From owner-freebsd-questions@FreeBSD.ORG Fri Jun 15 14:44:23 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EA2BA16A41F for ; Fri, 15 Jun 2007 14:44:22 +0000 (UTC) (envelope-from simonychang@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.239]) by mx1.freebsd.org (Postfix) with ESMTP id A98AF13C455 for ; Fri, 15 Jun 2007 14:44:22 +0000 (UTC) (envelope-from simonychang@gmail.com) Received: by nz-out-0506.google.com with SMTP id 14so831786nzn for ; Fri, 15 Jun 2007 07:44:22 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=QIDY0PB6X0mcqkWiihDvOeord0WpBQrQhvCbbzBhZRgYX9WJXErW2Twl03SMaRht2yVoSVoYBwormNfeFFlg0kiwuoRnD9/ROuW0xsEAh2hvDVnX95uPYc+fCiDmvRsEN2j7pDbCazMUMMafkJPGnjtFJULJevoBeaNU13xeLrI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Iao3QU0OGpgD9WQBwbWDEDm7JZjRTjtANohJ993JJRkTW9ZX2f1Vd+87i7ye3lpNnex/OWlfMtSg5DoTwSqpZ9TCA6oJefdIeUlXhupm1xx5nv1DDR5T8/b2jOE63GSIKF7SXCpefqnuOIGbZuqId8MGZGDw75NiZeObRWJjGoQ= Received: by 10.114.196.1 with SMTP id t1mr3065925waf.1181917080925; Fri, 15 Jun 2007 07:18:00 -0700 (PDT) Received: by 10.114.26.7 with HTTP; Fri, 15 Jun 2007 07:18:00 -0700 (PDT) Message-ID: <8efc42630706150718j461af678y54f6b0812c4bdb5a@mail.gmail.com> Date: Fri, 15 Jun 2007 10:18:00 -0400 From: "Simon Chang" To: "John Hoskins" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: Cc: freebsd-questions@freebsd.org Subject: Re: The FreeBSD Diary -- Is your ISP blocking port 25? Here's a Postfix solution. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jun 2007 14:44:23 -0000 Um, since you had pulled this article from The FreeBSD Diary, why don't you try... www.freebsddiary.org? SC On 6/11/07, John Hoskins wrote: > I need to get ion touch with the person who posted the article: > I have a serious problem, and I need help. > > The FreeBSD Diary > > (TM) > Providing practical examples since 1998 > > [ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH > | FEEDBACK | FAQ | FORUMS ] > > Is your ISP blocking port 25? Here's a Postfix solution.10 February 2006 > Need more help on this topic? Click here > This article has 7 comments > Show me similar articles > > My ISP started blocking incoming port 25. It's already blocking > outgoing port 25 and I'm handling that. Now it's time to start > accepting incoming mail on the submission port, 587. They aren't > blocking my incoming port 25. But we went through this process for > another guy on our computer, so I figured that this is a good thing > for which it will pay to be pro active. > > This solution assumes you have a mail server at home and at least one > other mail server out there on the Internet, one which does not have > port 25 blocked. That part is crucial to this solution. It is the > external server[s] that will accept incoming mail and forward it to > you. In DNS terms, your MX records will not point to your home > server, but to your public server. > > Your home mail server > I started by adding the following line to /usr/local/etc/postfix/ > master.cf on my Postfix mail server at home: > > 10.34.0.1:587 inet n - n - - smtpd > where 10.34.0.1 is the public IP address of my mail server [no, > that's not really my IP address]. This instructs Postfix to listen on > that IP address on port 587. This is known as the submission port: > $ grep 587 /etc/services > submission 587/tcp > submission 587/udp > Your public mail server > Then I added this to /usr/local/etc/postfix/main.cf on my public mail > server: > > transport_maps = hash:/usr/local/etc/postfix-config/transport > This tells Postfix to observe the transport directives in the above > mentioned file. You can put the file whereever you want. I like to > keep it in that directory, which you'll probably have to create > because it's not part of the standard system. In /usr/local/etc/ > postfix-config/transport I have: > > myserver.example.org smtp:[myserver.example.org]:587 > Where myserver.example.org is the hostname of my mail server at home. > You need to create a .db file to go with that. I issued these commands: > > cd /usr/local/etc/postfix-config > postmap transport > You should now see a transport.db file. After making these changes > you should restart postfix: > > postix restart > Testing > Then I sent a test message from the public mail server > > $ echo 'test' | mail me@myserver.example.org > I confirmed that it was coming in on port 587 with this command on my > mail server at home: > > tcpdump -i fxp0 port 587 > Where fxp0 is the outside NIC on my firewall (the one with IP > 10.34.0.1) as shown above. > > Then, on the public mail server, I requeued all the messages, so > they'd use the right transport: > > postsuper -r ALL > It's magic! > > All the messages were delivered to the right spot. > > Controlling access > I control access to port 587 on my mail server. I have firewall rules > in place that allow connections only from my home server. I think > there are no security risks involved in keeping it open, but I see no > reason to give access where no access is required. > > What about the other way around? > If you need to handle outgoing port 25 to avoid ISP blocks, you can > always the same instructions, but in the reverse direction. It should > just work. > > > > > Like the website? Want to give back? Please visit my wish list! > > > > > Need more help on this topic? Click here > This article has 7 comments > Show me similar articles > [ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH > | FEEDBACK | FAQ | FORUMS ] > Servers and bandwidth provided by New York Internet and SuperNews > Valid HTML, CSS , and RSS. > Copyright (c) 1997-2007 DVL Software Ltd. > All rights reserved. > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >