SMTP being blocked after a couple of hours

  • I have multiple PFsense machines running some on identical hardware to this one. None of them have doen this before. After not getting a result I reinstalled the machine.

    Lan >
    Wan > PPPoE > Netgear DG834 running as modem only

    After installation machine works fine all traffic is routed correctly. After the first install onsite after about 5 hours for no apparent reason outgoing SMTP stopped working. I thought maybe a setting caused it. I had installed squidguard and also setup a DNS forwarder to have users with laptops email route through ISP server when connected localy so they dont have to change outgoing server settings when in the office. As this seems very relevant I thought it may have caused the errors. I removed and undid everything also uninstalled squidguard incase this was causing the problem.

    I resolved this with a reinstall in the end and all was well.
    18 hours later I received a call from the user no SMTP going out again.

    Everything else is working

    Portforwarding for RDP to the windows server behind the firewall
    transparent proxy
    PPTP Vpn

    For the onboard Intel nic i had to install the driver to make it work after setup (had to do this for another installation aswell and its working) so initial setup creates 1 network card and 1 vlan after installation I install the driver and change the interface to the seccond network card and I remove the vlan.

    What are the variables that can affect outgoing SMTP.
    The firewall rule is set to allow anything from LAN net out to any port so I dont see a point in adding another one for SMTP unless I can add a rule that routes all smtp traffic to the ISP mail server IP. If I can get the thing to send out.

    PS to check it is a problem with the PFsense box I set the netgear back to router mode and mail went out fine.

  • Are they connecting to an ISP for mail services, or to the Windows server first and then it sends out?
    Are there anything in the logs that might indicate a problem? Check also the firewall log to see if traffic is being blocked.
    Have you changed any of the advanced setting?

  • Yup Mail going to ISP mail server ( collecting and delivering form same ISP )

    I havent changed advanced settings ( and made no changes between the firewall allowing traffic to pass and it starting to drop it.)

    I dont see anything stand out in the logs but I'm not really sure what I'm looking for appart from the obvious :25 and the ISP IP address, I'm a little unclear as to if the packets in there are allowed or dropped and do so I probably need to increase the logging details.

    I had to bypass the firewall and put them back on their Netgear router as I tried to restore to a backup I made when evereything was working and the box died presumably due to what looked like squid not being relaoded 100% ( I havent had to do to much restoring on the firewalls as its usually rock solid. )

  • The only reasons I have had to restore is hardware failure.

    By default the stuff you see in the firewall log is being blocked (as in they have the X on them).

    If the setup is not complex, I would start vanilla and see if SMTP stabilizes before adding any packages.
    For instance, I wanted to run snort, but since I have 50mbit link that bursts to 100mbit on a really old system, when someone heavily uses the download, the CPU goes to 100% and kills ipsec.

  • Thanks that good advice. will load it as default install and see what happens.

