Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Assistence with setting up mail server behind pfsense

    Scheduled Pinned Locked Moved General pfSense Questions
    12 Posts 6 Posters 5.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      luke240778
      last edited by

      Have a few questions about setting up a mail server behind pfsense.  Is there anything more that i have to do besides adding the port forwards for port 25 to the IP of the mail server?

      I dont really understand setting up NAT so am unsure if i need any other settings setup.

      I want the mail server to work in the office as well as for webmail outside the office

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • C
        clarknova
        last edited by

        I think you've been somewhat ambiguous about your needs. Is webmail the only service on this server that needs to be accessible from outside networks? If so, then it's ports 80 or 443 that you need to forward.

        Port 25 is SMTP, and you should only expose it if you know you want it accessible from the world and you have properly secured your SMTP server, otherwise you'll get blacklisted as an open spam relay lickety split. You may want to look at outsourcing your SMTP, for example through GMail.

        db

        1 Reply Last reply Reply Quote 0
        • marcellocM
          marcelloc
          last edited by

          @luke240778:

          Is there anything more that i have to do besides adding the port forwards for port 25 to the IP of the mail server?

          I suggest you using postfix forwader package to protect your server from internet.

          But a simple NAT makes your server accessible from outside.

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • L
            luke240778
            last edited by

            Ok, so maybe i should explain better what it is that i want and that may help more to assist me in how to do it:

            i have a mail server on a server attached to my LAN.  for us in the office and my clients (WiSP) also connected on LAN interface, i want mail working for webmail and also POP/IMAP to use thunderbird.

            I also need mail to work also when someone is ourside of the network, travelling or from another location for example.

            my domain is www.mutiwifi.com.br so would like from anywhere inside or outside the lan to be able to www.mutiwifi.com.br/webmail to get webmail access, and also for thunderbird and other email clients to also work from anywhere.  If possible i would like the LAN clients to be able to email between eachother even if the WAN link is down.

            i understand the part that i have to do to my DNS settings for my domain to get it to work, but dont know how to get this setup working with pfsense

            1 Reply Last reply Reply Quote 0
            • marcellocM
              marcelloc
              last edited by

              The easiest way is doing dns stuff, external dns points to firewall, internal dns points to server.

              If you plan to improve security, you may need more, but dns will be the first step in both situations

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • W
                wallabybob
                last edited by

                After setting up the port forward you probably also need to reset firewall states fr the port forward to become active.

                1 Reply Last reply Reply Quote 0
                • marcellocM
                  marcelloc
                  last edited by

                  my domain is www.mutiwifi.com.br

                  Are you brazilian?

                  Treinamentos de Elite: http://sys-squad.com

                  Help a community developer! ;D

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    He's certainly in Brazil.

                    Steve

                    Edit: Google maps shows Brazil is big!  :D I must get over there some time.  :)

                    1 Reply Last reply Reply Quote 0
                    • marcellocM
                      marcelloc
                      last edited by

                      @stephenw10:

                      Edit: Google maps shows Brazil is big!  :D I must get over there some time.  :)

                      you'll like. ;) Visit the beaches from northeast or go to Rio de Janeiro.

                      Treinamentos de Elite: http://sys-squad.com

                      Help a community developer! ;D

                      1 Reply Last reply Reply Quote 0
                      • L
                        luke240778
                        last edited by

                        @marcelloc:

                        my domain is www.mutiwifi.com.br

                        Are you brazilian?

                        I'm Australian, but i do live in Brasil..

                        1 Reply Last reply Reply Quote 0
                        • L
                          luke240778
                          last edited by

                          @marcelloc:

                          The easiest way is doing dns stuff, external dns points to firewall, internal dns points to server.

                          If you plan to improve security, you may need more, but dns will be the first step in both situations

                          Ok thats what i thought.. i just am unsure about setting up NAT and firewall rules (if needed) for users to be able to send emails..

                          1 Reply Last reply Reply Quote 0
                          • Cry HavokC
                            Cry Havok
                            last edited by

                            You'll need to forward port 587/TCP if people are connecting remotely to send email through your server (as opposed to 25/TCP for other mail servers).  You'll need 110/TCP and 143/TCP for POP and IMAP and port 80/TCP (and hopefully 443/TCP) for Webmail. I'd highly recommend that you configure your SMTP server and POP/IMAP server to support TLS and your web server to support HTTPS.

                            Those port forwards should cover your required remote access

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.