PFsense and Fetchmail



  • I have recently setup PFsense and have been running it for a week today. The first day there seemed to be no issues but as the week has progressed we have run into little issues here and there. The biggest however seems to be our mail server and the process of retrieving and delivering emails. We run a Linux shop so a bit more convolution then an Exchange setup. We use fetchmail to retrieve the messages from our gmail business apps and then dovecot and sendmail on the server side. I have NAT'd for ports 25 and 110 to pass through to the mail server. I have also aliased my mail.xx.com address to be directed to my mail server. I am thinking the issue may not even be on the firewall and instead a config issue with some file on my mail server as this server is being taken from the do all (mail, dns, dhcp, file, etc) server to slowly taking it offline completely. But if someone has any ideas, or if they have seen pfsense slow the traffic from a larger fetchmail (70ish users) let me know!



  • OK, Additional information after looking into logs from old behavior (previous firewall) and new behavior(PFsense). It appears what is happening is that we are seeing timeouts (port closings) for approx 3 minutes in between account checks for our email. Email config is Outside = Google. Internal = Linux server. So fetchmail starts up, accesses Gmail for account 1, username/pword passes, email is pulled, And then we see time out for ~3 minutes. I think this is when the system closes the initial connection for Account 1 and prepares to move to account 2. When it requests the port open for account 2 I believe there is some sort of default behavior that pfsense is doing that closes the port for X amount of minutes before allowing another connection to be made. Which in the end equals 70ish accounts averaging 1-2 min per account to pull email + 3~ min time out between each account + 16.6 minutes (1000 seconds) for the default time to run fetchmail at the end of all accounts being pulled = a whole long time to pull email.

    If someone can shed some light I would appreciate this. I have found looking around under System>advanced>firewall a couple time out options. But I didn't know if they are related to having a time out on the ports, also there is a NAT reflection mode timeout. I don't believe that is related to what i need or not.

    After a meeting this afternoon we are in the process of purchasing the  VK-T40E firewall/Router on the hardware page, but i will need these configurations setup for that one as well.