Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SMTP redirection

    Scheduled Pinned Locked Moved NAT
    19 Posts 5 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      doktornotor Banned
      last edited by

      Looks like you did put source address (192.168.0.99) into destination address. That definitely won't work as expected.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        What is the IP address of the source host (PBX).  What is the IP address of the gateway interface (pfSense), and what is the IP address of the destination mail server?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • A
          almabes
          last edited by

          Just being thorough, you already tried the easy way, right?  In whatever legacy application application specifying smtp.mymailserver.wherever:587 or something along those lines?  Clicking an advanced button or tab and looking for an SMTP port textbox?

          Port forwards are for inbound traffic.  Edit:  Apparently not…I am mistaken, they work both ways.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Traffic subject to port forwarding can be inbound to LAN as easily as it is inbound to WAN.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • A
              almabes
              last edited by

              @Derelict:

              Traffic subject to port forwarding can be inbound to LAN as easily as it is inbound to WAN.

              I sit on my couch, corrected.  Thanks!

              1 Reply Last reply Reply Quote 0
              • J
                Jakeyg
                last edited by

                Derelict

                legacy mail -> 192.168.0.99
                pfsense -> 192.168.0.1
                external mail server -> for obvious reasons i dont want to give the full ip here.

                Almabes
                yes i have tried with the IP:port_number however after spending an hour with their tech support they say that it will ONLY send to port 25 and that there is no recognition of a :port_number in the address, sadly.  great coding!

                1 Reply Last reply Reply Quote 0
                • A
                  almabes
                  last edited by

                  @Jakeyg:

                  yes i have tried with the IP:port_number however after spending an hour with their tech support they say that it will ONLY send to port 25 and that there is no recognition of a :port_number in the address, sadly.  great coding!

                  It was worth a mention…Sometimes the easy button gets overlooked.

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    Ok, then I'll make one up.  Sheesh.  We'll call it 84.85.86.87

                    Firewall > NAT, Create a Port Forward
                    Interface: LAN
                    Source: *
                    Dest: LAN address
                    Dest Port: 25
                    NAT IP: 84.85.86.87
                    NAT Port: 587

                    Point your device at 192.168.0.1:25

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • J
                      Jakeyg
                      last edited by

                      Thanks Derelict

                      Thats pretty much how i had set it up except that on the legacy server i had it pointing to the email server, with the username and password it said that it registered successfully, however now that i have changed it it also says registered successfully.  however i still dont receive emails.

                      grrr legacy crap!

                      legacy.jpg
                      legacy.jpg_thumb

                      1 Reply Last reply Reply Quote 0
                      • D
                        doktornotor Banned
                        last edited by

                        Lets try again: The rule should have the legacy crap box IP as source address in the first place, whatever IP that is setup in the "email notification server" and po 25 as destination IP/destination ports, and the real email server and port 587 as NAT IP/NAT ports.

                        That's definitely not what's shown on your screenshot, though.

                        1 Reply Last reply Reply Quote 0
                        • DerelictD
                          Derelict LAYER 8 Netgate
                          last edited by

                          On your crap box the email notification server should be 192.168.0.1

                          Does an address need to be present on the interface to do NAT or could he do this?? :

                          Firewall > NAT, Create a Port Forward
                          Interface: LAN
                          Source: 192.168.0.99
                          Dest: 84.85.86.87
                          Dest Port: 25
                          NAT IP: 84.85.86.87
                          NAT Port: 587

                          Chattanooga, Tennessee, USA
                          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                          1 Reply Last reply Reply Quote 0
                          • 2
                            2chemlud Banned
                            last edited by

                            There is a good chance this is not going to work anyways. Workaround: Set up a little, LOCAL eMailserver (for Windows: e.g. https://www.hmailserver.com) for the port 25 devices, read eMails from this via a VPN tunnel  with Thunderbird, which  can easily handle such local mail servers.

                            Takes you half an hour and your done…

                            1 Reply Last reply Reply Quote 0
                            • DerelictD
                              Derelict LAYER 8 Netgate
                              last edited by

                              There is a good chance this is not going to work anyways.

                              Why not?  It's just a port forward.

                              Chattanooga, Tennessee, USA
                              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                              Do Not Chat For Help! NO_WAN_EGRESS(TM)

                              1 Reply Last reply Reply Quote 0
                              • A
                                almabes
                                last edited by

                                I believe you can set the native SMTP on a windows box to do the relay for you, without having to download and install additional server software.

                                Couldn't you just point the PBX at your MX anyway and be done, not try to connect to the client submission port?

                                1 Reply Last reply Reply Quote 0
                                • DerelictD
                                  Derelict LAYER 8 Netgate
                                  last edited by

                                  You can also translate only the port on its way through LAN:

                                  Firewall > NAT, Create a Port Forward
                                  Interface: LAN
                                  Source: *
                                  Dest: 84.85.86.87
                                  Dest Port: 25
                                  NAT IP: 84.85.86.87
                                  NAT Port: 587

                                  Point your device at 84.85.86.87

                                  Chattanooga, Tennessee, USA
                                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                  1 Reply Last reply Reply Quote 0
                                  • 2
                                    2chemlud Banned
                                    last edited by

                                    @Derelict:

                                    There is a good chance this is not going to work anyways.

                                    Why not?  It's just a port forward.

                                    I don't understand much of the SMTP protocol but I could frequently not make the old stuff work with current SMTP servers for sending status eMails. That's why I set up a local server just for receiving these mails. Works fine and better than sending my status eMails as post cards via the the internet… ;-)

                                    1 Reply Last reply Reply Quote 0
                                    • DerelictD
                                      Derelict LAYER 8 Netgate
                                      last edited by

                                      Security is another issue entirely.

                                      OP wanted to know how to translate connections to a mail server on 25 to 587.

                                      The port forward does that.

                                      Chattanooga, Tennessee, USA
                                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.