certificate support for STARTTLS... It looks a bit strange when you have to generate SelfSigned with certmanager, download cert + key, and upload them by scp to router... Also this conf doesn't survives reinstalls from backup :(

However it seems I've found a bug in current version:
when I select "listen on all Interfaces/IPs"
this line appears in main.cf. unfortunately, it isn't valid
"inet_interfaces = "

to fix that we need to bind that selection to
"inet_interfaces = all"

Thanks!
Title: Re: Postfix - antispam and relay package
Post by: Sandro Di Tommaso on December 23, 2014, 10:45:26 am
Hi, I'm using this nice package for a few months without major problems.
Just one thing...
Every day I find some incoming emails in the "incoming" state that are not delivered .
Why?
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on January 24, 2015, 01:58:01 am
Hello marcelloc, will

Quote
/usr/sbin/pkg_add -r p5-perl-ldap

still work with 2.2/10.1? If I remember right there is no pkg_add anymore with FreeBSD 10.1 and what wil happen with packages that have been installed via pkg_add on 8.3 FreeBSD and upgraded to FreeBSD 10.1, will they sill work?

Thanks for all.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on January 24, 2015, 06:13:56 am
Hello marcelloc, will

/usr/sbin/pkg_add -r p5-perl-ldap

still work with 2.2/10.1?


On freebsd 10, use pkg add instead of pkg_add

Title: Re: Postfix - antispam and relay package
Post by: Bismarck on January 24, 2015, 07:02:51 am
Thanks marcelloc, always appreciated.

https://doc.pfsense.org/index.php/Installing_FreeBSD_Packages#pfSense_2.2
Title: Re: Postfix - antispam and relay package
Post by: hrtraveler on January 24, 2015, 04:11:42 pm
Having problems with Postfix Forwarder after upgrading to pfSense 2.2 (worked fine on 2.15 immediately before upgrading). 

Mail no longer goes out, and client give a time out message.  Testing though WebGui > Diagnostics > Test Port I can make a connection on port 25 and I don't see anything in the firewall log that would make me believe that this is a firewall issue, therefore I'm left with Postfix.

Upon restarting Postfix I get the following in the log.

Code: [Select]
Jan 24 16:54:33 postfix/postfix-script[55658]: stopping the Postfix mail system
Jan 24 16:54:33 postfix/master[81995]: terminating on signal 15
Jan 24 16:54:35 postfix/postfix-script[87134]: warning: not owned by root: /var/spool/postfix
Jan 24 16:54:35 postfix/postfix-script[91266]: starting the Postfix mail system
Jan 24 16:54:35 postfix/master[96254]: daemon started -- version 2.11.3, configuration /usr/local/etc/postfix
Jan 24 16:54:35 postfix/master[96254]: warning: process /usr/local/libexec/postfix/pickup pid 96570 exit status 1
Jan 24 16:54:35 postfix/master[96254]: warning: /usr/local/libexec/postfix/pickup: bad command startup -- throttling
Jan 24 16:54:35 postfix/master[96254]: warning: process /usr/local/libexec/postfix/qmgr pid 96714 exit status 1
Jan 24 16:54:35 postfix/master[96254]: warning: /usr/local/libexec/postfix/qmgr: bad command startup -- throttling

and then the following appears in the log on an ongoing basis (every minute or so)

Code: [Select]
Jan 24 16:57:35 postfix/master[96254]: warning: process /usr/local/libexec/postfix/pickup pid 50520 exit status 1
Jan 24 16:57:35 postfix/master[96254]: warning: /usr/local/libexec/postfix/pickup: bad command startup -- throttling
Jan 24 16:57:35 postfix/master[96254]: warning: process /usr/local/libexec/postfix/qmgr pid 50792 exit status 1
Jan 24 16:57:35 postfix/master[96254]: warning: /usr/local/libexec/postfix/qmgr: bad command startup -- throttling

Finally when I connect on port 25 is see the following

Code: [Select]
Jan 24 17:00:22 postfix/master[96254]: warning: process /usr/local/libexec/postfix/smtpd pid 94067 exit status 1
Jan 24 17:00:22 postfix/master[96254]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling

I've tried reinstalling the package, though that didn't resolve the issue.  Postfix is the only package I have installed.

Thanks for your help.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on January 24, 2015, 04:51:30 pm
May be related to pfsense 2.2 security sysctrl option to do not allow non root users to listen on low ports.

Try to listen postfix on a high port(>1024) and nat 25 to it.(similar procedure while using carp).


It was fixed some weeks ago on squid package but it looks like something has changed or I've missed something on my tests.
Title: Re: Postfix - antispam and relay package
Post by: hrtraveler on January 24, 2015, 05:42:03 pm
I moved to port 1050, but no change:

Code: [Select]
Jan 24 18:41:43 postfix/master[4057]: warning: process /usr/local/libexec/postfix/pickup pid 84681 exit status 1
Jan 24 18:41:43 postfix/master[4057]: warning: /usr/local/libexec/postfix/pickup: bad command startup -- throttling
Jan 24 18:41:43 postfix/master[4057]: warning: process /usr/local/libexec/postfix/qmgr pid 84757 exit status 1
Jan 24 18:41:43 postfix/master[4057]: warning: /usr/local/libexec/postfix/qmgr: bad command startup -- throttling
Jan 24 18:41:50 postfix/master[4057]: warning: process /usr/local/libexec/postfix/smtpd pid 84802 exit status 1
Jan 24 18:41:50 postfix/master[4057]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling

Same thing if I connect directly to port 1050 or via the NAT rule from port 25.
Title: Re: Postfix - antispam and relay package
Post by: biggsy on January 24, 2015, 08:56:15 pm
Same problem reported here (https://forum.pfsense.org/index.php?topic=86041.msg471764#msg471764) last month - but I've just realized that I posted it in the 2.2 snapshots area.

Title: Re: Postfix - antispam and relay package
Post by: vc6SfV8 on January 24, 2015, 11:37:35 pm
I am also experiencing the same problem as hrtraveler after upgrading to 2.2.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on January 24, 2015, 11:43:33 pm
I've updated database log integration from sqlite2 to sqlite3 but if I send a pull request for it then postfix will not work on 2.1.

So until we find a way to fix it on current pfsense 2.2 pbi, I suggest to use postfix on 2.1(as a server for exemple on virtual machine)
Title: Re: Postfix - antispam and relay package
Post by: TeeJay on February 04, 2015, 12:55:13 am
Having excactly the same problem on a brand new installation. I was looking for a substitute for the Endian Comunnity FW and pfsense certainly looks very promising, but wihout postfix it will not be very usefull to me. Is there any chance this problem will be fixed in the near future?
Title: Re: Postfix - antispam and relay package
Post by: guyp on February 04, 2015, 04:36:16 am
Ran into this today... Really need a quick and dirty fix until it can be fixed fully.

I can't roll back to the old version, as the FW is 8000 Miles away from me :(
Title: Re: Postfix - antispam and relay package
Post by: hrtraveler on February 04, 2015, 07:09:55 pm
Ran into this today... Really need a quick and dirty fix until it can be fixed fully.

I can't roll back to the old version, as the FW is 8000 Miles away from me :(


I was able to get it running by installing the standard FreeBSD package > 'pkg install Postfix' or 'pkg install postfix-tls'.

Couple things to keep in mind; this places the configuration files in a different location and therefore the webGUI tools for editing the configuration no longer work, nor do the monitoring tools as far as I can tell, in addition the pfsense pkg has Cyrus SASL compiled in so if you fix the dependencies and add the missing libraries it will allow you to forward mail through google (for example), or any server which requires such and encrypted connection, neither of the standard packages for FreeBSD have this compiled in, so it won't work.

If you need Cyrus SASL you can download the latest postfix-tls source to a FreeBSD 10.1 development machine and compile it in.
Title: Re: Postfix - antispam and relay package
Post by: The Dave on February 06, 2015, 04:07:44 pm
Any news for 2.2 support or is this still broken?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on February 06, 2015, 08:36:02 pm
Any news for 2.2 support or is this still broken?

Not yet. Pbi is the worst place to find and fix issues. It needs both Pfsense team and package developed free time to check build options,dependencies, lib dirs,etc...
Title: Re: Postfix - antispam and relay package
Post by: t.hollenbeck on February 10, 2015, 12:57:46 am
Any news for 2.2 support or is this still broken?

I have the same problem. Is there a plan, where is the bug fixed?
Title: Re: Postfix - antispam and relay package
Post by: snm777 on February 11, 2015, 03:28:44 pm
I just had a co-worker upgrade to 2.2 on a production machine and encountered this issue.  I've suggested rolling back to a snapshot, assuming he has one.  if this isn't fixed yet, does anyone have a workaround? I assume that the spool NEEDS to be owned by postfix and not root, and that changing permissions on the spool file will just make things worse?

Title: Re: Postfix - antispam and relay package
Post by: capitangiaco on February 19, 2015, 04:14:20 am
Quote

I was able to get it running by installing the standard FreeBSD package > 'pkg install Postfix' or 'pkg install postfix-tls'.

Couple things to keep in mind; this places the configuration files in a different location and therefore the webGUI tools for editing the configuration no longer work, nor do the monitoring tools as far as I can tell, in addition the pfsense pkg has Cyrus SASL compiled in so if you fix the dependencies and add the missing libraries it will allow you to forward mail through google (for example), or any server which requires such and encrypted connection, neither of the standard packages for FreeBSD have this compiled in, so it won't work.

If you need Cyrus SASL you can download the latest postfix-tls source to a FreeBSD 10.1 development machine and compile it in.

pkg install Postfix
cd /usr/local/etc/postfix
ln -fs /usr/pbi/postfix/etc/postfix/<conf files>

It seems to work!

I cannot test mailscanner cause I've trouble with php after the upgrade:
[18-Feb-2015 13:17:51 Europe/Rome] PHP Fatal error:  Cannot redeclare platform_booting() (previously declared in /etc/inc/globals.inc:168) in /etc/inc/globals.inc on line 176

function platform_booting($on_console = false) {
        global $g;
   
        if ($g['booting'] || file_exists("{$g['varrun_path']}/booting"))
                if ($on_console == false || php_sapi_name() != 'fpm-fcgi')
                        return true;
   
        return false;
}


the mailscanner pkg istallation stops itself with this error.


Giaco

Title: Re: Postfix - antispam and relay package
Post by: capitangiaco on February 19, 2015, 09:18:07 am
found this:
https://github.com/pfsense/pfsense-packages/commit/e8f9ffe9459a922375e43472d13246d3d356e60e
I am now able to remove and reinstall mailscanner.

Giaco
Title: Re: Postfix - antispam and relay package
Post by: dreadnought on March 03, 2015, 02:40:51 pm
Argh... upgraded to 2.2, postfix forwarder down in flames along with our email. Not a trivial matter.

Tried (trying?) to restore a full 2.1.5 backup and the GUI is a mess and things (including postfix forwarder) still seem broken.

Selecting OpenVPN results in:

Fatal error: Call-time pass-by-reference has been removed in /usr/local/www/vpn_openvpn_server.php on line 333

Selecting postfix forwarder results in:

Fatal error: Call-time pass-by-reference has been removed in /usr/local/www/pkg_edit.php on line 143

Main page shows 2.1.5-RELEASE (amd64) as well as the "Packages are currently being reinstalled in the background." which doesn't seem to actually mean anything.

Has anyone been successful restoring a full backup (2.1.5?) after encountering the borked postfix forwarder on 2.2?
Title: Re: Postfix - antispam and relay package
Post by: dreadnought on March 03, 2015, 02:50:52 pm
When I try to reboot our Netgate chimes as if it's going to reboot, but then this appears:

Fatal error: Call-time pass-by-reference has been removed in /etc/inc/shaper.inc on line 395

So it seems as if we can't reboot either.
Title: Re: Postfix - antispam and relay package
Post by: dreadnought on March 03, 2015, 03:05:57 pm
For the benefit of others running into this issue... rebooting and halting the system did not work, even though they triggered the reboot and halt chimes on our Netgate running pfsense. After a hard reboot (and some praying) our services, including postfix forwarder and OpenVPN, began working again under the restored 2.1.5.
Title: Re: Postfix - antispam and relay package
Post by: rbflurry on March 10, 2015, 10:21:18 am
Found out the hard way that this is intended to relay mail to an internal server and not a hosted server (host monster, Bluehost)

Because of SPF and the fact that this package cant do SRS.

Title: Re: Postfix - antispam and relay package
Post by: chris4916 on March 11, 2015, 02:53:57 am
I'm, kind of, discovering pfSense in prod  :-[
Now that I've migrated to pfSense, and although I do understand that from guru's standpoint, pfSense acts as firewall and should only be used as firewall  ;)  I would like to run some additional "embedded" services. I know this is not theoretically correct but this is however the most convenient way to provide services locally.

This said, I'm also facing issues while trying to run Postfix relay on 2.2. So, for the time being and waiting for fix, I'm not relaying but forward packets to mail server on DMZ  :-\

Unless I misunderstand the way it works, once this package will be fixed, there is one feature that will still prevent me to use it as a relay. Let me try to explain:
- for fail-over purpose, I'm relying on 2 different ISP, meaning 2 WAN, 2 IP
- I've one single domain managed by third provider. Using this provider's web interface, I'm able to customize public DNS for this domain, including MX, SPF
- each ISP permits to customize PTR

So far so good but... if I want to use pfSense Postfix relay (assuming issues with 2.2 are fixed) it will not work for some senders in case sender performs SMTP Reverse DNS control because this package doesn't permit to customize banner per listening IP from GUI.

I may find a way to customize master.cf and hard-code the right banner here for each interface but it would be nice to have this capability directly from GUI. Or is there something is misunderstand?

PS: I know that state-of-the-art implementation if I need complete fail-over would be to deploy 2 different MTA behind 2 différent FW, furthermore having each FW made of highly available pfSense using CARP.... but this is totally over-kill and I will end up with more problems due to complexity than real improved levle of service. What I would like to handle is WAN fail-over, with only one single pfSense cluster.  Does it make sense ?
Title: Re: Postfix - antispam and relay package
Post by: guyp on March 11, 2015, 03:49:36 am
Just set the PTR record for both IP address to be the same!
Title: Re: Postfix - antispam and relay package
Post by: chris4916 on March 11, 2015, 05:03:44 am
Just set the PTR record for both IP address to be the same!

This doesn't work, at least for me, and I'll try to explain why  :)

I'm relying on 3 different providers:
- two ISP owing each one of my two public IP
- another (different) provider registering my domain.

In term of DNS management, it means that I'm dealing with PTR records through interfaces provided by each ISP while I manage (public) DNS content from my domain provider's web interface.
So far so good :-) but in order to achieve what you suggest, it would means that I have to configure 2 different A records (one for each public IP) with same hostname. This can be done, although somewhat strange.
Problem is that when customizing PTR, I'm facing an issue with at least one ISP  because interface used to customize PTR checks if PTR you set matches IP address. This does make sense but as my DNS contains 2 different IPs for same hostname, it resolves this hostname (round-robin mode) with different IP thus PTR customization is not allowed.

From my standpoint, such control from ISP makes sense. It help ensuring consistency between PTR and IP/hostnames.
The right approach, unless I'm wrong, it to set up one banner per public IP.
I did it with my previous Postfix implementation using this syntax:
Code: [Select]
1.1.1.1:smtp  inet  n  - - - -  smtpd -o myhostname=host1.domain.com
2.2.2.2:smtp  inet  n  - - - -  smtpd -o myhostname=host2.domain.com


This obviously works as expected ;D

Then I do realize that I'm total pfSense noob: I still don't know how to customize master.cf so that content is not erased when configuration is changed using GUI  :-[
On top of that, I need to improve my understanding of postscreen => smtpd is then listening on local port only isn't it?
Title: Re: Postfix - antispam and relay package
Post by: chris4916 on March 11, 2015, 10:28:08 am
Replying to myself  ;D but hopping it may help other users:

For what I understand, having spent some time reading Postfix and postscreen documentation, unless it can be significantly customized, Postfix forwarder package will not fit with what I'm trying to achieve.  It would mean, for each external interface, one postscreen line in master.cf passing to one smtpd defined with its own mailhost and banner.
Nothing really complex from Postfix standpoint but definitely not the way it works for the time being, even aside 2.2 related bugs.

Something like:

Code: [Select]
1.1.1.1:smtp    inet  n       -       n       -       1       postscreen
        -o smtpd_service_name=smtpd1
        -o postscreen_greet_banner=whatever......
        -o user=postfix
        -o soft_bounce=yes
smtpd1     pass  -       -       n       -       -       smtpd
        -o myhostname=host1.domain.com
        -o smtpd_banner=host1.domain.com-xxxxxx
2.2.2.2:smtp    inet  n       -       n       -       1       postscreen
        -o smtpd_service_name=smtpd2
        -o postscreen_greet_banner=whatever2......
        -o user=postfix
        -o soft_bounce=yes
smtpd2     pass  -       -       n       -       -       smtpd
        -o myhostname=host2.domain.com
        -o smtpd_banner=host2.domain.com-xxxxxx
Title: Re: Postfix - antispam and relay package
Post by: hcoin on March 12, 2015, 01:32:17 am
Two pf machines reverted to 2.1.5 after all + postfix upgraded to 2.2  Postfix failed in exactly the fashion mentioned in #525 this thread.  Running in two KVM VM's 64 bit.

Was this ever tested before the release?   Did it ever work?  What configurations were tested that worked?  I waited to upgrade only a few days ago, thought it would be all good.. but not so much.  No emails forwarded whatever.



