Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Email Client times out trying to reach mailserver in lan

    Scheduled Pinned Locked Moved Firewalling
    18 Posts 3 Posters 829 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG
      Gertjan @TomNick
      last edited by

      @TomNick said in Email Client times out trying to reach mailserver in lan:

      It is SSl/TLS 993 and 465. I tried with 2 clients (Windows) Thunderbird and Outlook. None of them worked.

      They connect to what IP ?
      The one of the mail server ?

      Where are your client ? On the pfSense WAN ? Show your NAT rule(s) and related firewall rules.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      T 1 Reply Last reply Reply Quote 0
      • T
        TomNick @Gertjan
        last edited by TomNick

        @Gertjan said in Email Client times out trying to reach mailserver in lan:

        They connect to what IP ?
        The one of the mail server ?

        Where are your client ? On the pfSense WAN ? Show your NAT rule(s) and related firewall rules.

        @viragomann said in Email Client times out trying to reach mailserver in lan:

        Maybe we get closer, however, if you give some details about your network.

        Ok, WAN IP 37.27.xx.xx.xxx which is mail.mydomain goes to pfsense
        NAT is:

        brave_screenshot1.png

        The aliases are:

        brave_screenshot2.png

        The Windows Server is 192.168.21.103 and not able to connect via a client on that Windows server

        Pfsense is 192.168.21.100

        V GertjanG 2 Replies Last reply Reply Quote 0
        • V
          viragomann @TomNick
          last edited by

          @TomNick
          What give us concerns is that client and server are within the same subnet. So access from client to server should not pass pfSense at all.

          But just got an idea. I guess, your client uses your public FQDN?
          This would explain, why packets go to pfSense.

          If so, you should add an host override for the FQDN to your local DNS. Assuming, you're using DNS Resolver on pfSense.
          Otherwise you can enable NAT reflection in the port forwarding rule.

          T 2 Replies Last reply Reply Quote 1
          • T
            TomNick @viragomann
            last edited by

            This post is deleted!
            1 Reply Last reply Reply Quote 0
            • T
              TomNick @viragomann
              last edited by

              @viragomann said in Email Client times out trying to reach mailserver in lan:

              If so, you should add an host override for the FQDN to your local DNS. Assuming, you're using DNS Resolver on pfSense.
              Otherwise you can enable NAT reflection in the port forwarding rule.

              I tried all but no sucess. Maybe I did something wrong with the host override, here it is:

              brave_screenshot3.png

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @TomNick
                last edited by

                @TomNick
                Possibly the public IP is still present in the clients DNS cache.
                Try to flush it (ipconfig /flushdns) or reboot the machine.

                1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan @TomNick
                  last edited by

                  @TomNick

                  The NAT rules.

                  463830d7-da64-411e-9a83-f5dad9c5e34e-image.png

                  I still like to see the WAN firewall rules.
                  The (WAN) firewall rules contains packet counters, like these :

                  5a98ea6a-7e83-4287-a956-c27917456c63-image.png

                  so you can see right away if there was traffic from the Internet coming into the WAN interfaces that matches one of your WAN pass rules - these rules can be part of a NAT rule - as my third WAN firewall rule, as it NATs to a port on my syno disk-station, which is a pfSense LAN device.

                  So, again : your firewall rules ?

                  The port alias contains :

                  25,465, etc

                  So your the first NAT rules 'NATs' port 25.
                  Your third rules isn't needed and should be removed.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  T 1 Reply Last reply Reply Quote 0
                  • T
                    TomNick @Gertjan
                    last edited by TomNick

                    @Gertjan said in Email Client times out trying to reach mailserver in lan:

                    So, again : your firewall rules ?

                    brave_screenshot.png

                    @Gertjan said in Email Client times out trying to reach mailserver in lan:

                    So your the first NAT rules 'NATs' port 25.
                    Your third rules isn't needed and should be removed.

                    Done!

                    Ok, what I found out is, that if you call mail.mydomain from inside the windows client you get the pfsense cert. If you call mail.mydomain from outside your will get the letsencrypt cert which is correct.

                    V 1 Reply Last reply Reply Quote 0
                    • V
                      viragomann @TomNick
                      last edited by

                      @TomNick
                      The only possible reason for this is that your client resolves the host name to the public FQDN as already mentioned yesterday.

                      If you're not able to get your local DNS to work properly, edit the port forwarding rule for the mailserver ports and enable NAT reflection.

                      T 2 Replies Last reply Reply Quote 1
                      • T
                        TomNick @viragomann
                        last edited by

                        @viragomann said in Email Client times out trying to reach mailserver in lan:

                        If you're not able to get your local DNS to work properly, edit the port forwarding rule for the mailserver ports and enable NAT reflection.

                        It is already enabled I guess. The NAT reflection gives me 4 options:

                        default
                        NAT+Proxy
                        Pure NAT
                        Disable
                        

                        Mine is on default, still not working

                        V 1 Reply Last reply Reply Quote 0
                        • T
                          TomNick @viragomann
                          last edited by

                          @viragomann 'It is working by setting "host override". Thanks a lot for your trouble and have a good weekend

                          1 Reply Last reply Reply Quote 0
                          • V
                            viragomann @TomNick
                            last edited by

                            @TomNick said in Email Client times out trying to reach mailserver in lan:

                            Mine is on default, still not working

                            "default" means "System default". If this is set in the NAT rule, the setting in System > Advanced > Firewall & NAT > NAT Reflection mode for port forwards is used.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.