• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Mail server behind pfSense

Scheduled Pinned Locked Moved Firewalling
7 Posts 4 Posters 1.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    skeating
    last edited by Jun 21, 2017, 12:42 PM

    Hello

    I am using a pfSense firewall in front of an Ability Mail Server. The firewall does NAT for the mail server. when I use MXToolbox to SMTP test the mail server, there are two results:

    SMTP Valid Hostname      Reverse DNS is not a valid Hostname

    SMTP Banner check          Revers DNS does not match SMTP Banner

    I have had a problem in the past where the pfSense firewall IP shows up on block lists, not the mail server IP. I know that since the firewall is in front, that is what any receiving server will 'see' the mail to be coming from. My question is, is there a setting or a rule that needs to be added, so that a reverse DNS lookup will go through to the mail server.

    1 Reply Last reply Reply Quote 0
    • V
      viragomann
      last edited by Jun 21, 2017, 4:25 PM

      The reverse DNS entry has to be set on a public DNS.

      1 Reply Last reply Reply Quote 0
      • C
        chpalmer
        last edited by Jun 21, 2017, 5:50 PM

        After you fix your rdns the SMTP Banner is set in the mail server to match it.

        ???

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • S
          skeating
          last edited by Jun 21, 2017, 5:57 PM

          I checked our DNS, and there are correct PTR records for the domain name. Interestingly, when I use MXToolbox's REverse DNS lookup, the PTR records are there.

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by Jun 21, 2017, 6:10 PM

            The MXToolBox result says that the hostname is not valid.
            Hard to give a better support as long we don't know the real hostname.

            1 Reply Last reply Reply Quote 0
            • J
              johnpoz LAYER 8 Global Moderator
              last edited by Jun 21, 2017, 6:26 PM

              Happy to take a look - but as viragomann correctly states without knowing the domain your taking about its hard to help.. You could PM me the domain and I will check its mx record and the the PTR, and what the banner shows when connecting to the MX, etc.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • J
                johnpoz LAYER 8 Global Moderator
                last edited by Jun 21, 2017, 8:26 PM

                So I got your email.. I replied.  Your PTR returns multiple multiple entries..  1 of which is yours out of the 10 that come back.

                And your banner does not match.. your PTR is mail1.yourdomain.tld while your banner is just some other domain.tld

                So yeah your going to have problems!

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                1 out of 7
                • First post
                  1/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received