Blackberry devices no longer email
-
Thanks for the feedback everyone.
I do have port 80 forwarded as well to the email server.
Webmail does work fine remotely.
It appears it is an Blackberry specific problem. Not sure what is hanging them though? I'll have to do a Wireshark marathon from the email server itself,and see were the connection quits back and forth. If there happens to be any Blackberry experts on board,,maybe they have seen the fix for this?
Also I have tested with Outlook ,OE,Evolution remotely and they all work fine as well.
hhmmm,,,,?Thanks,
Barry -
Thanks for the feedback everyone.
I do have port 80 forwarded as well to the email server.
Webmail does work fine remotely.
It appears it is an Blackberry specific problem. Not sure what is hanging them though? I'll have to do a Wireshark marathon from the email server itself,and see were the connection quits back and forth. If there happens to be any Blackberry experts on board,,maybe they have seen the fix for this?
Also I have tested with Outlook ,OE,Evolution remotely and they all work fine as well.
hhmmm,,,,?Thanks,
BarryNo need to Wireshark, do this```
tcpdump -ni <lan int="" name=""> net 206.51.26.0/24</lan>it will show communication with Blackberry servers. -
Eugene,
Thanks for the tip. Hopefully using the command you provided it will not be a tcpdump marathon,,,:-).
OK, so if the internal email server's ip address is 172.28.8.55 , I would run in a shell on pfSense machine:tcpdump -ni 172.28.8.55 net 206.51.26.0/24
This seems idiot proof,even for me!
One thing I noticed I do not have port 443 forwarded and wonder if this may be required for Blackberry devices to try and at least negotiate at secure login first?
Does pfSense come with tcpdump installed?
Thanks,
Barry -
No, mail server is out of picture here if you do not have Blackberry Enterprise server running within your Organization.
I suppose blackberries use your network via WiFi to connect to RIM's servers to synchronize e-mails.
So command would be
tcpdump -ni em0 net 206.51.26.0/24substitute em0 with real interface name of your LAN (bge0? rl0?).
-
Eugene,
Thanks again!
With our old firewall setup,,,somehow,,all of the blackberry users could use it for our email server. I honestly don't even know how they set it up…:-). I m not even sure how all of the BB Enterprise sever thing even comes into play. It sounds like yet another maintenence nightmare right off of the bat. We do have lots of people now that have Blackberrys,,even in our little hillbilly community school so I have to get this resolved asap!,,,:-).
Are you saying it should not even be able to use this with an non Blackberry type email server?
I'll give the command you provided a spin!Thanks!
Barry -
You're still confusing webmail (80 or 443) which involves using a web server to access your email, and SMTP, POP3 and IMAP (25, 110 and 143). Don't mix them up.
Please post a screenshot of your WAN interface rules.
-
Blackberry does not connect to your e-mail server even being connected to your LAN. Even if you see e-mails from your server on your BB. It actually does not have e-mail client in the sense we use this word. It does not work this way. BB connects to a server at RIM (Research In Motion) over secure protocol developed by RIM, and this server pulls e-mails from your e-mail server showing them on your BB. The same (but opposite direction) is true for sending e-mails.
Again, when you go to WEB from your BB trying to see some web-page your BB sends request to some server in RIM and RIM then delivers contents from this page to you BB.
Actually it is very interesting topic "how blackberry works". I might be mistaken in what I've said above but this is what I've traced setting up ipsec-tunnel Blackberry - pfSense. -
Thanks again to all for info provided.
Havok, When I get back to the salt mines Monday I'll put some screen shots of the WAN firewall rules .
Eugene, Sounds like you been nerding on the BB architecture,,,:)
Only thing different I can see is the former firewall/commercial setup,,,did have both an smtp and and pop3 relay built into it.
But,,,as I stated earlier I can make Outlook ,Outlook Express, Evolution work without a hitch remotely–telnet 25--sendmail & 110--dovecot ,,,blah,,blah,works,, as well as inside the LAN. Webmail works fine both remotely and LAN side too,FYI.
Seems like there must be a port missing for BB servers to pull/push from the internal email server.
Do any of you's think enabling the nat reflection would do any good? Guess I'll just have to do the tcpdump routine Monday and see were the chatter quits at.
Asking again as I have not had to use it,,,is tcpdump installed on pfSense 1.2.3 by default?
pfSense is working pretty sweet so far,,other than the BB snafoo.:)Take Care,
Barry -
Hello All,
Attaching two screen shots of the pfSense WAN rules. I added the last two entries in Wan_02 just to see if BB devices would work,which they did not. I see I do not have port 143 forwarded ,but we can in fact log into Webmail remotely as I have a dedicated VIP for this. Could this be why the BB devices are not touching the internal email server correctly?
FYI: The internal email server IP is 172.28.8.55
Someone can look at the screen shots and tell me what I have wrong?…:-)
I would guess there are some redundancies as I was desperate trying to get the BB's to work.Thanks,
Barry
-
Obviously you do not understand what you are doing and what is even more sad you are not listening to us. I think commercial support http://www.pfsense.org/index.php?option=com_content&task=view&id=62&Itemid=73 is the way to go.
-
Barry,
As it says in my signature - don't PM me for assistance or to direct my attention to a post.
I've said everything I need to say. As Eugene says you're not listening to us so there's no point in us wasting our time with you.
-
Thanks to all who provided ideas on a resolve for the BB email problem.
I wound up deleting all port forwards,and recreated tcp 25,110,143 along with 80/VIP for imap and BB works fine now.
Also used the tcpdump command provided by Eugene to see interaction between pfSense box and BB servers as well.
Hope some day I become important as well.Thanks,
Barry