Title: Re: Postfix - antispam and relay package
Post by: bensons on March 13, 2015, 09:44:06 am
I also faced the postfix issue described after upgrading to 2.2

Code: [Select]
Mar 13 13:24:12 postfix/master[19564]: warning: process /usr/local/libexec/postfix/qmgr pid 11100 exit status 1
Mar 13 13:24:12 postfix/master[19564]: warning: /usr/local/libexec/postfix/qmgr: bad command startup -- throttling
Mar 13 13:24:12 postfix/master[19564]: warning: process /usr/local/libexec/postfix/pickup pid 11315 exit status 1
Mar 13 13:24:12 postfix/master[19564]: warning: /usr/local/libexec/postfix/pickup: bad command startup -- throttling

Reason is, pickup can't find libspf2.so.2
Code: [Select]
76972: 0.012799723 access("/lib/libspf2.so.2",0) ERR#2 'No such file or directory'
76972: 0.012872347 access("/usr/lib/libspf2.so.2",0) ERR#2 'No such file or directory'
19564: 28.015840537 wait4(-1,{ EXITED,val=1 },WNOHANG,0x0) = 77346 (0x12e22)
76972: 0.012977425 write(2,"Shared object "libspf2.so.2" not found, required by "pickup"",60) = 60 (0x3c)

The package ships with this library, but the linker does'nt seem to pick it up. In any case since this was not the only issue after the upgrade to 2.2 and I was pretty annoyed, here is just a very bad and ugly hack around that.

Login to the firewall
Code: [Select]
# cd /usr/local/lib
# ln -s /usr/pbi/postfix-amd64/local/lib/libspf2.so.2

Hope this helps.
Title: Re: Postfix - antispam and relay package
Post by: dreadnought on March 14, 2015, 12:30:36 pm
<snip> In any case since this was not the only issue after the upgrade to 2.2 and I was pretty annoyed, here is just a very bad and ugly hack around that.

Does anyone know what the status of a new release is with major issues like the broken postfix forwarder addressed?
Title: Re: Postfix - antispam and relay package
Post by: doktornotor on March 14, 2015, 01:26:34 pm
Does anyone know what the status of a new release is with major issues like the broken postfix forwarder addressed?

Completely orthogonal, I'd say :P
Title: Re: Postfix - antispam and relay package
Post by: PixelPL on March 18, 2015, 07:35:18 am
Hi.  It is possible to save contents message to hard disk ? I have pfsense 2.1.5 and postfix services.
Title: Re: Postfix - antispam and relay package
Post by: doktornotor on March 18, 2015, 07:43:06 am
Hi.  It is possible to save contents message to hard disk ? I have pfsense 2.1.5 and postfix services.

NO! This is a firewall, not a mailserver. And the package is a relay.
Title: Re: Postfix - antispam and relay package
Post by: dudi on March 22, 2015, 01:34:39 pm
I am almost a newbie on PFsense. Nice project. Thanks!
My patrorm is an old VMware ESXi. Will the Postfix package be able to install on PFsense 2.2.1 as is and could it route to more than one internal mail host? Can I also use the MailScanner package with Postfix and PFsense 2.2.1?
Title: Re: Postfix - antispam and relay package
Post by: The Dave on March 23, 2015, 01:44:22 am
Unfortunately it's currently broken. This is one of the ongoing issues with pfSense, while the base/core functionality works well, you really can't rely on packages as packages tend to get abandoned and left in broken states on a moderately frequent basis.

You can work around the issue as discussed in this thread, but if you do, you may find that future updates of the package break due to the workaround, leaving you a larger mess to resolve, so given the amount of time it has been since this package was functional, I'd suggest installing postfix on another server and port-forwarding as needed. Your mileage may vary.
Title: Re: Postfix - antispam and relay package
Post by: chris4916 on March 23, 2015, 03:38:33 am
Unfortunately it's currently broken. .../... I'd suggest installing postfix on another server and port-forwarding as needed.

+1

That's pretty clear and obvious.
What is somewhat frustrating is that such comment and conclusion should come from pfSense.
It would be much easier to have pfSense interface not allowing any additional package as package support and reliability is at least questionable rather than having pfSense allowing to install it easily in a way that could make some people thinking that packages are fully part of pfSense  :-\
Title: Re: Postfix - antispam and relay package
Post by: dudi on March 23, 2015, 12:56:15 pm
I installed postfix and mailscanner and then uninstalled them. Does this cause any problems in the future?
Title: Re: Postfix - antispam and relay package
Post by: BBcan177 on March 23, 2015, 01:18:36 pm
I agree that package support is not always the greatest, but you also have to understand that Developers of these packages do it on their own free time and usually without any monetary gain. There are just a handful of Developers that I see maintaining packages at this time.

Its the fact in "Open Source" where a handful code and the balance profit from their work.

Suggestions -

1) Support pfSense with a Gold Subscription
2) Post bug reports that have enough detail for a Dev to be able to reproduce.
3) Take the time to help Test Packages as no Dev can see all possible conditions by himself. Each network is different. So participation is really key.
4) Support the Devs in other ways to keep them interested to maintain and upgrade their package(s) at each version change of pfSense.

Also realize that the Devs are planning on changing PHP to Python in v3.0.  What does this mean? Well, a lot of work for the Developers to re-code all of their work and/or the work of the previous maintainer.

And I don't mean to say this in any Negative way.. we all love to use pfSense and for myself, I try to contribute in as many ways as I can, as that commitment is returned back to me in other ways. Lets keep pfSense Strong!

My 2 Cents!
Title: Re: Postfix - antispam and relay package
Post by: doktornotor on March 23, 2015, 01:28:45 pm
As I noted elsewhere, the PBI disaster does not help either; no surprise people are not exactly keen to maintain the packages.
Title: Re: Postfix - antispam and relay package
Post by: hcoin on March 23, 2015, 02:37:28 pm
Could someone give a link or otherwise explain "the PBI disaster" as it relates to pfsense (mentioned upstream)?

The glowing PR of PBI explains that it's 'fully automatic' -- except for the custom pre-remove and post-install scripts that are, as it explains, 'sometimes necessary'.  So, 'mostly fully automatic' would have been better.

Title: Re: Postfix - antispam and relay package
Post by: doktornotor on March 23, 2015, 02:43:17 pm
The thing is utterly broken. It produces whacky hardlinks to non-existent libraries because it seems to pick up dead symlinks instead (tons of packages after 2.2 was released), it is unable to find the libraries it itself ships with the package (recently sudo with 2.2.1 upgrade), and in general is just a nightmare for packaging. BSD does not exactly excel in the package managers department, but I have never seen such broken packaging format like PBI. Self-contain my ass. In general "works" like the DLL hell on Windows.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on March 23, 2015, 02:48:41 pm
The only workaround I found for this is


The main postfix binary works fine but all other sub process it starts die with missing libs.

I don't know if writing a guide to use pkg ng will help or add a lot of extra problems.

Title: Re: Postfix - antispam and relay package
Post by: chris4916 on March 23, 2015, 03:05:57 pm
I agree that package support is not always the greatest, but you also have to understand that Developers of these packages do it on their own free time and usually without any monetary gain. There are just a handful of Developers that I see maintaining packages at this time.

This is crystal clear and I fully share your comment.
I'm not blaming anyone and especially not those trying to develop packages and making it available to the community  :-[
However it has tons of negative side effect with potential users not understanding that "package" is not "pfSense", especially, and this is my main point, because communication from pfSense or from NetGate or even from gurus here doesn't state this clearly enough, from my own standpoint   ;)
Title: Re: Postfix - antispam and relay package
Post by: mwp821 on April 10, 2015, 08:17:01 pm
Code: [Select]
# cd /usr/local/lib
# ln -s /usr/pbi/postfix-amd64/local/lib/libspf2.so.2

Also:

Code: [Select]
ln -s /usr/pbi/postfix-amd64/local/lib/libsasl2.so.3
ln -s /usr/pbi/postfix-amd64/local/lib/libpcre.so.3
Title: Re: Postfix - antispam and relay package
Post by: mwp821 on April 10, 2015, 09:45:23 pm
I have been going a little nuts trying to get a simple mail relay (smart host) up and running for my local subnet, which is just about the easiest thing to do in Postfix. I was getting stuck on error messages such as "no mechanism available" and "No worthy mechs found" trying to authenticate against my ISP's relay.

In addition to linking libspf2, libpcre, and libsasl2 from /usr/pbi/postfix-amd64/local/lib, you also need to link the mechanism libraries found in /usr/pbi/postfix-amd64/local/lib/sasl2. If I knew more about FreeBSD, I would suggest updating ld.so.conf with these paths or setting a LD_LIBRARY_PATH in the environment instead of creating symlinks all over the filesystem. Alternatively, you can just install the required libraries directly from FreeBSD, which is what I did, with the following command:

Code: [Select]
pkg install libspf2 pcre cyrus-sasl

Restart Postfix Forwarder in the webConfigurator and you should be good to go. I've been using System > Advanced > Notifications > Test SMTP to test it. Make sure to set your email server to localhost, port to 25, From (e.g. admin@yourhost.example.com), Notification (e.g. your personal email address), and leave everything else blank/default.

Here's my "custom main.cf options" (for the time being, I'm going to try to lock it down and enable TLS now that I've got it working):

Code: [Select]
relayhost = [smtp.comcast.net]:587
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd

UPDATE: TLS was pretty easy to turn on (following the pfSense documentation (https://doc.pfsense.org/index.php/Postfix#TLS_Config)) after solving the above issues. Here's my final config:

Code: [Select]
relayhost = [smtp.comcast.net]:587
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous, noplaintext
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
smtp_tls_security_level = secure
smtp_tls_CAfile = /etc/ssl/cert.pem
smtp_tls_loglevel = 1

Code: [Select]
Apr 11 20:15:06 cerberus postfix/smtp[13917]: Verified TLS connection established to smtp.comcast.net[68.87.20.6]:587: TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits)

See the screenshots for the rest of my "smart host" configuration. The most important part is to set it to "Listen on" loopback and your LAN interface(s), and to set MyNetworks in Access Lists to the loopback subnet and your local subnet(s). I also dumbed down the antispam settings but I'm not sure if is necessary; SMTP clients in MyNetworks might not be subject to antispam rules.

UPDATE 2: The update from 2.2.1 to 2.2.2 blew away my sasl_passwd file (I uninstalled all my packages before the update and reinstalled everything afterwards), but that was easy enough to regenerate. I moved it to /etc/postfix to prevent it from happening in the future. Everything else seems to still work fine (except for the known sqlite2/3 issue).
Title: Re: Postfix - antispam and relay package
Post by: MadCatZA on June 03, 2015, 09:27:32 am
Hello. Am I understanding correctly, this package is not working?
Title: Re: Postfix - antispam and relay package
Post by: yarick123 on June 03, 2015, 10:47:30 am
MadCatZA,

from my experience with the package, it works only on pfSense Version 2.1.5 or older. As far as I remember, the author has written in this forum about it.

Regards
yarick123
Title: Re: Postfix - antispam and relay package
Post by: MadCatZA on June 03, 2015, 10:52:04 am
MadCatZA,

from my experience with the package, it works only on pfSense Version 2.1.5 or older. As far as I remember, the author has written in this forum about it.

Regards
yarick123

Appreciated, I have setup a 2.1.5 box and indeed it is working as compared to 2.2.2 which is not without manual modifications. What a shame :(
Title: Re: Postfix - antispam and relay package
Post by: azekiel on June 18, 2015, 11:22:58 am
any change to update to postfix 2.11 without waiting for pfsense 2.3?
I want to implement dnssec and dane...

//edit: mah... openssl 0.9.8 is a bummer, too.
Title: Re: Postfix - antispam and relay package
Post by: MadCatZA on June 23, 2015, 01:01:36 pm
Any news on a fix for this?
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on June 23, 2015, 02:41:01 pm
The author of this package said, maybe it will fixed in pfSense version 2.3 with pkgng.

https://redmine.pfsense.org/projects/pfsense/roadmap#2.3

So don't hold you breath, it can take some time...
Title: Re: Postfix - antispam and relay package
Post by: azekiel on June 23, 2015, 03:12:11 pm
it's pretty easy to get it running with the current version without the sqlite/db thing... just search through the forum.
Title: Re: Postfix - antispam and relay package
Post by: SisterOfMercy on July 02, 2015, 07:00:33 pm
Uhhh, if this package is broken, why is it still listed in pfSense 2.2?

My pfSense shows this:
Postfix Forwarder    Release 2.4.2   
platform: 2.2     2.2.999

Or is this some automatic thing, with the 2.2.999 meaning it has not been officially tested?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on July 21, 2015, 04:01:36 pm
The only workaround I found for this is

  • install package from pfsense gui
  • go to console, remove pbi packages(not the gui)
  • Install postfix package via pkg ng

The main postfix binary works fine but all other sub process it starts die with missing libs.

I don't know if writing a guide to use pkg ng will help or add a lot of extra problems.

The main problem with this(and many others) package is that pbi messes up bin and lib location. I have the gui fixed for sqlite2 /sqlite3 but for now, just removing pbi and installing postfix pkg will keep postfix working on 2.2
If I push the gui fix for 2.2 on github, it will broke package gui on 2.1
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on July 23, 2015, 07:42:18 am
To get postfix working on pfSense 2.2, follow these steps:

Remember, do it at your own risk  ;)

Code: [Select]
fetch -o /usr/local/www/postfix.php http://e-sac.siteseguro.ws/px22/postfix.txt
fetch -o /usr/local/www/widgets/widgets/postfix.widget.php http://e-sac.siteseguro.ws/px22/postfix.widget.txt
pbi_delete postfix-2.11.3_2-amd64
rm -rf /usr/pbi/bin/libexec/postfix
rm -rf /usr/local/etc/postfix
rm -rf /var/spool/postfix
rm -rf /var/mail/postfix
rm -rf /var/db/postfix
pkg install postfix libspf2

fix postfix.inc file with this patch via system patcher package

add this patch via package system patcher

description:postfix_inc
patch:
Code: [Select]
--- postfix.orig.inc 2015-08-18 08:15:00.000000000 +0000
+++ postfix.inc  2015-08-18 08:18:10.000000000 +0000
@@ -36,11 +36,11 @@
 require_once("globals.inc");

 $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
-if ($pfs_version == "2.1" || $pfs_version == "2.2") {
-       define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m"));
-} else {
+//if ($pfs_version == "2.1" || $pfs_version == "2.2") {
+//     define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m"));
+//} else {
        define('POSTFIX_LOCALBASE','/usr/local');
-}
+//}

 $uname=posix_uname();
 if ($uname['machine']=='amd64')
directory:/usr/local/pkg/
Title: Postfix - antispam and relay package
Post by: Márcio Machado on August 03, 2015, 02:51:10 pm
Hello,
What is the stable version of pfSense where Postfix Forwarder works perfectly?

I'm tryna the pfSense 2.2.4-RELEASE (amd64) with Postfix 2.4.2 Forwarder, but not this cool not.

Hugs.
Title: Re: Postfix - antispam and relay package
Post by: azekiel on August 03, 2015, 03:15:06 pm
look at the post above yours...
Title: Postfix - antispam and relay package
Post by: Márcio Machado on August 03, 2015, 03:24:47 pm
Hello,
I saw it, I do not want is to have to do this!
What version of pfsense and postfix stable so I do not have to do what Marcello recommend?
Grateful.
Title: Re: Postfix - antispam and relay package
Post by: azekiel on August 03, 2015, 03:25:36 pm
2.1

but you can savely do that.
Title: Re: Postfix - antispam and relay package
Post by: kalessin on August 06, 2015, 10:37:14 am
The only workaround I found for this is

  • install package from pfsense gui
  • go to console, remove pbi packages(not the gui)
  • Install postfix package via pkg ng

The main postfix binary works fine but all other sub process it starts die with missing libs.

I don't know if writing a guide to use pkg ng will help or add a lot of extra problems.

The main problem with this(and many others) package is that pbi messes up bin and lib location. I have the gui fixed for sqlite2 /sqlite3 but for now, just removing pbi and installing postfix pkg will keep postfix working on 2.2
If I push the gui fix for 2.2 on github, it will broke package gui on 2.1

first of all, great work =)

 so... 2.1 is old/out of production already, right? 
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on August 06, 2015, 04:33:40 pm
so... 2.1 is old/out of production already, right?

pfsense 2.1, yes but the package is working on both(2.1 normal install and on 2.2 with the fix above).
Title: Re: Postfix - antispam and relay package
Post by: SanderKam on August 06, 2015, 06:45:09 pm
pfsense 2.1, yes but the package is working on both(2.1 normal install and on 2.2 with the fix above).
Marcelloc, why not to make on the contrary - on pfsense 2.2  normal install, and on pfsense 2.1 with the fix?
It will move more people to update to version 2.2
Title: Re: Postfix - antispam and relay package
Post by: doktornotor on August 07, 2015, 01:02:13 pm
Marcelloc, why not to make on the contrary - on pfsense 2.2  normal install, and on pfsense 2.1 with the fix?
It will move more people to update to version 2.2

(http://images.sodahead.com/polls/002798199/50256458_cute_cat_laughing_answer_1_xlarge.jpeg)
Title: Re: Postfix - antispam and relay package
Post by: MadCatZA on August 13, 2015, 01:36:07 pm
To get postfix working on pfSense 2.2, follow these steps:

Remember, do it at your own risk  ;)

Code: [Select]
fetch -o /usr/local/www/postfix.php http://e-sac.siteseguro.ws/px22/postfix.txt
fetch -o /usr/local/www/widgets/widgets/postfix.widget.php http://e-sac.siteseguro.ws/px22/postfix.widget.txt
pbi_delete postfix-2.11.3_2-amd64
rm -f /usr/pbi/bin/libexec/postfix
rm -f /usr/local/etc/postfix
rm -f /var/spool/postfix
rm -f /var/mail/postfix
rm -f /var/db/postfix
pkg install postfix

I tried the above in 2.2.4 but I had no luck. Can anybody confirm this is working in the latest version of pfSense?
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on August 13, 2015, 07:29:26 pm
Yes, it's working for sure.

