Cannot send mail from my digital scanner since pfSense install, using port 587

nelsonsaenz · May 13, 2020, 6:03 PM

Hi everyone,
Brand new pfSense user so I'm learning my way around. I'm running version 2.4.5 and since installing on my home network, my HP digital sender can no longer send emails out. It sends out via my Office 365 SMTP using port 587. Immediately when I try to send, I get a Cannot contact SMTP host error and it never sends. Again, was not a problem with my previous router so I'm pretty sure it's something in the configuration.

I've tried allowing 587 outbound as well as port forwarding, neither have solved it for me. I look through the firewall logs and don't see anything there either. I'm new to pfSense so entirely possible I'm not looking in the right place.

Thanks in advance for any help.

akuma1x · May 13, 2020, 6:16 PM

Do you have any packages installed or rules defined that block traffic - pfblockerNG, Snort, Suricata, subnet or VLAN that doesn't have firewall rules set, etc? If your scanner is on your LAN network, and you still have the default allow LAN to any destination rule in place, your scanner should function just fine.

Have you created any additional LAN rules on your pfsense box?

What is your pfsense box, since we're digging into some details here now?

Jeff

nelsonsaenz · May 13, 2020, 6:39 PM

Hi Jeff,
Thanks for the reply. The only packages I have installed are ntop and BandwidthD, neither of which are blocking anything AFAIK. My LAN is 1 flat network, no VLANs, and I do have the default any to any LAN rule. The only other LAN rule I set up is the one to allow my scanner to send to port 589.

My box is installed on an HP Microserver Gen 10.

Odd thing is, I don't see the ip address anywhere on my logs so it's hard to troubleshoot the issue.

viktor_g · May 13, 2020, 7:05 PM

@nelsonsaenz port 587 or 589?

Please show LAN tab firewall rules

nelsonsaenz · May 13, 2020, 7:34 PM

Here you go... Thanks.

akuma1x · May 13, 2020, 7:42 PM

@nelsonsaenz You can tweak that 587 pass rule slightly by setting the source to LAN net. Since you state you've got a flat LAN network, and the scanner is on the LAN network, that's where you want to set the source as.

You say you don't see the scanner getting an IP address. Do you have DHCP enabled for the LAN network, and does the DHCP server show the scanner getting assigned an IP address?

Also, what happens if you disable this rule, reboot the pfsense box, and try the scanner again? I know you said you did some troubleshooting already, but the scanner should successfully communicate over the internet using the default allow LAN rule; the one directly under your 587 rule in your screenshot.

Jeff

nelsonsaenz · May 13, 2020, 7:42 PM

I explained that badly. Yes, the scanner does have an IP and I do see it in my DHCP leases. I was saying I don't see the ip address when I go through the firewall logs.

viktor_g · May 14, 2020, 5:14 AM

@nelsonsaenz are you sure that it uses 587 port? maybe 25?
and Submission uses 587 TCP port not UDP/TCP, please fix it

Gertjan · May 14, 2020, 5:45 AM

@nelsonsaenz said in Cannot send mail from my digital scanner since pfSense install, using port 587:

I do see it in my DHCP leases. I was saying I don't see the ip address when I go through the firewall logs.

Your scanner receives an IP .... and also (check this) the correct network mask, a DNS, a Gateway.
Example : no or bad DNS : scanner can't resolve URL ...
Or : no gateway : scanner can't find it's way out ...

Btw : the default LAN rules passes all traffic, all protocols.
But you can see that this rule (it matches) is actually used by traffic coming from your LAN devices.

This :

just above the general LAN pass rule is oj, it shows you if some IPv4 device is communicating to some device using port 587. The fact that it shows 0/0 for the counter means that the rule never matches. Also, this rule is logging if it matches.
This is pretty solid prove that the 'TCP 587'mail traffic from the scanner never reaches the router (pfSense).

Also : on some device on your LAN, a PC, open a command line, use Putty or telnet, and open a connection to the URL of smtp server - port 587. Do you see the SMTP banner of the remote Office mail server ?

Bob.Dig · May 14, 2020, 6:53 AM

@nelsonsaenz said in Cannot send mail from my digital scanner since pfSense install, using port 587:

It sends out via my Office 365 SMTP using port 587. Immediately when I try to send, I get a Cannot contact SMTP host error and it never sends.

So it it is probably related to that entirely. No problem here with a local email-server.

Gertjan · May 14, 2020, 7:07 AM

@Bob-Dig said in Cannot send mail from my digital scanner since pfSense install, using port 587:

Cannot contact SMTP host erro

I'll place my bet : a DNS issue.

nelsonsaenz · May 14, 2020, 4:12 PM

Once I read the DNS suggestion, I realized I hadn't checked those settings on the scanner. Went into it and saw that it was still pointing to the old, non existent WiFi router for DNS. Changed it and now I was just able to send a test successfully.

Greatly appreciate everyone's help!!!!!!