marcelloc / Unofficial-pfSense-packages

Unofficial packages for pfSense software
126 stars 71 forks source link

pfSense 2.4.4-p2 Postfix/MailScanner excellent working, expect postfix.widget.php #54

Open spec1re opened 5 years ago

spec1re commented 5 years ago

Hi Marcello,

Postfix/MailScanner is working beautiful with pfSense 2.4.4-p2, expect postfix.widget.php

Crash report begins.  Anonymous machine information:

amd64
11.2-RELEASE-p6
FreeBSD 11.2-RELEASE-p6 #3 518496b29ae(RELENG_2_4_4): Wed Dec 12 07:41:44 EST 2018     root@buildbot2.nyi.netgate.com:/build/ce-crossbuild-244/obj/amd64/ZfGpH5cd/build/ce-crossbuild-244/pfSense/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[24-Feb-2019 12:56:10 Europe/Berlin] PHP Fatal error:  Uncaught ArgumentCountError: Too few arguments to function open_table_header(), 0 passed in /usr/local/www/widgets/widgets/postfix.widget.php on line 154 and exactly 1 expected in /usr/local/www/widgets/widgets/postfix.widget.php:42
Stack trace:
#0 /usr/local/www/widgets/widgets/postfix.widget.php(154): open_table_header()
#1 /usr/local/www/index.php(447): include('/usr/local/www/...')
#2 {main}
  thrown in /usr/local/www/widgets/widgets/postfix.widget.php on line 42

No FreeBSD crash data found.

Any idea what it could be?

Thanks in advanced! :)

spec1re commented 5 years ago

Okay, almost there:

image

spec1re commented 5 years ago

Here we go! 👍

image

forid786 commented 5 years ago

How good is this? I'm curious. I usually use a service called Mimecast for my clients, it's not cheap but very good.

marcelloc commented 5 years ago

That's great. Can you send as a pull request so I can merge to current code?

marcelloc commented 5 years ago

Forid, Postfix and mailscanner need some work to get if running fine. This is not easy as a install and enable.

forid786 commented 5 years ago

I see, it's interesting. I imagine it uses up a lot of resources on pfSense?

From a security and stability point of view, I'd prefer something like mail scanner separate from the pfsense box.

spec1re commented 5 years ago

@forid786 its almost the same as https://efa-project.org/about/

Works great for years now, no issues once configured properly.

@marcelloc I never have done a PR in my life, but I can put al together for you. ;)

forid786 commented 5 years ago

@Spec1re EFA combines a lot of the tools and is probably better to be honest. Maybe it's just me, I like the firewall being a firewall. I run @Marcelloc's E2 Guardian package and that's it. It's an amazing Web filter platform.

spec1re commented 5 years ago

https://github.com/spec1re/stuff/raw/spec1re-patch-1/Unofficial-pfSense-packages-master.rar

Nothing big, just edit a few requirement (2.3 > 2.4) and comment out a few xmlrpc.inc and so on.

spec1re commented 5 years ago

Mhh after updating postfix via pkg to the latest version, I no longer can change/save settings on the postfix settings page, it just times out.

Help! :D

marcelloc commented 5 years ago

I'll try to review it tomorrow. It's 03am here 😁

spec1re commented 5 years ago

No problem Marcello, everything still works. Take your time. 👍

spec1re commented 5 years ago

Scratch that,

Its working in the Office, but from Home via OpenVPN not.

I can live with that. ;)

/edit

today it worked from home as well, I guess browser cache/cookie issue...

bootablearg commented 5 years ago

Nice combine Postfix and mailscanner inside pfSense box, good thing to replace a EFA Project Appliance :)

spec1re commented 5 years ago

@bootablearg

I have Postfix, Mailscanner and MailWatch running, so indeed almost EFA Project. :P

bootablearg commented 5 years ago

@spec1re, you have a pfSenseFA all inclusive ;)

marcelloc commented 5 years ago

@spec1re , II've updated package install for postfix and updating mailscanner package too.

If you have time, take o look on it and see if all features are in place.

spec1re commented 5 years ago

@marcelloc ,looks good so far. I'm very busy with Windows 10 Rollout atm, don't have much time to test stuff.

Littel change, in mailscanner.conf.template since MailScanner v5

Custom Functions Dir = {$mlb}/lib/MailScanner/MailScanner/CustomFunctions

is now

Custom Functions Dir = {$mlb}/share/MailScanner/perl/custom

Thank you very much, for keeping this amazing packages updated! 👍

spec1re commented 5 years ago

I just leave this here

https://forum.netgate.com/topic/142625/is-there-an-email-spam-filter

🐙

marcelloc commented 5 years ago

These binaries on my repo was copied from FreeBSD repo and is here help people on package install. It's far from an 'infection try' as Jimp said. Use this repo who wants to use. This package was on official repo until 2.3 version and many people used it without any type of incident. I really believe firewall should go to layer 7 for as many protocols as system/hardware supports.

If we just enable FreeBSD repo and try to install the packages, you can overwrite pfsense pkg or perl package with freebsd version for example and get a really mess on packages updates.

This repo IMHO, is here to help people with great features on pfSense. You can always check the code published here to see what package do/installs and if you prefer, compile/apply from your trusted source. I have no intention to argue with anyone that considers this an insecure approach. I prefer spend my free time with my family and helping people and opensource community with these packages.

@spec1re, Thanks for all your help suggesting tools and configs for these two packages and also spending some time posting it on pfSense forum. I really appreciate.

forid786 commented 5 years ago

@marcelloc You're doing a great job. Don't listen to anyone who says otherwise. You're right, in this day and age firewalls should work up to layer 7. pfSense is making some progress with OpenAppID, it's still not as integrated or as turn key as other solutions.

SPCulhane commented 5 years ago

@spec1re Thank you for sharing the link. I haven't been as active as I used to be but @marcelloc has been very very helpful with all the packages he has created over the years. I also believe that a firewall should be Layer 7. Without Layer 7, its basically a access list that you can do on switch ports with Layer 3 routing.

marcelloc commented 5 years ago

@spec1re , I need some help to get dccif working. Did you had to do any extra change different from package install to get it working. all my udp packages ar not returning from public servers.

spec1re commented 5 years ago

Hi marcello, no just install that's it.