Solved

Incoming Mail through a firewall

Posted on 2009-07-14
6
396 Views
Last Modified: 2013-11-30
I'm a little stumped on this one.  I have a mail server that was multi-homed, and used the external interface for the virtual smtp server.

I have finally installed a new firewall, and have been able to get RPC over HTTP through the firewall, as well as OWA.  I created rules for SMTP and HTTPS, and forwarded the traffic to the internal interface, as well as change the Virtual SMTP server to use the internal interface.

As I mentioned, OWA and RPC over HTTPS both work; but I have NO incoming email.  I am also running GFI MailEssentials and MailSecurity; but in both cases they are directed at the Virtual SMTP Server.  I did verify that the incoming mail stopped as it was not even hitting the MailEssentials.

Any suggestions?

As soon as I renabled the external interface and disabled the virtual ip on the firewall as well as the rules; I started receiving incoming emails.

Sidenote: the firewall is pfSense.

Thanks,
0
Comment
Question by:cjmara
  • 3
  • 3
6 Comments
 
LVL 23

Expert Comment

by:debuggerau
ID: 24855612
do you have MX record pointing to both public IP's, or just to the external interface?
0
 

Author Comment

by:cjmara
ID: 24855635
The MX record is pointing to the external interface, but we set that up on the firewall (after it was disabled on the mail server) as a virtual ip and then added the rules for forwarding.

Thanks
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24855650
what rules have you for the virtual ip in the firewall?

Sounds like the rule for SMTP is not quite right..
Can you telnet to port 25 externally to test?

0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:cjmara
ID: 24855701
Sorry I should have added that.  We were able to telnet to port 25 on the appropriate address (once I remembered to change the Virtual SMTP server).

I am including a picture of the rules that we have since disabled.

Thanks,
pfSense-rules.png
0
 
LVL 23

Accepted Solution

by:
debuggerau earned 500 total points
ID: 24855768
you say "that we have since disabled."

and yes, they are disabled...

I'm assuming you've enabled them...

When you tested the SMTP, did you get an email sent to you?
I usually test the SMTP till I get an email in my inbox, to verify the handshaking all the way..

___________________________________________________
telnet mail.domain.ext 25
You should receive a reply like:
Trying ???.???.???.???...
Connected to mail.domain.ext.
Escape character is '^]'.
220 mail.domain.ext ESMTP Sendmail ?version-number?; ?date+time+gmtoffset?

You will then need to delcare where you are sending the email from:
HELO local.domain.name - dont worry too much about your local domain name although you really should use your exact fully qualified domain name as seen by the outside world the mail server has no choice but to take your word for it as of RFC822-RFC1123.
This should give you:
250 mail.domain.ext Hello local.domain.name [loc.al.i.p], pleased to meet you

Now give your email address:
MAIL FROM: mail@domain.ext
Should yeild:
250 2.1.0 mail@domain.ext... Sender ok
If it doesn't please see possible problems.

Now give the recipients address:
RCPT TO: mail@otherdomain.ext
Should yeild:
250 2.1.0 mail@otherdomain.ext... Recipient ok
If it doesn't please see possible problems.

To start composing the message issue the command DATA

If you want a subject for your email type Subject:-type subject here- then press enter twice (these are needed to conform to RFC 882)

You may now proceed to type the body of your message (e.g. hello mail@otherdomain.ext from mail@domain.ext)

To tell the mail server that you have completed the message enter a single "." on a line on it's own.
The mail server should reply with: 250 2.0.0 ???????? Message accepted for delivery

You can close the connection by issuing the QUIT command.

0
 

Author Closing Comment

by:cjmara
ID: 31603556
Well,

I wasn't able to get things working properly from home last night so I left it until this morning.  I switched everything on the mail server, and then the firewall; and then connected to the mail server.  Yesterday we only went as far as connecting to the mail server, so this morning we completed the process by sending a mail as you had suggested.  It worked, and when I went and looked at my logs, mail did not stop coming in today.

Not sure what has changed as I followed the same steps that I did yesterday (and rechecked yesterday) but today it is working.  At the same point, doesn't really matter much as long as it is working.

Thanks for the suggestion, as going back to it made the difference.
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now