Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Error Sending Email: Network is unreachable

    Scheduled Pinned Locked Moved Routing and Multi WAN
    15 Posts 3 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • KOMK Offline
      KOM
      last edited by

      Are you on a static public IP or does your ISP like to change it up regularly?

      1 Reply Last reply Reply Quote 0
      • C Offline
        cpk
        last edited by

        We have static IPs from our ISPs.

        1 Reply Last reply Reply Quote 0
        • KOMK Offline
          KOM
          last edited by

          Check Status - RRD Graphs - Quality around the times you get the errors to see if there is an issue with your link.

          1 Reply Last reply Reply Quote 0
          • C Offline
            cpk
            last edited by

            I don't see any breaks in the graphs.

            What I'm hoping to get here are some theories of what might be happening and some ideas of how to prove or disprove those theories (even if it's something to look at the next time the problem occurs).

            I looked for similar problems online, and this was the closest I could find:
            http://www.reddit.com/r/networking/comments/15qowe/pfsense_routing_issues/
            Unfortunately, it doesn't explain anything about why the problem happened or why the fix worked.

            1 Reply Last reply Reply Quote 0
            • KOMK Offline
              KOM
              last edited by

              I've seen cases like this where the ISP changes your IP address and pfSense doesn't pick up the change until reboot, but that isn't the case here.

              1 Reply Last reply Reply Quote 0
              • C Offline
                cpk
                last edited by

                I've disabled snort for now, so the system log goes back days instead of minutes.  That will allow me to view the system log when this problem occurs again.

                I was working with the impression that some email was still working while other email was not.  Turns out that this is not the case (at least not on April 14).  All SMTP connections from our mail server to servers outside our network failed with "Network is unreachable".

                I am also working with the impression that other Internet traffic is still working when this happens.  I have verified this by checking a web server log that shows we were receiving web traffic.  I can also confirm that inbound SMTP was working to our mail filter at that time.

                If you can think of anything else I should check or test, please let me know.

                1 Reply Last reply Reply Quote 0
                • KOMK Offline
                  KOM
                  last edited by

                  If everything was working except for one server having a problem outbound only, then I would likely focus on that one server.  It doesn't sound like a global problem with pfSense.  Do you have any outbound NAT rules to translate your mailserver IP to a public one that matches your mail certificate or something like that?  Anything funny in the system log of the mail server when it has this problem?  When it has the problem, can you manually do anything on the box or go anywhere?

                  1 Reply Last reply Reply Quote 0
                  • C Offline
                    cpk
                    last edited by

                    No, there's nothing of interest in the mail server system log.

                    Yes I have NAT rules.  I use 1:1 NAT for each public-facing machine.

                    The next time I have a problem, I'll try to access the Internet from the mail server (likely just use a browser to visit google.com).

                    1 Reply Last reply Reply Quote 0
                    • P Offline
                      phil.davis
                      last edited by

                      It could be an issue with the mail server not being able to get DNS resolution (for whatever reason). The message "(connect to … Network is unreachable)" might come out when the name of the remote target system cannot be resolved (as well as when the name to IP is resolved but the remote system is actually not reachable). Perhaps it is just names of other mail servers that cannot be resolved, which would be a reason for it to effect the mail server but for other users/clients to be happily working away on the internet.

                      When the problem happens again, try various different sites - other mail servers and regular web sites.

                      As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                      If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                      1 Reply Last reply Reply Quote 0
                      • C Offline
                        cpk
                        last edited by

                        The problem happened again, so here's what I was able to test/determine:

                        • Once the problem happens, no email goes out to the Internet from that computer (several different servers were attempted)

                        • DNS lookups work

                        • From that computer I cannot ping google.com (which works typically)

                        • From that computer, I can access the Internet using a web browser – I suspect because I have ports 80 and 443 load balanced with a different Internet connection.

                        • I did not see anything unusual in the mail server's mail.log

                        • I did not see anything unusual in the mail server's system.log

                        • I hadn't mentioned before that networking internally to that server works as normal.

                        It feels like pfSense receives the packet for SMTP connection and doesn't know what to do with it.  One thing I forgot to test was SMTP connection from another computer on the same network ( something like this: telnet aspmx.l.google.com 25 ).  I'll try that next time.

                        Is there any way to determine how pfSense is routing a connection?

                        Any other suggestions?

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.