HELP: cannot send email out after upgraded to 2.3.3
-
To repeat: Ports 25 and 587 generally need STARTTLS. SSL/TLS generally needs to be on port 465.
The email server I input is correct, I tested with "telnet email-server 587", etc.
The proper test for how you have that configured would be:
openssl s_client -connect mail_server:587
Which would almost certainly fail.
-
You're right. port 25 no ssl/tls. port 465 for ssl, 587 for tls. I have tried many different combinations.
I just tried your command from ssh console, testing is OK (see picture).
The problem is why cannot connect the host from pfSense notification page? I can connect to the mail server host in ssh console.
-
That is not a successful connection.
To test a connection to that server using encryption on port 587 you would need:
openssl s_client -connect mail.server:587 -starttls smtp
IF YOU ARE CONNECTING ON PORT 25 or 587 AND WANT ENCRYPTION YOU NEED TO USE STARTTLS
IF YOU WANT TO CONNECT USING SSL/TLS YOU NEED TO USE PORT 465
-
The correct command for testing STARTTLS is:
openssl s_client -starttls smtp -crlf -connect smtp.gmail.com:587(use either Ctrl+C or type QUIT+CrLf to end)
Provide output (you can sanitize it a bit if it shows your cert info.To test different versions of SSL, try -ssl3, -tls1, -tls1_1 and -tls1_2
Could be that your server is not supporting recent SSL versions which were disabled in pfSence…
-
He is connecting to port 587 using SSL/TLS. That will never work.
-
Thanks for all reply. If use 587:
-
If use 465,
-
All above errors are not caused by input parameters or our email server.
-
Note this bug https://redmine.pfsense.org/issues/7516 "Notify test buttons for smtp/growl should use new unsaved settings" and PR https://github.com/pfsense/pfsense/pull/3691 that fixes it.
In current releases (e.g. 2.3.3-p1) you have to save the settings first, then use the test buttons. It just tests the currently-saved settings, not the changes you may just have made in the form.
The fix is in 2.3.4 which is coming.
So maybe when you are trying lots of combinations and pressing "test", you are not actually getting an effective test.
-
Looking at your screenshots, I believe that something else is corrupted, possibly in the config - look at pfsense-email6.PNG - it says that it could not start TLS.
I would suggest you take packet capture with this setting and look at it in Wireshark - make sure it goes to the right destination, connects and tries to negotiate SSL session. -
In current releases (e.g. 2.3.3-p1) you have to save the settings first, then use the test buttons.
I first click "save", then click test in above screenshots.
-
Please, review this forum thread - it may have an answer for you.
I did not read it in full, but it seems that there is an issue with certs used for SMTP, issued by private CA - pfSence has to trust them and some public CA certs might be missing in newer builds… -
Maybe it's time to simplify and apply isolation troubleshooting techniques.
Remove encryption from the equation. To protect authentication credentials, change the password or create a throwaway account for testing.
From time to time some CA's are eliminated from the store. Don't recall the error message that occurs when that happens so don't know if your error messages are due to that or not.
-
Here are complete packages for one testing of 465:
13:07:21.615841 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 63, id 32106, offset 0, flags [DF], proto TCP (6), length 1500)
pfsense-ip.47374 > mail-sever-ip.465: Flags [.], cksum 0x97b0 (correct), seq 2191407335:2191408795, ack 2273860481, win 16309, length 1460
13:07:21.643670 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 59, id 43376, offset 0, flags [DF], proto TCP (6), length 40)
mail-sever-ip.465 > pfsense-ip.47374: Flags [.], cksum 0xd3da (correct), seq 1, ack 11680, win 1748, length 0
13:07:21.643920 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 526: (tos 0x0, ttl 63, id 32107, offset 0, flags [DF], proto TCP (6), length 512)
pfsense-ip.47374 > mail-sever-ip.465: Flags [P.], cksum 0xe604 (correct), seq 11680:12152, ack 1, win 16309, length 472
