Pfsense/Mailserver issue

Edbsmed

Hello.

Hope there is a solution / explanation.

I have a Smartermail Server running impeccably for months through my pc nr1 with SmoothWall.
Then I think that now Pfsense will be installed on pc nr1.
I configure a Cisco RV180 router as a temporary solution, and everything is still running as usual.

But when I have use pc nr1 with Pfsense installed, something strange starts.
My mail clients (MS Live Mail & Thunderbird), who have always used my FQDN as a pop3 server, can no longer connect to the smarter mail server.
On the other hand, when I replace my FQDN with the ip on the Smartermail Server, so it works.

On my mobile phone, the mail client (configured with FQDN) can only connect through 3G / 4G. As soon as WIFI is turned on, it can not connect the Smartermail Server.

It is the same ports that are forwarded to all 3 devices.
Is there an option / function I have overlooked.

With best regards
Edbsmed
![FW lan Rules.PNG](/public/imported_attachments/1/FW lan Rules.PNG)
![FW lan Rules.PNG_thumb](/public/imported_attachments/1/FW lan Rules.PNG_thumb)
![FW log short.PNG](/public/imported_attachments/1/FW log short.PNG)
![FW log short.PNG_thumb](/public/imported_attachments/1/FW log short.PNG_thumb)
![FW WAN rules.PNG](/public/imported_attachments/1/FW WAN rules.PNG)
![FW WAN rules.PNG_thumb](/public/imported_attachments/1/FW WAN rules.PNG_thumb)
![NAT Ports.PNG](/public/imported_attachments/1/NAT Ports.PNG)
![NAT Ports.PNG_thumb](/public/imported_attachments/1/NAT Ports.PNG_thumb)
![Pfsense version.PNG](/public/imported_attachments/1/Pfsense version.PNG)
![Pfsense version.PNG_thumb](/public/imported_attachments/1/Pfsense version.PNG_thumb)

Guest

have you set a host overide for your mail server in DNS Resolver?

If you don't do that then the address the LAN clients get for the FQDN will be the external WAN address and not the internal LAN address.

Go into Services-> DNS resolver ->General settings, look for the Host Overides at the bottom of the page and enter the details there, hostname, domain and the LAN IP address.

Should work fine then.

Edbsmed

Hello.

Some Questions to host override.

hostname = name of server where mailserver resides ?
domain = FQDN ??
lan ip = ip to server where mailserver resides ???

/edbsmed

Guest

Yes, so for example, mail.mydomain.com would be host = mail, domain = mydomain.com and the IP address is the LAN IP address.

Edbsmed

Hello.

Did not make any positive outcome.

Something else to do ?

/edbsmed

Guest

What IP address to you get back if you ping the fqdn of the mail server from a LAN client?

Edbsmed

Hello

I get my wan static ip address

/edbsmed

Guest

Ok, so if your using a Windows pc to test this can you issue the command ipconfig /flushdns before trying the ping. If you still don't get the local IP back can you tell me what DNS servers the client is using, it should only be using pfsense.

Edbsmed

Hello

After flushing I still get wan ip address.

Ipconfig /all says 8.8.8.8 and 8.8.4.4 for DNS
Should I remove these under system/generel setup ?

/edbsmed

Guest

In pfsense, in services-> DHCP -> LAN, are there any entries there for 8.8.8.8 etc, if so remove them and restart pfsense. Wait for it to restart then issue an ifconfig /renew and an ifconfig /flushdns on your client, the try the ping again

Edbsmed

Hello.

No luck yet.

I thinking… Did I do the override correct.

On Pfsense I forwarding port 110,25,143,587 to ip 192.168.0.10.
Server on 192.168.0.10 have a windows machinename.

I use windows machinename for "host" and ip 192.168.0.10 for ip and smartermail is configured with FQDN that I use for "DOMAIN"

/edbsmed

Gertjan

@Edbsmed:

…
On Pfsense I forwarding port 110,25,143,587 to ip 192.168.0.10.

