Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Emails being blocked sending out

    Scheduled Pinned Locked Moved Firewalling
    14 Posts 5 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DerelictD
      Derelict LAYER 8 Netgate
      last edited by

      ISP's blocking it most likely.  Interesting they pass 465.

      Your best bet is probably tcp/587 + STARTTLS + authentication.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • S
        sdp0024
        last edited by

        I've tried both 465 and 587 and use IP auth with google apps.

        Google is saying they never get the request from our public IP.

        Is there any proof I can provide to AT&T that they aren't allowing my traffic to pass? Otherwise they are just going to play dumb.

        ![Screen Shot 2015-08-21 at 12.33.27 PM.png](/public/imported_attachments/1/Screen Shot 2015-08-21 at 12.33.27 PM.png)
        ![Screen Shot 2015-08-21 at 12.33.27 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-08-21 at 12.33.27 PM.png_thumb)

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          You have proof?  It's not going to be a secret to them that they block outbound tcp/25.  You might just have to ask for it to be opened.

          This is not a pfSense problem.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • C
            cyberbot
            last edited by

            Had a similar issue before
            My ISP appear to block port 25
            I've used port 587 and it works
            Make sure to nat the port to the app server

            1 Reply Last reply Reply Quote 0
            • S
              sdp0024
              last edited by

              Here's an update. I was able to configure MacBook Outlook to connect to google apps with 465 and was able to send test mail out.

              So theoretically it should be the same and not a pfsense or ISP problem, right???

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Dude -

                How do the devices you're trying to send mail with send mail?

                25 Starts Clear - STARTTLS sometimes supported - authentication might be required
                465 Starts with SSL - authentication might be required
                587 Starts Clear - STARTTLS sometimes supported - authentication required before email submission

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • S
                  sdp0024
                  last edited by

                  SuiteCRM and OwnCloud both worked with current settings using port 465 and google apps IP auth when it was being hosted on EC2 but since we moved it back locally it doesn't work. All settings are the same. Only thing I had to change was of course the auth IP that google apps had to allow from EC2 IP to my WAN IP.

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    Dude. I already gave you a link to provide some useful testing and debugging info on the other thread. Why don't you just do it?

                    1 Reply Last reply Reply Quote 0
                    • chpalmerC
                      chpalmer
                      last edited by

                      Start here-

                      https://forum.pfsense.org/index.php?topic=70.0

                      Triggering snowflakes one by one..
                      Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                      1 Reply Last reply Reply Quote 0
                      • S
                        sdp0024
                        last edited by

                        Scotts-MacBook-Pro:~ ScottParks$ openssl s_client -connect smtp-relay.gmail.com:587 -starttls smtp
                        CONNECTED(00000003)
                        depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
                        verify error:num=20:unable to get local issuer certificate
                        verify return:0
                        –-
                        Certificate chain
                        0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp-relay.gmail.com
                          i:/C=US/O=Google Inc/CN=Google Internet Authority G2
                        1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
                          i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
                        2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
                          i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority

                        Server certificate
                        -----BEGIN CERTIFICATE-----
                        MIIEgjCCA2qgAwIBAgIIODBLubr9A2MwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
                        BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
                        cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwMjE4MTAyMDU3WhcNMTUxMjMxMDAwMDAw
                        WjBuMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
                        TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEdMBsGA1UEAwwUc210
                        cC1yZWxheS5nbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
                        AQDE+bjFuGH62y341P0icz1L2SKpRS0pt1PvVGtru1g3t35IDUarI36+/duBX6W5
                        CtJmkPOiHfH/mbT/EN/+zI1RD8hzR4sH6wDcLSp42DvodWRfpz9P/1HShpOO84BZ
                        IJBj+um6+lnBq4Rb/JukDE7mGc9T/UeagR+o9b64HqaOHkzO+CWcLnAlqyu6UXq9
                        5clpkd+7uyKkl+wifGzbQI6Hnt+Ssb2DhjTSDHH0f9Ae7RJKWKnQlizsrKI52WSj
                        bfLlvRxf7Zz8aKhX1wQ17ICkJa/aHTswWH4M7uliJhRi5UhNi4CYFh8pfkgp6bAV
                        usH4lHAj/Lpq0mQ6EnNbsoVzAgMBAAGjggFHMIIBQzAdBgNVHSUEFjAUBggrBgEF
                        BQcDAQYIKwYBBQUHAwIwHwYDVR0RBBgwFoIUc210cC1yZWxheS5nbWFpbC5jb20w
                        aAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5j
                        b20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xl
                        LmNvbS9vY3NwMB0GA1UdDgQWBBRq4wUieE4jUdsQGeM8atDb98lSPDAMBgNVHRMB
                        Af8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQ
                        MA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdv
                        b2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQATjUExdKa1G4p4
                        MwOnPORkMZTj0N6tU6diUzKeAtHE8K51q5HCmz9d6JIIt2UoJ0E2KXReBX4sKmQQ
                        7R1RhcUhy6Bie25QvDAniWQhTbI7AbTCvqDl0I242wYQ5aIOTeWYcR6RvOsZigLo
                        qHHoTROhumKcMST8+zHNmI4IZbry7Oq4hlqNb6UYPAd32jV59lJPU0xvW/Vlzj9K
                        ttOFYq6jw1DUImeJp7Zfh2s7yMVSSe8XwDcEfbJZA9U10/8S2B8YYwB0cVetjo/Q
                        b6koiKE5gbfE58TLMKKW/YOJ/xqZiu1LMQV67RpI9VzF6UP/dVlEUh+Jw2N/p0nM
                        MvOK1pqd
                        -----END CERTIFICATE-----
                        subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp-relay.gmail.com
                        issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2

                        No client certificate CA names sent

                        SSL handshake has read 3492 bytes and written 479 bytes

                        New, TLSv1/SSLv3, Cipher is RC4-SHA
                        Server public key is 2048 bit
                        Secure Renegotiation IS supported
                        Compression: NONE
                        Expansion: NONE
                        SSL-Session:
                            Protocol  : TLSv1
                            Cipher    : RC4-SHA
                            Session-ID: 21900F806CB079425019879EF325A4CF74D08715C6298AF1EFAD447E5980F4AA
                            Session-ID-ctx:
                            Master-Key: 8AD0BBF7C086A831DB2D4FD80293AC72AAC90A855834C129C51046BF7DDAD9522B6BE2B9CB9C7804A826A0EFBFE84BAA
                            Key-Arg  : None
                            Start Time: 1440296241
                            Timeout  : 300 (sec)
                            Verify return code: 0 (ok)

                        250 SMTPUTF8

                        1 Reply Last reply Reply Quote 0
                        • D
                          doktornotor Banned
                          last edited by

                          Awesome. So, pfSense is completely out of business as far as this goes. It blocks nothing. Please, focus your debugging elsewhere and follow up in the proper forum. (That is, the one for software you are having trouble with. It's not pfSense.)

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.