Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Exchange Behind PFSense

    Scheduled Pinned Locked Moved NAT
    5 Posts 3 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      abdulrahimmirza
      last edited by

      Hello,

      I have installed Microsoft Exchange 2013 behind PFSense 2.1.3. The infrastructure is being described below:

      Infrastructure Details:

      • I have a pool of public IP's, 2 of which are being used in this deployment.We will use "PIP-1" and "PIP-2" as their aliases.

      • I configured the 3 interfaces in PFSense firewall. Namely WAN, LAN and Opt1

      • A WAN connection is being terminated at the firewall i.e. WAN interface with using "PIP-1 as the IP.

      • The PIP-2 is being used in NAT to route all traffic coming from the internet towards the DAG (Mail Exchange Connector) IP i.e. 192.168.8.174

      • Two connections from LAN and OPT1 interfaces of PFSense are being terminated into a single switch

      • The EXCH-1, EXCH-2 and the DAG servers are also connected to that switch.

      • EXCH-1 and EXCH-2 are connected to each other directly, to facilitate synchronization.

      The Problem:

      I can use the Microsoft Exchange OWA via HTTP to connect to my mailbox and I can conveniently connect to the remote administration for PFSense via web. My outlook clients can email people within the network and they are also able to POP emails from the web, when they have Outlook clients configured. But, when I try to send emails using Outlook clients to outside addresses, I get the "Unable to Relay" message from the email server. I have tried everything but, it's not working. I've checked the exchange as well and it's fine.

      The Request:
      If someone has any idea about what I did wrong in all this scenario, kindly help because I'm too stressed and currently in a fix. I can't send emails to outside domains via Outlook client. The server says that it is unable to relay SMTP messages. It's probably because I did something wrong. Kindly help.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        That is an Exchange specific question, so it is better to be asked in an Exchange forum.

        Sorry, I'm not familiar with Exchange 2013, only with elder versions.
        However, you have to allow relaying in SMTP settings for authenticated users or just another user-group you want. But don't allow it for everyone!

        If you want to access Exchange from outside over MAPI with Outlook you have to forward port 443 to the Exchange and change the port for pfSense webconfigurator to another one or better forbid access to it from WAN.

        1 Reply Last reply Reply Quote 0
        • dotdashD
          dotdash
          last edited by

          Couple of questions:

          1. Why do you have two interfaces on the same subnet, going to the same switch?
          2. Why are you using POP? Open 443 and use RPC over HTTPS.
          1 Reply Last reply Reply Quote 0
          • A
            abdulrahimmirza
            last edited by

            I am new to networking. I have a small separate switch and I figured, both of them will work when I connect them to that single switch.

            POP is a requirement. (Weird I know!)

            1 Reply Last reply Reply Quote 0
            • dotdashD
              dotdash
              last edited by

              Either put everything off the LAN or change the subnet on the OPT. The way you have it setup now is going to cause problems.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.