Bug #5374
closedpostfix package is patching /etc/inc/system.inc (syslog configuration)
0%
Description
Sigh... filing for tracking purposes.
https://github.com/pfsense/pfsense-packages/blob/master/config/postfix/postfix.inc#L286
I don't have time for such junk ATM; should be replaced with whatever arpwatch, spamd, tinc is doing - defining their own syslog facility and log file properly, using the package logging feature already implemented in system.inc.)
Updated by Jim Thompson over 8 years ago
- Priority changed from High to Normal
I'm not sure why we have/need/want a "Postfix" package anyway.
Updated by Renato Botelho over 8 years ago
Jim Thompson wrote:
I'm not sure why we have/need/want a "Postfix" package anyway.
It's being removed on 2.3
Updated by Harry Coin over 8 years ago
Jim Thompson wrote:
"I'm not sure why we have/need/want a "Postfix" package anyway."
For me, its a major administrative convenience. And, it is in keeping with the spirit of what is is a 'firewall' does (if only in an expanded sense). Most of the spam traffic won't even succeed in connecting, the ones that do cause internet 'internet spam service check' requests to leave from the firewall without having to take up bandwidth on the lan, and most of the evil attachments never make it past the firewall either. It also (I hope still will) allow one 'clamav' install to manage scanning web traffic for the squid suite and also the mailscanner/email.
Also, having the 'postfix and associated packages" stack in PF allows me to leverage pf's certificate management, destination email domain routing, failover, load balancing for email. That internal domain routing bit is a security plus as traffic for domain X never travels lan segments used by those on domains A, B and C, an obvious security plus. Also it allows the internal smtp world to be very fast and lean as it needs minimal security and no need for the add-on 'nasty-checking' packages.
Remember one of the main spam defences is having the mail exchanger's reverse dns match the common name in the ssl certificate. Anytime information can be kept in one place and closer to where it's used is an admin win.
Last, the postfix config for the lan side can use the lmtp protocol which is a major overhead saver (no per message setups/teardowns).
It calls for a multiprocessor setup, lots of ram and lots of disk. I know that is not exactly what comes to mind using the word 'embedded', but the above is my $0.02 on why it's worth it.
If it were to be removed, I'd have to create not just port forward to a new subnet but a vlan just to isolate incoming email traffic, then -- well, it would result in an economic bonanza for the people who sell those coffee thingys.
Updated by Chris Buechler almost 8 years ago
- Status changed from New to Closed
this package has been deprecated