13:07:21.650116 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 59, id 43377, offset 0, flags [DF], proto TCP (6), length 40)
mail-sever-ip.465 > pfsense-ip.47374: Flags [.], cksum 0xd1c5 (correct), seq 1, ack 12152, win 1809, length 0
13:07:21.650363 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 63, id 32113, offset 0, flags [DF], proto TCP (6), length 1500)
pfsense-ip.47374 > mail-sever-ip.465: Flags [.], cksum 0x6236 (correct), seq 17992:19452, ack 1, win 16309, length 1460
13:07:21.657134 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 43378, offset 0, flags [DF], proto TCP (6), length 52)
mail-sever-ip.465 > pfsense-ip.47374: Flags [.], cksum 0x925e (correct), seq 1, ack 12152, win 1809, options [nop,nop,sack 1 {17992:19452}], length 0
13:07:21.958969 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 63, id 32114, offset 0, flags [DF], proto TCP (6), length 1500)
pfsense-ip.47374 > mail-sever-ip.465: Flags [.], cksum 0xd8ef (correct), seq 12152:13612, ack 1, win 16309, length 1460
13:07:21.965808 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 43379, offset 0, flags [DF], proto TCP (6), length 52)
mail-sever-ip.465 > pfsense-ip.47374: Flags [.], cksum 0x8caa (correct), seq 1, ack 13612, win 1809, options [nop,nop,sack 1 {17992:19452}], length 0
13:07:21.966116 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 63, id 32115, offset 0, flags [DF], proto TCP (6), length 1500)
pfsense-ip.47374 > mail-sever-ip.465: Flags [P.], cksum 0x09f4 (correct), seq 19452:20912, ack 1, win 16309, length 1460
13:07:21.966144 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 63, id 32116, offset 0, flags [DF], proto TCP (6), length 1500)
pfsense-ip.47374 > mail-sever-ip.465: Flags [.], cksum 0x4330 (correct), seq 20912:22372, ack 1, win 16309, length 1460
13:07:21.972885 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 43380, offset 0, flags [DF], proto TCP (6), length 52)
mail-sever-ip.465 > pfsense-ip.47374: Flags [.], cksum 0x86f6 (correct), seq 1, ack 13612, win 1809, options [nop,nop,sack 1 {17992:20912}], length 0
13:07:21.974129 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 43381, offset 0, flags [DF], proto TCP (6), length 52)
mail-sever-ip.465 > pfsense-ip.47374: Flags [.], cksum 0x8142 (correct), seq 1, ack 13612, win 1809, options [nop,nop,sack 1 {17992:22372}], length 0
13:07:22.308207 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 1868, offset 0, flags [DF], proto TCP (6), length 60)
pfsense-ip.36683 > mail-sever-ip.465: Flags, cksum 0x4e45 (incorrect -> 0xc40a), seq 2198535874, win 65228, options [mss 1460,nop,wscale 7,sackOK,TS val 3724690981 ecr 0], length 0
13:07:22.330747 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 59, id 0, offset 0, flags [DF], proto TCP (6), length 60)
mail-sever-ip.465 > pfsense-ip.36683: Flags [S.], cksum 0x6922 (correct), seq 2017900417, ack 2198535875, win 14480, options [mss 1460,sackOK,TS val 1841922946 ecr 3724690981,nop,wscale 7], length 0
13:07:22.330792 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 4415, offset 0, flags [DF], proto TCP (6), length 52)
pfsense-ip.36683 > mail-sever-ip.465: Flags [.], cksum 0x4e3d (incorrect -> 0xce60), seq 1, ack 1, win 520, options [nop,nop,TS val 3724691003 ecr 1841922946], length 0
13:07:22.359282 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 583: (tos 0x0, ttl 64, id 25093, offset 0, flags [DF], proto TCP (6), length 569)
pfsense-ip.36683 > mail-sever-ip.465: Flags [P.], cksum 0x5042 (incorrect -> 0x1caf), seq 1:518, ack 1, win 520, options [nop,nop,TS val 3724691032 ecr 1841922946], length 517
13:07:22.365140 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 13339, offset 0, flags [DF], proto TCP (6), length 52)
mail-sever-ip.465 > pfsense-ip.36683: Flags [.], cksum 0xcd98 (correct), seq 1, ack 518, win 122, options [nop,nop,TS val 1841922998 ecr 3724691032], length 0
13:07:22.369283 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 59, id 13340, offset 0, flags [DF], proto TCP (6), length 1500)
mail-sever-ip.465 > pfsense-ip.36683: Flags [.], cksum 0x40c3 (correct), seq 1:1449, ack 518, win 122, options [nop,nop,TS val 1841923000 ecr 3724691032], length 1448
13:07:22.369318 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 44488, offset 0, flags [DF], proto TCP (6), length 52)
