Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't get emails

    Scheduled Pinned Locked Moved NAT
    25 Posts 5 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Baldur
      last edited by

      About a month ago, I set up a PFSense box and as of 7 hours ago, my roommate has complained, saying that he cannot get his email to work. He does have a lot of important emails for work and I do not know if the problem is on his mail server's end or the router.

      There are a few things that I have done. The biggest is that I installed Squid.

      -It is on the LAN
      -It's allowing all users on the interface
      -It's a transparent proxy
      -Private networks bypass the proxy
      -There is no X-forwarding, VIA or offline mode and so far, it seems to have worked

      I also use Traffic shaper for a few things. Mainly Facetime, Steam and various games are set to have a higher priority. My outbound NAT rules are set to Hybrid with all optional port settings deleted. Still, he cannot get any email. On my end since I use Gmail, I know that IMAP works. I have since changed the Traffic shaper to give POP3 and SMTP elevated priority and I have also port-forwarded the email after his complaint.

      -WAN
      -TCP/UDP
      -Redirect target IP 192.168.1.0 (Gateway is 192.168.1.1)
      -POP3 and SMTP
      -System default
      -Rule NAT

      That is for both of them, however I do not know if this will work or if it isn't working. Is there anything else I need to know or am I doing something wrong here? I am not the most versed person in the world when it comes to PFSense. I do not know how to do command line and I am pretty much stuck with using the WebGUI to do anything.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Please, post screenshots, instead of (poorly) describing what you have configured. And redirecting to 192.168.1.0 is just wrong. It should be the IP of the mailserver.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          my roommate has complained…I installed Squid.

          If installing squid broke your network, why not just uninstall it?

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • B
            Baldur
            last edited by

            @doktornotor:

            Please, post screenshots, instead of (poorly) describing what you have configured. And redirecting to 192.168.1.0 is just wrong. It should be the IP of the mailserver.

            On it.



            How do I find the IP address of the mail server? Do I need to access his Outlook?

            1 Reply Last reply Reply Quote 0
            • B
              Baldur
              last edited by

              @Derelict:

              my roommate has complained…I installed Squid.

              If installing squid broke your network, why not just uninstall it?

              Because I do not think that Squid is causing it and if it is, I'd much rather fix Squid instead of uninstalling it. Besides, Squid was installed days ago. This has only been happening for 8 hours.

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Dude.  You need to read and understand this:

                https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

                Port forwards on WAN are for connections coming INTO your network on WAN.  Are you running internal POP3 and SMTP servers and accessing them from the outside?  If no, then you are way off base.

                Why are you obfuscating source addresses on the outbound NAT?  If you have public IP addresses there, you are doing it completely wrong.

                192.168.1.0 is almost certainly a network address, not a host address, so some basic subnetting study is also likely in order.

                All in all, I am not surprised things aren't working.  You have made so many unsound changes from the default config, have obfuscated addresses, and, in general have made a mess of things so it's hard to say where to start.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • B
                  Baldur
                  last edited by

                  @Derelict:

                  Dude.  You need to read and understand this:

                  https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

                  Port forwards on WAN are for connections coming INTO your network on WAN.  Are you running internal POP3 and SMTP servers and accessing them from the outside?  If no, then you are way off base.

                  Why are you obfuscating source addresses on the outbound NAT?  If you have public IP addresses there, you are doing it completely wrong.

                  192.168.1.0 is almost certainly a network address, not a host address, so some basic subnetting study is also likely in order.

                  All in all, I am not surprised things aren't working.  You have made so many unsound changes from the default config, have obfuscated addresses, and, in general have made a mess of things so it's hard to say where to start.

                  The forward ports I posted were made after my roommate's complaint. So whether it was helping or not, port forwarding is was not the cause. The host address was the address blacked out. 192.168.1.0 is part of the LAN and it is not connected to any VPN.

                  With that said, I deleted both port forwarding rules And set the Outbound to Automatic outbound NAT rule generation. Hopefully that works, but if not, then what else should I look into?

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    Impossible to know.  Firewall rules on whatever LAN your roommate is connected to would probably be a good place to start.

                    What other wonderful, unnecessary packages have you installed?

                    What change did you make 9 hours ago?  What is actually wrong with your roommate's email?  What error messages, etc?

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • B
                      Baldur
                      last edited by

                      @Derelict:

                      Impossible to know.  Firewall rules on whatever LAN your roommate is connected to would probably be a good place to start.

                      What other wonderful, unnecessary packages have you installed?

                      What change did you make 9 hours ago?  What is actually wrong with your roommate's email?  What error messages, etc?

                      Squid is the only package I have installed. I do not know how to work any of the other packages so I leave them alone. I did not make any changes 9 hours ago. All he has said is that he has not received any emails at all since that said 9 hours ago and he tends to get a lot per day. No error messages.

