Ms outlook not working behind pfsense - need help
-
HI there
I'm new to pfsense , but have pretty successfully configured squid + squidguard in my network.
My network topology consists of an ADSL modem + LAN.
My ADSL router has an ip address : 192.168.2.1, My pfsense WAN IP as 192.168.2.2 and the LAN Switch is on 192.168.1.0/24, my pfsense LAN IP is 192.168.1.200I'm using squidguard (squid in on-transparent mode with port 3128 for internet access via proxy). I've no issues with internet access using my blacklist and whitelist.
The issue is using MS-Outlook 2007 clients on my LAN. I've a rediffmailpro.com account in the web and have configured outlook 2007 as IMAP client to use my email accounts. Before the pfsense was introduced, it used to work fine.
After installing the pfsensem my outlook clients are unable to connect to the email server itself. If seems they are unable to resolve the DNS itself and the outlook client throws an error "unable to reach E-mail server".
I've kept 192.168.1.200 as my gateway for LAN clients and the DNS server as 192.168.2.1 as well as my ISP dns of 50.185.0.23
But none of them works.
From the pfsense diagnostics menu, i'm able to resolve the DNS lookup, but running nslookup from my windows client on LAN, doesn't yield any results.
I guess there's something to be done either in routing and/or NAT on pfsense,
Can somebody guide how to?
Thanks
Prasad -
You shouldn't need to do anything. I suspect that you setup the domain name in Pfsense which is probably giving you some trouble. If you think its a dns issue try to use the fqdn of your mail server. Another thing you could try is to set your dns statically on your clients to confirm a dns issue, 8.8.8.8 or 4.2.2.2 works great for this. When you do a nslookup from the command line do you get a ipv4 server or a ipv6 server? Could be a ipv6 thing, I have seen this too.
-
well, the DNS setup at the client , using 8.8.8.8 as well as 4.2.2.2 doesn't resolve the problem. ipv6 is disabled on my clients. kindly advice further. Thanks for your reply
-
the fqdn of my mail server is pop.rediffmailpro.com and smtp.rediffmailpro.com
i've been using these before pfsense was installed, and it used to work fine.recently i get error in my outlook client , while testing the email account as "error 100502". My previous error of "email server not found" seems to have been resolved, when i switched on the DHCP service on the LAN interface on pfsense.
I hope someone finds a solution to this issue.
thanks
-
These are my settings. Pls refer to the diagrams attached.
I wonder whats stopping my outlook clients to access the pop3 and smtp servers @pop.rediffmailpro.com and smtp.rediffmailpro.com
squid is configured under non-transparent mode using port 3128 with squidguard. I've no issues with squid and/or squidguard. Even Lightsquid is generating all reports.
 -
Do i need to bridge from LAN-WAN?? to make my outlook access the pop and smtp servers outside my LAN network?
IF so, kindly someone guide.Thanks
-
So you removed the default any any rule and put in your own specific rules.. With clearly no understanding of them at all - since for example POP does not freaking run on UDP ;) And looks like your just guessing at what you use since you have IMAP and POP and imap over ssl, etc. etc.
So what I would suggest is you put the default rule back, remove what you put in there - does outlook work now? Since you don't even allow 80 or 443 in those rules.
If you want to lock it down to just outlook, sniff a session with outlook to validate what ports it uses and then lock down your rules. Or review what protocols your using to access your mail - its unlikely your using both pop and imap and both of them clear and secure all at the same time, etc.
-
ooops !! must have accidentally deleted it
can you pls send a snap of how the default rule looks like. I will add it.
Thanks .
-
Its any any rule.
-
Thanks johnpoz.
I'll try that today and revert.
Meanwhile are you sure that:
1. My squid working in a on-transparent mode does not have any issues with this?
2. I don't need any bridging to be done?
3. I don't have to add any such rules on my WAN interfacefor my outlook access from within the LAN.
Thanks again.
-
hi johnpoz
In-spite of adding the any any default allow rules at the top of the rules, doesnt help my outlook access the pop.rediffmailpro.com as well as smtp.rediffmailpro.com
I don't understand whether its the issue of the rules or squid. I'm able to access the web-sites though, with all the squidguard filtering active.
Also, i noticed that my antivirus doesnt take any updates too.
so basically its like my web browsing is fine, but any other application isn't being able to access the internet behind pfsense.i'm using 3128 as the proxy port in my web browsers.
Thanks.
-
Yes. Have you configured your LAN settings on the PC's to use 3128 as proxy as well??
If its only your webbrowsers then Outlook doesnt have a clue that you use proxy.
-
yes.
i've configured my web browsers to use the proxy port as 3128 , and that how i'm accessing the internet so far, with squidguard filters active.
Its just that outlook isn't able to connect to my pop and smtp servers. precisely the servers are pop.rediffmailpro.com and smtp.rediffmailpro.com
what ive also noticed that from my client pc's i'm unable to ping the ADSL router ip (192.168.2.1) , but i can ping the WAN ip (192.168.2.2) which is directly connected to the ADSL router.
any luck!!
-
^ exactly if your using a proxy you need to tell your applications to use the proxy.. Your transparent mode proxy only works on web ports I believe, I do not believe it works on non 80/443 ports.
I don't use the proxy in pfsense for many years.. I don't see the point in a home setup.. Unless you have kids you need to filter from bad sites, etc. Yes back in the day when my sons were teenagers filtering porn was a common task ;)
So either have outlook use your proxy or rethink your need of proxy in a home setup - is this a home setup?
-
hi
I'm using pfsense in a small office setup , where ,my primary requirement is to block web based email access. Hence i'm bond to use outlook client for my pop and smtp servers hosted on the my webspace (ISP) provider. The email service provider is rediffmailpro.comI'm NOT using TRANSPARENT mode of squid. I'm using the port 3128 (configured in my browser) to access the internet.
Do you mean to say that i need to configure squid in TRANSPARENT mode inorder to make other application such as outlook and antivirus software get connected to the internet?
also, there's no setting as such in the outlook client to configure it to use a proxy. It takes the settings from Internet Explorer browser itself.
Hope there's a solution to this.
Thanks All
-
If you using in explicit mode - then configure your client vs relying on auto anything..
But if your not using transparent mode then anything not set to use the proxy should just go out the normal firewall rules and should work.
So you have any any rule currently - tell outlook NOT to use the proxy and does it work then? If so then you can configure the correct firewall rules to work and you will be good
-
hi
the issue is this. Outlook doesn't have any settings for proxy setup. It uses the setup provided by IE (browser).
i've decided to re-install pfsense and try this all over again. Actually a bit fed up with tweaking it for past one week.
Thanks
-
And you can tell outlook NOT to do that!!!
-
i need to check that.
meanwhile i tried changing my email client from outlok to thunderbird. The best part is thunderbird has a settings for proxy, but when i configure it, and try to acces my mails, i see no errors , but even i don't see any mails popping and mails are not going out too.
So i decided to re-install pfsense all over again with squid and squidguard + lightsquid
Do you thin that SQUID has to be configured in Transparent mode for this thing to work?? I guess not. Let me try again and revert.
Thanks
-
Ok - so outlook 2007, I can look when I fire up my work laptop. But from quick google guess it has no proxy settings. And only uses IE setting, but only for http.
So that being said - if your lan rules allow the traffic it should work.
Tell you what – if you setup a test email account for me to play with, more than happy to work out what you need to do. Just PM me the details. I wont be sending more than a couple of test emails to validate it works. And then you can kill the account.
I don't have any problems firing up squid for testing, etc.