Do not forget to install the package via gui before the steps above...
Title: Re: Postfix - antispam and relay package
Post by: akong on August 13, 2015, 10:26:32 pm
Hello,I follow step to remove old postfix.
Quote
fetch -o /usr/local/www/postfix.php http://e-sac.siteseguro.ws/px22/postfix.txt
fetch -o /usr/local/www/widgets/widgets/postfix.widget.php http://e-sac.siteseguro.ws/px22/postfix.widget.txt
pbi_delete postfix-2.11.3_2-amd64
rm -f /usr/pbi/bin/libexec/postfix
rm -f /usr/local/etc/postfix
rm -f /var/spool/postfix
rm -f /var/mail/postfix
rm -f /var/db/postfix
pkg install postfix
And reinstall postfix and postfix forwarder.
The same settings but it's will show relay access denied when mail incoming.
How to fix it?
Title: Re: Postfix - antispam and relay package
Post by: akong on August 14, 2015, 02:38:55 am
Sorry,
I have fix it.It's installed postfix forward and download two file and replace it.It's all ok.
Title: Re: Postfix - antispam and relay package
Post by: foetus on August 19, 2015, 04:13:49 am
Tried the steps.

installed package by gui.
removed folders and pbi as posted by marcelloc.
installed package from console pkg.

Saved every config page to avoid errors.
starting service fails :

Aug 19 11:10:35 php-fpm[24346]: /pkg_edit.php: The command '/usr/pbi/postfix-amd64/sbin/postmap /usr/pbi/postfix-amd64/etc/postfix/sender_access' returned exit code '127', the output was '/usr/pbi/postfix-amd64/sbin/postmap: not found'
Aug 19 11:10:35 php-fpm[24346]: /pkg_edit.php: The command '/usr/pbi/postfix-amd64/sbin/postmap /usr/pbi/postfix-amd64/etc/postfix/transport' returned exit code '127', the output was '/usr/pbi/postfix-amd64/sbin/postmap: not found'

What am I missing? Tried this on 2 systems, it looks like I really am missing a step here.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on August 19, 2015, 01:12:12 pm
Reposting update guide for pfsense 2.2.x only:

Install package via gui
execute code below via console/ssh
Code: [Select]
fetch -o /usr/local/www/postfix.php http://e-sac.siteseguro.ws/px22/postfix.txt
fetch -o /usr/local/www/widgets/widgets/postfix.widget.php http://e-sac.siteseguro.ws/px22/postfix.widget.txt
pbi_delete postfix-2.11.3_2-amd64
rm -rf /usr/pbi/bin/libexec/postfix
rm -rf /usr/local/etc/postfix
rm -rf /var/spool/postfix
rm -rf /var/mail/postfix
rm -rf /var/db/postfix
pkg install postfix libspf2



fix postfix.inc file with this patch via system patcher package

add this patch via package system patcher

description:postfix_inc
patch:
Code: [Select]
--- postfix.orig.inc 2015-08-18 08:15:00.000000000 +0000
+++ postfix.inc  2015-08-18 08:18:10.000000000 +0000
@@ -36,11 +36,11 @@
 require_once("globals.inc");

 $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
-if ($pfs_version == "2.1" || $pfs_version == "2.2") {
-       define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m"));
-} else {
+//if ($pfs_version == "2.1" || $pfs_version == "2.2") {
+//     define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m"));
+//} else {
        define('POSTFIX_LOCALBASE','/usr/local');
-}
+//}

 $uname=posix_uname();
 if ($uname['machine']=='amd64')
directory:/usr/local/pkg/
Title: Re: Postfix - antispam and relay package
Post by: hcoin on August 23, 2015, 11:42:23 am
Marcel,

Since the changes required to be compatible with 2.2 for non-trivial packages break compatibility with previous releases, kindly consider creating a new entry in the list of available packages for the postifx 2.2 + versions, then add a note to the 2.1- package to switch to the new one when upgrading. 

Of course, as always, easier to ask than to do.   Thanks for your efforts!

Title: Re: Postfix - antispam and relay package
Post by: marcelloc on August 23, 2015, 12:03:25 pm
it will on Pfsense 2.3 when pbi will not be used to package binaries.
Title: Re: Postfix - antispam and relay package
Post by: ccnet on August 27, 2015, 11:44:59 am
For purpose of testing, i have installed the package on a dédicated Pfsense (this mean : not my firewall). This package seems to be a geat job.
Today my "production" smtp relays are manuelly maintened. I decided to test this package.
First surprise is main.cf generated par the GUI.

Code: [Select]
# Allow connections from specified local clients and strong check everybody else.
smtpd_client_restrictions = permit_mynetworks,
reject_unauth_destination,
check_client_access pcre:/usr/pbi/postfix-amd64/etc/postfix/cal_pcre,
check_client_access cidr:/usr/pbi/postfix-amd64/etc/postfix/cal_cidr,
reject_unknown_client_hostname,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit

smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination,
reject_unauth_pipelining,
check_client_access pcre:/usr/pbi/postfix-amd64/etc/postfix/cal_pcre,
check_client_access cidr:/usr/pbi/postfix-amd64/etc/postfix/cal_cidr,
check_sender_access hash:/usr/pbi/postfix-amd64/etc/postfix/sender_access,
reject_non_fqdn_helo_hostname,
reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
reject_multi_recipient_bounce,
reject_unverified_recipient,
reject_spf_invalid_sender,
permit
Two times "smtpd_recipient_restrictions".
I also notice in the GUI, there is no way for a flat list for clients restriction.
And sender access list is use with smtpd_sender_restrictions.

At this time (others smtp Postfix relay), i manage 3 differents flat lists for :
smtpd_client_restrictions
smtpd_hello_restrictions
smtpd_sender_restrictions

There is also specifics lists for cidr and PCRE.

Pfsense 2.1.5 and last version of package. Something wrong with my setup.

So i'm a little bit confused the way main.cf is generated from the GUI. Even if I know Postfix can use each list in many restrictions.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on August 27, 2015, 02:21:44 pm
Two times "smtpd_recipient_restrictions".

Are you sure, the post shows smtpd_client_restrictions and smtpd_recipient_restrictions

Pfsense 2.1.5 and last version of package. Something wrong with my setup.

Better using on 2.2 with manual fixes above.

So i'm a little bit confused the way main.cf is generated from the GUI. Even if I know Postfix can use each list in many restrictions.
Can you explain it better? You mean you know a better config setup to implement on this package?
Title: Re: Postfix - antispam and relay package
Post by: foetus on August 29, 2015, 11:21:47 am
Having an issue.

Since I cannot seem to install the LDAP plugin in any way or form (or even find it somewhere..) I can not get a link to Exchange to import a list of valid e-mail accounts.
Is there a way to edit Postfix (used in combination with mailscanner) to allow all e-mail accounts from a domain?

This is not used as an internal relay, just external anti-spam checking.

yes, I know this lowers the security quit a bit. But having everything blocked now with the same recipient error is the other side of the coin.


I really would just like to the the LDAP connection working. But installing the pkg like by the manual gives an error it cannot be found. And I cannot seem to source it anywhere else.
Did anyone manage to install it somehow?

2.1.5 x64 setup.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on August 31, 2015, 10:08:01 am
Having an issue.

Since I cannot seem to install the LDAP plugin in any way or form

Did you tried
Code: [Select]
pkg add p5-perl-ldap ?
Title: Re: Postfix - antispam and relay package
Post by: foetus on September 01, 2015, 02:41:46 am
Code: [Select]
pkg_add pR5-perl-ldap
pkg_add: can't stat package file "pR5-perl-ldap"

that or cannot find package.

Tried your private hosted version from 2012. gives more errors then someone dyslexic quoting Nietzsche.
Title: Re: Postfix - antispam and relay package
Post by: doktornotor on September 01, 2015, 02:47:16 am
Yeah, perhaps you could fix your copy/paste skills. Noone told you to install nonsense like pR5-perl-ldap.
Title: Re: Postfix - antispam and relay package
Post by: mayk on September 08, 2015, 07:56:43 am
Reposting update guide for pfsense 2.2.x only:

Install package via gui
execute code below via console/ssh
Code: [Select]
fetch -o /usr/local/www/postfix.php http://e-sac.siteseguro.ws/px22/postfix.txt
fetch -o /usr/local/www/widgets/widgets/postfix.widget.php http://e-sac.siteseguro.ws/px22/postfix.widget.txt
pbi_delete postfix-2.11.3_2-amd64
rm -f /usr/pbi/bin/libexec/postfix
rm -f /usr/local/etc/postfix
rm -f /var/spool/postfix
rm -f /var/mail/postfix
rm -f /var/db/postfix
pkg install postfix


fix postfix.inc file with this patch via system patcher package

add this patch via package system patcher

description:postfix_inc
patch:
Code: [Select]
--- postfix.orig.inc 2015-08-18 08:15:00.000000000 +0000
+++ postfix.inc  2015-08-18 08:18:10.000000000 +0000
@@ -36,11 +36,11 @@
 require_once("globals.inc");

 $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
-if ($pfs_version == "2.1" || $pfs_version == "2.2") {
-       define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m"));
-} else {
+//if ($pfs_version == "2.1" || $pfs_version == "2.2") {
+//     define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m"));
+//} else {
        define('POSTFIX_LOCALBASE','/usr/local');
-}
+//}

 $uname=posix_uname();
 if ($uname['machine']=='amd64')
directory:/usr/local/pkg/

Hi,

thank you for the manual fix. I have tried several times , believing i screwed up somewhere, but still no white smoke .   The error messages stay the same.
Does anyone have more suggestions in this ?  The setup is a carp unit, with a 2.1.4 install upgraded to 2.1.5 and now jumped to 2.2.4 .

Thank you in advance..
Title: Re: Postfix - antispam and relay package
Post by: jazzl0ver on October 29, 2015, 07:13:37 am
Hi.

In case someone needs to specify a port in domain forwarding, here is a patch for /usr/local/pkg/postfix.inc:
Code: [Select]
--- postfix.inc.org     2015-10-29 13:59:12.000000000 +0300
+++ postfix.inc 2015-10-29 14:19:36.000000000 +0300
@@ -263,10 +263,17 @@
        if (is_array($postfix_domains['row'])) {
                foreach ($postfix_domains['row'] as $postfix_row) {
                        $relay_domains .= ' ' . $postfix_row['domain'];
-                       if (!empty($postfix_row['mailserverip']))
-                               $transport .= $postfix_row['domain'] . " smtp:[" . $postfix_row['mailserverip'] . "]\n";
+                       if (!empty($postfix_row['mailserverip'])) {
+                               if (strrpos($postfix_row['mailserverip'], ":") === false) {
+                                       $transport .= $postfix_row['domain'] . " smtp:[" . $postfix_row['mailserverip'] . "]\n";
+                               }
+                               else {
+                                       list($t_ip, $t_port) = explode(":", $postfix_row['mailserverip']);
+                                       $transport .= $postfix_row['domain'] . " smtp:[" . $t_ip . "]:" . "$t_port\n";
                                }
                        }
+               }
+       }
        #check cron
        check_cron();
        #check logging
@@ -787,8 +794,15 @@
                } else if (substr($key, 0, 12) == "mailserverip" && is_numeric(substr($key, 12))) {
                        if (empty($post['domain' . substr($key, 12)]))
                                $input_errors[] = "Domain for {$value} cannot be blank.";
-                       if (!is_ipaddr($value) && !is_hostname($value))
-                               $input_errors[] = "{$value} is not a valid IP address or host name.";
+                       if (strrpos($value, ":") === false) {
+                               if (!is_ipaddr($value) && !is_hostname($value))
+                                       $input_errors[] = "{$value} is not a valid IP address or host name.";
+                       }
+                       else {
+                               list($t_ip, $t_port) = explode(":", $value);
+                               if (!is_ipaddr($t_ip) && !is_hostname($t_ip))
+                                       $input_errors[] = "{$value} is not a valid IP address or host name.";
+                       }
                }
        }
 }

(http://pfsense_postfix_transport_patch.png)
Title: Re: Postfix - antispam and relay package
Post by: trinidadrancheria on November 04, 2015, 04:59:43 pm
We are running Postfix with the patches and all seems to be fine... HOWEVER, we seem to be seeing a couple of issues...

1: I see no way of using DNS block lists like dbl.spamhaus.org (which only accept domain names, not IP addresses).
I have tried adding the option smtpd_client_restrictions=reject_rhsbl_client dbl.spamhaus.org on the general page under custom main.cf options. When I add it, I get a lot of log entries about it replacing existing smtpd_client_restrictions=reject_rhsbl_client lines.
Does not seem to work.
Suggestion: I notice you are parsing for the "," when you are saving the list to the reject_rbl_client directive. Can you add something to parse for another character like ":DNS" to put the entry in the reject_rhsbl_client directive?
Or even add a box on the antispam page for DNS Block lists?

2: We have some custom ACL headers that we scan for like /^From:.*@*.download/ REJECT that seem to work great, but once in a while a couple of the messages get through :P Ideas?

3: On the Access list page Helo box, no matter what we put there it does not reject. Like trying to block the .download domain from even getting past the helo.
It would be REAL nice to be able to drop the connection from a .download domain at the Helo step rather that what is happening now: Its ran through the bloc lists, then finally rejected by the sender address in the from field. A lot of wasted time for messages from a server that will be dropped anyway :P


Thanks in advance!
Title: Re: Postfix - antispam and relay package
Post by: biggsy on November 04, 2015, 08:26:44 pm

1: I see no way of using DNS block lists like dbl.spamhaus.org (which only accept domain names, not IP addresses).
I have tried adding the option smtpd_client_restrictions=reject_rhsbl_client dbl.spamhaus.org on the general page under custom main.cf options. When I add it, I get a lot of log entries about it replacing existing smtpd_client_restrictions=reject_rhsbl_client lines.
Does not seem to work.


Have you tried using zen.spamhaus.org in the RBL server list?  That seems to work well with IP addresses:

Code: [Select]
postfix/postscreen[83574]: CONNECT from [193.189.117.147]:29103 to [127.0.0.1]:25
postfix/dnsblog[84018]: addr 193.189.117.147 listed by domain zen.spamhaus.org as 127.0.0.4
postfix/dnsblog[84018]: addr 193.189.117.147 listed by domain zen.spamhaus.org as 127.0.0.2
postfix/postscreen[83574]: DNSBL rank 2 for [193.189.117.147]:29103
postfix/postscreen[83574]: HANGUP after 1.1 from [193.189.117.147]:29103 in tests after SMTP handshake
postfix/postscreen[83574]: DISCONNECT [193.189.117.147]:29103
Title: Re: Postfix - antispam and relay package
Post by: trinidadrancheria on November 05, 2015, 10:47:07 am

1: I see no way of using DNS block lists like dbl.spamhaus.org (which only accept domain names, not IP addresses).
I have tried adding the option smtpd_client_restrictions=reject_rhsbl_client dbl.spamhaus.org on the general page under custom main.cf options. When I add it, I get a lot of log entries about it replacing existing smtpd_client_restrictions=reject_rhsbl_client lines.
Does not seem to work.


Have you tried using zen.spamhaus.org in the RBL server list?  That seems to work well with IP addresses:

Code: [Select]
postfix/postscreen[83574]: CONNECT from [193.189.117.147]:29103 to [127.0.0.1]:25
postfix/dnsblog[84018]: addr 193.189.117.147 listed by domain zen.spamhaus.org as 127.0.0.4
postfix/dnsblog[84018]: addr 193.189.117.147 listed by domain zen.spamhaus.org as 127.0.0.2
postfix/postscreen[83574]: DNSBL rank 2 for [193.189.117.147]:29103
postfix/postscreen[83574]: HANGUP after 1.1 from [193.189.117.147]:29103 in tests after SMTP handshake
postfix/postscreen[83574]: DISCONNECT [193.189.117.147]:29103

Yes, I am using Zen. It is an IP address based list. It only accepts IP addresses as it should, and works fine. The Evil Nasty spammers and malware sites like to move around a lot to try and beat the ip based block lists.
The lists that I want to use are based on their domains. They only accept domain names not IP addresses. Many of the best lists are switching to domain based for better blocking.
Title: Re: Postfix - antispam and relay package
Post by: biggsy on November 06, 2015, 04:12:02 am
Sorry, I completely misread that first line in your post. :-[

I think you'll have to modify your main.cf and restart postfix manually to make that work.  Unfortunately, the change will be over-written next time you save your config from the GUI.

Title: Re: Postfix - antispam and relay package
Post by: Bismarck on November 06, 2015, 08:22:43 am
@trinidadrancheria

1. You need to manually edit /usr/local/pkg/postfix.inc this will keep your changes after a postfix reload but needs to be re edited after a package update. eg.:
Quote
...
smtpd_helo_restrictions = check_helo_access pcre:{$pf_dir}/etc/postfix/helo_check,
            reject_unknown_helo_hostname,
            reject_invalid_helo_hostname,
            reject_non_fqdn_helo_hostname,
            reject_rhsbl_helo hostkarma.junkemailfilter.com=127.0.0.2,
                 reject_rhsbl_helo dbl.spamhaus.org,
            permit
...
...
smtpd_sender_restrictions = reject_non_fqdn_sender,
            reject_unknown_sender_domain,
            reject_unauth_pipelining,
            reject_multi_recipient_bounce,
                 reject_rhsbl_sender dbl.spamhaus.org, 
            permit
...
...
smtpd_client_restrictions = permit_mynetworks,
            reject_unauth_destination,
            check_client_access pcre:{$pf_dir}/etc/postfix/cal_pcre,
            check_client_access cidr:{$pf_dir}/etc/postfix/cal_cidr,
            reject_unknown_client_hostname,
            reject_unauth_pipelining,
            reject_multi_recipient_bounce,
            reject_rhsbl_reverse_client hostkarma.junkemailfilter.com=127.0.0.2,
            reject_rhsbl_reverse_client dbl.spamhaus.org,
            permit                     
...
   