pfsense-ip.36683 > mail-sever-ip.465: Flags [.], cksum 0x4e3d (incorrect -> 0xc661), seq 518, ack 1449, win 509, options [nop,nop,TS val 3724691042 ecr 1841923000], length 0
13:07:22.370515 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 59, id 13341, offset 0, flags [DF], proto TCP (6), length 1500)
mail-sever-ip.465 > pfsense-ip.36683: Flags [.], cksum 0xba14 (correct), seq 1449:2897, ack 518, win 122, options [nop,nop,TS val 1841923000 ecr 3724691032], length 1448
13:07:22.370549 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 11179, offset 0, flags [DF], proto TCP (6), length 52)
pfsense-ip.36683 > mail-sever-ip.465: Flags [.], cksum 0x4e3d (incorrect -> 0xc0b8), seq 518, ack 2897, win 509, options [nop,nop,TS val 3724691043 ecr 1841923000], length 0
13:07:22.371468 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 1259: (tos 0x0, ttl 59, id 13342, offset 0, flags [DF], proto TCP (6), length 1245)
mail-sever-ip.465 > pfsense-ip.36683: Flags [P.], cksum 0xf721 (correct), seq 2897:4090, ack 518, win 122, options [nop,nop,TS val 1841923000 ecr 3724691032], length 1193
13:07:22.371500 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 51963, offset 0, flags [DF], proto TCP (6), length 52)
pfsense-ip.36683 > mail-sever-ip.465: Flags [.], cksum 0x4e3d (incorrect -> 0xbc0c), seq 518, ack 4090, win 511, options [nop,nop,TS val 3724691044 ecr 1841923000], length 0
13:07:22.378422 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 268: (tos 0x0, ttl 64, id 26698, offset 0, flags [DF], proto TCP (6), length 254)
pfsense-ip.36683 > mail-sever-ip.465: Flags [P.], cksum 0x4f07 (incorrect -> 0xe7bc), seq 518:720, ack 4090, win 520, options [nop,nop,TS val 3724691051 ecr 1841923000], length 202
13:07:22.384517 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 324: (tos 0x0, ttl 59, id 13343, offset 0, flags [DF], proto TCP (6), length 310)
mail-sever-ip.465 > pfsense-ip.36683: Flags [P.], cksum 0x1909 (correct), seq 4090:4348, ack 720, win 130, options [nop,nop,TS val 1841923017 ecr 3724691051], length 258
13:07:22.384548 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 11560, offset 0, flags [DF], proto TCP (6), length 52)
pfsense-ip.36683 > mail-sever-ip.465: Flags [.], cksum 0x4e3d (incorrect -> 0xba1b), seq 720, ack 4348, win 518, options [nop,nop,TS val 3724691057 ecr 1841923017], length 0
13:07:22.384753 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 97: (tos 0x0, ttl 64, id 43524, offset 0, flags [DF], proto TCP (6), length 83)
pfsense-ip.36683 > mail-sever-ip.465: Flags [P.], cksum 0x4e5c (incorrect -> 0x64db), seq 720:751, ack 4348, win 520, options [nop,nop,TS val 3724691057 ecr 1841923017], length 31
13:07:22.387929 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 24108, offset 0, flags [DF], proto TCP (6), length 52)
pfsense-ip.36683 > mail-sever-ip.465: Flags [F.], cksum 0x4e3d (incorrect -> 0xb9f6), seq 751, ack 4348, win 520, options [nop,nop,TS val 3724691060 ecr 1841923017], length 0
13:07:22.389948 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 174: (tos 0x0, ttl 59, id 13344, offset 0, flags [DF], proto TCP (6), length 160)
mail-sever-ip.465 > pfsense-ip.36683: Flags [P.], cksum 0x5a0d (correct), seq 4348:4456, ack 720, win 130, options [nop,nop,TS val 1841923022 ecr 3724691057], length 108
13:07:22.389982 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 64, id 2526, offset 0, flags [DF], proto TCP (6), length 40)
pfsense-ip.36683 > mail-sever-ip.465: Flags [R], cksum 0x4e31 (incorrect -> 0x4c10), seq 2198536594, win 0, length 0
13:07:22.390025 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 13345, offset 0, flags [DF], proto TCP (6), length 52)
mail-sever-ip.465 > pfsense-ip.36683: Flags [F.], cksum 0xbb0d (correct), seq 4456, ack 751, win 130, options [nop,nop,TS val 1841923023 ecr 3724691057], length 0
13:07:22.393318 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 13346, offset 0, flags [DF], proto TCP (6), length 52)
mail-sever-ip.465 > pfsense-ip.36683: Flags [.], cksum 0xbb06 (correct), seq 4457, ack 752, win 130, options [nop,nop,TS val 1841923026 ecr 3724691060], length 0
