Unable to telnet to aspmx3.googlemail.com
-
Hi,
i am unable to telnet aspmx3.googlemail.com from pfsense. i can connect if i plug the direct WAN cable to my system. i am getting this error:
#telnet aspmx3.googlemail.com 25
Trying 173.194.205.26…
Connected to aspmx3.googlemail.com (173.194.205.26).
Escape character is '^]'.
Connection closed by foreign host.Because of this, email notifications are not working. Please help us in this issue.
-
You say you can connect if you plug your computer directly into your internet line but not when connecting from behind the firewall? Have you tried running this test from the pfSense console itself? So what are your firewall rules? And are you running the same test (telnet 173.194.205.26 25) in both cases?
A screenshot of your firewall rules and NAT rules would help at the very least.
-
1/ You'll be sent to hell unless you have a valid PTR. (Connection closed by foreign host.)
2/ You shouldn't use port 25 (due to the above).
3/ You need openssl s_client, not telnet, to talk to servers that require encryption. (That is, once you've switched your notifications to a proper submission port with authentication.)
4/ None of this has anything to do with pfSense. -
Agreed, a PTR is a very desirable thing when sending emails, especially if the receiving host is picky about that sort of thing. If the lack of PTR was the issue then the problem would exist also when he connected directly with his PC and not through his firewall. Port 25 is a standard port for mail delivery and if the target host was acknowledging the connection without the firewall then it ought to with. I've telnetted myself to that exact Googlemail server from an external host without a PTR and am getting a proper response - not a 'connection closed' error. Therefore the problem may - or may not - have something to do with the pfSense firewall, but at this point it's too early to tell.
-
–>There are no NAT rules are configured, the existing 2 rules are disabled from long.
-->I have tried it from pfsense console, getting the same error. So that i tried by connecting the ISP WAN cable to my laptop and tested "teslnet aspmx3.googlemail.com 25". it works.
-->there are no Firewall rules configured. existing firewall rules are configured for Limiters.
-
Two things you need to provide: A screen-shot of your Outbound (not Inbound!) NAT rules and another screenshot of your LAN firewall rules. Without these it won't be possible to take this conversation any further I'm afraid.
Another thought: Have you tried running a telnet to a different external mail host from the pfSense command-line? Such as 'mta6.am0.yahoodns.net'? I've run a telnet to port 25 against this host and have got back a response. Do you?
-
Dude. Let me repeat it again. You damn should NOT use port 25 for your email notifications to Gmail.
there are no Firewall rules configured
ORLY? Yeah? So all traffic is blocked? Sigh….
-
I'm having similar problem connecting our app server to google apps smtp relay behind pfsense FW. Worked fine from EC2 host but recently moved back to local hosting.
Trying to connect from suitecrm and owncloud installs.
![Screen Shot 2015-08-21 at 11.45.26 AM.png](/public/imported_attachments/1/Screen Shot 2015-08-21 at 11.45.26 AM.png)
![Screen Shot 2015-08-21 at 11.45.26 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-08-21 at 11.45.26 AM.png_thumb)
![Screen Shot 2015-08-21 at 11.45.36 AM.png](/public/imported_attachments/1/Screen Shot 2015-08-21 at 11.45.36 AM.png)
![Screen Shot 2015-08-21 at 11.45.36 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-08-21 at 11.45.36 AM.png_thumb) -
1/ Your WAN rules are absolutely irrelevant here.
2/ There's nothing in your LAN rules preventing this from working (assuming you are trying to send via IPv4.)
2/ Let me spell it for the ~5th time here. Stop using port 25. It's routinely blocked by ISPs. -
I'm not using port 25. Using either SSL/TLS and still doesn't work.
![Screen Shot 2015-08-21 at 12.33.27 PM.png](/public/imported_attachments/1/Screen Shot 2015-08-21 at 12.33.27 PM.png)
![Screen Shot 2015-08-21 at 12.33.27 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-08-21 at 12.33.27 PM.png_thumb) -
If this was blocked by pfSense, there'd be a firewall log about it. Unless you have any, you'd better move your debugging elsewhere. Also, hijacking other poeple's threads is not exactly nice. That message is completely useless for diagnostics; use openssl s_client to debug.
https://scottlinux.com/2014/06/05/check-for-smtp-tls-from-command-line-with-openssl/
-
I'm not hijacking
If mine gets fixed more than likely his would as well.
Brainstorming… Thanks for the link though. I'll check it out.
-
Dude, stick to ONE thread.
https://forum.pfsense.org/index.php?topic=98390.0