If these ports should be reachable from the Internet, ok.

When you ping from any devie on your LAN to this FQDN that you have overriden, you should see the reply (ay least - it should resolve to) the IP that you assigned to the override.

For example, I have two 'internal' interfaces : LAN (192.168.1.0/24) and OPT1 (192.168.2.0/24).
I add this override in the DNS Resolver : portal.portal.brit-hotel-fumel.net with IP 192.168.2.2 (which is a device the OPT interface / network).

[2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ping portal.brit-hotel-fumel.net
PING portal.brit-hotel-fumel.net (192.168.2.2): 56 data bytes
64 bytes from 192.168.2.2: icmp_seq=0 ttl=64 time=0.122 ms
64 bytes from 192.168.2.2: icmp_seq=1 ttl=64 time=0.043 ms
64 bytes from 192.168.2.2: icmp_seq=2 ttl=64 time=0.045 ms
^C
–- portal.brit-hotel-fumel.net ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.043/0.070/0.122/0.037 ms

Of course, I have the needed firewall rules on the OPT1 interface.

Btw : you could also a the static DHCP (a good thing when a device is a server).
Add a static lease in the DHCP (pfSEnse) server so your mail server always obtains the same IPv4. Give this server also a name, like "mailserver".
Have the static lease being registered into the pfSense DNS Resolver.
Let's say the domain of your pfSEnse box is domain.net

Now, when you ping "mailserver.domaie.net" it should obtain the IP of this server.

Btw : You use the DNS Resolver, right, not the Forwarder .....

Guest

@Edbsmed:

Hello.

No luck yet.

I thinking… Did I do the override correct.

On Pfsense I forwarding port 110,25,143,587 to ip 192.168.0.10.
Server on 192.168.0.10 have a windows machinename.

I use windows machinename for "host" and ip 192.168.0.10 for ip and smartermail is configured with FQDN that I use for "DOMAIN"

/edbsmed

Forget the forwarding for the moment. Firstly you need to able for your LAN client to correctly resolve the fqdn of the mail server as a LAN IP not the wan IP.

Now, in the DNS resolver, the name you enter is the first part of the fqdn of the wan fqdn, so for example if the fqdn is smartmail.mydomain.com, then you enter 'smartmail' as the host, the rest of the fqdn you enter into domain, the IP is the LAN IP of the server, in your case 192.168.0.10.

Edbsmed

Hello.

I have one pc that had the smoothwall as Router/Firewall/GW.
My Android phone mailclient is configured with mydomain.com as pop3 port 587.
3G/4G/Wifi did work perfect.

My pc mailclient (Thunderbird) configured with mydomain.com as pop3 port 587 did work perfect.

Taking down the smoothwall pc, setting up my cisco router for temporaly use.
Everything runs perfect as on the smoothwall.

Install Pfsense on the old smoothwall pc.
Setting up portforward as you can see on previus attached pictures.
My Android phone mailclient is still configured with mydomain.com as pop3 port 587
On 3G/4G mail working perfect. ( Routing thru Pfsense to 192.168.0.10 is working)
On Wifi (private network) it is not working anymore.

My pc mailclient (thunderbird) configured with mydomain.com as pop3 port 587 is NOT working anymore.
My pc mailclient (thunderbird) configured with 192.168.0.10 (private network) as pop3 port 587 is working.

My mailserver is installed on 192.168.0.10. This is a static ip. Configured in Pfsense DHCP whit mac/ip.

One device working via internet and not on private network.
One device working via private network and not via internet
But why is it changing, as a result af installing Pfsense

/edbsmed

Edbsmed

Hello.

Aha…..
If I ping mydomain.com i recive wan ip.
If I ping machine.mydomain.com i recive 192.168.0.10

that should be okay

/edbsmed

Gertjan

That should be ok.
Use "machine.mydomain.com" in your mail client and you'll be fine from the 'inside'.

Your domain registrar should also contain "machine.mydomain.com" and point to your WAN IP, where you forward your mail ports to your "machine".