13:07:22.879497 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 63, id 32127, offset 0, flags [DF], proto TCP (6), length 1500)
pfsense-ip.47374 > mail-sever-ip.465: Flags [.], cksum 0xda47 (correct), seq 13612:15072, ack 1, win 16309, length 1460
13:07:22.947930 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 174: (tos 0x0, ttl 59, id 13347, offset 0, flags [DF], proto TCP (6), length 160)
mail-sever-ip.465 > pfsense-ip.36683: Flags [P.], cksum 0x5835 (correct), seq 4348:4456, ack 752, win 130, options [nop,nop,TS val 1841923459 ecr 3724691060], length 108
13:07:22.948379 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 43382, offset 0, flags [DF], proto TCP (6), length 52)
mail-sever-ip.465 > pfsense-ip.47374: Flags [.], cksum 0x7b99 (correct), seq 1, ack 15072, win 1798, options [nop,nop,sack 1 {17992:22372}], length 0
13:07:22.948869 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 63, id 32128, offset 0, flags [DF], proto TCP (6), length 1500)
pfsense-ip.47374 > mail-sever-ip.465: Flags [.], cksum 0xe265 (correct), seq 22372:23832, ack 1, win 16309, length 1460
13:07:22.948886 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 63, id 32129, offset 0, flags [DF], proto TCP (6), length 1500)
pfsense-ip.47374 > mail-sever-ip.465: Flags [.], cksum 0x1c25 (correct), seq 23832:25292, ack 1, win 16309, length 1460
13:07:22.955779 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 43383, offset 0, flags [DF], proto TCP (6), length 52)
mail-sever-ip.465 > pfsense-ip.47374: Flags [.], cksum 0x75e5 (correct), seq 1, ack 15072, win 1798, options [nop,nop,sack 1 {17992:23832}], length 0
13:07:22.956866 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 43384, offset 0, flags [DF], proto TCP (6), length 52)
mail-sever-ip.465 > pfsense-ip.47374: Flags [.], cksum 0x7031 (correct), seq 1, ack 15072, win 1798, options [nop,nop,sack 1 {17992:25292}], length 0
13:07:23.874785 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 174: (tos 0x0, ttl 59, id 13348, offset 0, flags [DF], proto TCP (6), length 160)
mail-sever-ip.465 > pfsense-ip.36683: Flags [P.], cksum 0x54cb (correct), seq 4348:4456, ack 752, win 130, options [nop,nop,TS val 1841924333 ecr 3724691060], length 108
13:07:25.504447 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 174: (tos 0x0, ttl 59, id 13349, offset 0, flags [DF], proto TCP (6), length 160)
mail-sever-ip.465 > pfsense-ip.36683: Flags [P.], cksum 0x4df7 (correct), seq 4348:4456, ack 752, win 130, options [nop,nop,TS val 1841926081 ecr 3724691060], length 108
13:07:25.968249 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 63, id 32150, offset 0, flags [DF], proto TCP (6), length 1500)
pfsense-ip.47374 > mail-sever-ip.465: Flags [.], cksum 0x8d20 (correct), seq 15072:16532, ack 1, win 16309, length 1460
13:07:26.311212 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 43385, offset 0, flags [DF], proto TCP (6), length 52)
mail-sever-ip.465 > pfsense-ip.47374: Flags [.], cksum 0x6a88 (correct), seq 1, ack 16532, win 1787, options [nop,nop,sack 1 {17992:25292}], length 0
13:07:26.311668 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 63, id 32151, offset 0, flags [DF], proto TCP (6), length 1500)
pfsense-ip.47374 > mail-sever-ip.465: Flags [.], cksum 0x4617 (correct), seq 25292:26752, ack 1, win 16309, length 1460
13:07:26.311692 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 63, id 32152, offset 0, flags [DF], proto TCP (6), length 1500)
pfsense-ip.47374 > mail-sever-ip.465: Flags [.], cksum 0x5bf6 (correct), seq 26752:28212, ack 1, win 16309, length 1460
13:07:26.442459 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 43386, offset 0, flags [DF], proto TCP (6), length 52)
mail-sever-ip.465 > pfsense-ip.47374: Flags [.], cksum 0x64d4 (correct), seq 1, ack 16532, win 1787, options [nop,nop,sack 1 {17992:26752}], length 0
13:07:26.442489 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 43387, offset 0, flags [DF], proto TCP (6), length 52)
mail-sever-ip.465 > pfsense-ip.47374: Flags [.], cksum 0x5f20 (correct), seq 1, ack 16532, win 1787, options [nop,nop,sack 1 {17992:28212}], length 0 -
You should really do this with port 587, save pcap file and review it in Wireshark.
