Ms outlook not working behind pfsense - need help

mikeisfly

You shouldn't need to do anything. I suspect that you setup the domain name in Pfsense which is probably giving you some trouble. If you think its a dns issue try to use the fqdn of your mail server. Another thing you could try is to set your dns statically on your clients to confirm a dns issue, 8.8.8.8 or 4.2.2.2 works great for this. When you do a nslookup from the command line do you get a ipv4 server or a ipv6 server? Could be a ipv6 thing, I have seen this too.

cgprasad

well, the DNS setup at the client , using 8.8.8.8 as well as 4.2.2.2 doesn't resolve the problem. ipv6 is disabled on my clients. kindly advice further. Thanks for your reply

cgprasad

the fqdn of my mail server is pop.rediffmailpro.com and smtp.rediffmailpro.com
i've been using these before pfsense was installed, and it used to work fine.

recently i get error in my outlook client , while testing the email account as "error 100502". My previous error of "email server not found" seems to have been resolved, when i switched on the DHCP service on the LAN interface on pfsense.

I hope someone finds a solution to this issue.

thanks

cgprasad

These are my settings. Pls refer to the diagrams attached.

I wonder whats stopping my outlook clients to access the pop3 and smtp servers @pop.rediffmailpro.com and smtp.rediffmailpro.com

squid is configured under non-transparent mode using port 3128 with squidguard. I've no issues with squid and/or squidguard. Even Lightsquid is generating all reports.


cgprasad

Do i need to bridge from LAN-WAN?? to make  my outlook access the pop and smtp servers outside my LAN network?
IF so, kindly someone guide.

Thanks

johnpoz

So you removed the default any any rule and put in your own specific rules..  With clearly no understanding of them at all - since for example POP does not freaking run on UDP ;)  And looks like your just guessing at what you use since you have IMAP and POP and imap over ssl, etc. etc.

So what I would suggest is you put the default rule back, remove what you put in there - does outlook work now?  Since you don't even allow 80 or 443 in those rules.

If you want to lock it down to just outlook, sniff a session with outlook to validate what ports it uses and then lock down your rules.  Or review what protocols your using to access your mail - its unlikely your using both pop and imap and both of them clear and secure all at the same time, etc.

cgprasad

ooops !! must have accidentally deleted it

can you pls send a snap of how the default rule looks like. I will add it.

Thanks .

johnpoz

Its any any rule.

cgprasad

Thanks johnpoz.

I'll try that today and revert.

Meanwhile are you sure that:
1. My squid working in a on-transparent mode does not have any issues with this?
2. I don't need any bridging to be done?
3. I don't have to add any such rules on my WAN interface

for my outlook access from within the LAN.

Thanks again.

cgprasad

hi johnpoz

In-spite of adding the any any default allow rules at the top of the rules, doesnt help my outlook access the pop.rediffmailpro.com as well as smtp.rediffmailpro.com

I don't understand whether its the issue of the rules or squid. I'm able to access the web-sites though, with all the squidguard filtering active.

Also, i noticed that my antivirus doesnt take any updates too.
so basically its like my web browsing is fine, but any other application isn't being able to access the internet behind pfsense.

i'm using 3128 as the proxy port in my web browsers.

Thanks.

Supermule

Yes. Have you configured your LAN settings on the PC's to use 3128 as proxy as well??

If its only your webbrowsers then Outlook doesnt have a clue that you use proxy.

cgprasad

yes.

i've configured my web browsers to use the proxy port as 3128 , and that how i'm accessing the internet so far, with squidguard filters active.

Its just that outlook isn't able to connect to my pop and smtp servers. precisely the servers are pop.rediffmailpro.com and smtp.rediffmailpro.com

what ive also noticed that from my client pc's  i'm unable to ping the ADSL router ip (192.168.2.1) , but i can ping the WAN ip (192.168.2.2) which is directly connected to the ADSL router.

any luck!!

johnpoz

^ exactly if your using a proxy you need to tell your applications to use the proxy..  Your transparent mode proxy only works on web ports I believe, I do not believe it works on non 80/443 ports.

I don't use the proxy in pfsense for many years..  I don't see the point in a home setup..  Unless you have kids you need to filter from bad sites, etc.  Yes back in the day when my sons were teenagers filtering porn was a common task ;)

So either have outlook use your proxy or rethink your need of proxy in a home setup - is this a home setup?

cgprasad

hi
I'm using pfsense in a small office setup , where ,my primary requirement is to block web based email access. Hence i'm bond to use outlook client for my pop and smtp servers hosted on the my webspace (ISP) provider. The email service provider is rediffmailpro.com

I'm NOT using TRANSPARENT mode of squid. I'm using the port 3128 (configured in my browser) to access the internet.

Do you mean to say that i need to configure squid in TRANSPARENT mode inorder to make other application such as outlook and antivirus software get connected to the internet?

also, there's no setting as such in the outlook client to configure it to use a proxy. It takes the settings from Internet Explorer browser itself.

Hope there's a solution to this.

Thanks All

johnpoz

If you using in explicit mode - then configure your client vs relying on auto anything..

But if your not using transparent mode then anything not set to use the proxy should just go out the normal firewall rules and should work.

So you have any any rule currently - tell outlook NOT to use the proxy and does it work then?  If so then you can configure the correct firewall rules to work and you will be good

cgprasad

hi

the issue is this. Outlook doesn't have any settings for proxy setup. It uses the setup provided by IE (browser).

i've decided to re-install pfsense and try this all over again. Actually a bit fed up with tweaking it for past one week.

Thanks

johnpoz

And you can tell outlook NOT to do that!!!

cgprasad

i need to check that.

meanwhile i tried changing my email client from outlok to thunderbird. The best part is thunderbird has a settings for proxy, but when i configure it, and try to acces my mails, i see no errors , but even i don't see any mails popping and mails are not going out too.

So i decided to re-install pfsense all over again with squid and squidguard + lightsquid

Do you thin that SQUID has to be configured in Transparent mode for this thing to work?? I guess not. Let me try again and revert.

Thanks

johnpoz

Ok - so outlook 2007, I can look when I fire up my work laptop.  But from quick google guess it has no proxy settings.  And only uses IE setting, but only for http.

So that being said - if your lan rules allow the traffic it should work.

Tell you what – if you setup a test email account for me to play with, more than happy to work out what you need to do.  Just PM me the details.  I wont be sending more than a couple of test emails to validate it works.  And then you can kill the account.

I don't have any problems firing up squid for testing, etc.

cgprasad

what details you need?
I'll be onsite from 11am IST.

Let me know.

thanks