Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mail problems caused by firewall?

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      rumpelstilzchen
      last edited by

      I have a strange situation with my mailservers. Most of the mails get delivered without any problems. There are two exceptions:

      *Problem one (Both mail servers are in the same network but route over the internet [they don't know internal adresses])

      If a customer with its own mail server (getting official IP adresses from a /27 network) tries to send a mail to another mailserver with an IP from the same network it gets a timeout error. Example (using private IP adresses, not the real ones):

      Mail Server A:  172.15.15.167
      Mail Server B:    172.15.15.175

      The network is 172.15.15.160/27

      Both mail servers host completely different domains and have completely different internal networks. Mapping between official and internal IPs is made with NAT. Each server gets a timeout error, when it sends mail to a domain hosted on the other server.

      • problem two (all mail servers deliver with the WAN IP as sender)
        My pfSense box has one WAN and ONE LAN interface. Traffic is routed through NAT. It seems like all mail sent out, (no matter from which mail server they are sent) have the same source address, the one of the LAN interface. This seems to cause problems on some mail servers, since the reverse lookup of a mail domain returns a different IP adress than the WAN interface is assigned to. I think for these cases I need someting like an outbound NAT that resolves to the correct IP adress. Example:

      Default Gateway has xxx.xxx.xxx.161
      WAN Port                xxx.xxx.xxx.162
      Mail Server              xxx.xxx.xxx.175

      The receiving Mail server (lets say gmail) sees xxx.xxx.xxx.162 as sender of mailserver.mydomain.com. When it does a reverse lookup it finds the official IP adress of mail server (xxx.xxx.xxx.175) which is correct but different from the sender IP. This seems to cause problems with only a few mail servers.

      I think I need some additional configuration either on pfSense or on postfix. Can anybody give me a hint where to research further?

      Many thanks

      Rumpi

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        #1 can be solved with NAT reflection or split DNS.

        #2 is outbound NAT or 1:1 - make sure the mail servers are set to use the same IPs outbound as they are inbound (or use 1:1 NAT instead of port forwards)

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.