Assistence with setting up mail server behind pfsense



  • Have a few questions about setting up a mail server behind pfsense.  Is there anything more that i have to do besides adding the port forwards for port 25 to the IP of the mail server?

    I dont really understand setting up NAT so am unsure if i need any other settings setup.

    I want the mail server to work in the office as well as for webmail outside the office

    Thanks in advance



  • I think you've been somewhat ambiguous about your needs. Is webmail the only service on this server that needs to be accessible from outside networks? If so, then it's ports 80 or 443 that you need to forward.

    Port 25 is SMTP, and you should only expose it if you know you want it accessible from the world and you have properly secured your SMTP server, otherwise you'll get blacklisted as an open spam relay lickety split. You may want to look at outsourcing your SMTP, for example through GMail.



  • @luke240778:

    Is there anything more that i have to do besides adding the port forwards for port 25 to the IP of the mail server?

    I suggest you using postfix forwader package to protect your server from internet.

    But a simple NAT makes your server accessible from outside.



  • Ok, so maybe i should explain better what it is that i want and that may help more to assist me in how to do it:

    i have a mail server on a server attached to my LAN.  for us in the office and my clients (WiSP) also connected on LAN interface, i want mail working for webmail and also POP/IMAP to use thunderbird.

    I also need mail to work also when someone is ourside of the network, travelling or from another location for example.

    my domain is www.mutiwifi.com.br so would like from anywhere inside or outside the lan to be able to www.mutiwifi.com.br/webmail to get webmail access, and also for thunderbird and other email clients to also work from anywhere.  If possible i would like the LAN clients to be able to email between eachother even if the WAN link is down.

    i understand the part that i have to do to my DNS settings for my domain to get it to work, but dont know how to get this setup working with pfsense



  • The easiest way is doing dns stuff, external dns points to firewall, internal dns points to server.

    If you plan to improve security, you may need more, but dns will be the first step in both situations



  • After setting up the port forward you probably also need to reset firewall states fr the port forward to become active.



  • my domain is www.mutiwifi.com.br

    Are you brazilian?


  • Netgate Administrator

    He's certainly in Brazil.

    Steve

    Edit: Google maps shows Brazil is big!  :D I must get over there some time.  :)



  • @stephenw10:

    Edit: Google maps shows Brazil is big!  :D I must get over there some time.  :)

    you'll like. ;) Visit the beaches from northeast or go to Rio de Janeiro.



  • @marcelloc:

    my domain is www.mutiwifi.com.br

    Are you brazilian?

    I'm Australian, but i do live in Brasil..



  • @marcelloc:

    The easiest way is doing dns stuff, external dns points to firewall, internal dns points to server.

    If you plan to improve security, you may need more, but dns will be the first step in both situations

    Ok thats what i thought.. i just am unsure about setting up NAT and firewall rules (if needed) for users to be able to send emails..



  • You'll need to forward port 587/TCP if people are connecting remotely to send email through your server (as opposed to 25/TCP for other mail servers).  You'll need 110/TCP and 143/TCP for POP and IMAP and port 80/TCP (and hopefully 443/TCP) for Webmail. I'd highly recommend that you configure your SMTP server and POP/IMAP server to support TLS and your web server to support HTTPS.

    Those port forwards should cover your required remote access


Locked