Date: Mon, 11 Jun 2007 09:57:22 -0400 From: John Hoskins <hoskinsjohn@mac.com> To: freebsd-questions@freebsd.org Subject: The FreeBSD Diary -- Is your ISP blocking port 25? Here's a Postfix solution. Message-ID: <A8252CFD-A390-44CA-94BA-834F3EE31A6A@mac.com>
next in thread | raw e-mail | index | archive | help
I need to get ion touch with the person who posted the article: I have a serious problem, and I need help. The FreeBSD Diary (TM)=09 Providing practical examples since 1998 [ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH =20= | FEEDBACK | FAQ | FORUMS ] Is your ISP blocking port 25? Here's a Postfix solution.10 February 2006 Need more help on this topic? Click here This article has 7 comments Show me similar articles My ISP started blocking incoming port 25. It's already blocking =20 outgoing port 25 and I'm handling that. Now it's time to start =20 accepting incoming mail on the submission port, 587. They aren't =20 blocking my incoming port 25. But we went through this process for =20 another guy on our computer, so I figured that this is a good thing =20 for which it will pay to be pro active. This solution assumes you have a mail server at home and at least one =20= other mail server out there on the Internet, one which does not have =20 port 25 blocked. That part is crucial to this solution. It is the =20 external server[s] that will accept incoming mail and forward it to =20 you. In DNS terms, your MX records will not point to your home =20 server, but to your public server. Your home mail server I started by adding the following line to /usr/local/etc/postfix/=20 master.cf on my Postfix mail server at home: 10.34.0.1:587 inet n - n - - smtpd where 10.34.0.1 is the public IP address of my mail server [no, =20 that's not really my IP address]. This instructs Postfix to listen on =20= that IP address on port 587. This is known as the submission port: $ grep 587 /etc/services submission 587/tcp submission 587/udp Your public mail server Then I added this to /usr/local/etc/postfix/main.cf on my public mail =20= server: transport_maps =3D hash:/usr/local/etc/postfix-config/transport This tells Postfix to observe the transport directives in the above =20 mentioned file. You can put the file whereever you want. I like to =20 keep it in that directory, which you'll probably have to create =20 because it's not part of the standard system. In /usr/local/etc/=20 postfix-config/transport I have: myserver.example.org smtp:[myserver.example.org]:587 Where myserver.example.org is the hostname of my mail server at home. =20= You need to create a .db file to go with that. I issued these commands: cd /usr/local/etc/postfix-config postmap transport You should now see a transport.db file. After making these changes =20 you should restart postfix: postix restart Testing Then I sent a test message from the public mail server $ echo 'test' | mail me@myserver.example.org I confirmed that it was coming in on port 587 with this command on my =20= mail server at home: tcpdump -i fxp0 port 587 Where fxp0 is the outside NIC on my firewall (the one with IP =20 10.34.0.1) as shown above. Then, on the public mail server, I requeued all the messages, so =20 they'd use the right transport: postsuper -r ALL It's magic! All the messages were delivered to the right spot. Controlling access I control access to port 587 on my mail server. I have firewall rules =20= in place that allow connections only from my home server. I think =20 there are no security risks involved in keeping it open, but I see no =20= reason to give access where no access is required. What about the other way around? If you need to handle outgoing port 25 to avoid ISP blocks, you can =20 always the same instructions, but in the reverse direction. It should =20= just work. Like the website? Want to give back? Please visit my wish list! Need more help on this topic? Click here This article has 7 comments Show me similar articles [ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH =20= | FEEDBACK | FAQ | FORUMS ] Servers and bandwidth provided by New York Internet and SuperNews =20 Valid HTML, CSS , and RSS. Copyright =A9 1997-2007 DVL Software Ltd. All rights reserved.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A8252CFD-A390-44CA-94BA-834F3EE31A6A>