multiple listen ports |
Post Reply 
|
| Author | |
hharrr 
Newbie 
Joined: 30 September 2007 Status: Offline Points: 2 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: multiple listen portsPosted: 30 September 2007 at 10:16pm |
|
As of a a few months ago, more service providers are beginning to enforce blocking port 25 at their routers. This means that any client sending out on port 25 will only be allowed to connect to the service provider's smtp servers. To send mail out through an alternate smtp server, it is necessary to configure the client to another port, like 587. To make that work spamfilterisp needs to be able to listen on more than 1 port: say 25 and 587. It is still necessary to listen on 25 as server-to-server traffic sits on that port; client-to-server traffic should go on 587. This was already set out in 1998 in rfc 2476, but never really enforced, until now. Is there a way to do this? I tried adding another port in the listenport line, but only the first one is picked up.
|
|
 |
|
|
Desperado
Senior Member 
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 01 October 2007 at 11:36am |
|
hharr,
Inbound SMTP traffic is always on port 25. The port 587 info that you refer to is the port that a *client machine* connects on from it's Outlook or Eudora etc. The ISP's mail server will still send out to "the world" on port 25 to be received by inbound servers. As an ISP ourselves, we DO NOT allow any connections to our *client* SMTP server unless the client is "inside" our network or uses SMTP-AUTH. In the cases where a customer must mail through us (SPF, etc) and their ISP does not allow Port 25 OUTBOUND traffic, we have them use an SSL connection on port
Having said all that, perhaps I am not understanding your problem. No mail servers should be connecting to you an any port except 25. If there were not standard, all hell would break loose. Or have I missed a huge memo? Edited by Desperado - 02 October 2007 at 10:21am |
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
|
|
|
hharrr
Newbie
Joined: 30 September 2007 Status: Offline Points: 2 |
Post Options
Thanks(0)
Quote Reply
Posted: 02 October 2007 at 11:36am |
|
Thanks for the reply.
Server-to-server traffic is always on port 25 as you said.
I do have some people (mostly on notebooks) who relay through the server to send to the rest of the world. This keeps them from having to adopt whatever smtp server their current local (where-ever they go) isp provides. It saves them from changing the smtp settings in their mail browser for every location. Until now they used port 25 with authentication. But with port 25 being blocked, that's no longer possible from quite a few networks. This means we need another port for them to connect and relay...
I came up with 2 initial solutions:
1) Run a second instance of the spamfilter from its own (different) folder with its own ini file. This one listens on port 587. I left the "authorized to" list empty so it will not accept any emails to anyone (including local mailboxes), unless they authenticate first. Once authenticated they can relay through or deliver locally. This seems to work ok.
2) Run a smtp proxy that listens on port 587 and forwards to port 25. Brief testing shows that also works.
Ideally a simple relay server that can do authenticated smtp may be a better solution. I'm having some trouble finding such a package though. It seems all auth capable servers are full-featured mail servers as well.
Any comments/suggestions would be appreciated. Thanks!
|
|
|
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 02 October 2007 at 12:03pm |
|
hharrr,
SpamFilter ISP supports SMTP authentication. In addition, we also support SSL over SMTP on port 465. This means that you can configure SpamFilter to listen for "normal" SMTP traffic on port 25 so it can accept emails from other mail servers. You can then also enable the SSL port (by default 465) and configure SMTP authentication on it. This will allow email clients to connect to SpamFilter on port 465, thus avoiding any blocks imposed by the ISP used by roaming clients. Furthermore, you can "sell" your customers the fact that their outgoing emails will be encrypted to your server. Please note that to avoid any security popup messages on the client end, you will need to use a "real" comercial SSL certificate, as the sample one shipped with SpamFilter is just a sample one. |
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.111 seconds.