Since switching to PFSENSE NEXTCLOUD ANS SNAPPYMAIL CAN'T REACH ANY IMAP OR SMTP SEVRER!

d.k

Since switching to PFSENSE NEXTCLOUD ANS SNAPPYMAIL CAN'T REACH ANY IMAP OR SMTP SEVRER! My mac's still can connect with the mail program and I am able to receive and send emails but snappy mail and nextcloud can't connect the connection is SSL/TLS 995 and 465! I don't know what to do I have already added a rule but that didn't help either because chatgpt suggested that!:

(Both instances run in virtualmin!

login-to-view

login-to-view login-to-view

johnpoz

@d-k those rules above this are pointless

login-to-view

Since this rule already allows any any..

That error with ssl:// that is not a valid uri normally - maybe that is how this snappymail you set it up.. but ssl:// is not standard..

But your any any rule allows port 993 over any protocol over IPv4

I would for sanity check from that system - see if you can just make a openssl connection

root@i9-win:/# openssl s_client -connect imap.gmail.com:993 -crlf -quiet
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services, CN = WR2
verify return:1
depth=0 CN = imap.gmail.com
verify return:1
* OK Gimap ready for requests from 209.snippedmypublicIP dl10mb449017108iob

That would tell you for sure if the port is open through pfsense

d.k

@johnpoz Here is the output as I understand it can reach google!:
login-to-view

johnpoz

@d-k yup exactly - and you got the cert they use.. Pfsense is not the problem here in letting you talk to that IP on that port. Like said your any any rule would allow you..

d.k

@johnpoz hmm but it says it can't reach but terminal can it makes no sense, thanks though, still it used to work before switch to pfsense that's why I came here not to the instance forums! Any suggestion what I can try I am not an expert neither in networking nor server side stuff! Maybe virtualmin has something switched when it asked me to change ip adress!?

Any way if you don't know anything else that could help me figure out thanks and have a good evening or day!

johnpoz

@d-k unless your running something else snort or something, pfsense out of the box blocking nothing outbound. Or using a proxy in pfsense?

But if where you ran that command is routing through pfsense - then clearly pfsense is not blocking you from talking to imap.gmail.com on port 993.

Maybe your snappymail config points to a specific dns or gateway that needs to be update to reflect your current setup. But that command clearly shows you can talk to to imap.gmail.com on 993..

I have never ran or have any experience with snappymail or how you have it set it up - but from your output, pfsense isn't blocking it.

d.k

@johnpoz Your right thanks though its somewhat weird even the admin backend isn't working anymore says invalid token I. probably have to reinstall it there must be something wrong with it and as for nexcloud maybe there is something to configure in the settings!
Thanks for the help!

johnpoz

@d-k Token? Maybe since your public IP changed, or its local IP changed - whatever this token is used is no longer valid..

If you create some local token for license or something that had used say the machines IP of 192.168.1.100 in the process, and now the machines IP is 192.168.1.200 then sure that token prob wouldn't be valid any more on a machine with a different IP, even if its the same machine.

d.k

@johnpoz Yeah that would make sense I have to check the Doc and see if such thing is generated or created at setup! Thank You!

d.k

@johnpoz Found the issue I had to setup the right dhcp6 prefix in wan and enable ipv6 in the network now the server was able to reach map so the issue is that the ubuntu server seem to use primary the ipv6 instead of the ipv4 that they get!