But even with this capture - it looks like it connects, but can't authenticate or negotiate proper SSL channel. -
You should really do this with port 587, save pcap file and review it in Wireshark.
But even with this capture - it looks like it connects, but can't authenticate or negotiate proper SSL channel.pfSense likely missing the CA for the server cert. As is pointed out in that thread you linked to a few posts ago.
-
pfSense likely missing the CA for the server cert.
I agree. But that needs to be tested/verified :)
-
pfSense likely missing the CA for the server cert.
I agree. But that needs to be tested/verified :)
Which is not that difficult to do and the start tls error message being thrown is exactly what happens when the CA is missing.
Error: could not start TLS connection encryption protocol
Going on a week and 2 forum pages for this without looking at the certs is nonsense.
-
packages for 587:
14:47:44.261660 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 37126, offset 0, flags [DF], proto TCP (6), length 60)
pfsense-IP.43442 > mail-server-IP.587: Flags, cksum 0x4e45 (incorrect -> 0xfe42), seq 2694817911, win 65228, options [mss 1460,nop,wscale 7,sackOK,TS val 3730712934 ecr 0], length 0
14:47:44.306341 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 59, id 0, offset 0, flags [DF], proto TCP (6), length 60)
mail-server-IP.587 > pfsense-IP.43442: Flags [S.], cksum 0xc474 (correct), seq 307632312, ack 2694817912, win 14480, options [mss 1460,sackOK,TS val 1847944902 ecr 3730712934,nop,wscale 7], length 0
14:47:44.306391 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 27877, offset 0, flags [DF], proto TCP (6), length 52)
pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x299c), seq 1, ack 1, win 520, options [nop,nop,TS val 3730712979 ecr 1847944902], length 0
14:47:44.336073 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 145: (tos 0x0, ttl 59, id 32330, offset 0, flags [DF], proto TCP (6), length 131)
mail-server-IP.587 > pfsense-IP.43442: Flags [P.], cksum 0x14db (correct), seq 1:80, ack 1, win 114, options [nop,nop,TS val 1847944949 ecr 3730712979], length 79
14:47:44.336109 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 50477, offset 0, flags [DF], proto TCP (6), length 52)
pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x2901), seq 1, ack 80, win 519, options [nop,nop,TS val 3730713009 ecr 1847944949], length 0
14:47:44.336429 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 87: (tos 0x0, ttl 64, id 63278, offset 0, flags [DF], proto TCP (6), length 73)
pfsense-IP.43442 > mail-server-IP.587: Flags [P.], cksum 0x4e52 (incorrect -> 0x7a9c), seq 1:22, ack 80, win 520, options [nop,nop,TS val 3730713009 ecr 1847944949], length 21
14:47:44.341645 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 32331, offset 0, flags [DF], proto TCP (6), length 52)
mail-server-IP.587 > pfsense-IP.43442: Flags [.], cksum 0x2a65 (correct), seq 80, ack 22, win 114, options [nop,nop,TS val 1847944977 ecr 3730713009], length 0
14:47:44.342041 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 306: (tos 0x0, ttl 59, id 32332, offset 0, flags [DF], proto TCP (6), length 292)
mail-server-IP.587 > pfsense-IP.43442: Flags [P.], cksum 0x9f00 (correct), seq 80:320, ack 22, win 114, options [nop,nop,TS val 1847944977 ecr 3730713009], length 240
14:47:44.342076 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 57252, offset 0, flags [DF], proto TCP (6), length 52)
pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x27db), seq 22, ack 320, win 518, options [nop,nop,TS val 3730713015 ecr 1847944977], length 0
14:47:44.344219 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 64, id 64068, offset 0, flags [DF], proto TCP (6), length 62)
pfsense-IP.43442 > mail-server-IP.587: Flags [P.], cksum 0x4e47 (incorrect -> 0xe56c), seq 22:32, ack 320, win 520, options [nop,nop,TS val 3730713017 ecr 1847944977], length 10
14:47:44.349626 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 96: (tos 0x0, ttl 59, id 32333, offset 0, flags [DF], proto TCP (6), length 82)
mail-server-IP.587 > pfsense-IP.43442: Flags [P.], cksum 0x1212 (correct), seq 320:350, ack 32, win 114, options [nop,nop,TS val 1847944985 ecr 3730713017], length 30
14:47:44.349665 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 15982, offset 0, flags [DF], proto TCP (6), length 52)
pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x27a1), seq 32, ack 350, win 520, options [nop,nop,TS val 3730713023 ecr 1847944985], length 0
14:47:44.381135 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 281: (tos 0x0, ttl 64, id 32683, offset 0, flags [DF], proto TCP (6), length 267)
pfsense-IP.43442 > mail-server-IP.587: Flags [P.], cksum 0x4f14 (incorrect -> 0x9b5d), seq 32:247, ack 350, win 520, options [nop,nop,TS val 3730713054 ecr 1847944985], length 215
14:47:44.390630 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 59, id 32334, offset 0, flags [DF], proto TCP (6), length 1500)
mail-server-IP.587 > pfsense-IP.43442: Flags [.], seq 350:1798, ack 247, win 122, options [nop,nop,TS val 1847945024 ecr 3730713054], length 1448
14:47:44.390661 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 36301, offset 0, flags [DF], proto TCP (6), length 52)
pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x20dd), seq 247, ack 1798, win 509, options [nop,nop,TS val 3730713064 ecr 1847945024], length 0
14:47:44.391858 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 59, id 32335, offset 0, flags [DF], proto TCP (6), length 1500)
mail-server-IP.587 > pfsense-IP.43442: Flags [.], seq 1798:3246, ack 247, win 122, options [nop,nop,TS val 1847945024 ecr 3730713054], length 1448
14:47:44.391883 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 16571, offset 0, flags [DF], proto TCP (6), length 52)
pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x1b34), seq 247, ack 3246, win 509, options [nop,nop,TS val 3730713065 ecr 1847945024], length 0
14:47:44.392776 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 1225: (tos 0x0, ttl 59, id 32336, offset 0, flags [DF], proto TCP (6), length 1211)
mail-server-IP.587 > pfsense-IP.43442: Flags [P.], seq 3246:4405, ack 247, win 122, options [nop,nop,TS val 1847945024 ecr 3730713054], length 1159
14:47:44.392800 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 2578, offset 0, flags [DF], proto TCP (6), length 52)
pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x16aa), seq 247, ack 4405, win 511, options [nop,nop,TS val 3730713066 ecr 1847945024], length 0
14:47:44.400702 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 276: (tos 0x0, ttl 64, id 63205, offset 0, flags [DF], proto TCP (6), length 262)
pfsense-IP.43442 > mail-server-IP.587: Flags [P.], cksum 0x4f0f (incorrect -> 0xf5a4), seq 247:457, ack 4405, win 520, options [nop,nop,TS val 3730713074 ecr 1847945024], length 210
14:47:44.406888 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 332: (tos 0x0, ttl 59, id 32337, offset 0, flags [DF], proto TCP (6), length 318)
mail-server-IP.587 > pfsense-IP.43442: Flags [P.], cksum 0x5976 (correct), seq 4405:4671, ack 457, win 130, options [nop,nop,TS val 1847945042 ecr 3730713074], length 266
14:47:44.406931 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 33146, offset 0, flags [DF], proto TCP (6), length 52)
pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x14a7), seq 457, ack 4671, win 518, options [nop,nop,TS val 3730713080 ecr 1847945042], length 0
14:47:44.407347 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 103: (tos 0x0, ttl 64, id 16572, offset 0, flags [DF], proto TCP (6), length 89)
pfsense-IP.43442 > mail-server-IP.587: Flags [P.], cksum 0x4e62 (incorrect -> 0xd85d), seq 457:494, ack 4671, win 520, options [nop,nop,TS val 3730713080 ecr 1847945042], length 37
14:47:44.410894 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 31114, offset 0, flags [DF], proto TCP (6), length 52)
pfsense-IP.43442 > mail-server-IP.587: Flags [F.], cksum 0x4e3d (incorrect -> 0x147b), seq 494, ack 4671, win 520, options [nop,nop,TS val 3730713084 ecr 1847945042], length 0
14:47:44.412746 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 32338, offset 0, flags [DF], proto TCP (6), length 52)
mail-server-IP.587 > pfsense-IP.43442: Flags [F.], cksum 0x15ff (correct), seq 4671, ack 494, win 130, options [nop,nop,TS val 1847945048 ecr 3730713080], length 0
14:47:44.412801 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 64743, offset 0, flags [DF], proto TCP (6), length 52)
pfsense-IP.43442 > mail-server-IP.587: Flags [F.], cksum 0x4e3d (incorrect -> 0x1472), seq 494, ack 4672, win 520, options [nop,nop,TS val 3730713086 ecr 1847945048], length 0
