Messages

sicherlich muss man das jetzt ewig nicht breittreten - aber auch nicht voellig unkommentiert lassen.
Euer Post ist einfach sehr schlechter Stil:

"Since Shawn has been a core team member due to the involvement into our operating system, we decided to remove him from our core team as well."

Vielleicht kann man das Statement nochmal ein wenig weniger passiv-aggressiv-arrogant formulieren?
Ihr konntet jahrelang auf die Arbeit diesen kleinen Teams zurueckgreifen, und praktisch gesehen ist halt auch Euer eigenes zu klein gewesen, um mit Engpaessen beim "Zulieferer" umzugehen.
Das Problem ist strukturell *hier* - wenn bestimmte Bugs zu schwierig zum Debuggen waren, wird das auch mit FreeBSD-Basis passieren.
Es braucht nun mal Ressourcen, die waren offenbar nicht vorhanden - haettet Ihr sie gehabt, haettet ihr wohl auch kurz mal beim Upstream nachschieben koennen.

Die Entscheidung wird sicherlich erstmal helfen, ich kann aber nur raten, die internen Probleme zu loesen.
Und sich nicht im Ton zu vergreifen. Shawn hatte sich beim Fork damals auch auf Eure Seite gestellt und jetzt benehmt Ihr Euch praktisch so wie die pfSensler' damals Euch gegenueber.
Und das kann's ja echt nicht sein.

tl;dr
Es waere wirklich schoen, wenn sich jemand findet, der den Text nochmal mit ein bisschen mehr Respekt bearbeitet.

Hey,

for the record - i had been trying vlans on top of lacp back in pfsense already and there was an abundance of issues. I had to give up (VLANs no, but on top of LACP, yes).

So, if you would go looking, go looking in ifconfig output as you proceed, and check if flags show up, or do not show up when they should, etc.

Check out EFA: https://efa-project.org/

Bart...

Thanks for the pointer at EFA, i do know it.

But do you have any0 advice relating to OPNsense plugin?

Hi,

I'm trying to configure a mail gateway for an internal mail server (current exchange version).

I have followed the docs at https://docs.opnsense.org/manual/how-tos/mailgateway.html
I understand the basics like RBL etc., but I don't understand how I need to configure the postfix bit to always deliver the scanned email to the internal mail server.
Even after multiple reads, it seems that there's not a word lost to that???

While searching the settings, I see I could set it as a smart host but who knows if that's the way that is expected to do it.
I also googled a bit more and seems pfSense users were suggested a hack, using split DNS to 'mislead' the firewall's postfix into lan-side delivery.

I hope someone can tell me what is the actual idea here since apparently everyone else is seeing something obvious that I just don't notice! :-)


Env basics:
Last year I built an OPNsense cluster supporting a few internal networks, a few DMZ, other tenants, an extranet WAN etc.
Historically, they had their Exchange on the Lan, and last year they added a mail scanner appliance located in a DMZ. That appliance is pretty much trash, it seems to have a DNS issue (which might be my fault), but it practically stopped having any effect once that emerged. A good spam/malware filter should have a much more balanced effectiveness, based on not just the RBLs but also local learning and good-enough analysis.
I'd go as far as call it a fake promise & I want to replace it. Not to mention it's useless if the same service can be handled in the firewall cluster.