Having been accomodating about it in the past, the technical geniuses at Comcast have permanently blocked port 25, separating me (at my home office) from my employer's e-mail server.
What can be done on the server side to keep Postfix listening on 25 _and_ accept my connections on some other port? Is there a Postfix solution? iptables maybe?
Miark
On Jan 18, 2008 4:11 PM, Miark mlist2@gardnerbusiness.com wrote:
Having been accomodating about it in the past, the technical geniuses at Comcast have permanently blocked port 25, separating me (at my home office) from my employer's e-mail server.
What can be done on the server side to keep Postfix listening on 25 _and_ accept my connections on some other port? Is there a Postfix solution? iptables maybe?
Several places like dyndns offer a 'mailhop' option for just such ISPs. local solutions won't work overly well, as it's outside world folks who will be expecting 25 or 465 and not getting to you.
On Jan 18, 2008 4:11 PM, Miark mlist2@gardnerbusiness.com wrote:
Having been accomodating about it in the past, the technical geniuses at Comcast have permanently blocked port 25, separating me (at my home office) from my employer's e-mail server.
What can be done on the server side to keep Postfix listening on 25 _and_ accept my connections on some other port? Is there a Postfix solution? iptables maybe?
Miark
A "simple" solution would be to use SSH port forwarding from your system to the remote server. You'd need SSH access to another server outside of Comcast's network, like maybe one at work. Then you would use the SSH command line: ssh -L 2525:mailServer:25 -N username@remoteServer where mailServer is the DNS name or IP address of the mail server, and remoteServer is the server name you have ssh access to. Then you set your outgoing mail server to 127.0.0.1 port 2525.
The more complex solution is to set up a VPN between your office and the work office. Another option is to just use the Comcast mail server for outgoing mail, depending on your requirements.
On Fri, 2008-01-18 at 14:11 -0700, Miark wrote:
Having been accomodating about it in the past, the technical geniuses at Comcast have permanently blocked port 25, separating me (at my home office) from my employer's e-mail server.
What can be done on the server side to keep Postfix listening on 25 _and_ accept my connections on some other port? Is there a Postfix solution? iptables maybe?
I have had similar problems with some of my hosting clients. We configured postfix to also listen on port 2525 as follows:
In /etc/postfix/master.cf file, locate the lines that look like this:
smtp inet n - n - - smtpd -o cleanup_service_name=pre-cleanup
Add the following lines right after them:
2525 inet n - n - - smtpd -o cleanup_service_name=pre-cleanup
Then just do a 'postfix reload' and you should be in business.
HTH, Rich
Miark
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Fri, 18 Jan 2008 17:31:13 -0500, Rich wrote:
On Fri, 2008-01-18 at 14:11 -0700, Miark wrote:
Having been accomodating about it in the past, the technical geniuses at Comcast have permanently blocked port 25, separating me (at my home office) from my employer's e-mail server.
What can be done on the server side to keep Postfix listening on 25 _and_ accept my connections on some other port? Is there a Postfix solution? iptables maybe?
I have had similar problems with some of my hosting clients. We configured postfix to also listen on port 2525 as follows:
In /etc/postfix/master.cf file, locate the lines that look like this:
smtp inet n - n - - smtpd -o cleanup_service_name=pre-cleanup
Add the following lines right after them:
2525 inet n - n - - smtpd -o cleanup_service_name=pre-cleanup
Then just do a 'postfix reload' and you should be in business.
That's exactly the type of solution I was hoping for! Thanks!
Miark
On Fri, 2008-01-18 at 17:31 -0500, Rich Huff wrote:
On Fri, 2008-01-18 at 14:11 -0700, Miark wrote:
Having been accomodating about it in the past, the technical geniuses at Comcast have permanently blocked port 25, separating me (at my home office) from my employer's e-mail server.
What can be done on the server side to keep Postfix listening on 25 _and_ accept my connections on some other port? Is there a Postfix solution? iptables maybe?
I have had similar problems with some of my hosting clients. We configured postfix to also listen on port 2525 as follows:
RFC 2476 defines port 587 as the preferred port. http://www.ietf.org/rfc/rfc2476.txt
Thanks to everybody for the responses. The winning solution was Ricks (see below) which worked like a charm after poking a suitable hole in my firewall.
Miark
[To listen to port 2525], in /etc/postfix/master.cf file, locate the lines that look like this:
smtp inet n - n - - smtpd -o cleanup_service_name=pre-cleanup
Add the following lines right after them:
2525 inet n - n - - smtpd -o cleanup_service_name=pre-cleanup
Then just do a 'postfix reload' and you should be in business.
Miark wrote:
Thanks to everybody for the responses. The winning solution was Ricks (see below) which worked like a charm after poking a suitable hole in my firewall.
I missed most of that conversation, but can't you configure postfix to use smtps on port 465 on both ends and get encryption over the internet as well as just being allowed through?
Les Mikesell wrote:
Miark wrote:
Thanks to everybody for the responses. The winning solution was Ricks (see below) which worked like a charm after poking a suitable hole in my firewall.
I missed most of that conversation, but can't you configure postfix to use smtps on port 465 on both ends and get encryption over the internet as well as just being allowed through?
465 is obsolete and postfix won't do that as a client. If encryption is needed, STARTTLS is the standard.
Miark wrote on Fri, 18 Jan 2008 17:55:32 -0500:
The winning solution
Nevertheless, Bowie's solution is the correct one.
Kai
Yeah, I resolved that problem when I switched ISPs recently by using something like this:
submission inet n - n - - smtpd -o smtpd_etrn_restrictions=reject -o smtpd_sasl_auth_enable=yes -o receive_override_options=no_address_mappings -o
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
Kai Schaetzl wrote:
Miark wrote on Fri, 18 Jan 2008 17:55:32 -0500:
The winning solution
Nevertheless, Bowie's solution is the correct one.
Kai
Kai Schaetzl wrote:
Miark wrote on Fri, 18 Jan 2008 17:55:32 -0500:
The winning solution
Nevertheless, Bowie's solution is the correct one.
Indeed, 587 is the standard port for mail submission.
http://www.ietf.org/rfc/rfc2476.txt http://www.ietf.org/rfc/rfc5068.txt
and since "submission" is found in /etc/services (at least on recent systems), one can use it in firewall rules... It is also hoped that future versions of MUAs will be submission-friendly (propose this port and check whether STARTTLS and/or SASL AUTH is needed, ... etc).
In addition, the service is already defined in master.cf. one just needs to uncomment it.