Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem with Mailserver because reverse lookup failes

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 3 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Arne
      last edited by

      Hey all together,
      I installed pfSense on a wrap board to replace an old server that serves as a firewall and as DNS for the local networks.

      I have three interfaces: The WAN interface with a fixed external IP (and two additional virtual IPs which do not work currently as well)
      A local 192.168.0.0 net which is the main LAN (LAN) and another segment which is 192.168.1.0. (LAN1) which contains the mail and webserver. I configured portforwarding for the two external IPs for smtp and http. I activated the DNS forwarder function and added the hostnames of the mail and webserver that they are resolved with their private IP because they are not accessible with their public IP from LAN.

      When I connect to the webserver from LAN erverything works fine, when I try to send or receive Mail everything is extremely slow and after five minutes I get the error message that sendmail cannot resolve the domain of the senderadress. I think that this is because the reverse lookup on the local adress from LAN1 is not succesfull.

      As far as I know dnsmasq is not capable to provide reverse lookups and if I would use an external DNS server I would get the external IP within the LAN.
      Is there any chance to get this constellation working without changes on the existing structure?

      My alternative idea was to replace LAN1 with a DMZ in bridged mode with the WAN interface and external IPs for the mail and webserver but I dont want to change to much on the configuration of the server because Im not that familiar with its configuration.

      I hope its possible to follow my descrition and would be glad about helpful comments…

      Thanks in advance

      Arne

      1 Reply Last reply Reply Quote 0
      • N
        newmember
        last edited by

        Not sure how pfsense uses dnsmasq, but dnsmasq does have the option -h, –no-hosts which does not read the /etc/hosts file, there is also -H which can read an alternate hosts file.
        So you can set host descriptions interanlly this way using dnsmasq.
        You can also use dnsmasq as a MX look up intercept, where by any MX look up is intercepted and you can set your mail server as the default mail server for the LAN interface.
        I personally, set a NAT that intercepts all outbound mail from the LAN and redirect it to  the mail server in my DMZ.  This way no matter what they enter as mail server it hits my server in the DMZ.
        rdr on xl1 inet proto tcp from <emailserver>to any port = smtp -> 192.168.0.50
        <emailserver>is a table of internal hosts that should be intercepted, there are a few hosts I did not want to intercept.
        Remember to install spamd and help everyone.</emailserver></emailserver>

        1 Reply Last reply Reply Quote 0
        • H
          hoba
          last edited by

          Some things to try (though I'm pretty tired atm so if I talk nonsense please forgive me):

          • enable nat reflection at system>advanced. This way your server should be accessable even by it's WAN IP
          • enable "Register DHCP leases in DNS forwarder" at services>dns forwarder. this way your dhcp clients should be resolvable via their hostname
          • add forwarding DNS-Servers for your clientsdomain if you are running another dns server for these clients at services>dns forwarder
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.