pfSense 2.4.4-p2 Postfix/MailScanner excellent working, expect postfix.widget.php

[spec1re]

Hi Marcello,

Postfix/MailScanner is working beautiful with pfSense 2.4.4-p2, expect postfix.widget.php

Crash report begins.  Anonymous machine information:

amd64
11.2-RELEASE-p6
FreeBSD 11.2-RELEASE-p6 #3 518496b29ae(RELENG_2_4_4): Wed Dec 12 07:41:44 EST 2018     root@buildbot2.nyi.netgate.com:/build/ce-crossbuild-244/obj/amd64/ZfGpH5cd/build/ce-crossbuild-244/pfSense/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[24-Feb-2019 12:56:10 Europe/Berlin] PHP Fatal error:  Uncaught ArgumentCountError: Too few arguments to function open_table_header(), 0 passed in /usr/local/www/widgets/widgets/postfix.widget.php on line 154 and exactly 1 expected in /usr/local/www/widgets/widgets/postfix.widget.php:42
Stack trace:
#0 /usr/local/www/widgets/widgets/postfix.widget.php(154): open_table_header()
#1 /usr/local/www/index.php(447): include('/usr/local/www/...')
#2 {main}
  thrown in /usr/local/www/widgets/widgets/postfix.widget.php on line 42

No FreeBSD crash data found.

Any idea what it could be?

Thanks in advanced! :)

[spec1re]

Okay, almost there:

[spec1re]

Here we go! 👍

[forid786]

How good is this? I'm curious. I usually use a service called Mimecast for my clients, it's not cheap but very good.

[marcelloc]

That's great. Can you send as a pull request so I can merge to current code?

[marcelloc]

Forid, Postfix and mailscanner need some work to get if running fine. This is not easy as a install and enable.

[forid786]

I see, it's interesting. I imagine it uses up a lot of resources on pfSense?

From a security and stability point of view, I'd prefer something like mail scanner separate from the pfsense box.

[spec1re]

@forid786 its almost the same as https://efa-project.org/about/

Works great for years now, no issues once configured properly.

@marcelloc I never have done a PR in my life, but I can put al together for you. ;)

[forid786]

@Spec1re EFA combines a lot of the tools and is probably better to be honest. Maybe it's just me, I like the firewall being a firewall. I run @Marcelloc's E2 Guardian package and that's it. It's an amazing Web filter platform.

[spec1re]

https://github.com/spec1re/stuff/raw/spec1re-patch-1/Unofficial-pfSense-packages-master.rar

Nothing big, just edit a few requirement (2.3 > 2.4) and comment out a few xmlrpc.inc and so on.

[spec1re]

Mhh after updating postfix via pkg to the latest version, I no longer can change/save settings on the postfix settings page, it just times out.

Help! :D

[marcelloc]

I'll try to review it tomorrow. It's 03am here 😁

[spec1re]

No problem Marcello, everything still works. Take your time. 👍

[spec1re]

Scratch that,

Its working in the Office, but from Home via OpenVPN not.

I can live with that. ;)

/edit

today it worked from home as well, I guess browser cache/cookie issue...

[bootablearg]

Nice combine Postfix and mailscanner inside pfSense box, good thing to replace a EFA Project Appliance :)

[spec1re]

@bootablearg

I have Postfix, Mailscanner and MailWatch running, so indeed almost EFA Project. :P

[bootablearg]

@spec1re, you have a pfSenseFA all inclusive ;)

[marcelloc]

@spec1re , II've updated package install for postfix and updating mailscanner package too.

If you have time, take o look on it and see if all features are in place.

[spec1re]

@marcelloc ,looks good so far. I'm very busy with Windows 10 Rollout atm, don't have much time to test stuff.

Littel change, in mailscanner.conf.template since MailScanner v5

Custom Functions Dir = {$mlb}/lib/MailScanner/MailScanner/CustomFunctions

is now

Custom Functions Dir = {$mlb}/share/MailScanner/perl/custom

Thank you very much, for keeping this amazing packages updated! 👍

[spec1re]

I just leave this here

https://forum.netgate.com/topic/142625/is-there-an-email-spam-filter

🐙

[marcelloc]

These binaries on my repo was copied from FreeBSD repo and is here help people on package install. It's far from an 'infection try' as Jimp said. Use this repo who wants to use. This package was on official repo until 2.3 version and many people used it without any type of incident. I really believe firewall should go to layer 7 for as many protocols as system/hardware supports.

If we just enable FreeBSD repo and try to install the packages, you can overwrite pfsense pkg or perl package with freebsd version for example and get a really mess on packages updates.

This repo IMHO, is here to help people with great features on pfSense. You can always check the code published here to see what package do/installs and if you prefer, compile/apply from your trusted source. I have no intention to argue with anyone that considers this an insecure approach. I prefer spend my free time with my family and helping people and opensource community with these packages.

@spec1re, Thanks for all your help suggesting tools and configs for these two packages and also spending some time posting it on pfSense forum. I really appreciate.

[forid786]

@marcelloc You're doing a great job. Don't listen to anyone who says otherwise. You're right, in this day and age firewalls should work up to layer 7. pfSense is making some progress with OpenAppID, it's still not as integrated or as turn key as other solutions.

[SPCulhane]

@spec1re Thank you for sharing the link. I haven't been as active as I used to be but @marcelloc has been very very helpful with all the packages he has created over the years. I also believe that a firewall should be Layer 7. Without Layer 7, its basically a access list that you can do on switch ports with Layer 3 routing.

[marcelloc]

@spec1re , I need some help to get dccif working. Did you had to do any extra change different from package install to get it working. all my udp packages ar not returning from public servers.

[spec1re]

Hi marcello, no just install that's it.