Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Device unable to send out email on port 587

    Firewalling
    4
    6
    332
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      Inovix
      last edited by

      Hello. I'm hoping someone may be able to help with this. The first thing to say is I'm very new to pfSense and I've recently 'inherited' this network and firewall from the previous IT admin, so my experience of pfSense is very limited. Much reading of the docs has been done before posting this.

      The issue - A new printer/copier/scanner on site that has been configured for scan-to-email. On this printer/scanner, we've configured all of the IPv4 settings, DNS and SMTP server (using port 587) on the new device, including a SMTP username and password. Printing to the device & scanning from it to shared folders on the local network is all good. Scanning to email, however, is not. When testing the SMTP connection from the printers GUI, it reports 'connection failed'.

      When I look at the the firewall logs on pfSense for the IP address of the printer (10.0.14.155), it seems to have 'allowed' the traffic - indicated by the green tick. What I do see, though, is that the source port is randomised, which from my reading is a feature of pfSense.

      2023-06-14_09-26-17.jpg

      Looking at the SMTP server inbound traffic, there seems to be no sign if the connection attempt from the site, so it seems the connection attempt is not getting past the pfSense firewall.

      What I did next - I then went into Firewall/NAT/Outbound and switched the mode from Automatic to Hybrid. I then added a rule in the Mappings section for the network 10.0.0.0/16, source port and destination left blank, destination 'any', destination port set to 587 and then checked the 'static port' option.

      2023-06-14_09-28-54.jpg

      This has not resolved the issue and I'm still getting connection error when testing the SMTP from the printer. Looking again at the firewall logs, I see the source port is still randomised. I'm obviously mistaken in thinking my rule in the Outbound NAT would keep the source port as 587?

      I'm not sure what to try next.

      For further info, the SMTP server we're using is smtp.mandrillapp.com on port 587. This server does not require SSL, so we've ensured that is unchecked in the printer settings.

      I've added these SMTP details on a different scanner at a different site (a site not having pfSense) and it works fine, so I have confidence in the SMTP details.

      Any help or further pointers would be appreaciated.

      Bob.DigB johnpozJ 2 Replies Last reply Reply Quote 0
      • Bob.DigB
        Bob.Dig LAYER 8 @Inovix
        last edited by Bob.Dig

        @Inovix said in Device unable to send out email on port 587:

        Any help or further pointers would be appreaciated.

        Why are the source and destination the same ip address in your screenshot?
        Post a Network Diagram and the interface rules.
        Port randomization has most probably nothing to do with your problem.

        1 Reply Last reply Reply Quote 0
        • I
          Inovix
          last edited by Inovix

          As mentioned, I'm not at all familiar with pfSense and so all of this config is from the previous IT Admin.

          These are the interface rules for WAN & LAN (There are no rules under Floating).

          WAN

          df8178eb-ee3e-4588-b171-8c201e5ccee8-image.png

          LAN

          a27c30c6-7714-4109-96d3-033e3399146b-image.png

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @Inovix
            last edited by

            @Inovix
            Please recheck the SMTP server setting on the printer.
            Is it a public server? If so, I'd expect to see its public IP in the firewall log as destination.

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @Inovix
              last edited by

              @Inovix said in Device unable to send out email on port 587:

              SMTP server we're using is smtp.mandrillapp.com on port 587

              Well that shows an IPs of

              ;; QUESTION SECTION:
;smtp.mandrillapp.com.          IN      A

;; ANSWER SECTION:
smtp.mandrillapp.com.   3600    IN      CNAME   smtp.us-east-1.mandrillapp.com.
smtp.us-east-1.mandrillapp.com. 3600 IN A       54.226.47.131
smtp.us-east-1.mandrillapp.com. 3600 IN A       54.236.7.116
smtp.us-east-1.mandrillapp.com. 3600 IN A       54.209.22.5
smtp.us-east-1.mandrillapp.com. 3600 IN A       18.208.190.224
smtp.us-east-1.mandrillapp.com. 3600 IN A       3.80.109.92
smtp.us-east-1.mandrillapp.com. 3600 IN A       3.91.68.97

              How would you get there going to the 10.0.14.155 address? Your saying that is the printers address? Then why would it send that to pfsense if it was trying to go to its own address?

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.03 | Lab VMs 2.7.2, 24.03

              1 Reply Last reply Reply Quote 0
              • I
                Inovix
                last edited by

                Folks - thanks to all for their input.

                The fact that the printer was trying to send to itself was causing some confusion.

                I configured the smtp in an app on another device on the same network (10.0.1.4.136) and tried sending. That failed as well. Checked the firewall logs .....

                2e193d9b-db78-4abf-a643-fd0eab3c2042-image.png

                .... the destination IP is the original printer we're having issues with!!!

                There had to be something on this firewall and sure enough, there was a rule in the Port Forward section to send traffic on 587 to 10.0.14.155 😥

                Deleted that rule - tested again and we're all good.

                Thanks again for your help.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post