Getting around ISP SMTP firewall settings (Re: Submitting a new port if send-pr is broken)

Ted Mittelstaedt tedm at
Mon Nov 26 23:33:24 PST 2007

> -----Original Message-----
> From: Aryeh M. Friedman [mailto:aryeh.friedman at]
> Sent: Monday, November 26, 2007 10:02 PM
> To: Aryeh M. Friedman
> Cc: Ted Mittelstaedt; Bob Richards; freebsd-questions at
> Subject: Re: Getting around ISP SMTP firewall settings (Re: Submitting a
> new port if send-pr is broken)
> Hash: SHA1
> Aryeh M. Friedman wrote:
> >
> > > Frankly, unless you processing mail for a lot of people, there is no
> > > benefit to running your own mailserver, and you really ought to be
> > > using a client-server model for getting mail, as you are doing.  The
> > > OP just hasn't realized this yet.
> >
> > Actually I am processing mail for over a dozen people and almost 100
> > diff addrs so it does make sense if it is possible.
> >
> >
> Oops forgot to mention there is a small set of complicating factors:
> 1. The people and addrs I process mail for all have the same domain
> but live in locations all around the globe (virtual company)
> 2. The domain should/must be the same as the company's web page (see
> my sig for addr) which is on a convention web hosting arrangement
> 3. As far I can all inbound/outbound smtp/http (25, 587, and 80) are
> blocked by the ISP (they offer them under a business package that also
> includes a static IP but currently that is too pricey)

You really need to clarify what you mean by inbound and outbound.

I'll assume that by inbound, you mean you cannot have inbound
connections to ports 25, 587, and 80.  This is perfectly legitimate
for a residential ISP connection.

I'll assume that by outbound, you mean you cannot have outbound
connections to ports 25, 587, and 80.  This is silly.  A block on
an outbound connection to port 80 would mean you couldn't surf
the web.

I'll assume you mean that outbound port 25 is blocked to everywhere
except for the ISP's own mailserver.  That also is perfectly legitimate
for a residential ISP connection.

A block on an outbound port 587 connection has only ONE purpose,
to prevent you from using a legitimate mailserver for sending
mail other than the ISPs server.  Servers on the Internet that
respond to port 587 are only supposed to relay mail from AUTH
connections to 587 so allowing ISP customers to use 587 is not
a security or SPAM problem.  587 is not used for server-to-server
mail traffic.  If your ISP is indeed blocking outbound 587 then
you have justifyable reasons to scream and bitch, and they do
NOT have any justifyable reason to block it.

None of the large cable or DLS providers block outbound 587

> 4. The ISP is the only one in my area (semi-rural) that offers high
> speed bandwidth
> 5. Even though my web hoster offers mail forwarding it does not offer
> mail box and/or mailing list hosting (having prepaid for 2 years and
> only being 2 months into the deal I am not going to switch providers)

There's plenty of ISP's on the Internet that offer mailboxes only.
I can't fault your webhoster for not wanting to get into offering
mailboxes.  It is a speciality, just as webhosting is a speciality.

What you really should have done, (of course hindsight is a great
revealer) is to have contracted with an ISP where you could have
colocated a server.  For probably $100 a month you could have your
own box with a public IP address and run a mailserver on it, hosted
your website on it, and you could have modified it so that instead of
port 587, you did auth-smtp on port 588 and then gotten around your
ISP's block on outbound 587 (if infact, such exists)

You really only have 2 non-business connection choices as I see it.

First, contract with some ISP that will sell you a mailbox that
will take domain mail.  Next build a mailserver at your site
that uses fetchmail to pop down that mail and port 587 to send it out.
Last, on your site mailserver, setup
a pop3 or imap server that uses a non-standard port#, then config
your road warrior clients to use that port, or setup a webmail
interface and use a URL like
to access it.  This assumes outbound port 110 and 587 are NOT blocked.

If outbound port 587 and 110 ARE blocked, then you cannot do
anything other than the colocated box that has all non-standard
ports, OR say hell with it and work out a deal with
an ISP to do virtual mailboxes and mailhosting.  If you want
to do that last, I'd be happy to pitch pricing to you for my
employer off list.  (as no doubt, many other list readers could)

Really, as others have said, it's easier to pay the money for the
business line.  How much extra do they want for it?


More information about the freebsd-questions mailing list