                      1 Reply Last reply Reply Quote 0
                      • M
                        muswellhillbilly
                        last edited by

                        Hi. So just to get an idea, where is your roommate's mail server located? Is it being hosted on your LAN or is it hosted elsewhere on the internet? You seem to have a NAT rule which is port-forwarding POP3 to your internal network address (192.168.1.0/24), not a host address. This won't work for starters. For that matter, if your mail server isn't hosted internally I can't see why you would need to port forward any mail protocols from outside to inside.

                        For now, addressing the matter of your roommates' email issues only, can you first give an idea of where his mail server is located - inside your LAN or on the internet?

                        1 Reply Last reply Reply Quote 0
                        • DerelictD
                          Derelict LAYER 8 Netgate
                          last edited by

                          Maybe he's just not getting any email messages.  Typically if a client can't connect to a mail server because of a firewall issue, there are connection timeout errors, etc.

                          Chattanooga, Tennessee, USA
                          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                          1 Reply Last reply Reply Quote 0
                          • B
                            Baldur
                            last edited by

                            @muswellhillbilly:

                            Hi. So just to get an idea, where is your roommate's mail server located? Is it being hosted on your LAN or is it hosted elsewhere on the internet? You seem to have a NAT rule which is port-forwarding POP3 to your internal network address (192.168.1.0/24), not a host address. This won't work for starters. For that matter, if your mail server isn't hosted internally I can't see why you would need to port forward any mail protocols from outside to inside.

                            For now, addressing the matter of your roommates' email issues only, can you first give an idea of where his mail server is located - inside your LAN or on the internet?

                            The web server is located from the internet. So the problem seems to not be the sending part, but the receiving part.

                            1 Reply Last reply Reply Quote 0
                            • M
                              muswellhillbilly
                              last edited by

                              Web server? I thought your roommate was having problems with the mail server?!! Is he using something like Yahoo Mail or GMail?

                              1 Reply Last reply Reply Quote 0
                              • DerelictD
                                Derelict LAYER 8 Netgate
                                last edited by

                                Web server?

                                I think you're looking at your local network when the problem lies elsewhere.

                                Chattanooga, Tennessee, USA
                                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                1 Reply Last reply Reply Quote 0
                                • B
                                  Baldur
                                  last edited by

                                  @Derelict:

                                  Web server?

                                  I think you're looking at your local network when the problem lies elsewhere.

                                  I'm more specifically looking at the PFsense box as a whole. What could the router do to prevent email from getting in. If it's not the problem, then it's not my problem.

                                  1 Reply Last reply Reply Quote 0
                                  • B
                                    Baldur
                                    last edited by

                                    @muswellhillbilly:

                                    Web server? I thought your roommate was having problems with the mail server?!! Is he using something like Yahoo Mail or GMail?

                                    He's using the more traditional e-mail. IMAP works fine. I don't know if SMPT or POP3 is having issues. Am I mistaken? Does the mail server not originate from the internet?

                                    1 Reply Last reply Reply Quote 0
                                    • DerelictD
                                      Derelict LAYER 8 Netgate
                                      last edited by

                                      OMG.  No.  His MUA connects outbound (POP3/IMAP) and receives/pulls email.  If he wants to send one his MUA connects outbound (SMTP) and sends it.

                                      Chattanooga, Tennessee, USA
                                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                      1 Reply Last reply Reply Quote 0
                                      • M
                                        muswellhillbilly
                                        last edited by

                                        One reason mail might not be getting in would be because there was a rule on your firewall which prevented POP3 or IMAP from being allowed in. If you haven't got such a rule then the issue may very well lie with your roommate's mail server. Is this server managed by anyone? Has your roommate enquired with anybody whether the mail server is malfunctioning?

                                        If you haven't changed anything on your firewall and your roommate's email has suddenly started failing then I would first check that the mail server isn't the issue before looking for problems at your end where there may not be any.

                                        1 Reply Last reply Reply Quote 0
                                        • DerelictD
                                          Derelict LAYER 8 Netgate
                                          last edited by

                                          One reason mail might not be getting in would be because there was a rule on your firewall which prevented POP3 or IMAP from being allowed in.

                                          You mean allowed out?

                                          That would make the MUA complain.

                                          Chattanooga, Tennessee, USA
                                          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                          1 Reply Last reply Reply Quote 0
                                          • B
                                            Baldur
                                            last edited by

                                            @muswellhillbilly:

                                            One reason mail might not be getting in would be because there was a rule on your firewall which prevented POP3 or IMAP from being allowed in. If you haven't got such a rule then the issue may very well lie with your roommate's mail server. Is this server managed by anyone? Has your roommate enquired with anybody whether the mail server is malfunctioning?

                                            If you haven't changed anything on your firewall and your roommate's email has suddenly started failing then I would first check that the mail server isn't the issue before looking for problems at your end where there may not be any.

                                            Now that you mentioned it, I decided to check my firewall and this came up in the search.

                                            Would this be relevant in any way?

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.