Some sneakiness with xinetd 
8 October 2002
So you run a mail server. Problem is your remote users are using an Earthlink dialup account. You want your users to be able to relay mail through your system, but Earthlink blocks all outgoing traffic on port 25, the smtp port, except to smtp.mac.com and the Earthlink mail servers. So what do you do?
Well, you can get around this restriction by using another port to send mail. However, you need to still listen on port 25 or else you won’t get any incoming mail from the outside world. Bummer, now you have to create two instances of your mail server. One to listen on 25 and the other to listen on your “other” smtp port. While you can do this with many of the UNIX mail servers, you won’t be able to do this with the included Apple mail server. Although, even with the UNIX mail servers running two copies is a bit cumbersome and can cause problems with locking the mail spool and other issues like that.
Think all is lost?
You can easily get around this with a bit of redirection from xinetd. We talk a little about this in our article on TFTP, but here is an actual example.
Since no one in the world really uses finger anymore (it was an old command line utility to see if your friends were logged in on a machine—it is very rare to see it used anymore) we’ll hijack the port for our own needs.
We are going to edit the /etc/xinetd.d/finger file and change it from:
service finger
{
disable = yes
socket_type = stream
wait = no
user = nobody
server = /usr/libexec/fingerd
server_args = -s
groups = yes
flags = REUSE
}
to this:
service finger
{
disable = yes
socket_type = stream
wait = no
user = nobody
redirect = 10.0.1.10 25
groups = yes
flags = REUSE
}
Notice the redirect line that we added. This tells xinetd to take an incoming communication and pipe it over to the IP address and port that we tell it to. Now, pay very special attention to this line. If you use the loopback address, 127.0.0.1, more than likely your machine will accept a mail relay without authentication. This is bad since it leaves you wide open for abuse. So it is probably better to use your actual IP address here and then make sure you can’t relay from that address without authentication.
Now that you have made your edits it is time to restart xinetd
sudo kill -HUP `cat /var/run/xinetd.pid`
If all went well you should be able to reach your mail server, if it is on the same, machine by
telnet localhost finger
Finger runs on port 79. You will need to make sure that you do not have a firewall blocking port 79 between the Internet and your server. Also you will need to edit your user’s mail program and have it use port 79 for SMTP.