14:47:44.416204 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 32339, offset 0, flags [DF], proto TCP (6), length 52)
mail-server-IP.587 > pfsense-IP.43442: Flags [.], cksum 0x15f7 (correct), seq 4672, ack 495, win 130, options [nop,nop,TS val 1847945051 ecr 3730713084], length 0 -
put your capture under [c o d e] [/c o d e] (without spaces on code word) for a better undestanding
14:47:44.261660 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 37126, offset 0, flags [DF], proto TCP (6), length 60) pfsense-IP.43442 > mail-server-IP.587: Flags , cksum 0x4e45 (incorrect -> 0xfe42), seq 2694817911, win 65228, options [mss 1460,nop,wscale 7,sackOK,TS val 3730712934 ecr 0], length 0 14:47:44.306341 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 59, id 0, offset 0, flags [DF], proto TCP (6), length 60) mail-server-IP.587 > pfsense-IP.43442: Flags [S.], cksum 0xc474 (correct), seq 307632312, ack 2694817912, win 14480, options [mss 1460,sackOK,TS val 1847944902 ecr 3730712934,nop,wscale 7], length 0 14:47:44.306391 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 27877, offset 0, flags [DF], proto TCP (6), length 52) pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x299c), seq 1, ack 1, win 520, options [nop,nop,TS val 3730712979 ecr 1847944902], length 0 14:47:44.336073 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 145: (tos 0x0, ttl 59, id 32330, offset 0, flags [DF], proto TCP (6), length 131) mail-server-IP.587 > pfsense-IP.43442: Flags [P.], cksum 0x14db (correct), seq 1:80, ack 1, win 114, options [nop,nop,TS val 1847944949 ecr 3730712979], length 79 14:47:44.336109 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 50477, offset 0, flags [DF], proto TCP (6), length 52) pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x2901), seq 1, ack 80, win 519, options [nop,nop,TS val 3730713009 ecr 1847944949], length 0 14:47:44.336429 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 87: (tos 0x0, ttl 64, id 63278, offset 0, flags [DF], proto TCP (6), length 73) pfsense-IP.43442 > mail-server-IP.587: Flags [P.], cksum 0x4e52 (incorrect -> 0x7a9c), seq 1:22, ack 80, win 520, options [nop,nop,TS val 3730713009 ecr 1847944949], length 21 14:47:44.341645 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 32331, offset 0, flags [DF], proto TCP (6), length 52) mail-server-IP.587 > pfsense-IP.43442: Flags [.], cksum 0x2a65 (correct), seq 80, ack 22, win 114, options [nop,nop,TS val 1847944977 ecr 3730713009], length 0 14:47:44.342041 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 306: (tos 0x0, ttl 59, id 32332, offset 0, flags [DF], proto TCP (6), length 292) mail-server-IP.587 > pfsense-IP.43442: Flags [P.], cksum 0x9f00 (correct), seq 80:320, ack 22, win 114, options [nop,nop,TS val 1847944977 ecr 3730713009], length 240 14:47:44.342076 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 57252, offset 0, flags [DF], proto TCP (6), length 52) pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x27db), seq 22, ack 320, win 518, options [nop,nop,TS val 3730713015 ecr 1847944977], length 0 14:47:44.344219 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 64, id 64068, offset 0, flags [DF], proto TCP (6), length 62) pfsense-IP.43442 > mail-server-IP.587: Flags [P.], cksum 0x4e47 (incorrect -> 0xe56c), seq 22:32, ack 320, win 520, options [nop,nop,TS val 3730713017 ecr 1847944977], length 10 14:47:44.349626 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 96: (tos 0x0, ttl 59, id 32333, offset 0, flags [DF], proto TCP (6), length 82) mail-server-IP.587 > pfsense-IP.43442: Flags [P.], cksum 0x1212 (correct), seq 320:350, ack 32, win 114, options [nop,nop,TS val 1847944985 ecr 3730713017], length 30 14:47:44.349665 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 15982, offset 0, flags [DF], proto TCP (6), length 52) pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x27a1), seq 32, ack 350, win 520, options [nop,nop,TS val 3730713023 ecr 1847944985], length 0 14:47:44.381135 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 281: (tos 0x0, ttl 64, id 32683, offset 0, flags [DF], proto TCP (6), length 267) pfsense-IP.43442 > mail-server-IP.587: Flags [P.], cksum 0x4f14 (incorrect -> 0x9b5d), seq 