Incoming Mail through a firewall

I'm a little stumped on this one.  I have a mail server that was multi-homed, and used the external interface for the virtual smtp server.

I have finally installed a new firewall, and have been able to get RPC over HTTP through the firewall, as well as OWA.  I created rules for SMTP and HTTPS, and forwarded the traffic to the internal interface, as well as change the Virtual SMTP server to use the internal interface.

As I mentioned, OWA and RPC over HTTPS both work; but I have NO incoming email.  I am also running GFI MailEssentials and MailSecurity; but in both cases they are directed at the Virtual SMTP Server.  I did verify that the incoming mail stopped as it was not even hitting the MailEssentials.

Any suggestions?

As soon as I renabled the external interface and disabled the virtual ip on the firewall as well as the rules; I started receiving incoming emails.

Sidenote: the firewall is pfSense.

Thanks,
cjmaraAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

debuggerauCommented:
do you have MX record pointing to both public IP's, or just to the external interface?
0
cjmaraAuthor Commented:
The MX record is pointing to the external interface, but we set that up on the firewall (after it was disabled on the mail server) as a virtual ip and then added the rules for forwarding.

Thanks
0
debuggerauCommented:
what rules have you for the virtual ip in the firewall?

Sounds like the rule for SMTP is not quite right..
Can you telnet to port 25 externally to test?

0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

cjmaraAuthor Commented:
Sorry I should have added that.  We were able to telnet to port 25 on the appropriate address (once I remembered to change the Virtual SMTP server).

I am including a picture of the rules that we have since disabled.

Thanks,
pfSense-rules.png
0
debuggerauCommented:
you say "that we have since disabled."

and yes, they are disabled...

I'm assuming you've enabled them...

When you tested the SMTP, did you get an email sent to you?
I usually test the SMTP till I get an email in my inbox, to verify the handshaking all the way..

___________________________________________________
telnet mail.domain.ext 25
You should receive a reply like:
Trying ???.???.???.???...
Connected to mail.domain.ext.
Escape character is '^]'.
220 mail.domain.ext ESMTP Sendmail ?version-number?; ?date+time+gmtoffset?

You will then need to delcare where you are sending the email from:
HELO local.domain.name - dont worry too much about your local domain name although you really should use your exact fully qualified domain name as seen by the outside world the mail server has no choice but to take your word for it as of RFC822-RFC1123.
This should give you:
250 mail.domain.ext Hello local.domain.name [loc.al.i.p], pleased to meet you

Now give your email address:
MAIL FROM: mail@domain.ext
Should yeild:
250 2.1.0 mail@domain.ext... Sender ok
If it doesn't please see possible problems.

Now give the recipients address:
RCPT TO: mail@otherdomain.ext
Should yeild:
250 2.1.0 mail@otherdomain.ext... Recipient ok
If it doesn't please see possible problems.

To start composing the message issue the command DATA

If you want a subject for your email type Subject:-type subject here- then press enter twice (these are needed to conform to RFC 882)

You may now proceed to type the body of your message (e.g. hello mail@otherdomain.ext from mail@domain.ext)

To tell the mail server that you have completed the message enter a single "." on a line on it's own.
The mail server should reply with: 250 2.0.0 ???????? Message accepted for delivery

You can close the connection by issuing the QUIT command.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cjmaraAuthor Commented:
Well,

I wasn't able to get things working properly from home last night so I left it until this morning.  I switched everything on the mail server, and then the firewall; and then connected to the mail server.  Yesterday we only went as far as connecting to the mail server, so this morning we completed the process by sending a mail as you had suggested.  It worked, and when I went and looked at my logs, mail did not stop coming in today.

Not sure what has changed as I followed the same steps that I did yesterday (and rechecked yesterday) but today it is working.  At the same point, doesn't really matter much as long as it is working.

Thanks for the suggestion, as going back to it made the difference.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.