Spam Filter ISP Support - multiple listen ports

Print Page | Close Window

multiple listen ports

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6261
Printed Date: 30 June 2025 at 9:50pm

Topic: multiple listen ports

Posted By: hharrr
Subject: multiple listen ports
Date Posted: 30 September 2007 at 10:16pm

As of a a few months ago, more service providers are beginning to enforce blocking port 25 at their routers. This means that any client sending out on port 25 will only be allowed to connect to the service provider's smtp servers. To send mail out through an alternate smtp server, it is necessary to configure the client to another port, like 587. To make that work spamfilterisp needs to be able to listen on more than 1 port: say 25 and 587. It is still necessary to listen on 25 as server-to-server traffic sits on that port; client-to-server traffic should go on 587. This was already set out in 1998 in rfc 2476, but never really enforced, until now. Is there a way to do this? I tried adding another port in the listenport line, but only the first one is picked up.

Replies:

Posted By: Desperado
Date Posted: 01 October 2007 at 11:36am

hharr,

Inbound SMTP traffic is always on port 25. The port 587 info that you refer to is the port that a *client machine* connects on from it's Outlook or Eudora etc. The ISP's mail server will still send out to "the world" on port 25 to be received by inbound servers. As an ISP ourselves, we DO NOT allow any connections to our *client* SMTP server unless the client is "inside" our network or uses SMTP-AUTH. In the cases where a customer must mail through us (SPF, etc) and their ISP does not allow Port 25 OUTBOUND traffic, we have them use an SSL connection on port ~~443~~ 465 (Corrected) which SpamFilter will, in fact, listen on in addition to normal port 25.

Having said all that, perhaps I am not understanding your problem. No mail servers should be connecting to you an any port except 25. If there were not standard, all hell would break loose. Or have I missed a huge memo?

-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Posted By: hharrr
Date Posted: 02 October 2007 at 11:36am

Thanks for the reply.

Server-to-server traffic is always on port 25 as you said.

I do have some people (mostly on notebooks) who relay through the server to send to the rest of the world. This keeps them from having to adopt whatever smtp server their current local (where-ever they go) isp provides. It saves them from changing the smtp settings in their mail browser for every location. Until now they used port 25 with authentication. But with port 25 being blocked, that's no longer possible from quite a few networks. This means we need another port for them to connect and relay...

I came up with 2 initial solutions:

1) Run a second instance of the spamfilter from its own (different) folder with its own ini file. This one listens on port 587. I left the "authorized to" list empty so it will not accept any emails to anyone (including local mailboxes), unless they authenticate first. Once authenticated they can relay through or deliver locally. This seems to work ok.

2) Run a smtp proxy that listens on port 587 and forwards to port 25. Brief testing shows that also works.

Ideally a simple relay server that can do authenticated smtp may be a better solution. I'm having some trouble finding such a package though. It seems all auth capable servers are full-featured mail servers as well.

Any comments/suggestions would be appreciated. Thanks!

Posted By: LogSat
Date Posted: 02 October 2007 at 12:03pm

hharrr,

SpamFilter ISP supports SMTP authentication. In addition, we also support SSL over SMTP on port 465. This means that you can configure SpamFilter to listen for "normal" SMTP traffic on port 25 so it can accept emails from other mail servers. You can then also enable the SSL port (by default 465) and configure SMTP authentication on it. This will allow email clients to connect to SpamFilter on port 465, thus avoiding any blocks imposed by the ISP used by roaming clients. Furthermore, you can "sell" your customers the fact that their outgoing emails will be encrypted to your server.

Please note that to avoid any security popup messages on the client end, you will need to use a "real" comercial SSL certificate, as the sample one shipped with SpamFilter is just a sample one.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Print Page | Close Window