Re: [pfSense Support] pfSense 2.0 and SpamAssassin
If anyone comes across this on the archives, due to the lack of a compiler et all I found no way to achieve compiling SA on pfSense (probably could have compiled in on a FreeBSD box and moved everything over but that seems too arse-about-tit to me). I have virtualized pfSense on a CentOS box and run Exim and SA on the host machine, I didn't find a way around this but I'm all ears for future reference if anyone does find a way to achieve this :) -- Regards, James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
On 21/10/10 14:23, James Bensley wrote: If anyone comes across this on the archives, due to the lack of a compiler et all I found no way to achieve compiling SA on pfSense pfsense is based on freebsd 7.2, get a copy here... ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/7.2-RELEASE/ you can, if you're masochistic, use pkg_add -r to download and install packages, having set your environment appropriately, e.g. in tcsh setenv PACKAGESITE ftp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/7.2-RELEASE/packages/Latest/ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
argh, sorry, I didn't see the 2.0 bit... don't know which version it uses, but the same would apply, use pkg_add and if needed set the env var so it can find the package repository. but I would advise grabbing the appropriate version of freebsd and using that as a build platform rather than kludging pfsense install? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
On 21 October 2010 15:07, Paul Mansfield it-admin-pfse...@taptu.com wrote: argh, sorry, I didn't see the 2.0 bit... don't know which version it uses, but the same would apply, use pkg_add and if needed set the env var so it can find the package repository. but I would advise grabbing the appropriate version of freebsd and using that as a build platform rather than kludging pfsense install? Sadly, no SA build available in the repo's (well, no spamd spamc anyway, I think the perl scrips where there though) -- Regards, James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
So, one step at a time is always a good approach, and I am falling down at the first step ;) Its proving awkward to even compile Spam Assassin so I can try it in a jail as pfSense doesn't have the 'make' command in it, it shows up in the the FreeBSD ports but I can't compile the source without 'make' its self (which seems silly including a command which requires you to have it already built before you can build it? And also why not include 'make' anyway, it seems like such a trivial command to have?) So, has any one got any pointers as to how I can tackle this? -- Regards, James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
Hi, Yeah if you can run VMware ESXi on the box and then run whatever VMs you need, that's a good solution. Or you can look at the jailctl package and run a full jail for spamassassin and whatever else you want to throw on it. This is in production at one site atleast, a all in one wonder with VMs. The ESX box has just 1 network plug to the outside network, it runs 2 VMs for a carp setup and a virtual switch network where the server VMs run. It's done so perfectly well for over a year now. The carp is there so that firmware upgrades don't break connectivity. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
Op 13-10-2010 23:55, James Bensley schreef: Thank you too all for your input. I think running two VMs on top of the host OS (although it would be nice) is too much overhead for my liking given the spec of the box. I like the sound of jailctl, I will give this a go and report back my findings ;) Approach it not from the overhead part, but from the flexible part. If, at some point, they require another server solution that wasn't available before you can setup a new VM instead. Since your budget is 0 to begin with that might not be such a bad starting point. VMs also allow for easy updates, upgrades and snapshots. That is, a firmware/software update gone wrong can easily rolled back. I've had a few awful experiences with home built all in one linux machines. And upgrades then tended to break everything at once. Joy. Depends on the person, skills and luck involved ofcourse. My all in one wonder is a Dell Optiplex 755 with a C2D 2.33Ghz and 8GB ram. A rather modest ESX machine if I say so myself. It runs ESXi 3.5 still. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
On 10/13/2010 1:37 PM, James Bensley wrote: Hi List, I would like to put Spam Assassin on a pfSense 2.0 box and I see that here (http://www.pfsense.com/packages/pkg_config.xml) it is listed as a package to install but doesn't show up in my package list on my 2.0 box, is this the package list for 1.2.3 perhaps? If so, is there any intention of making a package for it or am I better off just installing Spam Assassin onto my pfSense box manually? Any tips or points would be greatly appreciated :) You'd be better of installing SpamAssassin on a box that isn't a secure firewall. :-) Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
On 13 October 2010 19:00, Jim Pingle li...@pingle.org wrote: You'd be better of installing SpamAssassin on a box that isn't a secure firewall. :-) Sadly the isn't an option for me, I'm setting up a network edge box to run pfSense, SpamAssassin, ClamAV, Squid and Squidgaurd to filter all traffic in and out bound and I have no other boxes to achieve this with so I'm going for an all in wonder :) -- Regards, James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
- Original Message - From: James Bensley jwbens...@gmail.com To: support@pfsense.com Sent: Wednesday, October 13, 2010 2:22:00 PM Subject: Re: [pfSense Support] pfSense 2.0 and SpamAssassin On 13 October 2010 19:00, Jim Pingle li...@pingle.org wrote: You'd be better of installing SpamAssassin on a box that isn't a secure firewall. :-) Sadly the isn't an option for me, I'm setting up a network edge box to run pfSense, SpamAssassin, ClamAV, Squid and Squidgaurd to filter all traffic in and out bound and I have no other boxes to achieve this with so I'm going for an all in wonder :) -- Regards, James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org You may want to look at untangle then. http://www.untangle.com - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
On Oct 13, 2010, at 7:37 PM, James Bensley wrote: Hi List, I would like to put Spam Assassin on a pfSense 2.0 box and I see that here (http://www.pfsense.com/packages/pkg_config.xml) it is listed as a package to install but doesn't show up in my package list on my 2.0 box, is this the package list for 1.2.3 perhaps? LONG before that (that's the 6.x package list, about 5-6 years ago). That package never worked, was started and not even remotely close to functional. You're in for a whole lot of work if you want to finish that. The code is still in git though, knock yourself out. But I would never run that on a firewall regardless with its security track record. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
