Koozali.org: home of the SME Server

What best approach for a mail server behind pfsense.

Offline kryptos

  • ****
  • 245
  • +0/-0
What best approach for a mail server behind pfsense.
« on: May 25, 2021, 09:02:06 AM »
Hi, what you be the best approach for a mail server that is behind a Pfsense Server? Since I only have 1 public ip address. I want to utilize same public ip address to be used both local and my plan mail server. I want to use the Server Only way but as per wiki recommendation that it is best for a mail server the Server and Gateway mode. But I want also to used the same Public IP to my Pfsense Firewal.

Has anyone experienced this kind of situation or someone could point me in the right way to go?

Best Regards,
Rocel

Online sages

  • *
  • 182
  • +0/-0
    • http://www.sages.com.au
Re: What best approach for a mail server behind pfsense.
« Reply #1 on: May 25, 2021, 10:21:09 AM »
FWIW I run sme in server only mode behind an openWRT firewall. I port forward mail/http(s) to my sme machine.
My single public IP is on my firewall and I have a private IP on my sme machine.
Has been working for me with similar configuration (pfsense,opensense and currently openWRT) for the the firewall and for sme from ~ 5.? to sme10

Caveat. I run a small home office so email traffic is low.
...

Offline kryptos

  • ****
  • 245
  • +0/-0
Re: What best approach for a mail server behind pfsense.
« Reply #2 on: May 25, 2021, 06:06:37 PM »
FWIW I run sme in server only mode behind an openWRT firewall. I port forward mail/http(s) to my sme machine.
My single public IP is on my firewall and I have a private IP on my sme machine.
Has been working for me with similar configuration (pfsense,opensense and currently openWRT) for the the firewall and for sme from ~ 5.? to sme10

Caveat. I run a small home office so email traffic is low.

Thanks for that quick reply. How was spam filtering for you was it really affects if we use server only as implied on the wiki? I was planning to do that way as the only easy way for me to do. We have 30 plus email accounts currently.

Online sages

  • *
  • 182
  • +0/-0
    • http://www.sages.com.au
Re: What best approach for a mail server behind pfsense.
« Reply #3 on: May 26, 2021, 02:49:31 AM »
My email is currently about half it was earlier in the year. (My server was offline for a few days and that has magically taken it off the crap email list somehow :) )
Currently according to my daily spamfilter stats I'm receiving ~450 smtp connections/day, ~300 denied bad domain, ~60 queued for delivery, ~45 rejected and the rest spam tagged.
I use fail2ban and geoip/ban country.
I also run banip and adblock on my gateway firewall that may or may not be helping. Nor to I make use of any spam learning functions available on the sme server.

I don't have any stats for a direct internet facing sme server to compare results with.
...

Offline kryptos

  • ****
  • 245
  • +0/-0
Re: What best approach for a mail server behind pfsense.
« Reply #4 on: May 26, 2021, 06:00:21 AM »
My email is currently about half it was earlier in the year. (My server was offline for a few days and that has magically taken it off the crap email list somehow :) )
Currently according to my daily spamfilter stats I'm receiving ~450 smtp connections/day, ~300 denied bad domain, ~60 queued for delivery, ~45 rejected and the rest spam tagged.
I use fail2ban and geoip/ban country.
I also run banip and adblock on my gateway firewall that may or may not be helping. Nor to I make use of any spam learning functions available on the sme server.

I don't have any stats for a direct internet facing sme server to compare results with.

Thank you so much for the feedback. I think  i will go this way also. Ill just see how it goes

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: What best approach for a mail server behind pfsense.
« Reply #5 on: May 26, 2021, 09:37:18 AM »
All my home/office boxes are server only.

Only ones in server gateway are my cloud ones with a dummy internal interface as that then runs the firewall.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline kryptos

  • ****
  • 245
  • +0/-0
Re: What best approach for a mail server behind pfsense.
« Reply #6 on: May 26, 2021, 10:00:37 AM »
All my home/office boxes are server only.

Only ones in server gateway are my cloud ones with a dummy internal interface as that then runs the firewall.

Thanks, I have one currently which is in server-gateway mode was years ago that i set it up. I had no problem with since public is not scarse. This new mail server is the opposite since I have to contend with one public address to shared with other services. This will be my first time to setup sme mailserver as server only.