Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port 25 Outbounds

    Scheduled Pinned Locked Moved NAT
    9 Posts 4 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RickcJ7
      last edited by

      I'm trying to help a vendor get their system (on CentOS, using sendmail) to send out emails from their server, which is on our premisis. They said I needed to open port 25 outbounds. First, I thought outbounds is never blocked? So I did a little looking, and went into the NAT outbound tab and set up outbound port 25 to be open. At first, I set it to be WAN (from inside to outwide WAN) that didn't work, so I added LAN. I also originally used 10.7.0.20/32 to specify that single server, didn't work, then I changed it to 10.7.0.0/22 to open port 25 on all IPs. Am I missing something? How do I open port 25 from 10.7.0.20 oubounds?

      1 Reply Last reply Reply Quote 0
      • G
        gderf
        last edited by

        Unless something else has been configured to prevent  unrestricted outbound traffic, no special treatment should be needed. Having said that, specifying a source port in a rule is almost always a mistake. Change it to 'any'.

        Also, are you sure your ISP doesn't prevent what you are trying to do?

        1 Reply Last reply Reply Quote 0
        • R
          RickcJ7
          last edited by

          @gderf:

          Unless something else has been configured to prevent  unrestricted outbound traffic, no special treatment should be needed. Having said that, specifying a source port in a rule is almost always a mistake. Change it to 'any'.

          Also, are you sure your ISP doesn't prevent what you are trying to do?

          Thanks. Yeah I'm sure our ISP isn't preventing it. We are using Google apps for education, and there is a setting in the admin interface where we can allow port 25 without SSL and authentication, as long as we specify our public IP address. I have worked with Google and got that part taken care of. I'll let the vendor know.

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            He doesn't need any outbound NAT just to send an email.  Get rid of that rule you added.  BY default with pfSense, all LAN clients have unblocked outgoing access automatically.  Assuming that this host is on LAN, and LAN has an Allow All rule, then he should be able to send without any problems.  If he has to appear to be a specific IP address, then there is more configuration involved.

            What is the actual error that he is getting?

            1 Reply Last reply Reply Quote 0
            • R
              RickcJ7
              last edited by

              @KOM:

              He doesn't need any outbound NAT just to send an email.  Get rid of that rule you added.  BY default with pfSense, all LAN clients have unblocked outgoing access automatically.  Assuming that this host is on LAN, and LAN has an Allow All rule, then he should be able to send without any problems.  If he has to appear to be a specific IP address, then there is more configuration involved.

              What is the actual error that he is getting?

              When he tries to telnet to smtp.gmail.com 25 - he gets a connection failed. He says that when he does that command on his server, it goes through just fine, making it sound like it's something on our end.

              1 Reply Last reply Reply Quote 0
              • G
                gderf
                last edited by

                Can you successfully telnet to  smtp.gmail.com 25 from a machine not behind your pfsense?

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  My guess is the ISP is blocking port 25.  Most residential services do.  Most business services don't.  Some make you ask for it to be opened.  Try telnet to the mail server on port 587.  You will need to issue a STARTTLS then authenticate then you should be able to send mail.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • R
                    RickcJ7
                    last edited by

                    @Derelict:

                    My guess is the ISP is blocking port 25.  Most residential services do.  Most business services don't.  Some make you ask for it to be opened.  Try telnet to the mail server on port 587.  You will need to issue a STARTTLS then authenticate then you should be able to send mail.

                    That is one of the first things I checked with our ISP, we are on a business plan, and they said they do not block port 25. Hmm… I tried to telnet to port 587 and that worked. Let me call my ISP again to double check.

                    1 Reply Last reply Reply Quote 0
                    • R
                      RickcJ7
                      last edited by

                      Thanks for your help guys! Actually, Centurylink does block port 25, on home and business lines. If you have leased static IP, and we do, you can go into the IP tool manager and open port 25. Just did that and all is good! Here's the link: http://internethelp.centurylink.com/internethelp/email-troubleshooting-port25.html

                      I removed those two outbound rules in pfSense.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.