Solved

Incoming Mail through a firewall

Posted on 2009-07-14
6
407 Views
Last Modified: 2013-11-30
I'm a little stumped on this one.  I have a mail server that was multi-homed, and used the external interface for the virtual smtp server.

I have finally installed a new firewall, and have been able to get RPC over HTTP through the firewall, as well as OWA.  I created rules for SMTP and HTTPS, and forwarded the traffic to the internal interface, as well as change the Virtual SMTP server to use the internal interface.

As I mentioned, OWA and RPC over HTTPS both work; but I have NO incoming email.  I am also running GFI MailEssentials and MailSecurity; but in both cases they are directed at the Virtual SMTP Server.  I did verify that the incoming mail stopped as it was not even hitting the MailEssentials.

Any suggestions?

As soon as I renabled the external interface and disabled the virtual ip on the firewall as well as the rules; I started receiving incoming emails.

Sidenote: the firewall is pfSense.

Thanks,
0
Comment
Question by:cjmara
  • 3
  • 3
6 Comments
 
LVL 23

Expert Comment

by:debuggerau
ID: 24855612
do you have MX record pointing to both public IP's, or just to the external interface?
0
 

Author Comment

by:cjmara
ID: 24855635
The MX record is pointing to the external interface, but we set that up on the firewall (after it was disabled on the mail server) as a virtual ip and then added the rules for forwarding.

Thanks
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 24855650
what rules have you for the virtual ip in the firewall?

Sounds like the rule for SMTP is not quite right..
Can you telnet to port 25 externally to test?

0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:cjmara
ID: 24855701
Sorry I should have added that.  We were able to telnet to port 25 on the appropriate address (once I remembered to change the Virtual SMTP server).

I am including a picture of the rules that we have since disabled.

Thanks,
pfSense-rules.png
0
 
LVL 23

Accepted Solution

by:
debuggerau earned 500 total points
ID: 24855768
you say "that we have since disabled."

and yes, they are disabled...

I'm assuming you've enabled them...

When you tested the SMTP, did you get an email sent to you?
I usually test the SMTP till I get an email in my inbox, to verify the handshaking all the way..

___________________________________________________
telnet mail.domain.ext 25
You should receive a reply like:
Trying ???.???.???.???...
Connected to mail.domain.ext.
Escape character is '^]'.
220 mail.domain.ext ESMTP Sendmail ?version-number?; ?date+time+gmtoffset?

You will then need to delcare where you are sending the email from:
HELO local.domain.name - dont worry too much about your local domain name although you really should use your exact fully qualified domain name as seen by the outside world the mail server has no choice but to take your word for it as of RFC822-RFC1123.
This should give you:
250 mail.domain.ext Hello local.domain.name [loc.al.i.p], pleased to meet you

Now give your email address:
MAIL FROM: mail@domain.ext
Should yeild:
250 2.1.0 mail@domain.ext... Sender ok
If it doesn't please see possible problems.

Now give the recipients address:
RCPT TO: mail@otherdomain.ext
Should yeild:
250 2.1.0 mail@otherdomain.ext... Recipient ok
If it doesn't please see possible problems.

To start composing the message issue the command DATA

If you want a subject for your email type Subject:-type subject here- then press enter twice (these are needed to conform to RFC 882)

You may now proceed to type the body of your message (e.g. hello mail@otherdomain.ext from mail@domain.ext)

To tell the mail server that you have completed the message enter a single "." on a line on it's own.
The mail server should reply with: 250 2.0.0 ???????? Message accepted for delivery

You can close the connection by issuing the QUIT command.

0
 

Author Closing Comment

by:cjmara
ID: 31603556
Well,

I wasn't able to get things working properly from home last night so I left it until this morning.  I switched everything on the mail server, and then the firewall; and then connected to the mail server.  Yesterday we only went as far as connecting to the mail server, so this morning we completed the process by sending a mail as you had suggested.  It worked, and when I went and looked at my logs, mail did not stop coming in today.

Not sure what has changed as I followed the same steps that I did yesterday (and rechecked yesterday) but today it is working.  At the same point, doesn't really matter much as long as it is working.

Thanks for the suggestion, as going back to it made the difference.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question