Hi,
I'm trying to configure a mail gateway for an internal mail server (current exchange version).
I have followed the docs at https://docs.opnsense.org/manual/how-tos/mailgateway.html
I understand the basics like RBL etc., but I don't understand how I need to configure the postfix bit to always deliver the scanned email to the internal mail server.
Even after multiple reads, it seems that there's not a word lost to that???
While searching the settings, I see I could set it as a smart host but who knows if that's the way that is expected to do it.
I also googled a bit more and seems pfSense users were suggested a hack, using split DNS to 'mislead' the firewall's postfix into lan-side delivery.
I hope someone can tell me what is the actual idea here since apparently everyone else is seeing something obvious that I just don't notice! :-)
Env basics:
Last year I built an OPNsense cluster supporting a few internal networks, a few DMZ, other tenants, an extranet WAN etc.
Historically, they had their Exchange on the Lan, and last year they added a mail scanner appliance located in a DMZ. That appliance is pretty much trash, it seems to have a DNS issue (which might be my fault), but it practically stopped having any effect once that emerged. A good spam/malware filter should have a much more balanced effectiveness, based on not just the RBLs but also local learning and good-enough analysis.
I'd go as far as call it a fake promise & I want to replace it. Not to mention it's useless if the same service can be handled in the firewall cluster.
			
			
			
				Check out EFA: https://efa-project.org/
Bart...
			
			
			
				Quote from: bartjsmit on October 21, 2020, 08:06:42 PM
Check out EFA: https://efa-project.org/
Bart...
Thanks for the pointer at EFA, i do know it.
But do you have any0 advice relating to OPNsense plugin?
			
 
			
			
				Quote from: darkfader on October 21, 2020, 09:22:16 PM
But do you have any0 advice relating to OPNsense plugin?
Sorry, I don't. I like to keep functions separate and best of breed. 
Bart...
			
 
			
			
				Where exactly is your problem? Dont you get every email oder do you have a general understanding problem? 
			
			
			
				Quote from: bartjsmit on October 21, 2020, 08:06:42 PM
Check out EFA: https://efa-project.org/ (https://efa-project.org/)
Bart...
👍 Yes, it works well, I have it set to handle inbound and outbound, took a little messing about to get dkim to play nicely but that was the only issue.