4. Problem with Squid3 and outgoing email (SMTP)

Problem with Squid3 and outgoing email (SMTP)

  • C

    Hi everyone, long time no see.

    I set up a fresh pfsense instalation (2.3.4_1) in my workplace, and set up DHCP server, DNS forwarder (I find it more friendly than dns resolver), Squid3 and Squidguard to use as a proxy. I've had  done this in version 2.2.X, but I whised to upgrade and be up to date. Also, I configured the proxy to be explicit, using WPAD/PAC (in 2.2.X i used to have it transparent).
    Until here, all good, i created the blacklist using the blacklist file from shallalist.de, I made a custom target category called "White_List" where i put my whitelisted addresses, and all worked as expected, except for 2 topics:
    1.- Now, most of the https connections that are bloqued by squidguard (or are not whitelisted) apprears with the error message: "ERR_TUNNEL_CONNECTION_FAILED" (Google Chrome Browser)
    2.- Every time Someone (it happens with all the employees) Tries to send an email, the task "sending" gets stuck, and the message doesn't come out, the incoming email is received without any kind of issue.

    The email client is outlook, The pop3 protocol is using port 110, the SMTP protocol is using port 587.
    The email server is outside the network (a rented remote server, not Exchange).

    As far as I Know, Squid has no reason to mess with SMTP, but when I was using it as a transparent proxy, I was used to see it "blocking" the communication with another apps and programs like spotify, dropbox, skype, etc, by showing a "TLS Handshake error" so I have my reasons to think that squid could be "blocking" the SMTP communications in the same (or similar) way.

    By now, the users are using another pfsense without squid, in the meantime, so their activities doesn't get interrupted. All is functioning as desired (except that I cant filter what they are allowed to see).

    There is a way to prevent Squid doing this?

    Greetings.

    0
  • C

    The reason why SMTP stopped working? I don't Know…
    How I solved it? In "Services" -> "Squid Proxy Server" -> "ACLs" i went to the field "Unrestricted IPs" and set my LAN net in CIDR Format (192.168.1.0/24), then I went to the field "ACL SSLPorts" and set this "2096 587 443 563"
    After saving, aplying and a reboot, the SMTP was working again.

    Greetings!

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy