The FreeBSD Diary -- Is your ISP blocking port 25? Here's a
Postfix solution.
Simon Chang
simonychang at gmail.com
Fri Jun 15 14:44:23 UTC 2007
Um, since you had pulled this article from The FreeBSD Diary, why
don't you try...
www.freebsddiary.org?
SC
On 6/11/07, John Hoskins <hoskinsjohn at mac.com> wrote:
> I need to get ion touch with the person who posted the article:
> I have a serious problem, and I need help.
>
> The FreeBSD Diary
>
> (TM)
> Providing practical examples since 1998
>
> [ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH
> | FEEDBACK | FAQ | FORUMS ]
>
> Is your ISP blocking port 25? Here's a Postfix solution.10 February 2006
> Need more help on this topic? Click here
> This article has 7 comments
> Show me similar articles
>
> My ISP started blocking incoming port 25. It's already blocking
> outgoing port 25 and I'm handling that. Now it's time to start
> accepting incoming mail on the submission port, 587. They aren't
> blocking my incoming port 25. But we went through this process for
> another guy on our computer, so I figured that this is a good thing
> for which it will pay to be pro active.
>
> This solution assumes you have a mail server at home and at least one
> other mail server out there on the Internet, one which does not have
> port 25 blocked. That part is crucial to this solution. It is the
> external server[s] that will accept incoming mail and forward it to
> you. In DNS terms, your MX records will not point to your home
> server, but to your public server.
>
> Your home mail server
> I started by adding the following line to /usr/local/etc/postfix/
> master.cf on my Postfix mail server at home:
>
> 10.34.0.1:587 inet n - n - - smtpd
> where 10.34.0.1 is the public IP address of my mail server [no,
> that's not really my IP address]. This instructs Postfix to listen on
> that IP address on port 587. This is known as the submission port:
> $ grep 587 /etc/services
> submission 587/tcp
> submission 587/udp
> Your public mail server
> Then I added this to /usr/local/etc/postfix/main.cf on my public mail
> server:
>
> transport_maps = hash:/usr/local/etc/postfix-config/transport
> This tells Postfix to observe the transport directives in the above
> mentioned file. You can put the file whereever you want. I like to
> keep it in that directory, which you'll probably have to create
> because it's not part of the standard system. In /usr/local/etc/
> postfix-config/transport I have:
>
> myserver.example.org smtp:[myserver.example.org]:587
> Where myserver.example.org is the hostname of my mail server at home.
> You need to create a .db file to go with that. I issued these commands:
>
> cd /usr/local/etc/postfix-config
> postmap transport
> You should now see a transport.db file. After making these changes
> you should restart postfix:
>
> postix restart
> Testing
> Then I sent a test message from the public mail server
>
> $ echo 'test' | mail me at myserver.example.org
> I confirmed that it was coming in on port 587 with this command on my
> mail server at home:
>
> tcpdump -i fxp0 port 587
> Where fxp0 is the outside NIC on my firewall (the one with IP
> 10.34.0.1) as shown above.
>
> Then, on the public mail server, I requeued all the messages, so
> they'd use the right transport:
>
> postsuper -r ALL
> It's magic!
>
> All the messages were delivered to the right spot.
>
> Controlling access
> I control access to port 587 on my mail server. I have firewall rules
> in place that allow connections only from my home server. I think
> there are no security risks involved in keeping it open, but I see no
> reason to give access where no access is required.
>
> What about the other way around?
> If you need to handle outgoing port 25 to avoid ISP blocks, you can
> always the same instructions, but in the reverse direction. It should
> just work.
>
>
>
>
> Like the website? Want to give back? Please visit my wish list!
>
>
>
>
> Need more help on this topic? Click here
> This article has 7 comments
> Show me similar articles
> [ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH
> | FEEDBACK | FAQ | FORUMS ]
> Servers and bandwidth provided by New York Internet and SuperNews
> Valid HTML, CSS , and RSS.
> Copyright (c) 1997-2007 DVL Software Ltd.
> All rights reserved.
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list