SMTP redirection



  • Hi there

    We have a legacy system that will only send mail on port 25 (i only want to send, not receive).  I would like to reroute that mail through the firewall to port 587 to our mail server.  Im not 100% sure how to do it from the LAN to the WAN.  I have successfully done it from the WAN to the LAN using other protocols, but i cant seem to get it working.  If i send mail through port 25 using thunderbird with a different machine (same rule but different IP) the mail sends ok.

    However the same rule doesnt send email from the legacy server.  Is this rule correct? 



  • When i do a capture from the legacy system i get this on port 25 so im assuming that the redirection to the outside mailserver on port 587 isnt working.



  • Banned

    Looks like you did put source address (192.168.0.99) into destination address. That definitely won't work as expected.


  • LAYER 8 Netgate

    What is the IP address of the source host (PBX).  What is the IP address of the gateway interface (pfSense), and what is the IP address of the destination mail server?



  • Just being thorough, you already tried the easy way, right?  In whatever legacy application application specifying smtp.mymailserver.wherever:587 or something along those lines?  Clicking an advanced button or tab and looking for an SMTP port textbox?

    Port forwards are for inbound traffic.  Edit:  Apparently not…I am mistaken, they work both ways.


  • LAYER 8 Netgate

    Traffic subject to port forwarding can be inbound to LAN as easily as it is inbound to WAN.



  • @Derelict:

    Traffic subject to port forwarding can be inbound to LAN as easily as it is inbound to WAN.

    I sit on my couch, corrected.  Thanks!



  • Derelict

    legacy mail -> 192.168.0.99
    pfsense -> 192.168.0.1
    external mail server -> for obvious reasons i dont want to give the full ip here.

    Almabes
    yes i have tried with the IP:port_number however after spending an hour with their tech support they say that it will ONLY send to port 25 and that there is no recognition of a :port_number in the address, sadly.  great coding!



  • @Jakeyg:

    yes i have tried with the IP:port_number however after spending an hour with their tech support they say that it will ONLY send to port 25 and that there is no recognition of a :port_number in the address, sadly.  great coding!

    It was worth a mention…Sometimes the easy button gets overlooked.


  • LAYER 8 Netgate

    Ok, then I'll make one up.  Sheesh.  We'll call it 84.85.86.87

    Firewall > NAT, Create a Port Forward
    Interface: LAN
    Source: *
    Dest: LAN address
    Dest Port: 25
    NAT IP: 84.85.86.87
    NAT Port: 587

    Point your device at 192.168.0.1:25



  • Thanks Derelict

    Thats pretty much how i had set it up except that on the legacy server i had it pointing to the email server, with the username and password it said that it registered successfully, however now that i have changed it it also says registered successfully.  however i still dont receive emails.

    grrr legacy crap!



  • Banned

    Lets try again: The rule should have the legacy crap box IP as source address in the first place, whatever IP that is setup in the "email notification server" and po 25 as destination IP/destination ports, and the real email server and port 587 as NAT IP/NAT ports.

    That's definitely not what's shown on your screenshot, though.


  • LAYER 8 Netgate

    On your crap box the email notification server should be 192.168.0.1

    Does an address need to be present on the interface to do NAT or could he do this?? :

    Firewall > NAT, Create a Port Forward
    Interface: LAN
    Source: 192.168.0.99
    Dest: 84.85.86.87
    Dest Port: 25
    NAT IP: 84.85.86.87
    NAT Port: 587


  • Banned

    There is a good chance this is not going to work anyways. Workaround: Set up a little, LOCAL eMailserver (for Windows: e.g. https://www.hmailserver.com) for the port 25 devices, read eMails from this via a VPN tunnel  with Thunderbird, which  can easily handle such local mail servers.

    Takes you half an hour and your done…


  • LAYER 8 Netgate

    There is a good chance this is not going to work anyways.

    Why not?  It's just a port forward.



  • I believe you can set the native SMTP on a windows box to do the relay for you, without having to download and install additional server software.

    Couldn't you just point the PBX at your MX anyway and be done, not try to connect to the client submission port?


  • LAYER 8 Netgate

    You can also translate only the port on its way through LAN:

    Firewall > NAT, Create a Port Forward
    Interface: LAN
    Source: *
    Dest: 84.85.86.87
    Dest Port: 25
    NAT IP: 84.85.86.87
    NAT Port: 587

    Point your device at 84.85.86.87


  • Banned

    @Derelict:

    There is a good chance this is not going to work anyways.

    Why not?  It's just a port forward.

    I don't understand much of the SMTP protocol but I could frequently not make the old stuff work with current SMTP servers for sending status eMails. That's why I set up a local server just for receiving these mails. Works fine and better than sending my status eMails as post cards via the the internet… ;-)


  • LAYER 8 Netgate

    Security is another issue entirely.

    OP wanted to know how to translate connections to a mail server on 25 to 587.

    The port forward does that.


Log in to reply