Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - Beeblebrox

#1
Hello.
There isn't much documentation on email scanning for OPNsense gateway. I'm more interested in incoming IMAP4s (port 993, gmail) than outgoing mail and no POP3 necessary. Unless I'm completely missing something obvious,

* Is mail scanning relegated to IDS Suricata?
* Certain view points argue against mail scanning if the spam engine is doing a good job, but I don't find it convincing.
* Looks like I'll have to setup a mail proxy, but I don't want an MTA that requires user credential maintenance or caching. The proxy should directly pass credentials from client (ex mobile device) on to the main server, and handoff to ClamAV for scanning.
* I found proxies that can do this: mail/perdition & of course www/nginx (which was initially designed as a mail proxy). There's mail/mailscanner, but looks like it requires an MTA back-end and not sure if its able to scan in-flight.

I welcome any thoughts & ideas...

Some Resources:
Configuring Perdition for Gmail IMAPS
Comparison of Perdition vs Nginx (slideshow)
#2
Odd connection problem with re0

Hello. long time FreeBSD user, just installed OPNs and have a strange problem. Box is 32Bit, re0=LAN, vr0=WAN. no VLAN/OPT.

1. LAN (re0) looses connectivity and cannot send or receive pings (from box - ping: sendto invalid argument". Changing the NIC or PCİ slot or disabling pf made no difference. By same, web-gui is unreachable from LAN, but reachable from WAN with pf disabled. I see "Configuring PHP: unable to connect to configd socket (@/var/run/configd.socket)" IDK whether that's relevant. Strangely, LAN clients are able to get dhcp lease, but of course cannot connect outside.

Some other questions:
2. I have a slightly alternate HDD setup and need requires=mount before any OPNs scripts are called. rcorder is not available, where and how can I modify this (possibly related to #1)?

3. Already have /tmp as tmpfs & swap mounted  via fstab. I assume selecting the same via Web-GUİ is redundant? Also, is it safe to set "clear_tmp_enable" in /etc/rc.conf?

4. I don't need syslogd to listen, but "-ss" flag in rc.conf has no effect.

5. Is it possible to disable IPv6 for all services, or will this break stuff?

6. The repo does not have packages for www/py-searx, security/obfsclient,  security/tcpcrypt

7. I'd like to filter traffic exiting squid using www/privoxy. If I edit squid.conf for forward rule, I assume web-gui will overwrite any changes made. What's the solution?

Thanks for the help