Postfix issue behind pfsense



  • Hi all,

    I have a mail server in lan behind pfsense.
    i use nat for pop3/imap redirected to lan ip.
    from server-cli works fine…i can connect and send mails. from the network or outside...nothing.able to send, not able to receive anything.
    Any clue?

    postix/dovecot as MTA.

    Thanks



  • Do the logs show any attempted traffic to the server?

    Have you tried to Telnet in for testing?

    Possibility your ISP is blocking ports?



  • on the server side all seems ok.
    via cli i can log and all seems fine.ISP works as before.I just changed clearos (which used a port forwarding before) with pfsense nat.
    problem is i can't reach my mail server via mai. <domain>or external ip address.
    if i use the internal ip as incomming/outgoing server it works</domain>


  • Banned

    @nikkon:

    problem is i can't reach my mail server via mai. <domain>or external ip address.
    if i use the internal ip as incomming/outgoing server it works</domain>

    https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks



  • tried this…still not working.
    by now i have web working from outside.from internal network/vpn if i try to load any web site hosted it goes to pfsense intern ip.
    I belive that there is an issue first of all.


  • Banned

    Yeah, already answered above. Fix your DNS.



  • I try to use the link you sent me and add for each domain i have a record in DNS forwarder @ Domain Overrides section
    coridor.ro 172.26.10.2 coridor forwarder
    as test…i try to ping the domain...it sees the correct wan ip still...no ping / same for smtp/pop3


  • Banned

    Sigh… maybe you should re-read the above a couple of times? You set up a HOST override for the HOSTNAME(S) of the mailserver so that it points to the INTERNAL IP (and NOT WAN IP).



  • ok it seems i got it wrong.
    do i still need a DNS resolver? I belive i do for the other requests and lan clients.
    172.26.10.x is internal ip.
    194.xxx is wan



  • Banned

    Dunno, are you actually reading what's said above? And reading what's written in the GUI? You are setting the WRONG thing. Read the GUI description of Domain Overrides.

    P.S. If you are using DNS Resolver, then configure the same HOST overrides in DNS Resolver instead of Forwarder! You cannot use both of them at the same time.



  • problem solved.all seems better now. thx for all support.

    btw. still have an issue with the ftp service behind nat.
    client error: "Server sent passive reply with unroutable address." I can log in but nothing came back.
    I installed FTP client Proxy app and config looks like:
    Local Interface : LAN,loopback
    Source address : any
    Proxy Bypass Source : any
    Proxy ByPass Destination: 192.168.1.5 (ftp server address)
    BindPort : 2121
    –-------------
    proftpd listen port 2121.

    Any clue?


  • Banned

    No, not here. Totally OT plus wrong forum.