32:247, ack 350, win 520, options [nop,nop,TS val 3730713054 ecr 1847944985], length 215 14:47:44.390630 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 59, id 32334, offset 0, flags [DF], proto TCP (6), length 1500) mail-server-IP.587 > pfsense-IP.43442: Flags [.], seq 350:1798, ack 247, win 122, options [nop,nop,TS val 1847945024 ecr 3730713054], length 1448 14:47:44.390661 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 36301, offset 0, flags [DF], proto TCP (6), length 52) pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x20dd), seq 247, ack 1798, win 509, options [nop,nop,TS val 3730713064 ecr 1847945024], length 0 14:47:44.391858 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 59, id 32335, offset 0, flags [DF], proto TCP (6), length 1500) mail-server-IP.587 > pfsense-IP.43442: Flags [.], seq 1798:3246, ack 247, win 122, options [nop,nop,TS val 1847945024 ecr 3730713054], length 1448 14:47:44.391883 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 16571, offset 0, flags [DF], proto TCP (6), length 52) pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x1b34), seq 247, ack 3246, win 509, options [nop,nop,TS val 3730713065 ecr 1847945024], length 0 14:47:44.392776 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 1225: (tos 0x0, ttl 59, id 32336, offset 0, flags [DF], proto TCP (6), length 1211) mail-server-IP.587 > pfsense-IP.43442: Flags [P.], seq 3246:4405, ack 247, win 122, options [nop,nop,TS val 1847945024 ecr 3730713054], length 1159 14:47:44.392800 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 2578, offset 0, flags [DF], proto TCP (6), length 52) pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x16aa), seq 247, ack 4405, win 511, options [nop,nop,TS val 3730713066 ecr 1847945024], length 0 14:47:44.400702 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 276: (tos 0x0, ttl 64, id 63205, offset 0, flags [DF], proto TCP (6), length 262) pfsense-IP.43442 > mail-server-IP.587: Flags [P.], cksum 0x4f0f (incorrect -> 0xf5a4), seq 247:457, ack 4405, win 520, options [nop,nop,TS val 3730713074 ecr 1847945024], length 210 14:47:44.406888 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 332: (tos 0x0, ttl 59, id 32337, offset 0, flags [DF], proto TCP (6), length 318) mail-server-IP.587 > pfsense-IP.43442: Flags [P.], cksum 0x5976 (correct), seq 4405:4671, ack 457, win 130, options [nop,nop,TS val 1847945042 ecr 3730713074], length 266 14:47:44.406931 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 33146, offset 0, flags [DF], proto TCP (6), length 52) pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x14a7), seq 457, ack 4671, win 518, options [nop,nop,TS val 3730713080 ecr 1847945042], length 0 14:47:44.407347 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 103: (tos 0x0, ttl 64, id 16572, offset 0, flags [DF], proto TCP (6), length 89) pfsense-IP.43442 > mail-server-IP.587: Flags [P.], cksum 0x4e62 (incorrect -> 0xd85d), seq 457:494, ack 4671, win 520, options [nop,nop,TS val 3730713080 ecr 1847945042], length 37 14:47:44.410894 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 31114, offset 0, flags [DF], proto TCP (6), length 52) pfsense-IP.43442 > mail-server-IP.587: Flags [F.], cksum 0x4e3d (incorrect -> 0x147b), seq 494, ack 4671, win 520, options [nop,nop,TS val 3730713084 ecr 1847945042], length 0 14:47:44.412746 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 32338, offset 0, flags [DF], proto TCP (6), length 52) mail-server-IP.587 > pfsense-IP.43442: Flags [F.], cksum 0x15ff (correct), seq 4671, ack 494, win 130, options [nop,nop,TS val 1847945048 ecr 3730713080], length 0 14:47:44.412801 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 64743, offset 0, flags [DF], proto TCP (6), length 52) pfsense-IP.43442 > mail-server-IP.587: Flags [F.], cksum 0x4e3d (incorrect -> 0x1472), seq 494, ack 4672, win 520, options [nop,nop,TS val 3730713086 ecr 1847945048], length 0 14:47:44.416204 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 32339, offset 0, flags [DF], proto TCP (6), length 52) mail-server-IP.587 > pfsense-IP.43442: Flags [.], cksum 0x15f7 (correct), seq 4672, ack 495, win 130, options [nop,nop,TS val 1847945051 ecr 3730713084], length 0This way it's easier to see some cksum 0x4e52 (incorrect -> 0x7a9c) on your tcpdump
