OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Beeblebrox »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - Beeblebrox

Pages: [1]
1
17.1 Legacy Series / Scanning IMAP traffic without user credential storage
« on: July 27, 2017, 09:56:35 am »
Hello.
There isn't much documentation on email scanning for OPNsense gateway. I'm more interested in incoming IMAP4s (port 993, gmail) than outgoing mail and no POP3 necessary. Unless I'm completely missing something obvious,

* Is mail scanning relegated to IDS Suricata?
* Certain view points argue against mail scanning if the spam engine is doing a good job, but I don't find it convincing.
* Looks like I'll have to setup a mail proxy, but I don't want an MTA that requires user credential maintenance or caching. The proxy should directly pass credentials from client (ex mobile device) on to the main server, and handoff to ClamAV for scanning.
* I found proxies that can do this: mail/perdition & of course www/nginx (which was initially designed as a mail proxy). There's mail/mailscanner, but looks like it requires an MTA back-end and not sure if its able to scan in-flight.

I welcome any thoughts & ideas...

Some Resources:
Configuring Perdition for Gmail IMAPS
Comparison of Perdition vs Nginx (slideshow)

2
17.1 Legacy Series / Odd connection problem with re0
« on: July 20, 2017, 10:44:22 am »
Odd connection problem with re0

Hello. long time FreeBSD user, just installed OPNs and have a strange problem. Box is 32Bit, re0=LAN, vr0=WAN. no VLAN/OPT.

1. LAN (re0) looses connectivity and cannot send or receive pings (from box - ping: sendto invalid argument". Changing the NIC or PCİ slot or disabling pf made no difference. By same, web-gui is unreachable from LAN, but reachable from WAN with pf disabled. I see "Configuring PHP: unable to connect to configd socket (@/var/run/configd.socket)" IDK whether that's relevant. Strangely, LAN clients are able to get dhcp lease, but of course cannot connect outside.

Some other questions:
2. I have a slightly alternate HDD setup and need requires=mount before any OPNs scripts are called. rcorder is not available, where and how can I modify this (possibly related to #1)?

3. Already have /tmp as tmpfs & swap mounted  via fstab. I assume selecting the same via Web-GUİ is redundant? Also, is it safe to set "clear_tmp_enable" in /etc/rc.conf?

4. I don't need syslogd to listen, but "-ss" flag in rc.conf has no effect.

5. Is it possible to disable IPv6 for all services, or will this break stuff?

6. The repo does not have packages for www/py-searx, security/obfsclient,  security/tcpcrypt

7. I'd like to filter traffic exiting squid using www/privoxy. If I edit squid.conf for forward rule, I assume web-gui will overwrite any changes made. What's the solution?

Thanks for the help

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2