Mail server in LAN - connection timeout to SOME MXes

Started by maxxer, June 03, 2022, 03:04:35 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 03, 2022, 03:04:35 PM Last Edit: June 03, 2022, 04:36:15 PM by maxxer
Hi.
We replaced a pfSense installation with a freshly installed 22.1.8_1. The mailserver in LAN is unable to contact some remote MX, specifically Gmail / Outlook, but also some other minor providers.
The configuration is pretty simple, there are no LAN rules except the default ones allowing all traffic. No QoS  configured.

Weird enough, telnetting to these hosts work, but mail delivery won't. Can be something related to TLS connections?

The WAN has a 192.168.20.1 address, the modem is 192.168.20.2. Block of private and bogon networks is disabled. This was erroneously enabled, and while web navigation was fine we had another issue: ssh'ing outside from the server was working, but scp didn't. Now scp works, but email still won't get delivered.

What could be blocking these connections?
thanks

Code Select

Jun  3 14:57:12 srv02 postfix/smtp[19722]: 79CA91E33BC3: to=<a.b@domain.it>, relay=mail.register.it[195.110.124.132]:25, delay=3428, delays=3282/0.21/1.2/145, dsn=4.4.2, status=deferred (lost connection with mail.register.it[195.110.124.132] while sending message body)
Jun  3 14:57:49 galasrv02 postfix/smtp[19683]: AA78E1E33CC9: conversation with ASPMX.L.GOOGLE.com[108.177.126.27] timed out while sending message body


EDIT: forgot to say the firewall is running in as a Proxmox VM, network driver virtio
YetOpen S.r.l.
June 04, 2022, 07:07:46 AM #1
It looks like email with attachments (even >= 20KB) are impacted by the issue. Text only emails are delivered.

YetOpen S.r.l.
June 05, 2022, 08:54:14 AM #2
It's probably not gona work unless you have a static IP and reverse DNS entries for the FQDN that resolves to that IP address.
June 05, 2022, 10:13:40 AM #3
What is your spf record? Is your IP address in Spamhaus? https://check.spamhaus.org/

Can you only send purely on MX or does your provider operate a smarthost?

Bart...
June 08, 2022, 09:43:59 AM #4
Thanks for the feedback but it's not a deliverability issue, we've been running a mailserver here for ages with no problems. The issue is with OPNsense upload performances, which unfortunately we weren't able to solve. We tried changing interface type to vmx3 or e1000 but we still had less than 0.5Mbps of upload. We switched to pfSense and now upload is 2.5MBps, which is in line with connection performance.
YetOpen S.r.l.
June 08, 2022, 03:21:26 PM #5
Didn't someone say recently that enabling hardware offloading settings may be required for kvm on FreeBSD 13?
June 08, 2022, 04:38:05 PM #6
Quote from: franco on June 08, 2022, 03:21:26 PM
Didn't someone say recently that enabling hardware offloading settings may be required for kvm on FreeBSD 13?

All the flags were enabled = feature disabled.
YetOpen S.r.l.
June 08, 2022, 06:44:16 PM #7
try to disable flags to enable features is what I meant... Most importantly "Hardware CRC" :)


Cheers,
Franco
Print
Go Up Pages1
User actions