Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall Settings to enable LAN MailServer+ to use Google SMTP Relay
« previous
next »
Print
Pages: [
1
]
Author
Topic: Firewall Settings to enable LAN MailServer+ to use Google SMTP Relay (Read 3756 times)
baqwas
Jr. Member
Posts: 62
Karma: 3
Firewall Settings to enable LAN MailServer+ to use Google SMTP Relay
«
on:
July 01, 2020, 02:37:15 am »
Hello,
I'm still trying to learn! May I get some guidance on Firewall settings to let my Synology MailServer Plus app continue to leverage Google SMTP Relay (for very low volume traffic). I believe I have some firewall settings to configure under:
OPNsense
20.1.7-amd64
FreeBSD
11.2-RELEASE-p20-HBSD
OpenSSL 1.1.1g 21 Apr 2020
but I can't get seem to create the correct outbound settings for this purpose. I'm lost in the granularity of the Firewall settings. The following are my
attempted
entries but, of course, these do not work:
Interface: LAN
TCP/IP Version: IPv4
Protocol: TCP
Destination: WAN address??
Destination port range: from SMTP/S to SMTP/S
Redirect target IP: Single host or Network: smtp.gmail.com
Redirect target port: SMTP/S
Pool Options: Default
NAT reflection: Use system default
Filter rule association: Add associated filter rule
I wanted to limit all outbound SMTP traffic to the Google relay but my entry for the Redirect target IP was flagged as an erroneous entry, of course. Perhaps, I need two rules (thinking aloud!).
How should I configure the Firewall settings assuming the limited purpose of using Synology MailServer Plus to connect to Google SMTP relay server (smtp.gmail.com:587 with TLS and valid authentication credentials)? Any debugging with respect to MailServer Plus or Google SMTP (e.g. SPF, DKIM, etc.) is my load to carry. I just need the OPNsense configuration for the outbound traffic.
I have configured Firewall NAT (inbound) port forwarding (and realized the
super
flexibility of the OPNsense Firewall settings) but I guess I still have a lot to learn. Thanks again for your patience and understanding in helping out a newbie.
Kind regards.
P.S.
MailServer Plus worked previously in the same (but a different & inflexible router) chain; I understand Postfix is available with good documentation in this forum but I want to avoid yet another SMTP relay hop.
Logged
hitechhillbilly
Newbie
Posts: 19
Karma: 0
Re: Firewall Settings to enable LAN MailServer+ to use Google SMTP Relay
«
Reply #1 on:
July 01, 2020, 02:52:20 am »
You are just wanting to allow SMTP/S out from a single device on your LAN?
If this is the case you do not need a port forward which is what this looks like.
All you need is a LAN rule that specifies the source IP as your Synology device, a destination as smtp.gmail.com or any if you want it to connect to any external IP and destination port as SMTP/S.
You then, below this rule need to put in a rule with a block/reject and specify the source as your LAN net destination as any and destination port would be SMTP/S.
Also be sure and set another block rule with the same settings as the first but with SMTP so all SMTP and SMTP/S ports are blocked.
Logged
baqwas
Jr. Member
Posts: 62
Karma: 3
Re: Firewall Settings to enable LAN MailServer+ to use Google SMTP Relay
«
Reply #2 on:
July 02, 2020, 07:46:50 pm »
Thank your very much, @hitechhillbilly. Appreciate your guidance. I have entered the key rule and the two accompanying ones per your suggestion.
Kind regards.
Logged
baqwas
Jr. Member
Posts: 62
Karma: 3
Re: Firewall Settings to enable LAN MailServer+ to use Google SMTP Relay
«
Reply #3 on:
July 02, 2020, 08:13:44 pm »
Hello @hitechhillbilly,
I am stuck at the Destination & Redirect entries with the following error message:
The following input errors were detected:
"smtp.gmail.com" is not a valid redirect target IP address, network or host alias.
Here are the key entries:
Source: Single host or Network
192.168.1.6 (Synology MailServer+)
Source port range: from SMTP/S to SMTP/S
Destination: WAN net
Destination port range: from SMTP/S to SMTP/S
Redirect target IP: Single host or Network
smtp.gmail.com
Redirect target port: SMTP/S
NAT reflection: Use system default
Filter rule association: Add associated filter rule
Which
field
the correct one to record the destination as
smtp.gmail.com
?
Thanks.
Logged
baqwas
Jr. Member
Posts: 62
Karma: 3
Re: Firewall Settings to enable LAN MailServer+ to use Google SMTP Relay
«
Reply #4 on:
July 03, 2020, 06:05:19 pm »
Hello @hitechhillbilly,
Substituting the IP address for the Google SMTP server FQDN worked. I guess Google will not have to change the IP address anytime soon.
Does does my misunderstanding (IP address instead of FQDN) merit a
long-term/low priority
feature request? Thanks.
Kind regards.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall Settings to enable LAN MailServer+ to use Google SMTP Relay