SMTP notification uses default gateway instead of IPSEC



  • Hi,
    we have installed a pfSense at one of our remote sites and wanted to have email notifications for it. The mailserver is located at our main site and can be reached via an IPSEC tunnel. The tunnel is working fine and normal traffic is not an issue. The email notifications though do not work, since the pfsense is trying to send it via the default gateway (the primary WAN link). Is there any way I am able to tell pfsense which interface to use to send the notifications?

    Any help is appreciated.

    Thanks



  • From my experience:

    • install postifix on pfsense and setup as relay to your private email server ( for pfsense email notification listen only on localhost )

    The reason I am using this way is that if connection to mail server can't be established I am losing emails with notifications ( pfsense don't keep this if can't deliver and you have to dig in logs ), and some time also it is possible to have some errors because of failure to deliver notifications that will lead to some package crash.

    read here how to install in 2.3.x:

    https://forum.pfsense.org/index.php?topic=40622.msg662826#msg662826



  • Hi,
    thanks for the suggestion but I'm not going to install a package manually which is unsupported on a production environment.
    Is there really no other way telling the notification system where to find the mail server other than a local network?

    Regards



  • have a look at:  System/Advanced/Notifications/E-mail and see what you can do there with settings, if your email server is located in LAN you can point directly to his internal IP and set the server to accept emails from pfsense internal IP.

    p.s.
    I am using manual installed & configured postfix in "two production" pfsense 2.3.x both connected by OVPN Site to Site and both use local postfix to forward local notification email to email server in LAN without any problems for months ( one of them also use postfix as a backup email for mx domain server so it accept external emails also ).



  • I realize this is an old thread, but I'm replying since it's one of the first results that appears when Googling this question. Here's all you should need.

    Let's assume you have the following configuration:

    • LAN: 10.0.10.0/24
    • WAN: <whatever>
    • IPSec: 172.16.30.0/24
    • Mail Server: 172.16.30.25

    Assuming your tunnel is functional and no firewall rules are explicitly blocking traffic between the LAN and IPSec, do the following:

    • Create a Gateway (System/Routing/Gateways)
      • Interface: LAN
      • Address Family: IPv4 (obviously, change this to IPv6 if you're doing this for an IPv6 network)
      • Name: LAN_GW
      • Gateway: 10.0.10.1 (... assuming this is the IP address of the LAN interface)
      • Description: LAN Gateway
    • Create a Static Route (System/Routing/Static Routes)
      • Destination Network: 172.16.30.25 (IP address of mail server)
      • Gateway: Select the previously created gateway from the dropdown list (LAN_GW - 10.0.10.1)
      • Description: Route to mail server via IPSec

    Proceed with configuring your notifications, using your internal mail server's IP address.


  • Netgate Administrator


  • Rebel Alliance Developer Netgate

    Or use VTI IPsec and a regular route. Easy peasy.


Log in to reply