Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cant reach my imap server

    Scheduled Pinned Locked Moved General pfSense Questions
    14 Posts 5 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Modesty
      last edited by

      Hi

      i have probably enebled somthing in pfSense that make my imap mail unstable

      Some days I receiv mail som other I dont. On my phone it works all the time...

      I connect to mail.myserver.com, and provider asks me to use port 587 for outgoing and 143 for incoming. And this setting has worked for the last years.

      Any tip to give me?

      Here is whats running on pfSense
      4e142c26-788f-493c-95d8-7b7d86fa0281-image.png

      Everything can be rebuilt!

      V 1 Reply Last reply Reply Quote 0
      • Raffi_R
        Raffi_
        last edited by

        That could be due to many reasons. We don't have much information go on, but from what you have provided the one thing I can think of that might create intermittent issues is your Snort install. Depending on how Snort is configured it can very easily flag legitimate traffic as a false positive. That would prevent traffic from temporarily flowing to a specific IP such as your imap server. When you run into this issue, take a look at your block list in Snort. If you have any entries in there try to see if your server IP is listed there. Clear that entry if you can identify it. If you don't know the server IP, try clearing all entries and see if mail is suddenly restored.

        1 Reply Last reply Reply Quote 0
        • V
          viragomann @Modesty
          last edited by

          @MOdesty said in Cant reach my imap server:

          and provider asks me to use port 587 for outgoing and 143 for incoming.

          Are you connecting to the IMAP unencrypted? ๐Ÿ˜“

          Raffi_R DaddyGoD 2 Replies Last reply Reply Quote 0
          • Raffi_R
            Raffi_ @viragomann
            last edited by

            @viragomann said in Cant reach my imap server:

            Are you connecting to the IMAP unencrypted?

            That is scary. @MOdesty I would look for another provider if that is the case.

            M 1 Reply Last reply Reply Quote 0
            • M
              Modesty @Raffi_
              last edited by

              thanks @Raffi_ and @viragomann

              Well, I have had trouble connecting so its unencrypted. This is a mail account I don't use much...
              I call them and ask how to enable encryption.

              I disabled Snort, but still cant connect whit 'telnet mail.mydomain.com 587' and 'mail.mydomain.com 144'

              I know its not much info Isupply, but I'm not a FW expert...

              Can I make some logging to show you guys?

              Everything can be rebuilt!

              Raffi_R DaddyGoD 2 Replies Last reply Reply Quote 0
              • DaddyGoD
                DaddyGo @viragomann
                last edited by

                @viragomann said in Cant reach my imap server:

                Are you connecting to the IMAP unencrypted?

                587 you just leave it, as it can be STARTTLS
                but the 143 naked as the head of a bald man

                993 and 465 well they prefer

                Cats bury it so they can't see it!
                (You know what I mean if you have a cat)

                Raffi_R 1 Reply Last reply Reply Quote 1
                • Raffi_R
                  Raffi_ @Modesty
                  last edited by

                  @MOdesty said in Cant reach my imap server:

                  I disabled Snort, but still cant connect whit 'telnet mail.mydomain.com 587' and 'mail.mydomain.com 144'

                  I asked you to try going to the block list and removing the entries for a reason. Disabling Snort, does not do the same thing. If you have entries being blocked by snort, disabling snort does not allow traffic to those entries, they are still blocked. You MUST go to Snort and clear the block list to restore that traffic.

                  DaddyGoD 1 Reply Last reply Reply Quote 1
                  • Raffi_R
                    Raffi_ @DaddyGo
                    last edited by

                    @DaddyGo said in Cant reach my imap server:

                    but the 143 naked as the head of a bald man

                    ๐Ÿ˜‚

                    1 Reply Last reply Reply Quote 0
                    • DaddyGoD
                      DaddyGo @Raffi_
                      last edited by

                      @Raffi_ said in Cant reach my imap server:

                      You MUST go to Snort

                      when I first saw the post immediately jumped into Snort issue and if IMAP / SMTP related rules are installed without reason this will be the possible case,....hmmm

                      d33be184-4e69-4f08-a155-171f4a89e2d9-image.png

                      Cats bury it so they can't see it!
                      (You know what I mean if you have a cat)

                      1 Reply Last reply Reply Quote 0
                      • Raffi_R
                        Raffi_
                        last edited by Raffi_

                        @MOdesty if you are not familiar with how Snort works, I would highly recommend running it as an IDS (intrusion detection mode) initially. My suggestions above are assuming you're running it as an IPS (intrusion prevention mode) which would block on alerts.

                        1 Reply Last reply Reply Quote 0
                        • DaddyGoD
                          DaddyGo @Modesty
                          last edited by DaddyGo

                          @MOdesty said in Cant reach my imap server:

                          I call them and ask how to enable encryption.

