Date: Sat, 20 Aug 2005 12:51:38 -0500 From: Logan <lashby@gmail.com> To: freebsd-isp@freebsd.org Subject: Re: Workarounds for blocked port 25 on outgoing e-mail Message-ID: <9cd98d1205082010512aeef7ff@mail.gmail.com> In-Reply-To: <003601c5a592$4965e530$15f9e204@4BANKS> References: <003f01c5a517$ee377590$81f9e204@4BANKS> <56484ca2cf96b4011c66d9146cc47e49@gothic.net.au> <003601c5a592$4965e530$15f9e204@4BANKS>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/20/05, Jay Banks <jay.quest4@gmail.com> wrote: > I don't quite understand what you are saying. I have multiple POP3 > accounts with a virtual host and my servers at work, etc. I can get > e-mail from them all day long, but every ISP I use blocks my attempts > to send through them. I get "no socket" errors when I try and connect. Again, POP3 access is NOT SMTP access. They are seperate issues, seperate protocols. That's why you can download your mail using POP3, but have problems sending it out using SMTP. > Same thing for our company employees not physically located > in our area. They can get e-mail from our server (MS Exchange > for them) just fine, but none of them can send mail through it. Not > because of something on my side, but because of the ISP they use. Without knowing the details of your Exchange configuration, I'm not sure that's true. They may very well be blocked by the anti-relay features of Exchange. Think about this... how does Exchange, connected to ProviderA know that UserB connected through ProviderB is one of your users? > I would like to solve the problem for the above reasons, but it > would also be nice to offer POP3 access to customers and > know that they could use it from any location without having > to resort to some web-based front end. If their email address is in your domain, and routed to your Exchange server, then this should "just work".... for downloading their mail with POP3. Of course, that assumes that you have port 110 (or 143 for IMAP) access available from outside your network. > > Port 587 is the mail submission port, and is supported by sendmail, > > postfix, exim etc with little problems.=20 >=20 > I just played around with this for a little bit and it doesn't work for > POP3 servers through esosoft.com. Not sure if it is them or my ISP, > though. Are you meeting their authentication requirements? Simply changing the port number usually won't work. You also have to configure your client to authenticate to their mail server. > Doug Hardie wrote: > > Blocking external use of port 25 is a simple, but misguided, approach > > to spam control. Blocking port 25 outbound is a flame-war generator. :) I wish MORE large providers would do it myself. It's an effective way to limit the spewage from zombie farms on their customer's machines. It's much better than the providers who are the victims of that spewage trying to guess which of those customers are infected zombies on dynamic connections and blocking those. > > It creates too many problems for people who are > > properly using mail. The better approach is to require the use of > > SMTP-AUTH (preferrably with TLS) before permitting any mail routing. > > If all MTAs did that there would be no need to block port 25. Nope, that wouldn't address the main issue at all. That issue is hundreds of thousands of users with a "zombied" machine sending spam directly to other provider's mail servers on port 25. No relaying involved. That's what the port 25 blocks are trying to shut down. Of course, spammers will adapt, (and have already started), but it still cuts out a major swath of spam. > Logan wrote: > > Your access provider should be able to handle outbound > > email for you with very little trouble. It's probably as easy as > > asking what they recommend as the outbound/smtp mailserver > > for you. >=20 > Honestly, there is a way around this. My ISP can add > the IP address of my hosted POP3 servers into a > permit list.=20 How much control do you have over the MTA software config on your hosted servers? Can you set them up to answer on 587 and offer SMTP-AUTH? > I asked the DSL providers of one of our employees > in another town to unblock port 25 for that employee... > and the guy **laughed** at me. That's unprofessional, but hardly surprising if the employee has a standard consumer dsl account with a dynamic IP address. I've seen DSL IP's change as often as every two hours, which would mean they would have change their blocking list ever two hours. > That is what I setup with my sendmail/popa3d configuration. > And honestly, after looking at the alternatives, this seemed > to be the easiest route to go.=20 It is a bit of a kludge. My recommendation would be Postfix with SMTP-AUTH. It's not THAT tough to set up, and Postfix has the best documentation for it that I've seen.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9cd98d1205082010512aeef7ff>