4. Pfsense/Mailserver issue

Pfsense/Mailserver issue

  • E

    Hello.

    Hope there is a solution / explanation.

    I have a Smartermail Server running impeccably for months through my pc nr1 with SmoothWall.
    Then I think that now Pfsense will be installed on pc nr1.
    I configure a Cisco RV180 router as a temporary solution, and everything is still running as usual.

    But when I have use pc nr1 with Pfsense installed, something strange starts.
    My mail clients (MS Live Mail & Thunderbird), who have always used my FQDN as a pop3 server, can no longer connect to the smarter mail server.
    On the other hand, when I replace my FQDN with the ip on the Smartermail Server, so it works.

    On my mobile phone, the mail client (configured with FQDN) can only connect through 3G / 4G. As soon as WIFI is turned on, it can not connect the Smartermail Server.

    It is the same ports that are forwarded to all 3 devices.
    Is there an option / function I have overlooked.

    With best regards
    Edbsmed
    ![FW lan Rules.PNG](/public/imported_attachments/1/FW lan Rules.PNG)
    ![FW lan Rules.PNG_thumb](/public/imported_attachments/1/FW lan Rules.PNG_thumb)
    ![FW log short.PNG](/public/imported_attachments/1/FW log short.PNG)
    ![FW log short.PNG_thumb](/public/imported_attachments/1/FW log short.PNG_thumb)
    ![FW WAN rules.PNG](/public/imported_attachments/1/FW WAN rules.PNG)
    ![FW WAN rules.PNG_thumb](/public/imported_attachments/1/FW WAN rules.PNG_thumb)
    ![NAT Ports.PNG](/public/imported_attachments/1/NAT Ports.PNG)
    ![NAT Ports.PNG_thumb](/public/imported_attachments/1/NAT Ports.PNG_thumb)
    ![Pfsense version.PNG](/public/imported_attachments/1/Pfsense version.PNG)
    ![Pfsense version.PNG_thumb](/public/imported_attachments/1/Pfsense version.PNG_thumb)

    0
  • ?

    have you set a host overide for your mail server in DNS Resolver?

    If you don't do that then the address the LAN clients get for the FQDN will be the external WAN address and not the internal LAN address.

    Go into Services-> DNS resolver ->General settings, look for the Host Overides at the bottom of the page and enter the details there, hostname, domain and the LAN IP address.

    Should work fine then.

    0
  • E

    Hello.

    Some Questions to host override.

    hostname = name of server where mailserver resides ?
    domain = FQDN ??
    lan ip = ip to server where mailserver resides ???

    /edbsmed

    0
  • ?

    Yes, so for example, mail.mydomain.com would be host = mail, domain = mydomain.com and the IP address is the LAN IP address.

    0
  • E

    Hello.

    Did not make any positive outcome.

    Something else to do ?

    /edbsmed

    0
  • ?

    What IP address to you get back if you ping the fqdn of the mail server from a LAN client?

    0
  • E

    Hello

    I get my  wan static ip address

    /edbsmed

    0
  • ?

    Ok, so if your using a Windows pc to test this can you issue the command ipconfig /flushdns before trying the ping. If you still don't get the local IP back can you tell me what DNS servers the client is using, it should only be using pfsense.

    0
  • E

    Hello

    After flushing I still get wan ip address.

    Ipconfig /all says 8.8.8.8 and 8.8.4.4 for DNS
    Should I remove these under system/generel setup ?

    /edbsmed

    0
  • ?

    In pfsense, in  services-> DHCP -> LAN, are there any entries there for 8.8.8.8 etc, if so remove them and restart pfsense. Wait for it to restart then issue an ifconfig /renew and an ifconfig /flushdns on your client, the try the ping again

    0
  • E

    Hello.

    No luck yet.

    I thinking… Did I do the override correct.

    On Pfsense I forwarding port 110,25,143,587 to ip 192.168.0.10.
    Server on 192.168.0.10 have a windows machinename.

    I use windows machinename for "host" and ip 192.168.0.10 for ip and smartermail is configured with FQDN that I use for "DOMAIN"

    /edbsmed

    0

  • @Edbsmed:


    On Pfsense I forwarding port 110,25,143,587 to ip 192.168.0.10.

