Port 25 Outbounds



  • I'm trying to help a vendor get their system (on CentOS, using sendmail) to send out emails from their server, which is on our premisis. They said I needed to open port 25 outbounds. First, I thought outbounds is never blocked? So I did a little looking, and went into the NAT outbound tab and set up outbound port 25 to be open. At first, I set it to be WAN (from inside to outwide WAN) that didn't work, so I added LAN. I also originally used 10.7.0.20/32 to specify that single server, didn't work, then I changed it to 10.7.0.0/22 to open port 25 on all IPs. Am I missing something? How do I open port 25 from 10.7.0.20 oubounds?



  • Unless something else has been configured to prevent  unrestricted outbound traffic, no special treatment should be needed. Having said that, specifying a source port in a rule is almost always a mistake. Change it to 'any'.

    Also, are you sure your ISP doesn't prevent what you are trying to do?



  • @gderf:

    Unless something else has been configured to prevent  unrestricted outbound traffic, no special treatment should be needed. Having said that, specifying a source port in a rule is almost always a mistake. Change it to 'any'.

    Also, are you sure your ISP doesn't prevent what you are trying to do?

    Thanks. Yeah I'm sure our ISP isn't preventing it. We are using Google apps for education, and there is a setting in the admin interface where we can allow port 25 without SSL and authentication, as long as we specify our public IP address. I have worked with Google and got that part taken care of. I'll let the vendor know.



  • He doesn't need any outbound NAT just to send an email.  Get rid of that rule you added.  BY default with pfSense, all LAN clients have unblocked outgoing access automatically.  Assuming that this host is on LAN, and LAN has an Allow All rule, then he should be able to send without any problems.  If he has to appear to be a specific IP address, then there is more configuration involved.

    What is the actual error that he is getting?



  • @KOM:

    He doesn't need any outbound NAT just to send an email.  Get rid of that rule you added.  BY default with pfSense, all LAN clients have unblocked outgoing access automatically.  Assuming that this host is on LAN, and LAN has an Allow All rule, then he should be able to send without any problems.  If he has to appear to be a specific IP address, then there is more configuration involved.

    What is the actual error that he is getting?

    When he tries to telnet to smtp.gmail.com 25 - he gets a connection failed. He says that when he does that command on his server, it goes through just fine, making it sound like it's something on our end.



  • Can you successfully telnet to  smtp.gmail.com 25 from a machine not behind your pfsense?


  • Netgate

    My guess is the ISP is blocking port 25.  Most residential services do.  Most business services don't.  Some make you ask for it to be opened.  Try telnet to the mail server on port 587.  You will need to issue a STARTTLS then authenticate then you should be able to send mail.



  • @Derelict:

    My guess is the ISP is blocking port 25.  Most residential services do.  Most business services don't.  Some make you ask for it to be opened.  Try telnet to the mail server on port 587.  You will need to issue a STARTTLS then authenticate then you should be able to send mail.

    That is one of the first things I checked with our ISP, we are on a business plan, and they said they do not block port 25. Hmm… I tried to telnet to port 587 and that worked. Let me call my ISP again to double check.



  • Thanks for your help guys! Actually, Centurylink does block port 25, on home and business lines. If you have leased static IP, and we do, you can go into the IP tool manager and open port 25. Just did that and all is good! Here's the link: http://internethelp.centurylink.com/internethelp/email-troubleshooting-port25.html

    I removed those two outbound rules in pfSense.