Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Can't send mail by smtp, but by submission??
« previous
next »
Print
Pages: [
1
]
Author
Topic: Can't send mail by smtp, but by submission?? (Read 2630 times)
MartinJ
Newbie
Posts: 3
Karma: 0
Can't send mail by smtp, but by submission??
«
on:
February 25, 2020, 10:57:26 pm »
I replaced an aging pfsense firewall on slow hardware by opnsense 20.1 on a APU2 board. The setup is fairly simple, no NAT, only routing and filtering. Outbound NAT is set to Manual rule generation, but no rules are defined.
LAN (192.168.99.0/24) - Lan_IF (192.168.99.1/24) - Firewall- WAN_IF (192.168.245.3/24) - Gateway (192.168.245.1)
The WAN net has a default gateway which handles internet access. This gateway has a route to my LAN and sends traffic to the WAN interface. For the moment, every interface on the OPNSense has only one rule, pass any any. Everything works fine... except access to a smtp server in the internet. A "telnet <server> 25" just doesn't work, a "telnet <server> 587" does. Yes, the <server> accepts traffic on port 25 and 587....
I used tcpdump on LAN and WAN and see the packets from the LAN computer on port 25 go into the firewall, but nothing leaves the WAN interface. The log shows no blocked traffic, the packets on port 25 just evaporate somewhere. Another thing that baffles me are a lot of blocked packets from one host in LAN to other hosts in WAN. A nagios on a LAN computer regularly checks all possible adresses in WAN net by trying to reach port 80. These are blocked by "default deny rule". But why? There is a "pass any any"-rule in LAN (and WAN) as first rule...
What can I do to find out what's going on?
Martin
«
Last Edit: February 25, 2020, 11:01:41 pm by MartinJ
»
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Can't send mail by smtp, but by submission??
«
Reply #1 on:
February 26, 2020, 06:03:22 am »
Are you sure? Many providers block port 25 in their backbone
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
MartinJ
Newbie
Posts: 3
Karma: 0
Re: Can't send mail by smtp, but by submission??
«
Reply #2 on:
February 26, 2020, 09:21:47 am »
Yes, I'm sure. It works from WiFi (same Accesspoint). I couldn't see the packets leave WAN interface on the FW.
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Can't send mail by smtp, but by submission??
«
Reply #3 on:
February 26, 2020, 11:51:15 am »
That is a common config that SMTP can only receive mails and you have to use submission to send.
Logged
MartinJ
Newbie
Posts: 3
Karma: 0
Re: Can't send mail by smtp, but by submission??
«
Reply #4 on:
February 26, 2020, 09:23:04 pm »
This is my own mail server and yes, it responds to connections at port 25. The problem is that the packets for <mailserver>:25 don't leave the WAN interface, but packets for <mailserver>:587 do (watched by tcpdump on the firewall). There are no blocking rules etc., just a freshly installed OPNSense without NAT.
I'm going to restore the FW to factory config and repeat every step I done, checking every time if I can telnet to port 25 on my mailserver.
Martin
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Can't send mail by smtp, but by submission??