smtp Port 25 issue

[Anonymous]

I am running a Panther server (10.3.9) on a Xserve which provides email services for my organization. Lately, a number of users have been complaining that they are unable to send mail from their home networks. However, email works fine when sent within the office network. It also works for some users from their homes. I am suspecting that the problem is because of ISP providers blocking port 25. Here is my question:
How do I get around this without using the ISP smtp servers. Almost everybody has a different ISP and getting their smtp details and configuring them for every user is a hassle.
Is it possible to make the Panther server listen on port 587 also (the keyword here is "also"). Would I have to setup any forwarding in my firewall?

Thanks in advance,
J

[Anonymous]

I’ve got the same issue… looking for an answer as well. It looks like other mail servers can accept smtp relaying from authenticated users on other ports as well as 25 (Kerio seems to do so) and forward on through port 25. There must be a way to set this up on OS X’s postfix as well…

I was wondering if using VPN would help this. VPN into your server and then you should be able to do anything you like. My server cannot accept VPN as it is being hosted in a private shop which refuse incoming VPN connections, so I’d like another option.

Please post any answers you find!

[Musicman]

Is your server behind a Cisco firewall with Authenticated SMTP configured?

I had tremendous trouble figuring out what was going on with my server once I’d enabled Authenticated SMTP.

It turned out the problem was with the SMTP fixup on our PIX firewall, which is supposed to help sort out some older security issues with Sendmail by only allowing a limited number of SMTP commands to pass through on port 25. This means that the EHLO command sent at the beginning of the SMTPAuth session never makes it through the firewall. Since the bugs in sendmail that the fixup is fixing are rather ancient and don’t apply to postfix, you should be able to safely disable the SMTP fixup on your firewall.

[pedz]

General Disclaimer: I’m an old Unix hack but I don’t know much about the postfix mail system that Apple uses. I just groped around the man pages and pieced this together.

smtpd is kicked off by master. The master config file is in /private/etc/postfix/master.cf

You can edit master.cf and find the line with smtp as the first word and inet as the second word. Dupliate that line and replace the first word (the one that says “smtp”) with a port number.

What I did was I went to /etc/services and defined a service. It looks like port 26 is not used so I defined port 26 as “mysmtp”. Basically, edit /etc/services, find the two lines starting with smtp, duplicate those two lines but changes smtp to mysmtp and 25 to 26.

In my master.cf file, I put “mysmtp” as the first word (and inet is the second word). But it can be just a raw port number. The other fields stay the same as the smtp inet line.

After all this, you need to do “postfix reload” from the command line.

I tested my set up once (isn’t that enough 🙂 and it worked.

I am not sure if port 26 is a wise choice. I will need to explore that as I move around to the various sites I work from.

In my case, the command: netstat -a | egrep smtp

shows both smtp and mysmtp as being listened to.

Good luck.

[Anonymous]

I would personally prefer 465 or 587 for the secondary smtp port. You can check for connectivity from a remote client using telnet.
“telnet mailserver.com 465” should give you some headers like “ESMTP helo…”

[heavyboots]

You can always go with a commercial solution, such as no-ip.com offers (I think it is called Alternate Mail Port or some such thing). It’s something like $40, IIRC. I’ve never tried it but I was just there the other day looking into dynamic dns services and noticed it was an option.

[kcarlile]

I usually use port 2025. Easy to remember.

[Demani]

This was on macosx.com- I haven’t tested it yet:

[QUOTE]
Open up /etc/postfix/master.cf

Uncomment the following line:
submission inet n – n – – smtpd

Open up the submission port (587) on your firewall and if necessary, set up port forwarding to the mail server on 587.

Just do a quick telnet on port 587 to check if it is working fine.[/QUOTE]

Port 587 is the standard alternate port. I would recommend 50025 if you are looking for a port that is easy to remember and not likely to be used. Many port scanners will also go through port 1-10000 and then move on.

[gmankono]

Unfortunately, I have tried the suggestion quoted below to no avail. Regardless of the fact that the submission port already exists as a service, and all instances of the submission line have been uncommented in the /etc/postfix/master.cf file, the server refuses to respond to port 587. The router I have in front of the server, acting as firewall, logs the fact that the attempt has been forwarded, but telnet gets “connection refused” and, of course, mail clients cannot specify port 587.
All this because some networks refuse to allow outgoing port 25. Freakin’ free wireless networks…
I have VPN in place as an alternative, but it would be extremely nice to have this work.
Thanks for any help available.

G

[QUOTE][u]Quote by: Demani[/u]

This was on macosx.com- I haven’t tested it yet:

[QUOTE]
Open up /etc/postfix/master.cf

Uncomment the following line:
submission inet n – n – – smtpd

Open up the submission port (587) on your firewall and if necessary, set up port forwarding to the mail server on 587.

Just do a quick telnet on port 587 to check if it is working fine.[/QUOTE]

Port 587 is the standard alternate port. I would recommend 50025 if you are looking for a port that is easy to remember and not likely to be used. Many port scanners will also go through port 1-10000 and then move on.

[/QUOTE]

[uptimejeff]

Try an narrow down whether 587 is/isn’t working vs router not forwarding. Here’s my suggestion:

Only uncomment the single submission line from /etc/postfix/master.cf
Then do ‘sudo postfix reload’
Then (from the server) ‘telnet localhost 587’
You should receive an SMTP response. If you do, then the server is setup properly and you can look at connectivity (router).

[Anonymous]

the way I did it was with a ssh tunnel. it’s a goofy hack, but works well. try this at a command prompt on your mailserver:

ssh -g -N -f -L 587:fqdofyoumailserver:25 localhost

enter your password and away you go…. SMTP on 587 AND 25 😉 it should prolly be scripted to startup automatically (launchd?), but my uptime is normally in the months so I haven’t bothered

[mmond]

Just a quick THANKS to Demani!

I found nothing in Apple documentation about updating an XServe to support submission smtp on port 587. Your snippet worked perfectly.

I needed to restart Postfix and add a firewall hole, and that was it.

Much appreciated.
Mark

[xdavid]

Just to add something to this thread… even if using an alternative submission port, it is possible that your remote user could be on a dynamic IP or similar which may get blocked by any recipient restrictions, (RBLs, etc). To avoid this, overwrite any restrictions for the alternative submission port.

Rather than duplicate stuff, see Jeff Johnson’s web site…
http://mac007.com/?Tips:Alternate_SMTP_Ports

-david

[Author]

Posts