iCloud SMTP

Hello I have a T20 and can not seem to get outbound SMTP working for my iCloud account. I have the following error in the event log.

2021-06-01 15:59:04 pxy 0x1a750150-1764059 connect failed Connection timed out 121: 192.168.7.207:55172 -> 17.42.251.41:465 [A t] {B} | 122: 192.168.31.158:55172 -> 17.42.251.41:465 [!B c] {B}[P]

Help please, I'm new to WatchGuard

Answers

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @DLong

    That error is saying that B channel is failing to connect. (A channel is the client to the firewall, and B channel is the firewall to the desitnation server.

    Can you connect to it over a normal packet filter? It appears the service may be down at that specific IP if it's not allowing connections.

    -James Carson
    WatchGuard Customer Support

  • Hi @James_Carson the connection works fine over 4G so I'm assuming that everything is fine at Apples side.

    I did see this post

    It looks like you are using a SMTP proxy for outgoing SMTP.
    17.42.251.41 belongs to Apple.
    My best guess is that you need to add a SMTP packet filter To: the DNS name(s) associated with 17.42.251.
    Make sure that the SMTP packet filter is above your current SMTP proxy.

    These look to be the correct DNS names to use for this.
    mx01.mail.icloud.com
    mx02.mail.icloud.com


    My issue is I cant see how to map a packet filter to the DNS names.

    Thanks,

    D

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @DLong

    You'd need to create a SMTP packet filter -- if you wanted to do it just to those two servers, you can put them in the TO field instead of any-external.

    The help article that goes over how to add a policy and what that looks like is here:
    (Add Policies)
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/add_policy_c.html

    You'd want to select packet filter, and find SMTP inside of that option.

    In the from field you'd want to choose Add, Add Other, FQDN, and type in those two FQDNs for your service.

    If you need assistance doing this, I'd suggest opening a support case by clicking the support center link at the top of the page, or calling our support line https://www.watchguard.com/wgrd-support/support-by-phone/all

    -James Carson
    WatchGuard Customer Support

Sign In to comment.