And I guess this is highly ineffective, since Postscreen and RBL server List already reject almost everything and its safer, because you can combine as many rbl lists you like.

http://www.postfix.org/SMTPD_ACCESS_README.html

http://www.postfix.org/POSTSCREEN_README.html

2. You missing a dot before the asterisk and add always a comment to the REJECT, easier to identify false/positives:
Quote
/^From:.*@.*.download/ REJECT Spam Rule #20191

3. see 1. & 2.

Here a few commands to check your postfix rules if they match:
Quote
postmap -q - regexp:/usr/pbi/postfix-amd64/etc/postfix/body_check < /root/mail.txt

postmap -q - regexp:/usr/pbi/postfix-amd64/etc/postfix/header_check < /root/mail.txt

postmap -q - regexp:/usr/pbi/postfix-amd64/etc/postfix/mime_check < /root/mail.txt

postmap -q - regexp:/usr/pbi/postfix-amd64/etc/postfix/helo_check < /root/mail.txt

Just copy the full mail with the header etc. into mail.txt file before execute.

Usefull: http://www.regexr.com/

Best practice is a well configurated Postfix + Mailscanner + sa-updater-custom-channels.sh (http://forum.mailcleaner.org/viewtopic.php?f=3&t=1776) + clamav-unofficial-sigs.sh (https://www.freshports.org/security/clamav-unofficial-sigs/) = Spam > 1%.

Cheers! ;)
Title: Re: Postfix - antispam and relay package
Post by: trinidadrancheria on November 06, 2015, 01:23:11 pm
I tried your format
/^From:.*@.*.eu/ REJECT Spam Rule #20191
and is KINDA works...

It does block the .eu TLD, but also hits on addresses like From:bill@mail.eugene.ca.gov
This behavior is expected, since we are starting at the front of the screen. When I do it the right way:  /^From:.*@.*\.eu$/ (with the $ to match the end for .eu), the PCRE simulators all work fine. It catches only the .eu TLD.
But when I put it in Postfix with the $ in it, it blocks nothing :P
Am I missing something?

And thanks for the other guides. I am looking at them now :)
Title: Re: Postfix - antispam and relay package
Post by: doktornotor on November 06, 2015, 01:52:04 pm
So, for anyone here who's not given up yet and is having issues with https://redmine.pfsense.org/issues/4420 - there's v2.4.5 out. If someone's wiling to undo the manual hacks (stuff like cyrus-sasl2/libspf2 installed via pkg, symlinks etc.) and report back, it'd be appreciated.
Title: Re: Postfix - antispam and relay package
Post by: mia on November 11, 2015, 03:45:05 am
Hi, guys!

I have a problem.

I installed pfsense 2.2.4 x64 with postfix. And of course had issue with sqlite. I reinstall postfix using marcelloc instruction:

fetch -o /usr/local/www/postfix.php http://e-sac.siteseguro.ws/px22/postfix.txt (http://e-sac.siteseguro.ws/px22/postfix.txt)
fetch -o /usr/local/www/widgets/widgets/postfix.widget.php http://e-sac.siteseguro.ws/px22/postfix.widget.txt (http://e-sac.siteseguro.ws/px22/postfix.widget.txt)
pbi_delete postfix-2.11.3_2-amd64
rm -f /usr/pbi/bin/libexec/postfix
rm -f /usr/local/etc/postfix
rm -f /var/spool/postfix
rm -f /var/mail/postfix
rm -f /var/db/postfix
pkg install postfix
etc...

now it work. BUT it reject all mails.
Here is a part of log:
Code: [Select]
Nov 11 10:35:13 pfSense postfix/postscreen[96424]: CONNECT from [209.85.223.170]:33179 to [127.0.0.1]:25
Nov 11 10:35:19 pfSense postfix/postscreen[96424]: PASS NEW [209.85.223.170]:33179
Nov 11 10:35:19 pfSense postfix/smtpd[48617]: connect from mail-io0-f170.google.com[209.85.223.170]
Nov 11 10:35:19 pfSense postfix/smtpd[48617]: warning: unknown smtpd restriction: "reject_spf_invalid_sender"
Nov 11 10:35:19 pfSense postfix/verify[51147]: cache btree:/var/db/postfix/verify_cache full cleanup: retained=5 dropped=0 entries
Nov 11 10:35:19 pfSense postfix/smtpd[48617]: NOQUEUE: reject: RCPT from mail-io0-f170.google.com[209.85.223.170]: 451 4.3.5 Server configuration error; from=<mymail@gmail.com> to=<mymail@mydomain.ru> proto=ESMTP helo=<mail-io0-f170.google.com>
Nov 11 10:35:20 pfSense postfix/cleanup[59443]: 1E0D61138ADC: message-id=<20151111083520.1E0D61138ADC@pfSense.localdomain>
Nov 11 10:35:20 pfSense postfix/smtpd[48617]: disconnect from mail-io0-f170.google.com[209.85.223.170]
Nov 11 10:35:20 pfSense postfix/qmgr[57167]: 1E0D61138ADC: from=<double-bounce@pfSense.localdomain>, size=981, nrcpt=1 (queue active)
Nov 11 10:35:20 pfSense postfix/smtp[60115]: 1E0D61138ADC: to=<postmaster@pfSense.localdomain>, orig_to=<postmaster>, relay=none, delay=0.17, delays=0.01/0.01/0.16/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=pfSense.localdomain type=A: Host not found)
Nov 11 10:35:20 pfSense postfix/bounce[68723]: warning: 1E0D61138ADC: undeliverable postmaster notification discarded
Nov 11 10:35:20 pfSense postfix/qmgr[57167]: 1E0D61138ADC: removed


I added in Access Lists -> MyNetworks:
127.0.0.1
192.168.0.247 Exchange IP
192.168.0.250 Pfsense LAN IP
192.168.0.0/24

I found this advise for Postfix forwarder on 2.1_x64

1. Copied /usr/local/etc/postfix to /usr/pbi/postfix-amd64/etc/postfix
2. Once I put 2,6s into the greet wait time under antispam, it seemed to work

but it doesn't work for me(((

It's seem something wrong with postscreen....

pease help me
Title: Re: Postfix - antispam and relay package
Post by: mia on November 12, 2015, 08:46:26 am
I've solved my problem. :)
Thanks for awesome package
Title: Re: Postfix - antispam and relay package
Post by: trinidadrancheria on November 13, 2015, 03:53:55 pm
Tried this... First time I did only the helo lines, did not work, even after reboot. Nothing changed in main.cf
Did the other lines, rebooted, then it reverted with ownership errors on the database files :P
Ideas?


@trinidadrancheria

1. You need to manually edit /usr/local/pkg/postfix.inc this will keep your changes after a postfix reload but needs to be re edited after a package update. eg.:
Quote
...
smtpd_helo_restrictions = check_helo_access pcre:{$pf_dir}/etc/postfix/helo_check,
            reject_unknown_helo_hostname,
            reject_invalid_helo_hostname,
            reject_non_fqdn_helo_hostname,
            reject_rhsbl_helo hostkarma.junkemailfilter.com=127.0.0.2,
                 reject_rhsbl_helo dbl.spamhaus.org,
            permit
...
...
smtpd_sender_restrictions = reject_non_fqdn_sender,
            reject_unknown_sender_domain,
            reject_unauth_pipelining,
            reject_multi_recipient_bounce,
                 reject_rhsbl_sender dbl.spamhaus.org, 
            permit
...
...
smtpd_client_restrictions = permit_mynetworks,
            reject_unauth_destination,
            check_client_access pcre:{$pf_dir}/etc/postfix/cal_pcre,
            check_client_access cidr:{$pf_dir}/etc/postfix/cal_cidr,
            reject_unknown_client_hostname,
            reject_unauth_pipelining,
            reject_multi_recipient_bounce,
            reject_rhsbl_reverse_client hostkarma.junkemailfilter.com=127.0.0.2,
            reject_rhsbl_reverse_client dbl.spamhaus.org,
            permit                     
...
   
And I guess this is highly ineffective, since Postscreen and RBL server List already reject almost everything and its safer, because you can combine as many rbl lists you like.

http://www.postfix.org/SMTPD_ACCESS_README.html

http://www.postfix.org/POSTSCREEN_README.html

2. You missing a dot before the asterisk and add always a comment to the REJECT, easier to identify false/positives:
Quote
/^From:.*@.*.download/ REJECT Spam Rule #20191

3. see 1. & 2.

Here a few commands to check your postfix rules if they match:
Quote
postmap -q - regexp:/usr/pbi/postfix-amd64/etc/postfix/body_check < /root/mail.txt

postmap -q - regexp:/usr/pbi/postfix-amd64/etc/postfix/header_check < /root/mail.txt

postmap -q - regexp:/usr/pbi/postfix-amd64/etc/postfix/mime_check < /root/mail.txt

postmap -q - regexp:/usr/pbi/postfix-amd64/etc/postfix/helo_check < /root/mail.txt

Just copy the full mail with the header etc. into mail.txt file before execute.

Usefull: http://www.regexr.com/

Best practice is a well configurated Postfix + Mailscanner + sa-updater-custom-channels.sh (http://forum.mailcleaner.org/viewtopic.php?f=3&t=1776) + clamav-unofficial-sigs.sh (https://www.freshports.org/security/clamav-unofficial-sigs/) = Spam > 1%.

Cheers! ;)
Title: Re: Postfix - antispam and relay package
Post by: trinidadrancheria on November 13, 2015, 05:05:47 pm
I ma wondering if I did not have the right section, since I have the header verification box set to basic? After stepping through the PHP should I be putting it here?

Original:
# Don't talk to mail systems that don't know their own hostname.
smtpd_helo_required = yes
{$reject_unknown_helo_hostname}

smtpd_sender_restrictions = reject_unknown_sender_domain,
            RBLRBLRBL

# Allow connections from specified local clients and rbl check everybody else if rbl check are set.
smtpd_client_restrictions = permit_mynetworks,
            reject_unauth_destination,
            check_sender_access hash:{$pf_dir}/etc/postfix/sender_access,
            check_client_access pcre:{$pf_dir}/etc/postfix/cal_pcre,
            check_client_access cidr:{$pf_dir}/etc/postfix/cal_cidr
            RBLRBLRBL

# Whitelisting: local clients may specify any destination domain.
#,
smtpd_recipient_restrictions = permit_mynetworks,
            reject_unauth_destination,
            check_sender_access hash:{$pf_dir}/etc/postfix/sender_access,
            check_client_access pcre:{$pf_dir}/etc/postfix/cal_pcre,
            check_client_access cidr:{$pf_dir}/etc/postfix/cal_cidr,
            SPFSPFSPFRBLRBLRBL

Modified:
# Don't talk to mail systems that don't know their own hostname.
smtpd_helo_required = yes
{$reject_unknown_helo_hostname}

smtpd_sender_restrictions = reject_unknown_sender_domain,
                                reject_rhsbl_reverse_client dbl.spamhaus.org,
            RBLRBLRBL

# Allow connections from specified local clients and rbl check everybody else if rbl check are set.
smtpd_client_restrictions = permit_mynetworks,
            reject_unauth_destination,
            check_sender_access hash:{$pf_dir}/etc/postfix/sender_access,
            check_client_access pcre:{$pf_dir}/etc/postfix/cal_pcre,
            check_client_access cidr:{$pf_dir}/etc/postfix/cal_cidr <--------- I see a missing , in the INC, put it in?
            RBLRBLRBL

# Whitelisting: local clients may specify any destination domain.
#,
smtpd_recipient_restrictions = permit_mynetworks,
            reject_unauth_destination,
            check_sender_access hash:{$pf_dir}/etc/postfix/sender_access,
            check_client_access pcre:{$pf_dir}/etc/postfix/cal_pcre,
            check_client_access cidr:{$pf_dir}/etc/postfix/cal_cidr,
                                reject_rhsbl_reverse_client dbl.spamhaus.org,
                                reject_rhsbl_sender dbl.spamhaus.org,
                                reject_rhsbl_client dbl.spamhaus.org,
            SPFSPFSPFRBLRBLRBL


I would be using MailScanner, but I am running PFSense 2.2.4 and they say mailscanner does not work, or there is something we need to do to install it right, but my other thread went unanswered to see if it is working :P
Title: Re: Postfix - antispam and relay package
Post by: trinidadrancheria on November 18, 2015, 02:32:39 pm
I tried your format
/^From:.*@.*.eu/ REJECT Spam Rule #20191
and is KINDA works...

It does block the .eu TLD, but also hits on addresses like From:bill@mail.eugene.ca.gov
This behavior is expected, since we are starting at the front of the screen. When I do it the right way:  /^From:.*@.*\.eu$/ (with the $ to match the end for .eu), the PCRE simulators all work fine. It catches only the .eu TLD.
But when I put it in Postfix with the $ in it, it blocks nothing :P
Am I missing something?

And thanks for the other guides. I am looking at them now :)

In case someone else was having the same issue, I found a work around for PostFix not recognizing both the ^ (begin) and the $ (end) for an entry in the access list.
Instead of
/^From:.*@.*\.eu/ which would hit on things like bill@ci.eureka.ca.gov as well as bill@sample.eu, which is NOT what we want.
New way using word boundary
/^From:.*@.*\.eu\b/ only hits on bill.sample.eu
Now we can reject senders from certain TLDs properly :D
(The reason I did not use HELO is A: It never worked for me, and B: (BIG one) spammers are using US servers to spoof .eu in the from address so the HELO does not match).
:)
Title: Re: Postfix - antispam and relay package
Post by: trinidadrancheria on November 25, 2015, 12:17:56 am
Marceloc are you the one I talk to about patches for PF sense postfix?
I am working on a patch to implement the DNS blacklist to the package through a patch with its own list section, but it would be nice if we can add it right to the next version.
Once tested, can I send the patch to you to see what you think?

Also is there a official place to get full documentation on how the patchfile syntax?
Title: Re: Postfix - antispam and relay package
Post by: Sherby on November 28, 2015, 01:49:07 pm
So, for anyone here who's not given up yet and is having issues with https://redmine.pfsense.org/issues/4420 - there's v2.4.5 out. If someone's wiling to undo the manual hacks (stuff like cyrus-sasl2/libspf2 installed via pkg, symlinks etc.) and report back, it'd be appreciated.

Hi,
I did uninstall the postfix package and undo any manual fixes and patches.
Then I did firmware upgrade from 2.2.4 to 2.2.5 and postfix package reinstall.
This time, things look better but I still had to do some tweak to the postfix.inc file to make it work.

1) had to do the following procedure, except for the 2 first line "fetch..." because I believe those file are now obsolete and will break things, since the package has been updated.

Reposting update guide for pfsense 2.2.x only:

Install package via gui
execute code below via console/ssh
Code: [Select]
fetch -o /usr/local/www/postfix.php http://e-sac.siteseguro.ws/px22/postfix.txt
fetch -o /usr/local/www/widgets/widgets/postfix.widget.php http://e-sac.siteseguro.ws/px22/postfix.widget.txt
pbi_delete postfix-2.11.3_2-amd64
rm -f /usr/pbi/bin/libexec/postfix
rm -f /usr/local/etc/postfix
rm -f /var/spool/postfix
rm -f /var/mail/postfix
rm -f /var/db/postfix
pkg install postfix

fix postfix.inc file with this patch via system patcher package

add this patch via package system patcher

description:postfix_inc
patch:
Code: [Select]
--- postfix.orig.inc 2015-08-18 08:15:00.000000000 +0000
+++ postfix.inc  2015-08-18 08:18:10.000000000 +0000
@@ -36,11 +36,11 @@
 require_once("globals.inc");

 $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
-if ($pfs_version == "2.1" || $pfs_version == "2.2") {
-       define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m"));
-} else {
+//if ($pfs_version == "2.1" || $pfs_version == "2.2") {
+//     define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m"));
+//} else {
        define('POSTFIX_LOCALBASE','/usr/local');
-}
+//}

 $uname=posix_uname();
 if ($uname['machine']=='amd64')
directory:/usr/local/pkg/

2) had to manually patch the file /usr/local/www/postfix_view_config.php, to fix the path for config files to allow displaying  the config file correctly under the "view config" tab.

Guys, you did a great job to make that package work on pfsense 2.2.x !
Title: Re: Postfix - antispam and relay package
Post by: MadCatZA on December 07, 2015, 04:03:50 am
Any ETA on a "Install and Go" fix without needing to manually edit things?
Title: Re: Postfix - antispam and relay package
Post by: doktornotor on December 07, 2015, 04:12:23 am
Any ETA on a "Install and Go" fix without needing to manually edit things?

ETA = never. The package is gone from pfSense 2.3.
Title: Re: Postfix - antispam and relay package
Post by: MadCatZA on December 07, 2015, 06:05:22 am
Any ETA on a "Install and Go" fix without needing to manually edit things?

ETA = never. The package is gone from pfSense 2.3.

Mmm... Then I must ask what mail forwarder is pfsense going to replace it with? Surely many people make use of pfsense for dual web and mail filtering and other general firewall purpouses. Scrapping postfix without a replacement would force people to look at other next generation firewalls.
Title: Re: Postfix - antispam and relay package
Post by: doktornotor on December 08, 2015, 03:05:59 am
Mmm... Then I must ask what mail forwarder is pfsense going to replace it with?

I don't believe any replacement is planned for this. https://redmine.pfsense.org/issues/5374
Title: Re: Postfix - antispam and relay package
Post by: MadCatZA on December 08, 2015, 09:54:34 am
Mmm... Then I must ask what mail forwarder is pfsense going to replace it with?