    If these ports should be reachable from the Internet, ok.

    When you ping from any devie on your LAN to this FQDN that you have overriden, you should see the reply (ay least - it should resolve to) the IP that you assigned to the override.

    For example, I have two 'internal' interfaces : LAN (192.168.1.0/24) and OPT1 (192.168.2.0/24).
    I add this override in the DNS Resolver : portal.portal.brit-hotel-fumel.net with IP 192.168.2.2 (which is a device the OPT interface / network).

    [2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ping portal.brit-hotel-fumel.net
    PING portal.brit-hotel-fumel.net (192.168.2.2): 56 data bytes
    64 bytes from 192.168.2.2: icmp_seq=0 ttl=64 time=0.122 ms
    64 bytes from 192.168.2.2: icmp_seq=1 ttl=64 time=0.043 ms
    64 bytes from 192.168.2.2: icmp_seq=2 ttl=64 time=0.045 ms
    ^C
    –- portal.brit-hotel-fumel.net ping statistics ---
    3 packets transmitted, 3 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 0.043/0.070/0.122/0.037 ms

    Of course, I have the needed firewall rules on the OPT1 interface.

    Btw : you could also a the static DHCP (a good thing when a device is a server).
    Add a static lease in the DHCP (pfSEnse) server so your mail server always obtains the same IPv4. Give this server also a name, like "mailserver".
    Have the static lease being registered into the pfSense DNS Resolver.
    Let's say the domain of your pfSEnse box is domain.net

    Now, when you ping "mailserver.domaie.net" it should obtain the IP of this server.

    Btw : You use the DNS Resolver, right, not the Forwarder .....

    0
  • ?

    @Edbsmed:

    Hello.

    No luck yet.

    I thinking… Did I do the override correct.

    On Pfsense I forwarding port 110,25,143,587 to ip 192.168.0.10.
    Server on 192.168.0.10 have a windows machinename.

    I use windows machinename for "host" and ip 192.168.0.10 for ip and smartermail is configured with FQDN that I use for "DOMAIN"

    /edbsmed

    Forget the forwarding for the moment. Firstly you need to able for your LAN client to correctly resolve the fqdn of the mail server as a LAN IP not the wan IP.

    Now, in the DNS resolver, the name you enter is the first part of the fqdn of the wan fqdn, so for example if the fqdn is smartmail.mydomain.com, then you  enter 'smartmail' as the host, the rest of the fqdn you enter into domain, the IP is the LAN IP of the server, in your case 192.168.0.10.

    0
  • E

    Hello.

    I have one pc that had the smoothwall as Router/Firewall/GW.
    My Android phone mailclient is configured with mydomain.com as pop3 port 587.
    3G/4G/Wifi did work perfect.

    My pc mailclient (Thunderbird) configured with mydomain.com as pop3 port 587 did work perfect.

    Taking down the smoothwall pc, setting up my cisco router for temporaly use.
    Everything runs perfect as on the smoothwall.

    Install Pfsense on the old smoothwall pc.
    Setting up portforward as you can see on previus attached pictures.
    My Android phone mailclient is still configured with mydomain.com as pop3 port 587
    On 3G/4G mail working perfect. ( Routing thru Pfsense to 192.168.0.10 is working)
    On Wifi (private network) it is not working anymore.

    My pc mailclient (thunderbird) configured with mydomain.com as pop3 port 587 is NOT working anymore.
    My pc mailclient (thunderbird) configured with 192.168.0.10 (private network) as pop3 port 587 is working.

    My mailserver is installed on 192.168.0.10. This is a static ip. Configured in Pfsense DHCP whit mac/ip.

    One device working via internet and not on private network.
    One device working via private network and not via internet
    But why is it changing, as a result af installing Pfsense

    /edbsmed

    0
  • E

    Hello.

    Aha…..
    If I ping mydomain.com i recive wan ip.
    If I ping machine.mydomain.com i recive 192.168.0.10

    that should be okay

    /edbsmed

    0

  • That should be ok.
    Use "machine.mydomain.com" in your mail client and you'll be fine from the 'inside'.

    Your domain registrar should also contain "machine.mydomain.com" and point to your WAN IP, where you forward your mail ports to your "machine".

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy