SMTP redirection
-
Hi there
We have a legacy system that will only send mail on port 25 (i only want to send, not receive). I would like to reroute that mail through the firewall to port 587 to our mail server. Im not 100% sure how to do it from the LAN to the WAN. I have successfully done it from the WAN to the LAN using other protocols, but i cant seem to get it working. If i send mail through port 25 using thunderbird with a different machine (same rule but different IP) the mail sends ok.
However the same rule doesnt send email from the legacy server. Is this rule correct?
-
When i do a capture from the legacy system i get this on port 25 so im assuming that the redirection to the outside mailserver on port 587 isnt working.
-
Looks like you did put source address (192.168.0.99) into destination address. That definitely won't work as expected.
-
What is the IP address of the source host (PBX). What is the IP address of the gateway interface (pfSense), and what is the IP address of the destination mail server?
-
Just being thorough, you already tried the easy way, right? In whatever legacy application application specifying smtp.mymailserver.wherever:587 or something along those lines? Clicking an advanced button or tab and looking for an SMTP port textbox?
Port forwards are for inbound traffic. Edit: Apparently not…I am mistaken, they work both ways. -
Traffic subject to port forwarding can be inbound to LAN as easily as it is inbound to WAN.
-
Traffic subject to port forwarding can be inbound to LAN as easily as it is inbound to WAN.
I sit on my couch, corrected. Thanks!
-
Derelict
legacy mail -> 192.168.0.99
pfsense -> 192.168.0.1
external mail server -> for obvious reasons i dont want to give the full ip here.Almabes
yes i have tried with the IP:port_number however after spending an hour with their tech support they say that it will ONLY send to port 25 and that there is no recognition of a :port_number in the address, sadly. great coding! -
yes i have tried with the IP:port_number however after spending an hour with their tech support they say that it will ONLY send to port 25 and that there is no recognition of a :port_number in the address, sadly. great coding!
It was worth a mention…Sometimes the easy button gets overlooked.
-
Ok, then I'll make one up. Sheesh. We'll call it 84.85.86.87
Firewall > NAT, Create a Port Forward
Interface: LAN
Source: *
Dest: LAN address
Dest Port: 25
NAT IP: 84.85.86.87
NAT Port: 587Point your device at 192.168.0.1:25
-
Thanks Derelict
Thats pretty much how i had set it up except that on the legacy server i had it pointing to the email server, with the username and password it said that it registered successfully, however now that i have changed it it also says registered successfully. however i still dont receive emails.
grrr legacy crap!
-
Lets try again: The rule should have the legacy crap box IP as source address in the first place, whatever IP that is setup in the "email notification server" and po 25 as destination IP/destination ports, and the real email server and port 587 as NAT IP/NAT ports.
That's definitely not what's shown on your screenshot, though.
-
On your crap box the email notification server should be 192.168.0.1
Does an address need to be present on the interface to do NAT or could he do this?? :
Firewall > NAT, Create a Port Forward
Interface: LAN
Source: 192.168.0.99
Dest: 84.85.86.87
Dest Port: 25
NAT IP: 84.85.86.87
NAT Port: 587 -
There is a good chance this is not going to work anyways. Workaround: Set up a little, LOCAL eMailserver (for Windows: e.g. https://www.hmailserver.com) for the port 25 devices, read eMails from this via a VPN tunnel with Thunderbird, which can easily handle such local mail servers.
Takes you half an hour and your done…
-
There is a good chance this is not going to work anyways.
Why not? It's just a port forward.
-
I believe you can set the native SMTP on a windows box to do the relay for you, without having to download and install additional server software.
Couldn't you just point the PBX at your MX anyway and be done, not try to connect to the client submission port?
-
You can also translate only the port on its way through LAN:
Firewall > NAT, Create a Port Forward
Interface: LAN
Source: *
Dest: 84.85.86.87
Dest Port: 25
NAT IP: 84.85.86.87
NAT Port: 587Point your device at 84.85.86.87
-
There is a good chance this is not going to work anyways.
Why not? It's just a port forward.
I don't understand much of the SMTP protocol but I could frequently not make the old stuff work with current SMTP servers for sending status eMails. That's why I set up a local server just for receiving these mails. Works fine and better than sending my status eMails as post cards via the the internet… ;-)
-
Security is another issue entirely.
OP wanted to know how to translate connections to a mail server on 25 to 587.
The port forward does that.