Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot send mail from my digital scanner since pfSense install, using port 587

    Scheduled Pinned Locked Moved Firewalling
    12 Posts 5 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nelsonsaenz
      last edited by

      Hi everyone,
      Brand new pfSense user so I'm learning my way around. I'm running version 2.4.5 and since installing on my home network, my HP digital sender can no longer send emails out. It sends out via my Office 365 SMTP using port 587. Immediately when I try to send, I get a Cannot contact SMTP host error and it never sends. Again, was not a problem with my previous router so I'm pretty sure it's something in the configuration.

      I've tried allowing 587 outbound as well as port forwarding, neither have solved it for me. I look through the firewall logs and don't see anything there either. I'm new to pfSense so entirely possible I'm not looking in the right place.

      Thanks in advance for any help.

      Bob.DigB 1 Reply Last reply Reply Quote 0
      • A
        akuma1x
        last edited by

        Do you have any packages installed or rules defined that block traffic - pfblockerNG, Snort, Suricata, subnet or VLAN that doesn't have firewall rules set, etc? If your scanner is on your LAN network, and you still have the default allow LAN to any destination rule in place, your scanner should function just fine.

        Have you created any additional LAN rules on your pfsense box?

        What is your pfsense box, since we're digging into some details here now?

        Jeff

        1 Reply Last reply Reply Quote 0
        • N
          nelsonsaenz
          last edited by

          Hi Jeff,
          Thanks for the reply. The only packages I have installed are ntop and BandwidthD, neither of which are blocking anything AFAIK. My LAN is 1 flat network, no VLANs, and I do have the default any to any LAN rule. The only other LAN rule I set up is the one to allow my scanner to send to port 589.

          My box is installed on an HP Microserver Gen 10.

          Odd thing is, I don't see the ip address anywhere on my logs so it's hard to troubleshoot the issue.

          viktor_gV 1 Reply Last reply Reply Quote 0
          • viktor_gV
            viktor_g Netgate @nelsonsaenz
            last edited by

            @nelsonsaenz port 587 or 589?

            Please show LAN tab firewall rules

            1 Reply Last reply Reply Quote 0
            • N
              nelsonsaenz
              last edited by

              Here you go... Thanks.

              Screen Shot 2020-05-13 at 12.33.00 PM.png

              1 Reply Last reply Reply Quote 0
              • A
                akuma1x
                last edited by akuma1x

                @nelsonsaenz You can tweak that 587 pass rule slightly by setting the source to LAN net. Since you state you've got a flat LAN network, and the scanner is on the LAN network, that's where you want to set the source as.

                You say you don't see the scanner getting an IP address. Do you have DHCP enabled for the LAN network, and does the DHCP server show the scanner getting assigned an IP address?

                Also, what happens if you disable this rule, reboot the pfsense box, and try the scanner again? I know you said you did some troubleshooting already, but the scanner should successfully communicate over the internet using the default allow LAN rule; the one directly under your 587 rule in your screenshot.

                Jeff

                1 Reply Last reply Reply Quote 0
                • N
                  nelsonsaenz
                  last edited by

                  I explained that badly. Yes, the scanner does have an IP and I do see it in my DHCP leases. I was saying I don't see the ip address when I go through the firewall logs.

                  viktor_gV GertjanG 2 Replies Last reply Reply Quote 0
                  • viktor_gV
                    viktor_g Netgate @nelsonsaenz
                    last edited by

                    @nelsonsaenz are you sure that it uses 587 port? maybe 25?
                    and Submission uses 587 TCP port not UDP/TCP, please fix it

                    1 Reply Last reply Reply Quote 0
                    • GertjanG
                      Gertjan @nelsonsaenz
                      last edited by

                      @nelsonsaenz said in Cannot send mail from my digital scanner since pfSense install, using port 587:

                      I do see it in my DHCP leases. I was saying I don't see the ip address when I go through the firewall logs.

                      Your scanner receives an IP .... and also (check this) the correct network mask, a DNS, a Gateway.
                      Example : no or bad DNS : scanner can't resolve URL ...
                      Or : no gateway : scanner can't find it's way out ...

                      Btw : the default LAN rules passes all traffic, all protocols.
                      But you can see that this rule (it matches) is actually used by traffic coming from your LAN devices.

                      719be5a6-ba8d-4509-8323-263375de0a56-image.png

                      This :

                      4ed7923d-9bc7-41e8-9cfa-86ce7a55e4d1-image.png

                      just above the general LAN pass rule is oj, it shows you if some IPv4 device is communicating to some device using port 587. The fact that it shows 0/0 for the counter means that the rule never matches. Also, this rule is logging if it matches.
                      This is pretty solid prove that the 'TCP 587'mail traffic from the scanner never reaches the router (pfSense).

                      Also : on some device on your LAN, a PC, open a command line, use Putty or telnet, and open a connection to the URL of smtp server - port 587. Do you see the SMTP banner of the remote Office mail server ?

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      1 Reply Last reply Reply Quote 0
                      • Bob.DigB
                        Bob.Dig LAYER 8 @nelsonsaenz
                        last edited by Bob.Dig

                        @nelsonsaenz said in Cannot send mail from my digital scanner since pfSense install, using port 587:

                        It sends out via my Office 365 SMTP using port 587. Immediately when I try to send, I get a Cannot contact SMTP host error and it never sends.

                        So it it is probably related to that entirely. No problem here with a local email-server.

                        GertjanG 1 Reply Last reply Reply Quote 0
                        • GertjanG
                          Gertjan @Bob.Dig
                          last edited by

                          @Bob-Dig said in Cannot send mail from my digital scanner since pfSense install, using port 587:

                          Cannot contact SMTP host erro

                          I'll place my bet : a DNS issue.

                          No "help me" PM's please. Use the forum, the community will thank you.
                          Edit : and where are the logs ??

                          1 Reply Last reply Reply Quote 0
                          • N
                            nelsonsaenz
                            last edited by

                            Once I read the DNS suggestion, I realized I hadn't checked those settings on the scanner. Went into it and saw that it was still pointing to the old, non existent WiFi router for DNS. Changed it and now I was just able to send a test successfully.

                            Greatly appreciate everyone's help!!!!!!

                            1 Reply Last reply Reply Quote 1
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.