I don't believe any replacement is planned for this. https://redmine.pfsense.org/issues/5374

Does that also mean all the other mail apps like mailscanner, spamassasin, clamav ect will be falling away? Last I checked the Postfix was a MTA that sent all emails to 127.0.0.1 on the pfsense box were they were then scanned and filtered accordingly, PostFix would then send them on there way when they were done. Unless I am understanding wrong, how would I filter my mail now without PostFix?
Title: Re: Postfix - antispam and relay package
Post by: doktornotor on December 08, 2015, 10:45:19 am
Unless I am understanding wrong, how would I filter my mail now without PostFix?

On your mailserver perhaps? I don't get the idea of running postfix, spam filters and co. on a firewall... Regardless, take this with pfSense developers, I'm not one.
Title: Re: Postfix - antispam and relay package
Post by: MadCatZA on December 08, 2015, 01:07:50 pm
Unless I am understanding wrong, how would I filter my mail now without PostFix?

On your mailserver perhaps? I don't get the idea of running postfix, spam filters and co. on a firewall... Regardless, take this with pfSense developers, I'm not one.

Meant how would I filter my mail without PostFix "On pfSense", but I appreciate your honest replies. What a pity I liked pfSense. Cheers.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on December 09, 2015, 07:52:28 pm
I'm migrating the package for 2.3.

If you use pfsense as an UTM, packages postfix, varnish, squid, mailscanner give it layer 7 ability on these protocols.

For me it's really usefull.
Title: Re: Postfix - antispam and relay package
Post by: MadCatZA on December 10, 2015, 05:35:26 am
I'm migrating the package for 2.3.

If you use pfsense as an UTM, packages postfix, varnish, squid, mailscanner give it layer 7 ability on these protocols.

For me it's really usefull.

Now that is some good news for a change. PostFix "IS" one of the best used packages on pfSense. To scrap it would be going backwards. Happy days :)
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on December 10, 2015, 02:55:04 pm
PostFix "IS" one of the best used packages on pfSense.

Pull request sent (https://github.com/pfsense/FreeBSD-ports/pull/23)
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on December 16, 2015, 01:25:41 am
Sadly SPF is broken now:

unused parameter: spf_mark_only=yes

This was a very useful option to fight sender address forgery.

Any idea how to fix?

//Edit

This could be a option? py27-postfix-policyd-spf-python works great and easy to setup! :)
Code: [Select]
$ pkg install py27-postfix-policyd-spf-python
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 6 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        py27-postfix-policyd-spf-python: 1.3.2
        py27-authres: 0.800
        py27-spf: 2.0.12_1
        py27-dns: 2.3.6_1
        python2: 2_3
        py27-ipaddr: 2.1.10_1

The process will require 856 KiB more space.
152 KiB to be downloaded.

Proceed with this action? [y/N]: y
Fetching py27-postfix-policyd-spf-python-1.3.2.txz: 100%   38 KiB  38.5kB/s    00:01
Fetching py27-authres-0.800.txz: 100%   26 KiB  26.7kB/s    00:01
Fetching py27-spf-2.0.12_1.txz: 100%   34 KiB  35.0kB/s    00:01
Fetching py27-dns-2.3.6_1.txz: 100%   31 KiB  32.0kB/s    00:01
Fetching python2-2_3.txz: 100%    1 KiB   1.1kB/s    00:01
Fetching py27-ipaddr-2.1.10_1.txz: 100%   22 KiB  22.1kB/s    00:01
Checking integrity... done (0 conflicting)
[1/6] Installing python2-2_3...
[1/6] Extracting python2-2_3: 100%
[2/6] Installing py27-dns-2.3.6_1...
[2/6] Extracting py27-dns-2.3.6_1: 100%
[3/6] Installing py27-authres-0.800...
[3/6] Extracting py27-authres-0.800: 100%
[4/6] Installing py27-spf-2.0.12_1...
[4/6] Extracting py27-spf-2.0.12_1: 100%
[5/6] Installing py27-ipaddr-2.1.10_1...
[5/6] Extracting py27-ipaddr-2.1.10_1: 100%
[6/6] Installing py27-postfix-policyd-spf-python-1.3.2...
[6/6] Extracting py27-postfix-policyd-spf-python-1.3.2: 100%
Message from py27-postfix-policyd-spf-python-1.3.2:
#
# To configure Postfix
#

This package must be integrated with Postfix to be effective:

 1. Add to your postfix master.cf:

        policyd-spf  unix  -       n       n       -       0       spawn
            user=nobody argv=/usr/local/bin/policyd-spf

 2. Configure the Postfix policy service in your main.cf so that the
    "smtpd_recipient_restrictions" includes a call to the policyd-spf policy
    filter.  If you already have a "smtpd_recipient_restrictions" line, you can
    add the "check_policy_service" command anywhere *after* the line which
    reads "reject_unauth_destination" (otherwise you're system can become an
    open relay).

        smtpd_recipient_restrictions =
            ...
            reject_unauth_destination
            check_policy_service unix:private/policyd-spf
            ...

        policyd-spf_time_limit = 3600

  3. Please consult the postfix documentation for more information on these and
     other settings you may wish to have in the "smtpd_recipient_restrictions"
     configuration.

  4. Reload postfix.
Title: Re: Postfix - antispam and relay package
Post by: hcoin on December 17, 2015, 03:06:32 pm
For me, postfix+friends on pfsense a major administrative convenience. And, it is in keeping with the spirit of what is is a 'firewall' does (if only in an expanded sense). Most of the spam traffic won't even succeed in connecting, the ones that do cause internet 'internet spam service check' requests to leave from the firewall without having to take up bandwidth on the lan, and most of the evil attachments never make it past the firewall either. It also (I hope still will) allow one 'clamav' install to manage scanning web traffic for the squid suite and also the mailscanner/email.

Also, having the 'postfix and associated packages" stack in PF allows me to leverage pf's certificate management, destination email domain routing, failover, load balancing for email. That internal domain routing bit is a security plus as traffic for domain X never travels lan segments used by those on domains A, B and C, an obvious security plus. Also it allows the internal smtp world to be very fast and lean as it needs minimal security and no need for the add-on 'nasty-checking' packages.

Remember one of the main spam defences is having the mail exchanger's reverse dns match the common name in the ssl certificate. Anytime information can be kept in one place and closer to where it's used is an admin win.

Last, the postfix config for the lan side can use the lmtp protocol which is a major overhead saver (no per message setups/teardowns).

It calls for a multiprocessor setup, lots of ram and lots of disk. I know that is not exactly what comes to mind using the word 'embedded', but the above is my $0.02 on why it's worth it.

If it were to be removed, I'd have to create not just port forward to a new subnet but a vlan just to isolate incoming email traffic, then -- well, it would result in an economic bonanza for the people who sell those coffee thingys.   
Title: Re: Postfix - antispam and relay package
Post by: biggsy on December 18, 2015, 12:24:38 am
Sadly SPF is broken now:

Bismarck, have you been able to install from Available Packages?  I missed a few days of 2.3 updates but haven't seen the postfix package listed.

Title: Re: Postfix - antispam and relay package
Post by: Bismarck on December 18, 2015, 06:06:52 am
Hi biggsy,

the packages should still be there:

http://files.pfsense.org/packages/10/All/postfix-2.11.3_2-amd64.pbi

HowTo: Install packages (https://forum.pfsense.org/index.php?topic=75508.0)

regards
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on December 21, 2015, 11:37:59 pm
The pull request still needs to be aproved first.
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on January 15, 2016, 02:19:15 am
Hello marcelloc,

since 2.2.x Postfix doesn't write spam logs to the sqlite database, thus you can't search for spam and the widget doesn't display any spam records.

This makes it really hard to track false positives.  :'(

Please help!

//edit

when I execute it via putty after I send a spam test, it does write the spam record to the database file!?

Code: [Select]
[root@pfsense~]$ /usr/local/bin/php -q /usr/local/www/postfix.php 01min

/usr/bin/grep '^Jan 15 09:25.*\(MailScanner\|postfix.cleanup\|postfix.smtp\|postfix.error\|postfix.qmgr\)' /var/log/maillog
Found logs to 2016-01-15.db

#######################################
SPAM:SpamAssassin (nicht zwischen gespeichert, Wertung=1004.701, benoetigt 3, FSL_HELO_NON_FQDN_1 0.00, GTUBE 1000.00, HTML_MESSAGE 0.00, PYZOR_CHECK 1.98, RDNS_NONE 0.00, TVD_RCVD_SINGLE 1.21, ZONK_PHISH_BODY 1.50)5E1EA1C2B99zonk
#######################################

#######################################
SPAM:SpamAssassin (nicht zwischen gespeichert, Wertung=1004.701, benoetigt 3, FSL_HELO_NON_FQDN_1 0.00, GTUBE 1000.00, HTML_MESSAGE 0.00, PYZOR_CHECK 1.98, RDNS_NONE 0.00, TVD_RCVD_SINGLE 1.21, ZONK_PHISH_BODY 1.50)4E48D1C2BFBzonk
#######################################
writing to database...writing to database... writing to local db 2016-01-15...ok

maybe a timeing problem?
Title: Re: Postfix - antispam and relay package
Post by: biggsy on January 29, 2016, 04:12:42 am
The pull request still needs to be aproved first.

Thank you for working on this, Marcello.  Is there any news?
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on January 29, 2016, 05:47:51 am
FYI

I did a fresh install of pfSense 2.2.6 last week and the Postfix package did work out of the box, expect the search mail & widget sqlite bug, wich can be fixed by fetching the postfix.php/postfix.widget.php from:

Code: [Select]
fetch -o /usr/local/www/postfix.php http://e-sac.siteseguro.ws/px22/postfix.txt
fetch -o /usr/local/www/widgets/widgets/postfix.widget.php http://e-sac.siteseguro.ws/px22/postfix.widget.txt

So NO need to delete Postfix and install it via pkgng!

Regards  ;)
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on February 01, 2016, 12:25:33 pm
Thank you for working on this, Marcello.  Is there any news?

yes, I'll need to change the syslog function that enables /var/log/maillog.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on February 01, 2016, 12:26:21 pm

So NO need to delete Postfix and install it via pkgng!

It just started up or it's running and filtering email? on 2.2 I got a lot of missing libs erros on postfix subprocesses.
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on February 01, 2016, 02:39:19 pm

So NO need to delete Postfix and install it via pkgng!

It just started up or it's running and filtering email? on 2.2 I got a lot of missing libs erros on postfix subprocesses.
Yes it's filtering email, spam and viruses with MailScanner, I run it as my productive system since 2 weeks now, no lib errors or crashes.

Thank you for your hard work, much appreciated!
Title: Re: Postfix - antispam and relay package
Post by: LinuxCuba on February 15, 2016, 04:11:02 pm
Hi Marcello, I'm trying pfsense 2.3 beta, and one of the essential
packages for me is postfix, but the same does not appear in the list
of available packages, you had said at the forum, which would sit in
this package postfix for version 2.3 . As it would be possible to
install that version of package postfix in pfsense 2.3 beta. Greetings
and thank you very much for the excellent work he has done. Excuse the
bad English.
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on February 16, 2016, 08:50:17 am
postfix 2.11 was  released (http://permalink.gmane.org/gmane.mail.postfix.announce/146) in January and, among other things, it contains the following enhancement:
Quote
  * A new postscreen_dnsbl_whitelist_threshold feature to allow
    clients to skip postscreen tests based on their DNSBL score.
    This can eliminate email delays due to "after 220 greeting"
    protocol tests, which otherwise require that a client reconnects
    before it can deliver mail. Some providers such as Google don't
    retry from the same IP address, and that can result in large
    email delivery delays.

Any chance of an updated package based on postfix 2.11?

Hi Biggsy, this is working with the current package Postfix 2.11.3/pfSense 2.2.6.

To enable:

postscreen_dnsbl_whitelist_threshold=-1

edit /usr/local/pkg/postfix.inc around line 629 and add this:

Code: [Select]
$postfix_main .= "postscreen_dnsbl_whitelist_threshold=-1\n";
and restart the Postfix service.

So no more hardcodeed IPs in Client Access List / CDIR needed, for google outbound mail server etc.  ;)

marcelloc, maybe you can make this a option in the Postfix menu?
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on February 16, 2016, 09:31:02 am
Hello marcelloc,

I found 2 bug in postfix.php, related to the log to sqlite file.

The result of loglines populated to slqlite file differs by the time period chosen tin the Genaral tab > Logging > Update Sqlite, it always missing around 50% of what has been really logged, eg. if we choose Every Minute. I found a workaround by adding a second cronjob, which executes every 10m as well and no longline is missing anymore.

Second, this is related to spam status is not updated to the sqlite file on month days with just one digit (1 - 9), because postfix logs the date like:
Code: [Select]
Feb  6 16:25:21 pfsense postfix/dnsblog[27506]: addr 193.189.117.150 listed by domain zen.spamhaus.org as 127.0.0.2
and MailScanner like:
Code: [Select]
Feb 06 16:24:50 pfsense MailScanner[20367]: Delivery of nonspam: message 604671C2F69.A240D from   
I guess there is something like a regex pattern mismatch, because on month days with 2 digits (10 - 31) the spam status is updated to sqlite file just fine.

Regards   
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on March 07, 2016, 10:35:31 am
When you use Postfix/TLS, you should fix the DROWN Attack vulnerability:

Code: [Select]
openssl dhparam -out /usr/pbi/postfix-amd64/etc/postfix/dh2048.pem 2048
and add this, below your TLS config in the custom main.cf options:

Code: [Select]
# Whenever the built-in defaults are sufficient, let the built-in
# defaults stand by deleting any explicit overrides.

# Disable deprecated SSL protocol versions.  See:
# http://www.postfix.org/postconf.5.html#smtp_tls_protocols
# http://www.postfix.org/postconf.5.html#smtpd_tls_protocols
#
# Default in all supported stable Postfix releases since July 2015.
# Defaults for the mandatory variants never allowed SSLv2.
#
smtpd_tls_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
lmtp_tls_protocols = !SSLv2, !SSLv3
tlsproxy_tls_protocols = $smtpd_tls_protocols
#
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols

# Disable export and low-grade ciphers.  See:
# http://www.postfix.org/postconf.5.html#smtpd_tls_ciphers
# http://www.postfix.org/postconf.5.html#smtp_tls_ciphers
#
# Default in all supported stable Postfix releases since July 2015.
#
smtpd_tls_ciphers = medium
smtp_tls_ciphers = medium

# Enable forward-secrecy with a 2048-bit prime and the P-256 EC curve. See
# http://www.postfix.org/FORWARD_SECRECY_README.html#server_fs
# http://www.postfix.org/postconf.5.html#smtpd_tls_dh1024_param_file
# http://www.postfix.org/postconf.5.html#smtpd_tls_eecdh_grade
#
# The default DH parameters use a 2048-bit strong prime as of Postfix 3.1.0.
#
smtpd_tls_dh1024_param_file=${config_directory}/dh2048.pem
smtpd_tls_eecdh_grade = strong

# Trimmed cipherlist improves interoperability with old Exchange servers
# and reduces exposure to obsolete and rarely used crypto.  See:
# http://www.postfix.org/postconf.5.html#smtp_tls_exclude_ciphers
# http://www.postfix.org/postconf.5.html#smtpd_tls_exclude_ciphers
#
smtp_tls_exclude_ciphers = EXPORT, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2
smtpd_tls_exclude_ciphers = EXPORT, LOW, MD5, SEED, IDEA, RC2

Source: https://drownattack.com/postfix.html
DROWN Test: https://test.drownattack.com/
Postfix/TLS: http://www.checktls.com/perl/TestReceiver.pl
SSL Labs Test: https://dev.ssllabs.com/ssltest/
 
Regards
Title: Re: Postfix - antispam and relay package
Post by: dannyboy1121 on March 27, 2016, 03:10:15 am
Hi - any news for Postfix on 2.3? I see that it's not currently in the package list for the Beta.

Title: Re: Postfix - antispam and relay package
Post by: biggsy on March 27, 2016, 05:01:40 am
Perhaps Marcello is very busy but I'm hoping we will hear some news too.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on April 05, 2016, 06:10:00 pm
I've sent two updates today and one is missing to complete changes requested by renato

https://github.com/pfsense/FreeBSD-ports/pull/23
https://github.com/pfsense/pfsense/pull/2844
Title: Re: Postfix - antispam and relay package
Post by: dannyboy1121 on April 09, 2016, 04:33:28 pm
Many thanks for the update and also your hard work.
Title: Re: Postfix - antispam and relay package
Post by: elundquist on April 11, 2016, 03:49:36 pm
Postfix Forwarder 2.4.6 on pfSense 2.2.6 (amd64)

Based on my reading of this thread the above combination works without modification...  is this correct?



Enable LDAP fetch: Installing the LDAP pkg don't work based on (hint: /usr/sbin/pkg_add -r p5-perl-ldap) as listed on the GUI?

pkg_add -r p5-perl-ldap   Results: pkg_add: Command not Found

pkg add -r p5-perl-ldap    Results: No Such File: -r

pkg add p5-perl-ldap       Results: No Such File: p5-perl-ldap


What is it that I am missing?

Title: Re: Postfix - antispam and relay package
Post by: Bismarck on April 12, 2016, 08:18:50 am
Postfix Forwarder 2.4.6 on pfSense 2.2.6 (amd64)

Based on my reading of this thread the above combination works without modification...  is this correct?

Enable LDAP fetch: Installing the LDAP pkg don't work based on (hint: /usr/sbin/pkg_add -r p5-perl-ldap) as listed on the GUI?

pkg_add -r p5-perl-ldap   Results: pkg_add: Command not Found

pkg add -r p5-perl-ldap    Results: No Such File: -r

pkg add p5-perl-ldap       Results: No Such File: p5-perl-ldap


What is it that I am missing?

pkg install p5-perl-ldap

pkg help

For more information on the different commands see 'pkg help <command>'.

https://wiki.freebsd.org/pkgng

Cheers.
Title: Re: Postfix - antispam and relay package
Post by: elundquist on April 12, 2016, 02:33:26 pm
Bismarck,

Thanks!  I am new to FreeBSD, so its a learning curve from Fedora.
Title: Postfix no longer maintained / not in 2.3? What?
Post by: hcoin on April 12, 2016, 04:25:57 pm
Tell me it's a mistake....???


Title: Re: Postfix no longer maintained / not in 2.3? What?
Post by: MadCatZA on April 13, 2016, 03:29:55 pm
Tell me it's a mistake....???

Can't believe Postfix + so many other packages were removed. Time to find another solution people...
Title: Re: Postfix - antispam and relay package
Post by: LinuxCuba on April 13, 2016, 06:14:20 pm
Marcello.

Em ontem foi oficialmente lançado pfsense estável versão 2.3, no entanto eu tenho atualizado e instalado um novo e o pacote postfix não é saídas disponíveis, listados na parcela de repos. Alguém pode me dizer o que acontece, porque se o oficial pfsense veio não sair com o pacote postfix.

In yesterday was released officially pfsense stable version 2.3, however I have updated and installed a new one and the postfix package is not available exits listed on the parcel of repos. Someone can tell me what happens, because if the officer came pfsense not come out with the postfix package.

Thanks.

En el día de ayer fue lanzado oficialmente estable la versión de pfsense 2.3, sin embargo he actualizado e instalado uno nuevo y el paquete postfix no esta disponible ni sale listado en la paquetería de los repos. Alquien me puede decir que pasa, porque si salio oficial el pfsense no salio junto el paquete postfix.

Muchas gracias.
Title: Re: Postfix - antispam and relay package
Post by: dannyboy1121 on April 16, 2016, 02:34:15 am
@linuxcuba

I believe that Postfix will eventually appear in 2.3 as a post release addition. If you scroll back a page, Marcelloc has shown that development is still in progress linking to github. For me, this is the only reason I'm holding back from rolling out 2.3 so the sooner the better  8)



Title: Re: Postfix - antispam and relay package
Post by: MadCatZA on April 16, 2016, 07:46:30 am
@linuxcuba

I believe that Postfix will eventually appear in 2.3 as a post release addition. If you scroll back a page, Marcelloc has shown that development is still in progress linking to github. For me, this is the only reason I'm holding back from rolling out 2.3 so the sooner the better  8)

Postfix will be the reason most people stay away from 2.3, pfSense is no longer a UTM...
Title: Re: Postfix - antispam and relay package
Post by: LinuxCuba on April 18, 2016, 07:42:38 pm
 It also is, but it has taken a long, long time, Macello, he said that he was preparing postfix to 2.3 for the problems that occurred in 2.2, and could not devote himself to both versions at once, that was done much, he has now gone 2.3, and still postfix still waiting.

He was ancioso by this version 2.3, in itself, I taste from RC, leaving here without postfix, something almost impresindible for me and one of the marvelous things that pfSense employment.
Title: Re: Postfix - antispam and relay package
Post by: kalessin on April 21, 2016, 10:28:32 am
if you guys are anxious on getting postfix you should install the package, its a bsd system at the end.
Title: Re: Postfix - antispam and relay package
Post by: biggsy on April 22, 2016, 01:53:11 am
if you guys are anxious on getting postfix you should install the package, its a bsd system at the end.

Not arguing with that but the GUI does make it easier to get up and running. 

Sadly, it seems that the Postfix Forwarder is not one of the mostly widely used packages and doesn't seem to be a priority for the core team. 

As dannyboy1121 pointed out, marcelloc has ported the package but he has also suggested some other changes to make life easier for packages to log.  The package and the other change haven't been accepted yet.  Hoping that will happen before 2.3.1 but I'm not optimistic about that.
Title: Re: Postfix - antispam and relay package
Post by: MDA on April 25, 2016, 04:22:28 am
Thank you for working on this, Marcello.  Is there any news?

yes, I'll need to change the syslog function that enables /var/log/maillog.


Dear, Marcello.

I have a problem.
She described https://forum.pfsense.org/index.php?topic=110620.0

You are given a solution to the problem. I executed the command
fetch -o /usr/local/www/postfix.php http://e-sac.siteseguro.ws/px22/postfix.txt
fetch -o /usr/local/www/widgets/widgets/postfix.widget.php http://e-sac.siteseguro.ws/px22/postfix.widget.txt
I have not changed. :'(
Title: Re: Postfix - antispam and relay package
Post by: kalessin on April 26, 2016, 10:25:40 am
postfix is postfix, if you really need it functional, scp /your/config/files/* root@newserver:/your/new/config/files/
works...
you can check logs with cat /var/log/maillog | grep whatyouwanttosearchhere

there is no point on complaining and saying that pfsense is a bad product or is no longer a UTM or all that 'sadness' (for not saying another word) trying to make the developers feel bad for you guys. they will fix it at some point. if you cant live without the graphical interface, set a VM, some forwarding rules and run it from there.

if you are unhappy, get a grip and start coding a patch yourself apply it, test it and share it here. any volunteer?  ;)


Title: Re: Postfix - antispam and relay package
Post by: hcoin on April 29, 2016, 11:23:26 am
if you guys are anxious on getting postfix you should install the package, its a bsd system at the end.

While indeed it's a bsd system at the end as you say, the 'postfix' pfsense package does more than 'pretty up' the postfix interface.  Not least, it provides all the integrated config backup/setup xml config capability, the status/queue monitoring screens, etc. etc.

For those pfsense experts who not doing email managing, here are the key things you need to know:

1) this package is an email router, an email firewall.  It is *NOT* an  'email server' or 'email system'.  Think 'branch' not 'leaf'.

2) one of the most powerful things that anti-spam systems use to approve 'legit' email is to check whether the reverse DNS (ip->DNS) matches (DNS->ip) of the system claiming to be the sender of the email.  If the system at that IP has a certificate with a CN that matches the DNS, the odds of having outbound email be wrongly marked as spam are less.   Way less.   PF already supports a cert manager which it needs for its own https purpose that matches the need for a forwarder.  The edge router is just 'the right place' for the email router to live as well.

3) any 'real' email install has two or more ISPs or 'WAN' providers.  Just think of all the avoidable plumbing necessary to avoid asymmetric routing if the emailer 'store and foreward' point is NATTed downstream of pfsense.

4) internet 'email exchangers' have two or more systems with different IP addresses set up in the DNS.  It's a perfect fit for two pf boxes using pfsync.  A common admin GUI for both.

I hope this helps motivate those who care mostly about packet routing to comprehend the appropriateness of the postfix package hosted on pfsense.




Title: Re: Postfix - antispam and relay package
Post by: Bismarck on May 02, 2016, 02:19:54 am
https://github.com/pfsense/pfsense/pull/2844

Looks like the Postfix package maybe will arrive with pfSense 2.3.1?
Title: Re: Postfix - antispam and relay package
Post by: biggsy on May 02, 2016, 02:40:00 am
Hi Bismarck,

That pull request is marked "Post 2.3.1" now.  I guess marcelloc has modified the Postfix Forwarder to use that change, so maybe 2.3.2 or whatever comes next.

I'm considering turning my current pfSense VM into one that only does Postfix Forwarder and using 2.3.1 in a separate VM as the firewall.  Easier than setting up a new FreeBSD VM and installing Postfix on it.
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on May 02, 2016, 04:20:46 am
Hi Biggsy, I will stay with 2.2.6 as long as it has no high risk security vulnerabilities which can't be manually fixed/patched, so no reason to dump a well working UTM just for a fancy GUI.  ;)
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on May 12, 2016, 06:27:36 am
Hi.

In case someone needs to specify a port in domain forwarding, here is a patch for /usr/local/pkg/postfix.inc:
Code: [Select]
--- postfix.inc.org     2015-10-29 13:59:12.000000000 +0300
+++ postfix.inc 2015-10-29 14:19:36.000000000 +0300
@@ -263,10 +263,17 @@
        if (is_array($postfix_domains['row'])) {
                foreach ($postfix_domains['row'] as $postfix_row) {
                        $relay_domains .= ' ' . $postfix_row['domain'];
-                       if (!empty($postfix_row['mailserverip']))
-                               $transport .= $postfix_row['domain'] . " smtp:[" . $postfix_row['mailserverip'] . "]\n";
+                       if (!empty($postfix_row['mailserverip'])) {
+                               if (strrpos($postfix_row['mailserverip'], ":") === false) {
+                                       $transport .= $postfix_row['domain'] . " smtp:[" . $postfix_row['mailserverip'] . "]\n";
+                               }
+                               else {
+                                       list($t_ip, $t_port) = explode(":", $postfix_row['mailserverip']);
+                                       $transport .= $postfix_row['domain'] . " smtp:[" . $t_ip . "]:" . "$t_port\n";
                                }
                        }
+               }
+       }
        #check cron
        check_cron();
        #check logging
@@ -787,8 +794,15 @@
                } else if (substr($key, 0, 12) == "mailserverip" && is_numeric(substr($key, 12))) {
                        if (empty($post['domain' . substr($key, 12)]))
                                $input_errors[] = "Domain for {$value} cannot be blank.";
-                       if (!is_ipaddr($value) && !is_hostname($value))
-                               $input_errors[] = "{$value} is not a valid IP address or host name.";
+                       if (strrpos($value, ":") === false) {
+                               if (!is_ipaddr($value) && !is_hostname($value))
+                                       $input_errors[] = "{$value} is not a valid IP address or host name.";
+                       }
+                       else {
+                               list($t_ip, $t_port) = explode(":", $value);
+                               if (!is_ipaddr($t_ip) && !is_hostname($t_ip))
+                                       $input_errors[] = "{$value} is not a valid IP address or host name.";
+                       }
                }
        }
 }

(http://pfsense_postfix_transport_patch.png)
Thanks jazzl0ver, patch works perfect! :)
Title: Re: Postfix - antispam and relay package
Post by: LinuxCuba on May 18, 2016, 05:59:41 pm
En el día de  hoy salio pfsense 2.3.1 y aún nada de postfix forwarder, según la propia web de documentación de pfsense, https://doc.pfsense.org/index.php/2.3_Removed_Packages (https://doc.pfsense.org/index.php/2.3_Removed_Packages) dice lo siguiente Postfix Forwarder - no package maintainer, not converted, en la lista de paquetes removidos. Por fin para cuando volvemos a tener estos paquetes que tanto nos ayudan y resuelven problemas. Muchas gracias.

Today came out pfsense 2.3.1 and still nothing forwarder postfix, according to the website of documentation pfsense, https://doc.pfsense.org/index.php/2.3_Removed_Packages (https://doc.pfsense.org/index.php/2.3_Removed_Packages) reads Postfix Forwarder - no package maintainer, not converted, removed from the list of packages. Finally when we again have these packages that both help us and solve problems. Thank you very much.
Title: Re: Postfix - antispam and relay package
Post by: marcelloc on May 18, 2016, 06:31:55 pm
Postfix Forwarder - no package maintainer, not converted, removed from the list of packages.

Not true. I've sent the pull request but it's still not verified or something on this direction.
Title: Re: Postfix - antispam and relay package
Post by: hcoin on May 18, 2016, 07:20:29 pm
So, what's the reason a 'ready to go' pull request for postfix isn't moving ahead?   Did someone in high places just forget?  Perhaps a friendly ping email to correct the impression of no maintainer??

Title: Re: Postfix - antispam and relay package
Post by: jahonix on May 18, 2016, 07:36:51 pm
Well, maybe the team was just trying to get 2.3.1 out the door and didn't have the time to look at packages?
Title: Re: Postfix - antispam and relay package
Post by: edirob on May 23, 2016, 04:23:09 pm
Hey Marcello - I'm still steamed that pfSense didn't make it more obvious that the upgrade to 2.3 was going to destroy my Postfix installation. >:(  I would NEVER have upgraded to 2.3 if I had known that all the work I did to get mail under control was about to be wiped out!  I was so grateful to you for providing the port for pfSense; it worked flawlessly once I figured out how to configure it (that took a long time).  Now my mail system is flooded with crap again every day.  I cannot wait for Postfix to make it back into the 2.3.1 package installer.

Is there any way to download it directly from you/Github and install it manually into pfSense 2.3.1?  I'm desperate to get my mail back under control.

Thanks for all your hard work!!

Rob...
Title: Re: Postfix - antispam and relay package
Post by: jahonix on May 23, 2016, 05:51:20 pm
...pfSense didn't make it more obvious that the upgrade to 2.3 was going to destroy my Postfix installation

You mean more than this (https://blog.pfsense.org)?

Packages

The list of available packages in pfSense 2.3.x has been significantly trimmed.  We have removed packages that have been deprecated upstream, no longer have an active maintainer, or were never stable. A few have yet to be converted for Bootstrap and may return if converted. See the 2.3 Removed Packages list (https://doc.pfsense.org/index.php/2.3_Removed_Packages) for details.

But I understand your frustration.
Title: Re: Postfix - antispam and relay package
Post by: LinuxCuba on May 24, 2016, 08:34:50 pm
Postfix Forwarder - no package maintainer, not converted, removed from the list of packages.

Not true. I've sent the pull request but it's still not verified or something on this direction.

No será cierto, pero es lo que informa la web de pfsense https://doc.pfsense.org/index.php/2.3_Removed_Packages
en estos momentos en que escribo este post dice así Postfix Forwarder - not converted (pending pull request) .
Muchas gracias a la espera de que salga pronto, hay alguna opción para poder instarlo manualmente.

It will not be true, but what informs the web of pfsense https://doc.pfsense.org/index.php/2.3_Removed_Packages
right now as I write this post so says Postfix Forwarder - not converted (pending pull request).
Thank you very much waiting to come out soon, there is an option to manually urge.
Title: Re: Postfix - antispam and relay package
Post by: mrbrax on May 26, 2016, 03:37:40 am
45 pages, sorry but i'm not going to wade through that.

Does this do smtp "passthrough" to the internal mail server for when you want to send mail?
I installed postfix on our debian server, and i can get incoming mail from outside mail servers go through postfix/spamassassin, and then to our internal server.
But the problem comes when you want to send mail from a client, when it connects it cannot do authentication (and ldap is insecure, i don't like it), and it says "relay access denied" - which makes sense due to it not being an open relay.
Can this do some kind of passthrough for when doing authentication to go directly to our internal one?
Title: Re: Postfix - antispam and relay package
Post by: kalessin on May 26, 2016, 08:38:46 am
passthrough is a nat/port forward. postfix is a postfix server. mainly to filter spam and that. =)

"relay access denied" is a wrongly configured postfix. check http://www.postfix.org/documentation.html .

Title: Re: Postfix - antispam and relay package
Post by: mrbrax on May 26, 2016, 08:57:38 am
passthrough is a nat/port forward. postfix is a postfix server. mainly to filter spam and that. =)

"relay access denied" is a wrongly configured postfix. check http://www.postfix.org/documentation.html .

yes i know, but doing port forward would make both incoming from client and server go to the internal server, that's not what i want
i only want postfix to handle incoming mail from servers outside the network

documentation doesn't help either because i don't know what to look for
Title: Re: Postfix - antispam and relay package
Post by: kalessin on May 26, 2016, 09:06:15 am
you should have something like:
(internet)<------->pfsense<------>intranet
                                   \---(postfix)

so basically you came into the thread without reading the whole 45 pages with a problem. and you dont want to read the documentation because you dont know what to look for.
why dont you start by expaining nicely:
 -what you want to do,
-which environment you have,
-which pf config/version, etc.
 and what tests you have made. like telneting x port from the 'inside' and telneting the port from the 'outside'  with a nice pastebin link so we all can read about it. also quoting logs is a plus to know what to look for. 

right now, we are having a conversation on when postfix package will be available upstream.
bye,
Title: Re: Postfix - antispam and relay package
Post by: hcoin on May 26, 2016, 01:47:25 pm
mrbrax: To use postfix for incoming filtering+ store and forward, without using it for lan->wan email, simply configure all users to point their email systems send configuration to some random free port number on the WAN interface-l which you nat to your internal systems.   Allow postfix on pfsense to operate normally, d-natting (port forwarding) 25  and maybe 465 to postfix on pfsense.

Also, kindly consider those offering their time to help you here are volunteers, many of whom have taken the time to understand the tools in order to be of service.  PFsense has this package as a frontend on postfix as you know.  You will pay yourself 10 minutes for every one you spend reading the postfix documentation, even though it doesn't seem like it when you're doing the reading.  I hope once you also find success you'll return the favor to help others here.

Title: Re: Postfix - antispam and relay package
Post by: mrbrax on May 27, 2016, 09:49:11 am
you should have something like:
(internet)<------->pfsense<------>intranet
                                   \---(postfix)

so basically you came into the thread without reading the whole 45 pages with a problem. and you dont want to read the documentation because you dont know what to look for.
why dont you start by expaining nicely:
 -what you want to do,
-which environment you have,
-which pf config/version, etc.
 and what tests you have made. like telneting x port from the 'inside' and telneting the port from the 'outside'  with a nice pastebin link so we all can read about it. also quoting logs is a plus to know what to look for. 

right now, we are having a conversation on when postfix package will be available upstream.
bye,

forget it, this sounds too complicated anyway. we'll just continue dealing with putting spam manually in the bin

mrbrax: To use postfix for incoming filtering+ store and forward, without using it for lan->wan email, simply configure all users to point their email systems send configuration to some random free port number on the WAN interface-l which you nat to your internal systems.   Allow postfix on pfsense to operate normally, d-natting (port forwarding) 25  and maybe 465 to postfix on pfsense.

