From owner-freebsd-questions@FreeBSD.ORG Mon Jun 11 14:08:38 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id ACBF816A468 for ; Mon, 11 Jun 2007 14:08:38 +0000 (UTC) (envelope-from hoskinsjohn@mac.com) Received: from sccrmhc15.comcast.net (sccrmhc15.comcast.net [204.127.200.85]) by mx1.freebsd.org (Postfix) with ESMTP id 7228813C48A for ; Mon, 11 Jun 2007 14:08:38 +0000 (UTC) (envelope-from hoskinsjohn@mac.com) Received: from [10.0.1.200] (c-76-26-43-14.hsd1.fl.comcast.net[76.26.43.14]) by comcast.net (sccrmhc15) with SMTP id <2007061113583401500dqpq7e>; Mon, 11 Jun 2007 13:58:34 +0000 Mime-Version: 1.0 (Apple Message framework v752.3) To: freebsd-questions@freebsd.org Message-Id: From: John Hoskins Date: Mon, 11 Jun 2007 09:57:22 -0400 X-Mailer: Apple Mail (2.752.3) Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: The FreeBSD Diary -- Is your ISP blocking port 25? Here's a Postfix solution. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jun 2007 14:08:38 -0000 I need to get ion touch with the person who posted the article: I have a serious problem, and I need help. The FreeBSD Diary (TM)=09 Providing practical examples since 1998 [ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH =20= | FEEDBACK | FAQ | FORUMS ] Is your ISP blocking port 25? Here's a Postfix solution.10 February 2006 Need more help on this topic? Click here This article has 7 comments Show me similar articles My ISP started blocking incoming port 25. It's already blocking =20 outgoing port 25 and I'm handling that. Now it's time to start =20 accepting incoming mail on the submission port, 587. They aren't =20 blocking my incoming port 25. But we went through this process for =20 another guy on our computer, so I figured that this is a good thing =20 for which it will pay to be pro active. This solution assumes you have a mail server at home and at least one =20= other mail server out there on the Internet, one which does not have =20 port 25 blocked. That part is crucial to this solution. It is the =20 external server[s] that will accept incoming mail and forward it to =20 you. In DNS terms, your MX records will not point to your home =20 server, but to your public server. Your home mail server I started by adding the following line to /usr/local/etc/postfix/=20 master.cf on my Postfix mail server at home: 10.34.0.1:587 inet n - n - - smtpd where 10.34.0.1 is the public IP address of my mail server [no, =20 that's not really my IP address]. This instructs Postfix to listen on =20= that IP address on port 587. This is known as the submission port: $ grep 587 /etc/services submission 587/tcp submission 587/udp Your public mail server Then I added this to /usr/local/etc/postfix/main.cf on my public mail =20= server: transport_maps =3D hash:/usr/local/etc/postfix-config/transport This tells Postfix to observe the transport directives in the above =20 mentioned file. You can put the file whereever you want. I like to =20 keep it in that directory, which you'll probably have to create =20 because it's not part of the standard system. In /usr/local/etc/=20 postfix-config/transport I have: myserver.example.org smtp:[myserver.example.org]:587 Where myserver.example.org is the hostname of my mail server at home. =20= You need to create a .db file to go with that. I issued these commands: cd /usr/local/etc/postfix-config postmap transport You should now see a transport.db file. After making these changes =20 you should restart postfix: postix restart Testing Then I sent a test message from the public mail server $ echo 'test' | mail me@myserver.example.org I confirmed that it was coming in on port 587 with this command on my =20= mail server at home: tcpdump -i fxp0 port 587 Where fxp0 is the outside NIC on my firewall (the one with IP =20 10.34.0.1) as shown above. Then, on the public mail server, I requeued all the messages, so =20 they'd use the right transport: postsuper -r ALL It's magic! All the messages were delivered to the right spot. Controlling access I control access to port 587 on my mail server. I have firewall rules =20= in place that allow connections only from my home server. I think =20 there are no security risks involved in keeping it open, but I see no =20= reason to give access where no access is required. What about the other way around? If you need to handle outgoing port 25 to avoid ISP blocks, you can =20 always the same instructions, but in the reverse direction. It should =20= just work. Like the website? Want to give back? Please visit my wish list! Need more help on this topic? Click here This article has 7 comments Show me similar articles [ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH =20= | FEEDBACK | FAQ | FORUMS ] Servers and bandwidth provided by New York Internet and SuperNews =20 Valid HTML, CSS , and RSS. Copyright =A9 1997-2007 DVL Software Ltd. All rights reserved.