Problem understanding mail gateway setup

Started by darkfader, October 21, 2020, 08:00:59 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 21, 2020, 08:00:59 PM
Hi,

I'm trying to configure a mail gateway for an internal mail server (current exchange version).

I have followed the docs at https://docs.opnsense.org/manual/how-tos/mailgateway.html
I understand the basics like RBL etc., but I don't understand how I need to configure the postfix bit to always deliver the scanned email to the internal mail server.
Even after multiple reads, it seems that there's not a word lost to that???

While searching the settings, I see I could set it as a smart host but who knows if that's the way that is expected to do it.
I also googled a bit more and seems pfSense users were suggested a hack, using split DNS to 'mislead' the firewall's postfix into lan-side delivery.

I hope someone can tell me what is the actual idea here since apparently everyone else is seeing something obvious that I just don't notice! :-)


Env basics:
Last year I built an OPNsense cluster supporting a few internal networks, a few DMZ, other tenants, an extranet WAN etc.
Historically, they had their Exchange on the Lan, and last year they added a mail scanner appliance located in a DMZ. That appliance is pretty much trash, it seems to have a DNS issue (which might be my fault), but it practically stopped having any effect once that emerged. A good spam/malware filter should have a much more balanced effectiveness, based on not just the RBLs but also local learning and good-enough analysis.
I'd go as far as call it a fake promise & I want to replace it. Not to mention it's useless if the same service can be handled in the firewall cluster.
October 21, 2020, 08:06:42 PM #1
Check out EFA: https://efa-project.org/

Bart...
October 21, 2020, 09:22:16 PM #2
Quote from: bartjsmit on October 21, 2020, 08:06:42 PM
Check out EFA: https://efa-project.org/

Bart...

Thanks for the pointer at EFA, i do know it.

But do you have any0 advice relating to OPNsense plugin?
October 22, 2020, 07:29:32 AM #3
Quote from: darkfader on October 21, 2020, 09:22:16 PM
But do you have any0 advice relating to OPNsense plugin?

Sorry, I don't. I like to keep functions separate and best of breed.

Bart...
October 22, 2020, 07:32:47 AM #4
Where exactly is your problem? Dont you get every email oder do you have a general understanding problem?
October 22, 2020, 09:37:49 AM #5
Quote from: bartjsmit on October 21, 2020, 08:06:42 PM
Check out EFA: https://efa-project.org/

Bart...
👍 Yes, it works well, I have it set to handle inbound and outbound, took a little messing about to get dkim to play nicely but that was the only issue.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
Print
Go Up Pages1
User actions