Also, kindly consider those offering their time to help you here are volunteers, many of whom have taken the time to understand the tools in order to be of service.  PFsense has this package as a frontend on postfix as you know.  You will pay yourself 10 minutes for every one you spend reading the postfix documentation, even though it doesn't seem like it when you're doing the reading.  I hope once you also find success you'll return the favor to help others here.

As said, i don't know what to look for - for the stuff i want to do, so reading the documentation is useless when i barely know what i want to do in the first place.
and changing the configuration for everyone? not happening. if it doesn't work on port 25/587 on one domain it's not worth looking into.

What do you mean? consider volunteers?
Title: Re: Postfix - antispam and relay package
Post by: hcoin on May 27, 2016, 10:35:25 am
mbrax: You mentioned you only want postfix to handle incoming mail from servers outside the network, yes? That means for all approved clients whether inside the network or not, and servers inside the network you have another answer (maybe inside the network, or outside).  You also mentioned you can't control the server configurations on your clients, so setting up a custom smtp port for approved clients is out.

There is only then one good answer I can see. 
1: Set up postfix on pfsense so that all traffic on all smtp ports is handled by it.   Port forward all smtp ports on lan/wan to localhost, then set up postfix to bind to that interface.

2: Configure postfix's capability to know which systems/clients are authorized to be exempt from security and to forward all email from them to the approved servers without change.

3: Use the fuil screening ability of postfix on everything else, sending approved messages to the internal servers.

For details on how to do that, read here:  http://www.postfix.org/documentation.html,  or, in the alternative, pay someone who has done this before to set it up for you.
Title: Re: Postfix - antispam and relay package
Post by: mrbrax on May 31, 2016, 04:48:59 am
mbrax: You mentioned you only want postfix to handle incoming mail from servers outside the network, yes? That means for all approved clients whether inside the network or not, and servers inside the network you have another answer (maybe inside the network, or outside).  You also mentioned you can't control the server configurations on your clients, so setting up a custom smtp port for approved clients is out.

There is only then one good answer I can see. 
1: Set up postfix on pfsense so that all traffic on all smtp ports is handled by it.   Port forward all smtp ports on lan/wan to localhost, then set up postfix to bind to that interface.

2: Configure postfix's capability to know which systems/clients are authorized to be exempt from security and to forward all email from them to the approved servers without change.

3: Use the fuil screening ability of postfix on everything else, sending approved messages to the internal servers.

For details on how to do that, read here:  http://www.postfix.org/documentation.html,  or, in the alternative, pay someone who has done this before to set it up for you.

Yes, the problem lies in that postfix can't authenticate users due to it not having access to the database. That's why i was wondering if it can just forward it to the internal one and have it handle everything instead.

And again, documentation won't help at all here still.
Title: Re: Postfix - antispam and relay package
Post by: hcoin on May 31, 2016, 08:17:49 am
"Yes, the problem lies in that postfix can't authenticate users due to it not having access to the database. That's why i was wondering if it can just forward it to the internal one and have it handle everything instead.

And again, documentation won't help at all here still."

Kindly notice that indeed it does.  Read here:
http://www.postfix.org/LOCAL_RECIPIENT_README.html

There you will see long experience strongly advises against turning off recipient validation, though it shows how to do that.
When postfix offers validation by ldap, sql, web lookup, text file, SASL, etc. there is a way to do this properly.
Surely you could write a little script on either pfsense cron on on the system that actually does know the recipient list to peel off  a copy then rsync it to pfsense if nothing else.
Title: Re: Postfix - antispam and relay package
Post by: mrbrax on June 02, 2016, 04:40:59 am
Kindly notice that indeed it does.  Read here:
http://www.postfix.org/LOCAL_RECIPIENT_README.html

There you will see long experience strongly advises against turning off recipient validation, though it shows how to do that.
When postfix offers validation by ldap, sql, web lookup, text file, SASL, etc. there is a way to do this properly.
Surely you could write a little script on either pfsense cron on on the system that actually does know the recipient list to peel off  a copy then rsync it to pfsense if nothing else.

I still don't think we're on the same page here. Let's say that the postfix server is not able to get authentication information.
I'm only interested in parsing incoming mail from outside servers to check them for spam, nothing else (sending mail etc)

i mean, thanks for helping but it's not really regarding my issue
Title: Re: Postfix - antispam and relay package
Post by: kalessin on June 02, 2016, 06:48:58 am
mbrax, thats what for postfix is there for, scan for spam....

Title: Re: Postfix - antispam and relay package
Post by: mrbrax on June 02, 2016, 07:43:38 am
mbrax, thats what for postfix is there for, scan for spam....

yes, yes i know

but there's the part of a client using the server to send messages (which i don't want to use at all), and the part of a mail server sending mail to the users inside our mail server

if it's not possible to just literally forward the data to the internal one when it's about clients sending messages and logging in, it won't work with my plan

i don't think my idea comes across with words, so here's a work of art made in mspaint (http://rp.braxnet.org/scr/1464871385657.png)
Title: Re: Postfix - antispam and relay package
Post by: hcoin on June 02, 2016, 08:23:04 am
Did you happen to read the paragraph in the link I gave you that starts:  " turn off unknown local recipient rejects"?   Seems to fit what you've been asking for.

Title: Re: Postfix - antispam and relay package
Post by: mrbrax on June 02, 2016, 09:22:04 am
Did you happen to read the paragraph in the link I gave you that starts:  " turn off unknown local recipient rejects"?   Seems to fit what you've been asking for.

Read it, can't see how it applies. I don't want postfix to handle clients sending mail. Only servers.
Title: Re: Postfix - antispam and relay package
Post by: hcoin on June 02, 2016, 09:38:07 am
So, whitelist example.com, turn off unknown local recipient checks.  All the example.com traffic gets forwarded without spam checks, ourdomain.com gets checked. 

Even so,  I'd explore the reason you can't get the list of auth recipients/domain a little more closely.
Title: Re: Postfix - antispam and relay package
Post by: mrbrax on June 02, 2016, 10:18:17 am
So, whitelist example.com, turn off unknown local recipient checks.  All the example.com traffic gets forwarded without spam checks, ourdomain.com gets checked. 

Even so,  I'd explore the reason you can't get the list of auth recipients/domain a little more closely.

don't i have to do that for every domain that sends mail to us then? that's impossible

i don't like ldap, it's unsecure. and adding ssl to it is way too cumbersome
Title: Re: Postfix - antispam and relay package
Post by: hcoin on June 02, 2016, 10:28:54 am
1) LDAP over TLS is as secure as anything can be, especially if you implement the server checking the client cert.
2) You whitelist the inhouse recipient domain.
3) Really, the effort it takes to auth recipients is a fraction of the bandwidth the spam would take up to bogus@oursuers.com

Title: Re: Postfix - antispam and relay package
Post by: mrbrax on June 02, 2016, 02:18:03 pm
1) LDAP over TLS is as secure as anything can be, especially if you implement the server checking the client cert.

Quote
and adding ssl to it is way too cumbersome

please, i'm on the verge of just leaving this place out of frustration, it's like you're missing half my posts.. i appreciate the effort but jeez

if it can't forward the raw data to the internal one just for external mail, i'm not doing it.
Title: Re: Postfix - antispam and relay package
Post by: hcoin on June 03, 2016, 07:16:04 am
Well then, go with the upstream remark 'So, whitelist example.com, turn off unknown local recipient checks.  All the example.com traffic gets forwarded without spam checks, ourdomain.com gets checked. '

Good luck to you.
Title: Re: Postfix - antispam and relay package
Post by: mrbrax on June 03, 2016, 09:10:34 am
Well then, go with the upstream remark 'So, whitelist example.com, turn off unknown local recipient checks.  All the example.com traffic gets forwarded without spam checks, ourdomain.com gets checked. '

Good luck to you.

Nope, that's not what i want. All incoming mail from all mail servers to local recipients should be checked and forwarded to our internal mail server (this i can do). Mail sent from a client to an external server via our internal server should not be handled by postfix.

From what i can understand from your answers, it's not at all regarding my setup.. thought i drew a pretty explanatory image there

Differentiating clients and servers is pretty easy due to servers not using authentication. Clients should use the internal mail server at all times for everything - but this is where i'm stuck.
Title: Re: Postfix - antispam and relay package
Post by: azekiel on June 03, 2016, 09:27:01 am
mrbax, I do not fully understand what you want to set up. Please help me understand you.


A internal mailserver, lets say Exchange, is handling all the mailboxes and stuff. You set up a send connector to the pfsense postfix. This will handle outgoing emails.

From outside to inside you open up port 25 on the pfsense to the internal postfix. The postfix will then send all incoming mails, after checking spam, to the exchange.

(replace "Exchange" with whatever mailserver you like)

If you want, you can only set up "one direction". Only incoming mails and/or only outgoing mails.

Nothing special, nothing complicated. Pretty basic setup.
Title: Re: Postfix - antispam and relay package
Post by: hcoin on June 03, 2016, 09:29:47 am
Just set up your internal mail servers to not use postfix as an outgoing relay.
Title: Re: Postfix - antispam and relay package
Post by: mrbrax on June 03, 2016, 04:33:22 pm
Just set up your internal mail servers to not use postfix as an outgoing relay.

no, that's not the problem, the problem comes when a client wants to send mail, not a server. i. just. want. it. to. redirect. the. authentication. to. the. internal. server. and. have. it. handle. the. sending.
Title: Re: Postfix - antispam and relay package
Post by: hcoin on June 03, 2016, 05:34:38 pm
Good luck to you.
Title: Re: Postfix - antispam and relay package
Post by: WMeert on June 04, 2016, 04:23:21 pm
Just set up your internal mail servers to not use postfix as an outgoing relay.

no, that's not the problem, the problem comes when a client wants to send mail, not a server. i. just. want. it. to. redirect. the. authentication. to. the. internal. server. and. have. it. handle. the. sending.

Mrbrax is right I think: A client sending a mail does not have to pass postfix on the pfsense box at all. And we have the same set-up for our mobile clients.

As the client needs to authenticate, you want to use secure SMTP, so the client will not send/connect to the standard SMTP port 25 of mail.ourdomain.com (which is captured by the postfix on the pfsense box), but instead use port 465 or 587 (SMTP submission). So a simple NAT rule to port forward 465 and 587 to the internal mail server does the job.

So you get:
  incoming port 25 (SMTP traffix from other servers): forward/NAT to the postfix on the pfsense box;
  incoming port 465/587 (SMTP traffix from clients): forward/NAT to internal mail server.

Title: Re: Postfix - antispam and relay package
Post by: mrbrax on June 07, 2016, 04:37:53 am
Just set up your internal mail servers to not use postfix as an outgoing relay.

no, that's not the problem, the problem comes when a client wants to send mail, not a server. i. just. want. it. to. redirect. the. authentication. to. the. internal. server. and. have. it. handle. the. sending.

Mrbrax is right I think: A client sending a mail does not have to pass postfix on the pfsense box at all. And we have the same set-up for our mobile clients.

As the client needs to authenticate, you want to use secure SMTP, so the client will not send/connect to the standard SMTP port 25 of mail.ourdomain.com (which is captured by the postfix on the pfsense box), but instead use port 465 or 587 (SMTP submission). So a simple NAT rule to port forward 465 and 587 to the internal mail server does the job.

So you get:
  incoming port 25 (SMTP traffix from other servers): forward/NAT to the postfix on the pfsense box;
  incoming port 465/587 (SMTP traffix from clients): forward/NAT to internal mail server.

THANK YOU.

But doesn't some servers send mail to 587? Or is that only for clients?
Because when before 587 didn't exist that had to be the case
Title: Re: Postfix - antispam and relay package
Post by: azekiel on June 07, 2016, 04:40:36 am
Guys. Postfix is for sending mails from server to server. This has nothing to do with your client set up. Period.
If you want clients to send mails via MAPI, OWA, Anywhere, ActiveSync, SMTP, SMTPS, PHP Module or whatever you like, you need to set up your mailserver correctly.

So, for SMTPS, it would be a port forward port 587&465 to your internal mailserver.

But, again, this has nothing to do with postfix. Don't mix up topics.

If you have no clue how these services need to be seperated don't set up a postfix yourself.
Title: Re: Postfix - antispam and relay package
Post by: mrbrax on June 07, 2016, 05:27:33 am
Guys. Postfix is for sending mails from server to server. This has nothing to do with your client set up. Period.
If you want clients to send mails via MAPI, OWA, Anywhere, ActiveSync, SMTP, SMTPS, PHP Module or whatever you like, you need to set up your mailserver correctly.

So, for SMTPS, it would be a port forward port 587&465 to your internal mailserver.

But, again, this has nothing to do with postfix. Don't mix up topics.

If you have no clue how these services need to be seperated don't set up a postfix yourself.

Exactly, so that's why i want to forward client mail sending to the internal one instead.
Just wanted to make sure servers don't use 587
Title: Re: Postfix - antispam and relay package
Post by: kalessin on June 09, 2016, 07:39:30 am
I dont understand folks that get into a thread to complain about how bad 'x' product is, and at the end its their own lack of knowledge regarding systems/protocols/ and how things work that makes them fail.
from the begining several users asked about hows mbrax config, right? I remember asking for details etc, and got his denial on share info, so why are we answering this guy? isnt it MUCH MORE SIMPLIER to answer a TECHNICAL question with the background+environment information?  I mean... we dont even know which pf version this guy is running....

swimming in the dark here... 

Title: Re: Postfix - antispam and relay package
Post by: mrbrax on June 09, 2016, 11:37:53 am
I dont understand folks that get into a thread to complain about how bad 'x' product is, and at the end its their own lack of knowledge regarding systems/protocols/ and how things work that makes them fail.
from the begining several users asked about hows mbrax config, right? I remember asking for details etc, and got his denial on share info, so why are we answering this guy? isnt it MUCH MORE SIMPLIER to answer a TECHNICAL question with the background+environment information?  I mean... we dont even know which pf version this guy is running....

swimming in the dark here...

haha sorry, i'm not very used to asking questions as i can usually find information myself
if anyone still wants info for some reason, it's pfsense 2.2.6-release, no postfix package installed on it (now that i heard about the port forwarding thing i'll use one of our servers), and i still don't know what more info to give :P

i do have issues in general understanding and communicating to people, but at least you guys haven't given up as with many other sites - so that i am grateful for
i'd totally pay for pfsense gold but we use it at work and i'm not in charge of finance/buying stuff
Title: Re: Postfix - antispam and relay package
Post by: mrbrax on July 12, 2016, 04:38:48 am
Well i can't get it to work anyway, it times out when i change the 25 port forward to the postfix server, but i can telnet it no problem.

Thanks for the help still. Not really pfSense related anymore.

edit

yep it's not possible to have a postfix relay server behind pfsense, it times out. been trying for 6 hours. should i file a bug report maybe?

edit

finally managed to get it to work, let's put this to rest. internal postfix server nic did not have a valid gateway, ~15 hours of searching/trying got me "sudo route add -net default gw 192.168.1.1 dev eth1" and it just started working
some config alterations after that and we now have a working spam filter - no thanks to exchange!

thanks to everyone that tried to help however, much appreciated!
Title: Re: Postfix - antispam and relay package
Post by: MadCatZA on July 17, 2016, 04:26:42 pm
FYI. If you are in a bind and need a postfix solution, look into Nethserver.
Title: Re: Postfix - antispam and relay package
Post by: mrbrax on July 19, 2016, 04:34:15 am
FYI. If you are in a bind and need a postfix solution, look into Nethserver.

No hardware left over, and we already have a machine in its place with Debian.

It didn't work out though, seems like it can only have one gateway at a time unlike Windows, so it's either spam filter or our website.
Seems like we're gonna have to endure the spam still.
Title: Re: Postfix - antispam and relay package
Post by: LinuxCuba on August 01, 2016, 12:33:39 pm
Se olvidaron del postfix y mailscanner por fin ya va el pfsense 2.3.2 y nada de estos paquetes. Salu2
Title: Re: Postfix - antispam and relay package
Post by: deddric on October 03, 2016, 06:12:27 am
Is this coming o 2.3.2 ?
Title: Re: Postfix - antispam and relay package
Post by: netsense on October 08, 2016, 04:11:44 am
Are there any news about pfsense 2.3 and postfix forwarder?
Title: Re: Postfix - antispam and relay package
Post by: biggsy on October 08, 2016, 04:22:19 am
Yes, here (https://github.com/pfsense/FreeBSD-ports/pull/23#issuecomment-246772065).
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on October 14, 2016, 03:27:44 am
Postfix + MailScanner runs fine here, it just needs manual installation and even survived pfSense update from 2.3.2 --> 2.3.2-p1. :P

(http://i63.tinypic.com/mafgv8.png) (http://i68.tinypic.com/2eziaro.png)
Title: Re: Postfix - antispam and relay package
Post by: eaykoc on October 14, 2016, 09:51:43 am
Postfix + MailScanner runs fine here, it just needs manual installation and even survived pfSense update from 2.3.2 --> 2.3.2-p1. :P

Would you please tell us how you installed them to pfSense 2.3.2?

The whole week I've been trying to compile and install the necessary (afaik) packages and I've failed in every possible way.
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on October 14, 2016, 10:56:09 am
scroll down to Reply #709
 (https://forum.pfsense.org/index.php?topic=40622.msg662826#msg662826)
/edit

the View config / Search mail / Queue / About /  tabs are broken, everything else works great.
Title: Re: Postfix - antispam and relay package
Post by: Ralph-DE on October 18, 2016, 10:16:43 am

- next get those postfix files from github for 2.3.

https://github.com/pfsense/FreeBSD-ports/pull/23/files

- and copy them where they are belong

Can anybody tell how to do this? Get how and copy where?
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on October 18, 2016, 12:00:09 pm
MAKE A BACKUP BEFORE YOU GO THIS ROUTE!

