[SOLVED] New pfsense box mail stopped working

  • Hi,

    I can't really figure this one out by my self so any help is appreciated.

    I'm running pfsense 2.1.5 and have approx. 15 physical servers behind this firewall, everything is working great. The only reason I'm
    changing is because of the electricity bill.

    So I bought 2 caswell gateways and installed the latest pfsense, replicated the configuration from the old pfsense box:

    • Hostname
    • Virtual IP's
    • NAT rules

    I tried the caswell a couple of minutes ago and everything went smooth except my Zimbra servers stopped working. I tried the following:

    • Restarted the server
    • Unticked use dns in the MTA (this got the inbox going but the SMTP stopped working and if I went back to the old settings the SMTP was working but I couldn't recive any messages.)

    So I tried sending mails back and forth and got no where so I connected the old firewall and in mather of seconds all emails got delivered.

    I guess it's a missconfiguration on my part, any ideas what configuration I've missed?

  • Anything in your firewall log?  Anything in your mail server's logs?

  • Just something I found since my old box is running 2.1.5 and my new box is running 2.2.4

    Should I try enable the DNS forwarder or is there any pointers how I could configure Unbound?

  • I don't know the details of your DNS config to comment.  Does your mail server rely on pfSense for DNS?  If yes, you can use either resolver or forwarder for your needs but not both.  Configure it the same way you did with 2.1.5.  Did you look at your mail server logs to see what the actual problem is?  Debugging receiving is harder since you need to confirm that the mail was actually received by the server, but if you can receive but not send then there should be an obvious error in the mail server logs.

  • Just wanted to reply on this thread, the issue has been solved.

    So this is what I did:
    I disabled the DNS Resolver and enabled the DNS Forwarder

    In System < Admin < NAT

    • Set "NAT Reflection mode for port forwards" to NAT + Proxy
    • Checked "Enables the automatic creation of additional NAT redirect rules for access to 1:1 mappings of your external IP addresses from within your internal networks"

    Now everything is working like before, thanks for all the help.

Log in to reply