Emails being blocked sending out
We have App server trying to connect to google apps SMTP relay but they aren't getting to them and our server admin looked and believes it's the FW not allowing to pass through. Logs show permission error on either suitecrm or owncloud which are the two applications needing to send out emails.
We have two interfaces (WAN, LAN) and I've attached screenshot of both rules
Any ideas or help would be greatly appreciated.
FYI, it all worked when we had hosted on AWS EC2 and just moved to local hosting.
![Screen Shot 2015-08-21 at 11.45.26 AM.png](/public/imported_attachments/1/Screen Shot 2015-08-21 at 11.45.26 AM.png)
![Screen Shot 2015-08-21 at 11.45.26 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-08-21 at 11.45.26 AM.png_thumb)
![Screen Shot 2015-08-21 at 11.45.36 AM.png](/public/imported_attachments/1/Screen Shot 2015-08-21 at 11.45.36 AM.png)
![Screen Shot 2015-08-21 at 11.45.36 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-08-21 at 11.45.36 AM.png_thumb)
outbound connections are governed by rules on LAN, not WAN. That rule passes everything and so it's not the problem.
My first guess is your ISP is blocking outbound tcp/25 connections.
from a host on LAN:
telnet smtp.gmail.com 25
telnet smtp.gmail.com 587
Scotts-MacBook-Pro:~ ScottParks$ telnet smtp.gmail.com 587
Connected to gmail-smtp-msa.l.google.com.
Escape character is '^]'.
220 smtp.gmail.com ESMTP hh3sm8662756pbc.8 - gsmtp
Scotts-MacBook-Pro:~ ScottParks$ telnet smtp.gmail.com 25
telnet: connect to address 220.127.116.11: Operation timed out
telnet: connect to address 18.104.22.168: Operation timed out
telnet: connect to address 2607:f8b0:400e:c01::6c: No route to host
telnet: Unable to connect to remote host
ISP's blocking it most likely. Interesting they pass 465.
Your best bet is probably tcp/587 + STARTTLS + authentication.
I've tried both 465 and 587 and use IP auth with google apps.
Google is saying they never get the request from our public IP.
Is there any proof I can provide to AT&T that they aren't allowing my traffic to pass? Otherwise they are just going to play dumb.
![Screen Shot 2015-08-21 at 12.33.27 PM.png](/public/imported_attachments/1/Screen Shot 2015-08-21 at 12.33.27 PM.png)
![Screen Shot 2015-08-21 at 12.33.27 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-08-21 at 12.33.27 PM.png_thumb)
You have proof? It's not going to be a secret to them that they block outbound tcp/25. You might just have to ask for it to be opened.
This is not a pfSense problem.
cyberbot last edited by
Had a similar issue before
My ISP appear to block port 25
I've used port 587 and it works
Make sure to nat the port to the app server
Here's an update. I was able to configure MacBook Outlook to connect to google apps with 465 and was able to send test mail out.
So theoretically it should be the same and not a pfsense or ISP problem, right???
How do the devices you're trying to send mail with send mail?
25 Starts Clear - STARTTLS sometimes supported - authentication might be required
465 Starts with SSL - authentication might be required
587 Starts Clear - STARTTLS sometimes supported - authentication required before email submission
SuiteCRM and OwnCloud both worked with current settings using port 465 and google apps IP auth when it was being hosted on EC2 but since we moved it back locally it doesn't work. All settings are the same. Only thing I had to change was of course the auth IP that google apps had to allow from EC2 IP to my WAN IP.
doktornotor Banned last edited by
Dude. I already gave you a link to provide some useful testing and debugging info on the other thread. Why don't you just do it?
chpalmer last edited by
Scotts-MacBook-Pro:~ ScottParks$ openssl s_client -connect smtp-relay.gmail.com:587 -starttls smtp
depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp-relay.gmail.com
i:/C=US/O=Google Inc/CN=Google Internet Authority G2
1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp-relay.gmail.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Protocol : TLSv1
Cipher : RC4-SHA
Key-Arg : None
Start Time: 1440296241
Timeout : 300 (sec)
Verify return code: 0 (ok)
doktornotor Banned last edited by
Awesome. So, pfSense is completely out of business as far as this goes. It blocks nothing. Please, focus your debugging elsewhere and follow up in the proper forum. (That is, the one for software you are having trouble with. It's not pfSense.)