Those are the files needed, for the manual install of the Postfix Package for pfSense 2.3.x
Quote
/usr/local/bin/adexport.pl

/usr/local/www/shortcuts/pkg_postfix.inc

/usr/local/www/postfix_view_config.php
/usr/local/www/postfix_about.php
/usr/local/www/widgets/widgets/postfix.widget.php
/usr/local/www/postfix_queue.php
/usr/local/www/postfix_search.php
/usr/local/www/postfix_recipients.php
/usr/local/www/postfix.php

/usr/local/pkg/postfix_domains.xml
/usr/local/pkg/postfix_antispam.xml
/usr/local/pkg/postfix.inc
/usr/local/pkg/postfix_recipients.xml
/usr/local/pkg/postfix.xml
/usr/local/pkg/postfix_sync.xml
/usr/local/pkg/postfix_acl.xml

/usr/local/etc/rc.d/postfix
/usr/local/etc/rc.d/postfix.sh

/etc/inc/priv/postfix.priv.inc

/etc/inc/system.inc

- Download the attached pfSense-2.3-Postfix.zip, unzip and copy the files to your system root /.

- Unlock the FreeBSD repo in
Quote
/usr/local/etc/pkg/repos/FreeBSD.conf > enabled: yes

/usr/local/etc/pkg/repos/pfSense.conf > enabled: yes

- Install Postfix via pkg
Quote
pkg install postfix

- Next edit:
Quote
/conf/config.xml

- and add Postfix to the Service Status and Menu:
Quote
      <service>
         <name>postfix</name>
         <rcfile>postfix.sh</rcfile>
         <executable>master</executable>
         <description><![CDATA[Postfix Forwarder]]></description>
      </service>
Quote
      <menu>
         <name>Postfix Forwarder</name>
         <tooltiptext>Configure Postfix Forwarder</tooltiptext>
         <section>Services</section>
         <url>/pkg_edit.php?xml=postfix.xml&amp;id=0</url>
      </menu>
      <menu>
         <name>Search Mail</name>
         <tooltiptext>Search postfix logs</tooltiptext>
         <section>Diagnostics</section>
         <url>/postfix_search.php</url>
      </menu>
      <menu>
         <name>Postfix Queue</name>
         <tooltiptext>check postfix queue</tooltiptext>
         <section>Status</section>
         <url>/postfix_queue.php</url>
      </menu>

- Now cross your fingers and reboot!  :P
Title: Re: Postfix - antispam and relay package
Post by: Ralph-DE on October 19, 2016, 04:41:36 am
Bismarck, you are my hero! And Marcello of course.
The installation is easy (for those knowing the howto) and everything seems to work like a charm.
I don't see any logs, though. Shouldn't there be a mail log in var/log ?
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on October 19, 2016, 09:04:52 am
I don't see any logs, though. Shouldn't there be a mail log in var/log ?
Did you enabled it in the Postfix General Settings > Logging > Destination > /var/log/maillog ?

And check /etc/syslog.conf there should be a line for it:
Quote
...
local7.*                     %/var/log/dhcpd.log
mail.*                  /var/log/maillog
*.notice;kern.debug;lpr.info;mail.crit;daemon.none;news.err;local0.none;local3.none;local4.none;local7.none;security.*;auth.info;authpriv.info;daemon.info   %/var/log/system.log
auth.info;authpriv.info                |exec /usr/local/sbin/sshlockout_pf 15
*.emerg                        *
...
Otherwise, everything will be logged in the system.log facility, which can be very noisy. :P
Title: Re: Postfix - antispam and relay package
Post by: Ralph-DE on October 19, 2016, 12:01:37 pm
Should it not be "%/var/log/maillog"?
Title: Re: Postfix - antispam and relay package
Post by: mikle on October 20, 2016, 01:38:53 am
Should it not be "%/var/log/maillog"?

My syslog.conf:

root@pfsense:/root# cat /etc/syslog.conf

-cut-
local4.*                                                        %/var/log/portalauth.log
local7.*                                                        %/var/log/dhcpd.log
mail.*                                                           /var/log/maillog
-cut-

It's without "%"
Title: Re: Postfix - antispam and relay package
Post by: Ralph-DE on October 20, 2016, 08:47:09 am
The following message comes repeatedly from the pfSense Crash Reporter:

[20-Oct-2016 14:30:00 Europe/Berlin] PHP Stack trace:
[20-Oct-2016 14:30:00 Europe/Berlin] PHP   1. {main}() /usr/local/www/postfix.php:0
[20-Oct-2016 14:30:00 Europe/Berlin] PHP   2. grep_log() /usr/local/www/postfix.php:542
[20-Oct-2016 14:30:00 Europe/Berlin] PHP   3. create_db() /usr/local/www/postfix.php:208
[20-Oct-2016 14:40:00 Europe/Berlin] PHP Fatal error:  Call to undefined function sqlite_open() in /usr/local/www/postfix.php on line 476

Is that something to be repaired or can I ignore this Messages?
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on October 20, 2016, 11:19:01 am
Little Update...

postfix_about.php and postfix_view_config.php is working again.

But postfix_search.php and postfix_queue.php is still broken.

If someone have the skills to fix the javascript code, you are more then welcome!  :P
Title: Re: Postfix - antispam and relay package
Post by: ikbendeman on October 30, 2016, 02:47:15 pm
Hi Bismarck,

I followed your guidance from #709 on the latest version of pfsense.

I wonder if the order of <menu> and <service> in the config.xml does matter, because after the reboot I don't see the postfix-forwarder item in the menu.

You write to install postfix... but do we also need to install mailscanner?

Pls advice on how to get postfix forwarder working.

Kind regards,

Bob
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on October 31, 2016, 03:20:29 pm
<menu> and <service> needs to be, where <menu> and <service> items are  in the config.xml, no special order just right section.

If you need MailScanner, you can install it but its not required to run Postfix, its just another layer for email security.

 
Title: Re: Postfix - antispam and relay package
Post by: kalessin on November 06, 2016, 07:13:16 pm
Bismark, any hint to get mailscanner working as well?

thanks
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on November 07, 2016, 09:55:49 am
Bismark, any hint to get mailscanner working as well?

thanks

Sure, there you go: https://forum.pfsense.org/index.php?topic=43687.msg667576#msg667576
Title: Re: Postfix - antispam and relay package
Post by: kalessin on November 07, 2016, 09:58:18 am
Thanks a lot man!
I appreciate your time
Title: Re: Postfix - antispam and relay package
Post by: ReisBey on November 12, 2016, 06:03:29 am
it does not work for me. I have Provet so many times now I have abandoned.

Thansk :(
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on November 14, 2016, 11:08:29 am
Sorry ReisBey, sadly there is no easy way to run Postfix on pfSense anymore.  :'(

Title: Re: Postfix - antispam and relay package
Post by: Igor Filth on November 20, 2016, 03:15:55 pm
Hi! I don't see any logs too.

"Postfix General Settings > Logging > Destination > /var/log/maillog " enabled.

I create maillog file in Command Prompt (touch /var/log/maillog), and insert  " mail.*      /var/log/maillog " in syslog file and restart postfix.
But it did not solve my problem

Any ideas?
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on November 24, 2016, 07:54:34 am
Hi! I don't see any logs too.

"Postfix General Settings > Logging > Destination > /var/log/maillog " enabled.

I create maillog file in Command Prompt (touch /var/log/maillog), and insert  " mail.*      /var/log/maillog " in syslog file and restart postfix.
But it did not solve my problem

Any ideas?
Sorry my fault, move system.inc from /etc/system.inc to /etc/inc/system.inc and reboot.

https://github.com/marcelloc/pfsense/commit/2d6a9c9fffa654c9df04630bffbabfeb3dff5c84

zip file and the howto updated
Title: Re: Postfix - antispam and relay package
Post by: Sherby on December 01, 2016, 08:02:42 pm
I don't see any logs, though. Shouldn't there be a mail log in var/log ?
Did you enabled it in the Postfix General Settings > Logging > Destination > /var/log/maillog ?

And check /etc/syslog.conf there should be a line for it:
Quote
...
local7.*                     %/var/log/dhcpd.log
mail.*                  /var/log/maillog
*.notice;kern.debug;lpr.info;mail.crit;daemon.none;news.err;local0.none;local3.none;local4.none;local7.none;security.*;auth.info;authpriv.info;daemon.info   %/var/log/system.log
auth.info;authpriv.info                |exec /usr/local/sbin/sshlockout_pf 15
*.emerg                        *
...
Otherwise, everything will be logged in the system.log facility, which can be very noisy. :P

I've tried to play with /etc/syslog.conf to make the mail log working again, but it's seem to be a bad idea.
This file is recreated after reboot and the previously added line disappear.

So I added the line mail.*                  /var/log/maillog into the /etc/inc/system.inc instead.
I add it after the line local7.*                     %/var/log/dhcpd.log
then reboot.

Now the file /etc/syslog.conf have the correct line for logging and postfix is logging correctly to the maillog.

Thanks !
Title: Re: Postfix - antispam and relay package
Post by: poteh on January 19, 2017, 02:52:33 am
Hi everyone!
A special thanks to marcelloc for the work he done. it's awesome.
I try to configure postfix at pfsense 2.3.2 and can't solve the problem with recipients from AD. Filled all the fields at the gui, but nothing done. I try to receive recepients in SSH with the command
Code: [Select]
/usr/local/bin/php /usr/local/www/postfix_recipients.php and got the error:
Code: [Select]
extracting from 10.168.1.1...error while binding:The wrong password was supplied or the SASL credentials could not be processed
There is no backup file for 10.168.1.1...(0)
Total ldap recipients:0 unique:0
But I'm sure I wrote the password correctly. Can anybody help me with this problem?
Title: Re: Postfix - antispam and relay package
Post by: Bismarck on January 19, 2017, 08:18:07 am
In Domain try: dc=testdoamin,dc=ru this is how its working in my setup.

And you could check AD login via Diagnostics > Authentication but you need setup a DC in System > User Manager >  Authentication Servers first.

Good luck.
Title: Re: Postfix - antispam and relay package
Post by: poteh on January 19, 2017, 12:23:02 pm
Thanks for your reply, Bismarck.
Try your advice - the same result. Also try pfsense@testdomain.ru as Username - the same. But if I type CN=pfsense;DC=TESTDOMAIN,DC=RU in Username filed then I got an error:
Code: [Select]
extracting from 10.168.1.1...Use of uninitialized value $passwd in string eq at /usr/local/lib/perl5/site_perl/Net/LDAP.pm line 427, <DATA> line 755.
error while binding:The server requires the client which had attempted to bind anonymously or
without supplying credentials to provide some form of credentials

P@ssw0rd: not found
But I'm not sure that ; is right here.
Used Diagnostics > Authentication- everything allright. Moreover, I use AD authentication to the gui.
Title: Re: Postfix - antispam and relay package
Post by: boogaard on February 08, 2017, 08:03:22 am
Hello team, I need help with the pfsense postfix forwader antispam tool postscreen.
I have to disable those after greeting Tests - greylisting Problem with Office365 Mails:
postscreen_bare_newline_enable  no
postscreen_non_smtp_command_enable  no
postscreen_pipelining_enable  no
How can I manage this ?
Kind Regards,
Hanno
 
Title: Re: Postfix - antispam and relay package
Post by: ecfx on February 08, 2017, 08:06:34 am
For permanent changes you can edit file: postfix.inc

there you have the file with changes I made for my config;
It include a warning notice for the lines you want to disable, that settings will delay receiving emails but you can disable from antispam config, no need to delete it.

Code: [Select]
<?php
/*
postfix.inc
part of pfSense (https://www.pfSense.org/)
Copyright (C) 2010 Erik Fonnesbeck
Copyright (C) 2011-2016 Marcello Coutinho
Copyright (C) 2015 ESF, LLC
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice,
   this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in the
   documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
$shortcut_section "postfix";
require_once(
"config.inc");
require_once(
"functions.inc");
require_once(
"globals.inc");
require_once(
"interfaces.inc");
require_once(
"notices.inc");
require_once(
"pkg-utils.inc");
require_once(
"services.inc");
require_once(
"util.inc");
require_once(
"xmlrpc.inc");
require_once(
"xmlrpc_client.inc");

define('POSTFIX_LOCALBASE','/usr/local');

$uname=posix_uname();
if (
$uname['machine'] == 'amd64') {
ini_set('memory_limit''250M');
}

function 
px_text_area_decode($text) {
return preg_replace('/\r\n/'"\n",base64_decode($text));
}

function 
px_get_real_interface_address($iface) {
global $config;
$iface convert_friendly_interface_to_real_interface_name($iface);
$line trim(shell_exec("ifconfig $iface | grep inet | grep -v inet6"));
$postfix_enabled $config['installedpackages']['postfix']['config'][0]['enable_postfix'];
list($dummy$ip$dummy2$netmask) = explode(" "$line);
return array($iplong2ip(hexdec($netmask)));
}

function 
sync_relay_recipients($via_cron "cron") {
global $config,$g;
// relay recipients
if ($config['installedpackages']['postfixrecipients']['config']) {
$relay_recipients "";
$relay_ldap_recipients "";
$ad_export "/usr/local/bin/adexport.pl";
$postfix_enabled $config['installedpackages']['postfix']['config'][0]['enable_postfix'];
if (is_array($config['installedpackages']['postfixrecipients']['config'])) {
$relay_ldap_recipients "";
$postfix_recipients_config=$config['installedpackages']['postfixrecipients']['config'][0];
 if ($postfix_recipients_config['enable_url'] && is_URL($postfix_recipients_config['custom_url'])) {
print "extracting from ".$postfix_recipients_config['custom_url']."...";
$relay_recipients .= file_get_contents($postfix_recipients_config['custom_url']);
print "("count(file($postfix_recipients_config['custom_url'])).")\n";
}
if ($postfix_recipients_config['custom_recipients']) {
$relay_recipients .= px_text_area_decode($postfix_recipients_config['custom_recipients']);
}
if ($postfix_recipients_config['enable_ldap']) {
// validate cront job
if ($via_cron == "gui") {
// running via pfsense gui, not time for ldap fetch.
$ldap_recipients POSTFIX_LOCALBASE'/etc/postfix/relay_ldap_recipients.txt';
if (!file_exists($ldap_recipients)) {
system('/usr/bin/touch '$ldap_recipients);
}
$relay_ldap_recipients file_get_contents($ldap_recipients);
} else {
// running via crontab, time to get ldap content.
$ldap_temp = array();
foreach ($postfix_recipients_config['row'] as $postfix_ldap) {
print "extracting from ".$postfix_ldap['dc']."...";
$filename POSTFIX_LOCALBASE."/etc/postfix/relay_ldap_recipients.".$postfix_ldap['dc'].".txt";
exec($ad_export." ".$postfix_ldap['dc']." ".$postfix_ldap['cn']." ".$postfix_ldap['username']." ".$postfix_ldap['password'],$ldap_fetch,$status);
if ($status == 0) {
// write backup conf for ldap server
$fp fopen($filename,"w+");
foreach($ldap_fetch as $key => $value) {
fwrite($fp,$value."\n");
}
fclose($fp);
} else {
if (file_exists($filename)) {
// LDAP fetch failed...read backup file.
print "Restoring backup file for ".$postfix_ldap['dc']."...";
$ldap_fetch=file($filename);
} else {
// we never got any info from this server.
print "There is no backup file for ".$postfix_ldap['dc']."...";
$ldap_fetch=array();
}
}
$ldap_all array_merge($ldap_temp,$ldap_fetch);
$ldap_temp $ldap_all;
print "(" count($ldap_fetch) . ")\n";
$ldap_fetch = array();
}
$ldap_unique array_unique($ldap_all);
print "Total ldap recipients:" count($ldap_all) . "\tunique:" count($ldap_unique) . "\n";
foreach ($ldap_unique as $recipient) {
$relay_ldap_recipients .= ($recipient != "" preg_replace("/\s+/","",$recipient) . " OK\n" "");
}

// save ldap relay recipients
file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/relay_ldap_recipients.txt",$relay_ldap_recipientsLOCK_EX);
}
}
}
// save all relay recipients, remove duplicates and reload postfix
$recipients_file POSTFIX_LOCALBASE."/etc/postfix/relay_recipients";
file_put_contents ($recipients_file ".unsort",$relay_ldap_recipients "\n" $relay_recipientsLOCK_EX);
exec ('/usr/bin/sort -u '.$recipients_file.'.unsort > '.$recipients_file);
unlink_if_exists ($recipients_file.'.unsort');
exec (POSTFIX_LOCALBASE."/sbin/postmap ".POSTFIX_LOCALBASE."/etc/postfix/relay_recipients");
mwexec ("/usr/local/sbin/postfix reload");
}
if ($relay_recipients != "" || $relay_ldap_recipients!= "") {
return ("relay_recipient_maps = hash:".POSTFIX_LOCALBASE."/etc/postfix/relay_recipients\n");
}

}
function 
check_cron() {
global $config$g;

$cron_postfix_sqlite "";
$cron_cmd_sqlite "/usr/local/bin/php -q /usr/local/www/postfix.php";
$cron_cmd_recipients "/usr/local/bin/php -q /usr/local/www/postfix_recipients.php";
if (is_array($config['installedpackages']['postfix']['config'])) {
$postfix_enabled $config['installedpackages']['postfix']['config'][0]['enable_postfix'];
}

// check ldap update
if (is_array($config['installedpackages']['postfixrecipients']['config'])) {
$postfix_recipients_config $config['installedpackages']['postfixrecipients']['config'][0];
}
// check crontab relay recipients
if (preg_match("/(\d+)(\w)/"$postfix_recipients_config['freq'], $matches)) {
$r_minute "*"