Inbound Port Forwarding for POP/S and IMAP/S

Started by baqwas, July 03, 2020, 04:46:25 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 03, 2020, 04:46:25 AM
Thx to @hitechhillbilly, I have outbound SMTP/S working from my LAN mail server through Google's relay. Checked sufficient number of diverse addresses (for my limited purposes) to assume that the outbound SMTP/S service is working for practical purposes.

Unfortunately, I cannot receive any replies!  :(

I checked that I do have MX and TXT (for SPF & DKIM) records in a public nameserver. My Firewall NAT Port Forward settings are:

Source                                          Destination     NAT
Interface Protocol Address Ports Address               Ports     IP                 Ports
WAN      TCP        *             *       36.113.235.16/30 POP/S  192.168.0.6  POP/S  995
WAN      TCP        *             *       36.113.235.16/30 IMAP/S 192.168.0.6  IMAP/S 993

What else do I have to configure to enable inbound POP/S and IMAP/S traffic from any Internet mail server? Of course, I do have checks enabled on the Synology server for "nuisance" traffic etc. and in due course will leverage OPNsense for that purpose too but first I need to overcome yet another self-inflicted issue on my part owing to my limited understanding. Port forwarding was working for me on a consumer grade router but I no longer have access to that hardware to test in tandem.

Any guidance (and advice) will be gratefully accepted to get myself back on track again. Thanks.

Kind regards.
July 03, 2020, 01:34:31 PM #1
Hello,

You can try this configuration:

WAN    TCP    *    *    WAN adresse    995 (POP/S)    192.168.0.6     995 (POP/S)       
WAN    TCP    *    *    WAN adresse    993 (IMAP/S)    192.168.0.6    993 (IMAP/S)       

Best regards.
July 03, 2020, 02:21:20 PM #2
Thx, @jaj1105,

I was simply emulating what worked for me with port 80/443. In any case, I just tried your suggestion. The test email did not come through and it does take a while (several retries by the public service provider, viz. Yahoo) for the failure notice to appear. I'll post an update when there are changes in the status.

I've sent mail from 3 different service providers. Yahoo was the quickest to report failure; the others presumably will keep trying for a little longer. There is no mention of any validation error in the Yahoo failure notice (unlike Gmail where SPF/DKIM issues are noted).

Thanks again for your suggestions. Please do not hesitate to suggest additional settings.

Kind regards.
July 03, 2020, 06:01:01 PM #3
Hello @jaj1105,

The settings illustrated by you in your original reply did not work for any email. The failure notice (for delivery) from Yahoo appeared during the early hours of the morning. Looking at the attachment, I could not determine the reason for the failure. Some servers will report the failure cause but there is no error message in the current set of tests that is readily apparent at my knowledge level.

I wonder what else might be interfering with the forwarding of the message by the OPNsense box to the intranet mail server. The latter's log has no record of any traffic from OPNsense. Yet outbound SMTP messages are being sent without issues in the same infrastructure. The only logical conclusion that I can draw is that external validation of POP/S and/or IMAP/S (with respect to SPF and DKIM TXT records) is failing for me presently. Yet the same records worked previously before the migration to OPNsense.

I wish there was a class on OPNsense that I could attend to improve my knowledge!  :D

Kind regards.
Print
Go Up Pages1
User actions