Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot send but receive email

    Scheduled Pinned Locked Moved Firewalling
    8 Posts 4 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nathanpinotti
      last edited by

      Hello guys.
      I got a "new" problema about pfsense and mail sending.

      My setup is: WAN (valid IP) > Pfsense > LAN

      I have squid and squidguard packages installed, blocking and allowing website normaly by active proxy.

      My top rule (the first one) is:

      ALLOW from LAN net - anyport > LAN Address > 3128

      I've already allowed port 587 and 25, as just as the Mail Network (another rules, right below the fist I metioned)

      The problem is that I can't send any mail. I got a timeout from mail server. And the strangest thing is that sometimes it works, 30min later, it stops to work.

      At SystemLogs > Firewall, I got some blocking logs, from a random local IP to SMTP Server TCP:A or TCP:FA
      No blocking log from squidguard

      Could you guys help me?

      Regards

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Why on Earth are you routing your outbound email through squid???  It's a web proxy, not a mail relay.  You make your users go through the proxy for web access but your servers should have direct access, or at least they should only use the proxy for WWW access.

        1 Reply Last reply Reply Quote 0
        • M
          muswellhillbilly
          last edited by

          So your mail relay host is presumably on the WAN side and you're trying to connect to it from the LAN? You're allowing port 25 and 587 out. So when you lose connectivity to the mail server, can you still ping it? Is the mail relay being hosted for you or are you running it yourself? Can you get onto the mail server and check that the SMTP service is still running when the service drops?

          As KOM says, the Squid part is immaterial. It has nothing to do with email, unless you're trying to use the proxy itself to act as a mail proxy - in which case, I think it's obvious what the problem is from the outset.

          1 Reply Last reply Reply Quote 0
          • N
            nathanpinotti
            last edited by

            Thanks the reply.

            I've posted the rule wrong, that's the current one

            ALLOW from LAN net - anyport > LAN Address > *

            I can't understand why some users can't send e-mail while others send it normally. At my system log > firewall I just see some TCP:R being block, but, as I checked it's a normal behavior.

            Any suggestion?

            Regards

            1 Reply Last reply Reply Quote 0
            • KOMK
              KOM
              last edited by

              Your firewall does not care about users.  if one user can send mail through the same mechanism as all the others, then all the others should work as well.  For example, if they're all on the same network segment and talking to the same mail server then it should work the same for everyone.  pfSense by default does not block anything outgoing.  Also, based on what you've said before I suspect your firewall rules are probably a mess.  Post a screenshot of your LAN rules and we can take a look.

              1 Reply Last reply Reply Quote 0
              • N
                nathanpinotti
                last edited by

                I've found a pattern…if I try to send an email with more than 1mb it won't be sent.

                If I change the gw to another link (out of pfsense) it work.

                Any suggestion?

                @KOM:

                Your firewall does not care about users.  if one user can send mail through the same mechanism as all the others, then all the others should work as well.  For example, if they're all on the same network segment and talking to the same mail server then it should work the same for everyone.  pfSense by default does not block anything outgoing.  Also, based on what you've said before I suspect your firewall rules are probably a mess.  Post a screenshot of your LAN rules and we can take a look.

                as you asked…

                LAN NET * > LAN ADD *
                LAN NET * > ALLOWED NETWORKS
                IP_FULL_ACCESS * > * *
                LAN NET * > ALLOWED_PORTS

                Regards

                1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM
                  last edited by

                  That's very difficult to read.  I was expecting something more like:

                  LANRules.png
                  LANRules.png_thumb

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    pfsense gives 2 shits how big or how long a session is open as long as there are packets moving the session would remain open forever.  That is how tcp works, now if your sending through some proxy it might have an issue with size of data trying to be moved.

                    So when you change your gateway to something other than pfsenes is it going through the same proxy?

                    So are trying to go through the proxy for these connections or not?  I am with KOM ascii art while can be kewl and all is not the best way to show the pfsense firewall rules.  Either dump the rules directly from https://doc.pfsense.org/index.php/How_can_I_see_the_full_PF_ruleset

                    Or post up a screenshot of the pfsense web gui as KOM did for example.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.