# Routing mail through gigaport2?



## JayArr (May 24, 2018)

I have a problem that I'd like to solve.

My emails aren't always reaching their destinations because I use a VPN and some IT departments are blocking all traffic from VPNs. I've confirmed this with side by side computers, one running through the VPN and one running directly to my ISP. I open Thunderbird in both and the email I send through the VPN disappears, the other one arrives.

I want to keep using the VPN, I could send all my mail from the second computer but that's a blunt solution and I think I can do better.

The server my desktop is running on has two gigaports built in, I currently only use the first one.

Is there a way to instruct Thunderbird and Sendmail to use the second gigaport? If I could do that I could configure the firewall to route all traffice from gigaport 'B' directly to the ISP instead of through the VPN.

I know a little about routing, rules, NAT, BIND etc.

If anyone can give me a push in the right direction I'd appreciate knowing where to start reading.

Jeff Roberts


----------



## ShelLuser (May 24, 2018)

You're leaving out some very important details. The VPN and such doesn't really matter; what matters is the mail server you're using for outgoing e-mail. And of course which uplinks that's using.

So: what mail server is your Thunderbird using? And although you mention Sendmail, are you sure it's being used? If so: what does the logfile tell you about the e-mails (/var/log/maillog)?

To answer your question: No, you can't tell Thunderbird nor Sendmail to use "the second gigaport", that's not how this stuff works. Thunderbird simply contacts a mailserver (the one you configured) and that's it. How it contacts it depends on your network settings (such as routing tables and such). The same applies to Sendmail, although a bit more complicated: it also heavily depends on how you configured it; a detail you left out of your story.

Theoretically it is possible to add an entry to your routing table which tells the machine to use a specific gateway to reach the mailserver, for example one which doesn't use the VPN. However, it's impossible to say if that's applicable to your situation.

Also note that your testing results don't proof anything. Not without more context that is. For example: do both machines (the one connected to your ISP and the one connected to the VPN) use the same mailserver(s)? Without such details the whole story becomes meaningless because there are too many unknown variables here.


----------



## JayArr (May 25, 2018)

Hi ShelLuser

Thanks for the response.

As to the testing results. Both machines are sending mail to the same outgoing server, a2sXX.a2hosting.com which also hosts my website but it is NOT my ISP. My ISP just provides fibre to my location.

The rules of my Firewall (pfSense) route everything from the IP of one computer to the VPN and everything from the other directly to my ISP (no VPN). since they are both sending the same email to the same outgoing mailserver at an outside location I thought the test was pretty good.

If it's going to complicate things then let's forget Sendmail for now, if I can solve for Thunderbird I'll adapt and apply to Sendmail if required later.

How it contacts it depends on your network settings (such as routing tables and such).

This is what I'm looking for, I can give the second gigaport on the server a distinct IP, can I force traffic from a particular app to that port?


----------



## ShelLuser (May 25, 2018)

JayArr said:


> This is what I'm looking for, I can give the second gigaport on the server a distinct IP, can I force traffic from a particular app to that port?


What you normally do is what I mentioned earlier: add an entry to your routing table which tells your system that as soon as it needs to reach a certain host then it should do so using a specific gateway. See route(8). Something in the likes of `route add <host> <gw>`.

Depending on your firewall it might be possible to add to this and also apply some kind of package redirection, but I personally wouldn't go that far myself. It depends on the firewall being used and can turn into quite an administrative hassle.


----------



## JayArr (May 25, 2018)

Actually that's a great idea ShelLuser, instead of trying to direct it out a different NIC at the desktop server level I could just define a route in my firewall (pfSense) and all mail traffic would get sent to the regular WAN gateway instead of one of the VPN gateways. That has the added benefit of taking care of all email from every device on all my subnets. I think I've got some reading to do about routes.

Thanks!


----------



## JayArr (May 25, 2018)

Solved.
All I had to do is a traceroute to my outgoing email server to find it's IP and then I added an extra "rule" in pfSense under "Firewall/Rules/LAN". 
The new rule has:
'Source' 'single host or alias' = my desktop server IP
'Destination'  'single host or alias' = IP of my outgoing mail server
Gateway = WAN

Then I arranged the rules order so the new rule was above the rule that handled Destination 'any', Gateway VPN
Since the rules are applied top to bottom the mail gets sent out unencrypted.
This was super simple in the end. Thanks ShelLuser for pointing me in the right direction.


----------

