?
Solved

Incoming Mail through a firewall

Posted on 2009-07-14
6
Medium Priority
?
414 Views
Last Modified: 2013-11-30
I'm a little stumped on this one.  I have a mail server that was multi-homed, and used the external interface for the virtual smtp server.

I have finally installed a new firewall, and have been able to get RPC over HTTP through the firewall, as well as OWA.  I created rules for SMTP and HTTPS, and forwarded the traffic to the internal interface, as well as change the Virtual SMTP server to use the internal interface.

As I mentioned, OWA and RPC over HTTPS both work; but I have NO incoming email.  I am also running GFI MailEssentials and MailSecurity; but in both cases they are directed at the Virtual SMTP Server.  I did verify that the incoming mail stopped as it was not even hitting the MailEssentials.

Any suggestions?

As soon as I renabled the external interface and disabled the virtual ip on the firewall as well as the rules; I started receiving incoming emails.

Sidenote: the firewall is pfSense.

Thanks,
0
Comment
Question by:cjmara
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 23

Expert Comment

by:debuggerau
ID: 24855612
do you have MX record pointing to both public IP's, or just to the external interface?
0
 

Author Comment

by:cjmara
ID: 24855635
The MX record is pointing to the external interface, but we set that up on the firewall (after it was disabled on the mail server) as a virtual ip and then added the rules for forwarding.

Thanks
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24855650
what rules have you for the virtual ip in the firewall?

Sounds like the rule for SMTP is not quite right..
Can you telnet to port 25 externally to test?

0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 

Author Comment

by:cjmara
ID: 24855701
Sorry I should have added that.  We were able to telnet to port 25 on the appropriate address (once I remembered to change the Virtual SMTP server).

I am including a picture of the rules that we have since disabled.

Thanks,
pfSense-rules.png
0
 
LVL 23

Accepted Solution

by:
debuggerau earned 2000 total points
ID: 24855768
you say "that we have since disabled."

and yes, they are disabled...

I'm assuming you've enabled them...

When you tested the SMTP, did you get an email sent to you?
I usually test the SMTP till I get an email in my inbox, to verify the handshaking all the way..

___________________________________________________
telnet mail.domain.ext 25
You should receive a reply like:
Trying ???.???.???.???...
Connected to mail.domain.ext.
Escape character is '^]'.
220 mail.domain.ext ESMTP Sendmail ?version-number?; ?date+time+gmtoffset?

You will then need to delcare where you are sending the email from:
HELO local.domain.name - dont worry too much about your local domain name although you really should use your exact fully qualified domain name as seen by the outside world the mail server has no choice but to take your word for it as of RFC822-RFC1123.
This should give you:
250 mail.domain.ext Hello local.domain.name [loc.al.i.p], pleased to meet you

Now give your email address:
MAIL FROM: mail@domain.ext
Should yeild:
250 2.1.0 mail@domain.ext... Sender ok
If it doesn't please see possible problems.

Now give the recipients address:
RCPT TO: mail@otherdomain.ext
Should yeild:
250 2.1.0 mail@otherdomain.ext... Recipient ok
If it doesn't please see possible problems.

To start composing the message issue the command DATA

If you want a subject for your email type Subject:-type subject here- then press enter twice (these are needed to conform to RFC 882)

You may now proceed to type the body of your message (e.g. hello mail@otherdomain.ext from mail@domain.ext)

To tell the mail server that you have completed the message enter a single "." on a line on it's own.
The mail server should reply with: 250 2.0.0 ???????? Message accepted for delivery

You can close the connection by issuing the QUIT command.

0
 

Author Closing Comment

by:cjmara
ID: 31603556
Well,

I wasn't able to get things working properly from home last night so I left it until this morning.  I switched everything on the mail server, and then the firewall; and then connected to the mail server.  Yesterday we only went as far as connecting to the mail server, so this morning we completed the process by sending a mail as you had suggested.  It worked, and when I went and looked at my logs, mail did not stop coming in today.

Not sure what has changed as I followed the same steps that I did yesterday (and rechecked yesterday) but today it is working.  At the same point, doesn't really matter much as long as it is working.

Thanks for the suggestion, as going back to it made the difference.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
Check out the latest tech news, community articles, and expert highlights in August's newsletter.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses
Course of the Month11 days, 21 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question