[SOLVED]Upgraded to 18.1 SMTP outgoing no longer works

[wyliecoyoteuk]

We are running 17.1, but are trying to upgrade to 18.1.
However on the new firewall, when we install it and restore the config from 17.7, our internal Exchange server cannot connect outbound to other SMTP connections.
What has changed that might cause this?
I have tried telnet to an external mail server on port 25, and that fails to connect as well.
incoming mail, web and  SIP connections etc, all seem fine.

[mimugmail]

18.1. or 18.1.6? Perhaps you have some NAT rules, there might be a reverted change in 18.1.6 fixing this ...

[wyliecoyoteuk]

18.1
Thanks for the quick reply, I will download that now :)

[wyliecoyoteuk]

There only seem to be 18.1 images available, will they be the 18.1.6 release now?
Our install shows as 18.1

[wyliecoyoteuk]

Sorry realised i need to install and then update

[ScottSenffner]

did the upgrade help? I am on 18.1.6 and I can't get it the SMTP to work.

[wyliecoyoteuk]

Will be trying it later, our backup box is still on 17.6

[wyliecoyoteuk]

no difference :(

[wyliecoyoteuk]

So, 17 works, but 18.1 fails, yet both systems have exactly the same settings.
Is this a problem with NAT?
Any hints would be welcome.

[mimugmail]

Go to CLI and do a tcpdump:

tcpdump -n -i <internal-physical-nic> host your-exchange-ip

See if packets arrive firewall.

If yes:

clog /var/log/filter.log | grep your-exchange-ip

See if you have drops

If no:

tcpdump -n -i <external-physical-nic> port 25

And check if you see outgoing packet when doing a telnet.

[wyliecoyoteuk]

Thanks, I'll look at that.

[wyliecoyoteuk]

We found that all SMTP traffic (outbound and inbound) was being directed to our mailserver.
Disabled NAT reflection for the SMTP PF rule, and it started working.
Don't know why 17.7 worked with NAT reflection enabled globally and 18.1 doesn't.
Thanks again.