Can't receive emails - Can send emails
-
Hey there!
A co-worker and I have a problem with pfsense, regarding our mailserver. We can send emails, but we can't receive emails!
We can see that the emails get through our firewall, but then gets a timeout error when it tries to reach our Exchange server.
We have tried forwarding ports like smtp, pop3, imap4 - but nothing seems to be working.Can someone tell us if we are doing anything wrong?
Example:
TDCNET TCP * * TDCNET address 25 (SMTP) 192.168.1.254 25 (SMTP) SMTP til Exchange Server
where TDCNET is our WAN connection and 192.168.1.254 is our Exchange Server ip.
-
Port 25 is enough.
On my network I am using Zimbra as e-mail server and because I do not have any other DNS server than the pfsense forwarder I had to set the MX records on the DNS forwarder to recieve mails. Not sure if this is your problem.
Did you log the traffic on the firewall rule you created to make sure that SMTP traffic reaches your pfsense?
PS: I am using dynDNS and not all mailservers send me e-mails and rcieve my e-mails. Just want to mention it even if I sure that's not your problem.
-
Thanks for the answer :)
Our MX record is configured by our ISP, and it is configured correct (we checked it just to be sure).
I have logged the traffic on the firewall now, so we can verify that the SMTP traffic can reach our pfsense.
-
Hey there!
Can someone tell us if we are doing anything wrong?
Example:
TDCNET TCP * * TDCNET address 25 (SMTP) 192.168.1.254 25 (SMTP) SMTP til Exchange Server
Whats your wan firewall rule look like?
-
Whats your wan firewall rule look like?
I am not sure what rule you mean, so therefor, i am gonna give you all our rules ;)
TCP * * TDCNET address 25 (SMTP) * none SMTP Test
TCP * * 172.16.1.11 80 (HTTP) * none
TCP * * TDCNET address 110 (POP3) * none
TCP * * TDCNET address 143 (IMAP) * none
-
~~So you have a port forwarding rule.
TCP * * 192.168.11.2 25 (SMTP) * none
I can't tell for sure whether you have a matching NAT rule?
WAN TCP * * WAN address 25 (SMTP) 192.168.11.2 25 (SMTP)~~
Best to set up the NAT and let it generate the matching Firewall rule (bottom of NAT GUI page)
EDIT: Sorry, misread your original post. Last line above still applies though.
-
Best to set up the NAT and let it generate the matching Firewall rule (bottom of NAT GUI page)
Okay . Didn't realise that! Going to change our rules, so they will be generated from the NAT, since it's easier :)
However, i doubt it will fix our problem. -
Your rule should look like-
TDCNET TCP * * 192.168.1.254 25 (SMTP)
not
TCP * * TDCNET address 25 (SMTP)
-
… they will be generated from the NAT, since it's easier
However, i doubt it will fix our problem.You never mentioned your Port Forwardings before. Did you set those up?
Without an Inbound Port Forward your firewall rule never gets any traffic from WAN. -
You never mentioned your Port Forwardings before. Did you set those up?
Without an Inbound Port Forward your firewall rule never gets any traffic from WAN.Yeah, we did set this up. The only difference was, that i created the rules first, and then configured the NAT. I didn't realise you could configure NAT, and then it would create the rule automaticly.
So now, my NAT looks like this:
TDCNET TCP * * TDCNET address 25 (SMTP) 192.168.1.254 25 (SMTP) Test SMTP NAT
And therefor it have created a rule that looks like this:
TCP * * 192.168.1.254 25 (SMTP) * none NAT Test SMTP NAT
-
Does it work now?
-
It seems that way. We still can't receive emails, but we can see that we get trough the firewall now, and that didn't happen before. So the remaning problem is probably at the Exchange Server.
Thank you so much for your help :)
-
Just had this issue. Found a post back in 2011 that said to try adding a "To" and "From" rule in the Captive Portal Menu under Allowed IP Adresses Tab.
I did it, and now I can receive email.
Why is it that my server's IP needs to be input here.
Of course, in PFSense 2.03 you can't place a "To" and "From" rule, you have to select a "Both" rule.
But this is very wierd to me. I did not select a captive portal interface during setup.
When I do elect to install a captive portal interface, will I have to create different selections for the captive portal, and how will that affect my email server routing.
