Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Problem with Squid3 and outgoing email (SMTP)

    Cache/Proxy
    1
    2
    1340
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chidgear last edited by

      Hi everyone, long time no see.

      I set up a fresh pfsense instalation (2.3.4_1) in my workplace, and set up DHCP server, DNS forwarder (I find it more friendly than dns resolver), Squid3 and Squidguard to use as a proxy. I've had  done this in version 2.2.X, but I whised to upgrade and be up to date. Also, I configured the proxy to be explicit, using WPAD/PAC (in 2.2.X i used to have it transparent).
      Until here, all good, i created the blacklist using the blacklist file from shallalist.de, I made a custom target category called "White_List" where i put my whitelisted addresses, and all worked as expected, except for 2 topics:
      1.- Now, most of the https connections that are bloqued by squidguard (or are not whitelisted) apprears with the error message: "ERR_TUNNEL_CONNECTION_FAILED" (Google Chrome Browser)
      2.- Every time Someone (it happens with all the employees) Tries to send an email, the task "sending" gets stuck, and the message doesn't come out, the incoming email is received without any kind of issue.

      The email client is outlook, The pop3 protocol is using port 110, the SMTP protocol is using port 587.
      The email server is outside the network (a rented remote server, not Exchange).

      As far as I Know, Squid has no reason to mess with SMTP, but when I was using it as a transparent proxy, I was used to see it "blocking" the communication with another apps and programs like spotify, dropbox, skype, etc, by showing a "TLS Handshake error" so I have my reasons to think that squid could be "blocking" the SMTP communications in the same (or similar) way.

      By now, the users are using another pfsense without squid, in the meantime, so their activities doesn't get interrupted. All is functioning as desired (except that I cant filter what they are allowed to see).

      There is a way to prevent Squid doing this?

      Greetings.

      1 Reply Last reply Reply Quote 0
      • C
        chidgear last edited by

        The reason why SMTP stopped working? I don't Know…
        How I solved it? In "Services" -> "Squid Proxy Server" -> "ACLs" i went to the field "Unrestricted IPs" and set my LAN net in CIDR Format (192.168.1.0/24), then I went to the field "ACL SSLPorts" and set this "2096 587 443 563"
        After saving, aplying and a reboot, the SMTP was working again.

        Greetings!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy