Can't get emails



  • About a month ago, I set up a PFSense box and as of 7 hours ago, my roommate has complained, saying that he cannot get his email to work. He does have a lot of important emails for work and I do not know if the problem is on his mail server's end or the router.

    There are a few things that I have done. The biggest is that I installed Squid.

    -It is on the LAN
    -It's allowing all users on the interface
    -It's a transparent proxy
    -Private networks bypass the proxy
    -There is no X-forwarding, VIA or offline mode and so far, it seems to have worked

    I also use Traffic shaper for a few things. Mainly Facetime, Steam and various games are set to have a higher priority. My outbound NAT rules are set to Hybrid with all optional port settings deleted. Still, he cannot get any email. On my end since I use Gmail, I know that IMAP works. I have since changed the Traffic shaper to give POP3 and SMTP elevated priority and I have also port-forwarded the email after his complaint.

    -WAN
    -TCP/UDP
    -Redirect target IP 192.168.1.0 (Gateway is 192.168.1.1)
    -POP3 and SMTP
    -System default
    -Rule NAT

    That is for both of them, however I do not know if this will work or if it isn't working. Is there anything else I need to know or am I doing something wrong here? I am not the most versed person in the world when it comes to PFSense. I do not know how to do command line and I am pretty much stuck with using the WebGUI to do anything.


  • Banned

    Please, post screenshots, instead of (poorly) describing what you have configured. And redirecting to 192.168.1.0 is just wrong. It should be the IP of the mailserver.


  • Netgate

    my roommate has complained…I installed Squid.

    If installing squid broke your network, why not just uninstall it?



  • @doktornotor:

    Please, post screenshots, instead of (poorly) describing what you have configured. And redirecting to 192.168.1.0 is just wrong. It should be the IP of the mailserver.

    On it.



    How do I find the IP address of the mail server? Do I need to access his Outlook?



  • @Derelict:

    my roommate has complained…I installed Squid.

    If installing squid broke your network, why not just uninstall it?

    Because I do not think that Squid is causing it and if it is, I'd much rather fix Squid instead of uninstalling it. Besides, Squid was installed days ago. This has only been happening for 8 hours.


  • Netgate

    Dude.  You need to read and understand this:

    https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

    Port forwards on WAN are for connections coming INTO your network on WAN.  Are you running internal POP3 and SMTP servers and accessing them from the outside?  If no, then you are way off base.

    Why are you obfuscating source addresses on the outbound NAT?  If you have public IP addresses there, you are doing it completely wrong.

    192.168.1.0 is almost certainly a network address, not a host address, so some basic subnetting study is also likely in order.

    All in all, I am not surprised things aren't working.  You have made so many unsound changes from the default config, have obfuscated addresses, and, in general have made a mess of things so it's hard to say where to start.



  • @Derelict:

    Dude.  You need to read and understand this:

    https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

    Port forwards on WAN are for connections coming INTO your network on WAN.  Are you running internal POP3 and SMTP servers and accessing them from the outside?  If no, then you are way off base.

    Why are you obfuscating source addresses on the outbound NAT?  If you have public IP addresses there, you are doing it completely wrong.

    192.168.1.0 is almost certainly a network address, not a host address, so some basic subnetting study is also likely in order.

    All in all, I am not surprised things aren't working.  You have made so many unsound changes from the default config, have obfuscated addresses, and, in general have made a mess of things so it's hard to say where to start.

    The forward ports I posted were made after my roommate's complaint. So whether it was helping or not, port forwarding is was not the cause. The host address was the address blacked out. 192.168.1.0 is part of the LAN and it is not connected to any VPN.

    With that said, I deleted both port forwarding rules And set the Outbound to Automatic outbound NAT rule generation. Hopefully that works, but if not, then what else should I look into?


  • Netgate

    Impossible to know.  Firewall rules on whatever LAN your roommate is connected to would probably be a good place to start.

    What other wonderful, unnecessary packages have you installed?

    What change did you make 9 hours ago?  What is actually wrong with your roommate's email?  What error messages, etc?



  • @Derelict:

    Impossible to know.  Firewall rules on whatever LAN your roommate is connected to would probably be a good place to start.

    What other wonderful, unnecessary packages have you installed?

    What change did you make 9 hours ago?  What is actually wrong with your roommate's email?  What error messages, etc?

    Squid is the only package I have installed. I do not know how to work any of the other packages so I leave them alone. I did not make any changes 9 hours ago. All he has said is that he has not received any emails at all since that said 9 hours ago and he tends to get a lot per day. No error messages.



  • Hi. So just to get an idea, where is your roommate's mail server located? Is it being hosted on your LAN or is it hosted elsewhere on the internet? You seem to have a NAT rule which is port-forwarding POP3 to your internal network address (192.168.1.0/24), not a host address. This won't work for starters. For that matter, if your mail server isn't hosted internally I can't see why you would need to port forward any mail protocols from outside to inside.

    For now, addressing the matter of your roommates' email issues only, can you first give an idea of where his mail server is located - inside your LAN or on the internet?


  • Netgate

    Maybe he's just not getting any email messages.  Typically if a client can't connect to a mail server because of a firewall issue, there are connection timeout errors, etc.



  • @muswellhillbilly:

    Hi. So just to get an idea, where is your roommate's mail server located? Is it being hosted on your LAN or is it hosted elsewhere on the internet? You seem to have a NAT rule which is port-forwarding POP3 to your internal network address (192.168.1.0/24), not a host address. This won't work for starters. For that matter, if your mail server isn't hosted internally I can't see why you would need to port forward any mail protocols from outside to inside.

    For now, addressing the matter of your roommates' email issues only, can you first give an idea of where his mail server is located - inside your LAN or on the internet?

    The web server is located from the internet. So the problem seems to not be the sending part, but the receiving part.



  • Web server? I thought your roommate was having problems with the mail server?!! Is he using something like Yahoo Mail or GMail?


  • Netgate

    Web server?

    I think you're looking at your local network when the problem lies elsewhere.



  • @Derelict:

    Web server?

    I think you're looking at your local network when the problem lies elsewhere.

    I'm more specifically looking at the PFsense box as a whole. What could the router do to prevent email from getting in. If it's not the problem, then it's not my problem.



  • @muswellhillbilly:

    Web server? I thought your roommate was having problems with the mail server?!! Is he using something like Yahoo Mail or GMail?

    He's using the more traditional e-mail. IMAP works fine. I don't know if SMPT or POP3 is having issues. Am I mistaken? Does the mail server not originate from the internet?


  • Netgate

    OMG.  No.  His MUA connects outbound (POP3/IMAP) and receives/pulls email.  If he wants to send one his MUA connects outbound (SMTP) and sends it.



  • One reason mail might not be getting in would be because there was a rule on your firewall which prevented POP3 or IMAP from being allowed in. If you haven't got such a rule then the issue may very well lie with your roommate's mail server. Is this server managed by anyone? Has your roommate enquired with anybody whether the mail server is malfunctioning?

    If you haven't changed anything on your firewall and your roommate's email has suddenly started failing then I would first check that the mail server isn't the issue before looking for problems at your end where there may not be any.


  • Netgate

    One reason mail might not be getting in would be because there was a rule on your firewall which prevented POP3 or IMAP from being allowed in.

    You mean allowed out?

    That would make the MUA complain.



  • @muswellhillbilly:

    One reason mail might not be getting in would be because there was a rule on your firewall which prevented POP3 or IMAP from being allowed in. If you haven't got such a rule then the issue may very well lie with your roommate's mail server. Is this server managed by anyone? Has your roommate enquired with anybody whether the mail server is malfunctioning?

    If you haven't changed anything on your firewall and your roommate's email has suddenly started failing then I would first check that the mail server isn't the issue before looking for problems at your end where there may not be any.

    Now that you mentioned it, I decided to check my firewall and this came up in the search.

    Would this be relevant in any way?



  • @Derelict:

    One reason mail might not be getting in would be because there was a rule on your firewall which prevented POP3 or IMAP from being allowed in.

    You mean allowed out?

    That would make the MUA complain.

    The thing is that I do not know if it's sending. But I'm guessing a giant "Cannot connect to server" would pop up if that were the case.


  • Netgate

    Considering you blacked out anything useful, it's impossible to tell.

    Email clients make OUTBOUND connections.  The pertinent firewall rules are on LAN, not WAN.  But like I have said at least three times, if it was a problem connecting to the server the email client would be complaining.

    This is a non-problem.  He needs to call his email provider and ask where his mail is.



  • Your screenshot has blacked out not just the IP addresses but the source/target ports, so it's not really much hlep.

    Ok, now that we've established that your roommate's mail server is hosted outside your LAN, you should forget about port forwarding any protocols inbound. Your out-of-the-box outbound NAT/rules should allow your roommate to connect to his mail server without your having to muck about with inbound NAT rules.

    You can try this test: From a command prompt (any machine in your LAN will do), type 'telent aaa.bbb.ccc.ddd 110', where 'aaa.bbb.ccc.ddd' is the IP address of your roommate's mail server. If you get a 'Connected' message that means your LAN can connect to the remote server successfully via POP3. Likewise with the other ports for SMTP (port 25) and IMAP (port 143). If you don't get a 'Connected' message this may mean there's a problem with the mail server. Unless you have a rule specifically blocking access to these ports then it's unlikely to be the firewall.



  • @muswellhillbilly:

    Your screenshot has blacked out not just the IP addresses but the source/target ports, so it's not really much hlep.

    Ok, now that we've established that your roommate's mail server is hosted outside your LAN, you should forget about port forwarding any protocols inbound. Your out-of-the-box outbound NAT/rules should allow your roommate to connect to his mail server without your having to muck about with inbound NAT rules.

    You can try this test: From a command prompt (any machine in your LAN will do), type 'telent aaa.bbb.ccc.ddd 110', where 'aaa.bbb.ccc.ddd' is the IP address of your roommate's mail server. If you get a 'Connected' message that means your LAN can connect to the remote server successfully via POP3. Likewise with the other ports for SMTP (port 25) and IMAP (port 143). If you don't get a 'Connected' message this may mean there's a problem with the mail server. Unless you have a rule specifically blocking access to these ports then it's unlikely to be the firewall.

    Might be worth showing us your firewall rules, for that matter.

    The ports are 61109, which I know is not POP3, but I filtered the search to port 110.

    As for rules, there are no firewall rules for the WAN.

    Either way, thank you. I will ping the server tomorrow and see if it gets me anything.



  • @Baldur:

    @Derelict:

    Web server?

    I think you're looking at your local network when the problem lies elsewhere.

    I'm more specifically looking at the PFsense box as a whole. What could the router do to prevent email from getting in. If it's not the problem, then it's not my problem.

    Hey ,
    I guess your friend has configured Offline client(outlook , windows live etc) on LAN PC .
    In order to diagnose first you have to SSH into Pfsense and from Terminal do to a Telnet to MX of mailserver on Port 995 or 110 (this is configured on offline client)  , are you able to do it?