Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outgoing Mail

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 4 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      guardian Rebel Alliance
      last edited by

      Don't know if there is a fix for this one or not, but what I'm trying to do is a work around for consumer hardware that has a very simple email alert system that uses port 25 and sends everything in clear text.  Clearly a recipe for disaster.

      I was wondering if there is a way of having pfsense act like a proxy, take the traffic off the LAN on port 25 and send it out TLS on the appropriate port.  If necessary, it would be fine to change the sender address to something that was configured within pfSense.

      Can this be done?  If so, how?  Thanks.

      If you find my post useful, please give it a thumbs up!
      pfSense 2.7.2-RELEASE

      1 Reply Last reply Reply Quote 0
      • M Offline
        macboy6
        last edited by

        Hikvision camera by any chance?

        I setup a dedicated Ubuntu server virtual machine running postfix on my internal network to act as a mail relay.  It accepts connections on port 25 and sends to gmail via port 587 over TLS so that I can receive email alerts via gmail.  Not that hard to do and there are various tutorials online.  I can share my postfix config if interested.

        I used the following as a guide: https://www.howtoforge.com/tutorial/configure-postfix-to-use-gmail-as-a-mail-relay/

        1 Reply Last reply Reply Quote 0
        • M Offline
          macboy6
          last edited by

          It looks like there is a postfix package coming to 2.3, so should be able to do what you are looking for if you don't want to use a different machine.

          https://github.com/pfsense/FreeBSD-ports/pull/23

          1 Reply Last reply Reply Quote 0
          • G Offline
            guardian Rebel Alliance
            last edited by

            @macboy6:

            It looks like there is a postfix package coming to 2.3, so should be able to do what you are looking for if you don't want to use a different machine.

            https://github.com/pfsense/FreeBSD-ports/pull/23

            Unless someone comes up with a better solution, I guess I'll have to wait and give it a shot then.  Don't really want to depend on another box.  If I'm on holiday, the only thing on will likely be the modem, pfsense and any cameras or IoT monitoring devices.

            You are right about a camera, but a different brand… I've played with several, and they pretty much all have mickey mouse mailing systems and questionable security.  I would never expose one to the internet unless I had a protective VPN/firewall in front of it to keep it from getting hacked over.  To be honest, I'm not really sure I trust the manufacturer (China) either.

            If you find my post useful, please give it a thumbs up!
            pfSense 2.7.2-RELEASE

            1 Reply Last reply Reply Quote 0
            • DerelictD Offline
              Derelict LAYER 8 Netgate
              last edited by

              Don't really want to depend on another box.

              Some things - like MTAs - don't really belong on a firewall.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • C Offline
                chris4916
                last edited by

                @Derelict:

                Some things - like MTAs - don't really belong on a firewall.

                Sure and do agree on this but then quite a lot of packages like HTTP proxy should be removed or ignored.
                I do share that firewall should, most of the time act firewall only but in some cases, the "all-in-one" concept has some added value, one being to aggregate in one box with one unified graphic interface multiple infrastructure services required for SoHo or even SMB.

                Should pfSense act as such all-in-one box?
                That where pfSense communication and strategy, to me, is not that clear.

                Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

                1 Reply Last reply Reply Quote 0
                • DerelictD Offline
                  Derelict LAYER 8 Netgate
                  last edited by

                  I also agree, but some packages, like HA Proxy, might exist so pfSense can function as a proxy OR a firewall. Not necessarily a proxy AND a firewall.

                  That is just an example. HA proxy generally runs fine on the firewall though it could certainly be argued it is not the best place for it.

                  Just because the packages exist doesn't mean they can all be run at the same time on the same node without issues.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.