Re: The FreeBSD Diary -- Is your ISP blocking port 25? Here's a Postfix solution.
- From: "Simon Chang" <simonychang@xxxxxxxxx>
- Date: Fri, 15 Jun 2007 10:18:00 -0400
Um, since you had pulled this article from The FreeBSD Diary, why
don't you try...
www.freebsddiary.org?
SC
On 6/11/07, John Hoskins <hoskinsjohn@xxxxxxx> wrote:
I need to get ion touch with the person who posted the article:_______________________________________________
I have a serious problem, and I need help.
The FreeBSD Diary
(TM)
Providing practical examples since 1998
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH
| FEEDBACK | FAQ | FORUMS ]
Is your ISP blocking port 25? Here's a Postfix solution.10 February 2006
Need more help on this topic? Click here
This article has 7 comments
Show me similar articles
My ISP started blocking incoming port 25. It's already blocking
outgoing port 25 and I'm handling that. Now it's time to start
accepting incoming mail on the submission port, 587. They aren't
blocking my incoming port 25. But we went through this process for
another guy on our computer, so I figured that this is a good thing
for which it will pay to be pro active.
This solution assumes you have a mail server at home and at least one
other mail server out there on the Internet, one which does not have
port 25 blocked. That part is crucial to this solution. It is the
external server[s] that will accept incoming mail and forward it to
you. In DNS terms, your MX records will not point to your home
server, but to your public server.
Your home mail server
I started by adding the following line to /usr/local/etc/postfix/
master.cf on my Postfix mail server at home:
10.34.0.1:587 inet n - n - - smtpd
where 10.34.0.1 is the public IP address of my mail server [no,
that's not really my IP address]. This instructs Postfix to listen on
that IP address on port 587. This is known as the submission port:
$ grep 587 /etc/services
submission 587/tcp
submission 587/udp
Your public mail server
Then I added this to /usr/local/etc/postfix/main.cf on my public mail
server:
transport_maps = hash:/usr/local/etc/postfix-config/transport
This tells Postfix to observe the transport directives in the above
mentioned file. You can put the file whereever you want. I like to
keep it in that directory, which you'll probably have to create
because it's not part of the standard system. In /usr/local/etc/
postfix-config/transport I have:
myserver.example.org smtp:[myserver.example.org]:587
Where myserver.example.org is the hostname of my mail server at home.
You need to create a .db file to go with that. I issued these commands:
cd /usr/local/etc/postfix-config
postmap transport
You should now see a transport.db file. After making these changes
you should restart postfix:
postix restart
Testing
Then I sent a test message from the public mail server
$ echo 'test' | mail me@xxxxxxxxxxxxxxxxxxxx
I confirmed that it was coming in on port 587 with this command on my
mail server at home:
tcpdump -i fxp0 port 587
Where fxp0 is the outside NIC on my firewall (the one with IP
10.34.0.1) as shown above.
Then, on the public mail server, I requeued all the messages, so
they'd use the right transport:
postsuper -r ALL
It's magic!
All the messages were delivered to the right spot.
Controlling access
I control access to port 587 on my mail server. I have firewall rules
in place that allow connections only from my home server. I think
there are no security risks involved in keeping it open, but I see no
reason to give access where no access is required.
What about the other way around?
If you need to handle outgoing port 25 to avoid ISP blocks, you can
always the same instructions, but in the reverse direction. It should
just work.
Like the website? Want to give back? Please visit my wish list!
Need more help on this topic? Click here
This article has 7 comments
Show me similar articles
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH
| FEEDBACK | FAQ | FORUMS ]
Servers and bandwidth provided by New York Internet and SuperNews
Valid HTML, CSS , and RSS.
Copyright (c) 1997-2007 DVL Software Ltd.
All rights reserved.
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- References:
- Prev by Date: Re: problem with sed command and csh
- Next by Date: BPF and buffering
- Previous by thread: The FreeBSD Diary -- Is your ISP blocking port 25? Here's a Postfix solution.
- Next by thread: Confused about dhclient .conf and -script..
- Index(es):
Relevant Pages
|
|