On 13 October 2010 19:30, Gordon Russell russ...@clarkecounty.gov wrote: You may want to look at untangle then. http://www.untangle.com I have seen that before but sadly this isn't an option either, we are a non-profit and although they do discounted prices my budget is £0.00.. Thats why I previously mentioned that I didn't have another box I could separate these services over, the box we are running pfSense on was a greatly appreciated donation. On 13 October 2010 19:38, Chris Buechler cbuech...@gmail.com wrote: But I would never run that on a firewall regardless with its security track record. I see, this wasn't something I was aware off, I had contemplated running it as a virtual machine on the pfSense box and given your comments on security this might possibly elude such security flaws however I am unaware of any security flaws (because I'm new to spam assassin and need to do some homework first!) but I don't think I like the idea of running a VM on top of pfSense I would rather run SA along side it on the same box. *scratches head* I could virtualise /both/ pfSense and SA on the same box as separate VMs??!?...again I'd rather not...or would I? Noodle baker! -- Regards, James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
On Oct 13, 2010, at 9:10 PM, James Bensley wrote: *scratches head* I could virtualise /both/ pfSense and SA on the same box as separate VMs??!?...again I'd rather not...or would I? Noodle baker! Yeah if you can run VMware ESXi on the box and then run whatever VMs you need, that's a good solution. Or you can look at the jailctl package and run a full jail for spamassassin and whatever else you want to throw on it. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
On Wed, Oct 13, 2010 at 08:38:38PM +0200, Chris Buechler wrote: On Oct 13, 2010, at 7:37 PM, James Bensley wrote: Hi List, I would like to put Spam Assassin on a pfSense 2.0 box and I see that here (http://www.pfsense.com/packages/pkg_config.xml) it is listed as a package to install but doesn't show up in my package list on my 2.0 box, is this the package list for 1.2.3 perhaps? LONG before that (that's the 6.x package list, about 5-6 years ago). That package never worked, was started and not even remotely close to functional. You're in for a whole lot of work if you want to finish that. The code is still in git though, knock yourself out. But I would never run that on a firewall regardless with its security track record. How about putting that stuff in a jail on the pfSense box? -- Scott LambertKC5MLE Unix SysAdmin lamb...@lambertfam.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
- Original Message - From: James Bensley jwbens...@gmail.com To: support@pfsense.com Sent: Wednesday, October 13, 2010 3:10:00 PM Subject: Re: [pfSense Support] pfSense 2.0 and SpamAssassin On 13 October 2010 19:30, Gordon Russell russ...@clarkecounty.gov wrote: You may want to look at untangle then. http://www.untangle.com I have seen that before but sadly this isn't an option either, we are a non-profit and although they do discounted prices my budget is £0.00.. Thats why I previously mentioned that I didn't have another box I could separate these services over, the box we are running pfSense on was a greatly appreciated donation. The base version of untangle is free and will do everything you are looking for. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
On Wed, Oct 13, 2010 at 9:20 PM, Gordon Russell russ...@clarkecounty.gov wrote: The base version of untangle is free Aside from the hardware, with its considerable bloat, the hardware available may not be able to accommodate that scenario. Though if the hardware can run ESXi, putting it on a VM to do only spam (assuming that's possible, I'm not entirely sure), and only directing mail through it without putting it inline, should make that a non-factor. Then even if it is extremely slow it won't really matter. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
- Chris Buechler cbuech...@gmail.com wrote: On Wed, Oct 13, 2010 at 9:20 PM, Gordon Russell russ...@clarkecounty.gov wrote: The base version of untangle is free Aside from the hardware, with its considerable bloat, the hardware available may not be able to accommodate that scenario. Though if the hardware can run ESXi, putting it on a VM to do only spam (assuming that's possible, I'm not entirely sure), and only directing mail through it without putting it inline, should make that a non-factor. Then even if it is extremely slow it won't really matter. I was just suggesting to the OP that there is free software out there to achieve his goals -- which is more of a UTM than pure firewall scenario. In the OP's words he needs to: run pfSense, SpamAssassin, ClamAV, Squid and Squidgaurd to filter all traffic in and out bound Why cobble together a VM scenario to do that, when there is packaged, simple, free software achieve his ends? I don't know that a VM'ed scenario would be any less resource intensive than untangle. It would certainly be a more challenging learning experience for one to set up though. PFsense is a great firewall platform, and Chris you do a great job with it.. I'm not knocking it in any way, just suggesting to the OP that another platform may be better suited to his needs (and experience level). - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
Thank you too all for your input. I think running two VMs on top of the host OS (although it would be nice) is too much overhead for my liking given the spec of the box. I like the sound of jailctl, I will give this a go and report back my findings ;) -- Regards, James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
On Wed, Oct 13, 2010 at 10:41 PM, Gordon Russell russ...@clarkecounty.gov wrote: Why cobble together a VM scenario to do that, when there is packaged, simple, free software achieve his ends? I don't know that a VM'ed scenario would be any less resource intensive than untangle. It would certainly be a more challenging learning experience for one to set up though. Yes it would definitely require a lot more expertise, but it is a way to get more out of the same hardware if it's not a screaming fast box and that hardware is the only option. You can scale down the resources Untangle can have at the ESX level and if you're only pushing mail through it that won't have any noticeable performance impact on the environment. If you don't have that expertise or the time to get it, getting that expertise at the $0 budget likely isn't going to happen. Jails are a much faster, lower overhead, means of virtualization if you want to go the DIY route to build the anti-spam setup yourself. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