                          it is usually enough to change the ports + Auth., as every serious mail provider uses more than one ports ... ๐Ÿ˜‰

                          it is also true that, the serious email service providers....
                          unencrypted ports have already been closed

                          like here:

                          4ed19498-45ba-48c3-80cf-9f05a0d1e79a-image.png

                          or here:

                          3f69346f-45ef-4054-a5ea-e6cf277cd960-image.png

                          0c4b82c8-f130-4c5c-9923-7311ac05af3a-image.png

                          Cats bury it so they can't see it!
                          (You know what I mean if you have a cat)

                          1 Reply Last reply Reply Quote 0
                          • M
                            Modesty
                            last edited by

                            Hi
                            i hope i can get some more help...

                            I have changed to imap 993/ssl + 465/ssl, it works when on shared 4g WLAN, NOT on pfSense

                            I have disabled all pfSense pakages, did not work

                            I have restored pfSense backup from desember 2019 (at that time all was working)

                            My imap mail service provider states that certificate is not for me alone, but for all their mail customers, it is a letsEncrypt, seems to work because it works on my phone + on my computer when on other wlan that my pfSense box.

                            Another odd thing, my Samsung phone with samsung mail works as my computer (works not) when phone and PC usese wlan from my pfSense.
                            On my phone i installed outlook and that client manage to receive mail when on same lan as PC, pfSense box., why?

                            Any ideas to search for solutions?

                            Everything can be rebuilt!

                            GertjanG 1 Reply Last reply Reply Quote 0
                            • GertjanG
                              Gertjan @Modesty
                              last edited by

                              @MOdesty said in Cant reach my imap server:

                              Another odd thing, my Samsung phone with samsung mail works as my computer (works not) when phone and PC usese wlan from my pfSense.
                              On my phone i installed outlook and that client manage to receive mail when on same lan as PC, pfSense box., why?

                              Your saying : your Phone, using the local WLAN or Wifi, so behind pfSense on a LAN, can access the mail, but the PC on the same LAN, can not ?
                              This excludes pfSense as an issue.

                              Suddenly, you mention the word 'certificate' here.

                              @MOdesty said in Cant reach my imap server:

                              My imap mail service provider states that certificate is not for me alone

                              Why are you thinking the (a ?) certificate is just made for you ?
                              Why ? What error ?
                              Are you able to makes screen captures of the issues ? And Ctrl-C Ctrl-V them here in the forum ?

                              3c31958e-87de-43fd-9b61-511d1e087430-image.png

                              @MOdesty said in Cant reach my imap server:

                              Any ideas to search for solutions?

                              Yeah. You already said it yourself :

                              Everything can be rebuilt!

                              Squid, squidGuard, Snort, iPerf, clamd (and c-icap) are packages that go well beyond 'classic' router/firewall setup **

                              Better yet : for http, https, pop,pops, imaps,ssh, ntp, etc, actuallu, any port between 1 and 65535, to any addresses situated at the Internet, for TCP, UDP you do not need to add, remove or change something.
                              Set up pfSense by making WAN work, and you'll be good.

                              Mail access is something that should be done in the device(s), where your mail clients are. Nothing has to be done on pfSense.

                              ** It's said that some video documentation on the Internet shows the usage of some packages, giving the impression that you can intercept traffic that flows through the router. You can't. As the KGB, Mossad, CIA, NSA can't neither.
                              For valid video sources : see the Netgate => Youtube videos (only).

                              No "help me" PM's please. Use the forum, the community will thank you.
                              Edit : and where are the logs ??

                              1 Reply Last reply Reply Quote 0
                              • M
                                Modesty
                                last edited by

                                Hi

                                Well, it can be rebuilt, and a backup from 2019 is that, did unfortunate not help this time.

                                this is the only error I manage to find:

                                2966d30d-3a18-4c9d-87af-51cdf84078e6-image.png

                                the big question is why my computer reach mail server when on OFFICE LAN and not on HOME LAN? Same internet provider (get.no) and same mail provider. Only difference is router config:
                                HOME pfSense + bridged get.no router
                                WORK only get.no router.

                                Reason I mention SSL certificate is that it is information you forum useres may understand and connect to my mail issue. Mail provider write on his home page:

                                "Use of encryption (SSL)

                                If you wish, you can use encrypted connection to the mail server. Note, however, that your e-mail server does not have its own so-called SSL certificate, but shares this with other customers. You will thus get a warning in your e-mail reader the first time you activate SSL which says that the certificate does not match your domain name. You must accept the certificate then presented before you can use SSL."

                                Everything can be rebuilt!

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.