Date: Fri, 15 Jun 2007 10:18:00 -0400 From: "Simon Chang" <simonychang@gmail.com> To: "John Hoskins" <hoskinsjohn@mac.com> Cc: freebsd-questions@freebsd.org Subject: Re: The FreeBSD Diary -- Is your ISP blocking port 25? Here's a Postfix solution. Message-ID: <8efc42630706150718j461af678y54f6b0812c4bdb5a@mail.gmail.com> In-Reply-To: <A8252CFD-A390-44CA-94BA-834F3EE31A6A@mac.com> References: <A8252CFD-A390-44CA-94BA-834F3EE31A6A@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Um, since you had pulled this article from The FreeBSD Diary, why don't you try... www.freebsddiary.org? SC On 6/11/07, John Hoskins <hoskinsjohn@mac.com> wrote: > I need to get ion touch with the person who posted the article: > I have a serious problem, and I need help. > > The FreeBSD Diary > > (TM) > Providing practical examples since 1998 > > [ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH > | FEEDBACK | FAQ | FORUMS ] > > Is your ISP blocking port 25? Here's a Postfix solution.10 February 2006 > Need more help on this topic? Click here > This article has 7 comments > Show me similar articles > > My ISP started blocking incoming port 25. It's already blocking > outgoing port 25 and I'm handling that. Now it's time to start > accepting incoming mail on the submission port, 587. They aren't > blocking my incoming port 25. But we went through this process for > another guy on our computer, so I figured that this is a good thing > for which it will pay to be pro active. > > This solution assumes you have a mail server at home and at least one > other mail server out there on the Internet, one which does not have > port 25 blocked. That part is crucial to this solution. It is the > external server[s] that will accept incoming mail and forward it to > you. In DNS terms, your MX records will not point to your home > server, but to your public server. > > Your home mail server > I started by adding the following line to /usr/local/etc/postfix/ > master.cf on my Postfix mail server at home: > > 10.34.0.1:587 inet n - n - - smtpd > where 10.34.0.1 is the public IP address of my mail server [no, > that's not really my IP address]. This instructs Postfix to listen on > that IP address on port 587. This is known as the submission port: > $ grep 587 /etc/services > submission 587/tcp > submission 587/udp > Your public mail server > Then I added this to /usr/local/etc/postfix/main.cf on my public mail > server: > > transport_maps = hash:/usr/local/etc/postfix-config/transport > This tells Postfix to observe the transport directives in the above > mentioned file. You can put the file whereever you want. I like to > keep it in that directory, which you'll probably have to create > because it's not part of the standard system. In /usr/local/etc/ > postfix-config/transport I have: > > myserver.example.org smtp:[myserver.example.org]:587 > Where myserver.example.org is the hostname of my mail server at home. > You need to create a .db file to go with that. I issued these commands: > > cd /usr/local/etc/postfix-config > postmap transport > You should now see a transport.db file. After making these changes > you should restart postfix: > > postix restart > Testing > Then I sent a test message from the public mail server > > $ echo 'test' | mail me@myserver.example.org > I confirmed that it was coming in on port 587 with this command on my > mail server at home: > > tcpdump -i fxp0 port 587 > Where fxp0 is the outside NIC on my firewall (the one with IP > 10.34.0.1) as shown above. > > Then, on the public mail server, I requeued all the messages, so > they'd use the right transport: > > postsuper -r ALL > It's magic! > > All the messages were delivered to the right spot. > > Controlling access > I control access to port 587 on my mail server. I have firewall rules > in place that allow connections only from my home server. I think > there are no security risks involved in keeping it open, but I see no > reason to give access where no access is required. > > What about the other way around? > If you need to handle outgoing port 25 to avoid ISP blocks, you can > always the same instructions, but in the reverse direction. It should > just work. > > > > > Like the website? Want to give back? Please visit my wish list! > > > > > Need more help on this topic? Click here > This article has 7 comments > Show me similar articles > [ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH > | FEEDBACK | FAQ | FORUMS ] > Servers and bandwidth provided by New York Internet and SuperNews > Valid HTML, CSS , and RSS. > Copyright (c) 1997-2007 DVL Software Ltd. > All rights reserved. > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8efc42630706150718j461af678y54f6b0812c4bdb5a>