| View previous topic :: View next topic |
| Author |
Message |
skill
n00b
Joined: 15 Apr 2004
Posts: 9
|
 Posted: Thu Apr 15, 2004 8:29 pm Post subject: Getting around ISP sendmail (port 25) block (Version 2) |
 |
|
Getting around ISP sendmail (port 25) block (Version 2)
First of all, everyone who did read this about how to get around isp block on this[1] link found out that the solution to get mail was to add a rule to iptables telling it to redirect incomming connections at for example, port 9999 to port 25 internally on the server.
But as everyone knows, this is only the first problem, what I belive is more important is how to get traffic from another computer, which has an open port 25, to route the mails to my computer at port 9999. Whether this is done by using SSH-tunnel or some other great tunnel-software is offcourse intresting but im looking for the perfect solution, which would be the same as done above but with what i belive is the greatest firewall tool ever, iptables.
CAN YOU DO IT?
[1] https://forums.gentoo.org/viewtopic.php?t=57796 |
|
| Back to top |
|
 |
cudeso
n00b
Joined: 10 Dec 2003
Posts: 36
Location: Brugge
|
| Posted: Thu Apr 15, 2004 8:42 pm Post subject: Re: Getting around ISP sendmail (port 25) block (Version 2) |
|
|
| skill wrote: |
But as everyone knows, this is only the first problem, what I belive is more important is how to get traffic from another computer, which has an open port 25, to route the mails to my computer at port 9999. Whether this is done by using SSH-tunnel or some other great tunnel-software is offcourse intresting but im looking for the perfect solution, which would be the same as done above but with what i belive is the greatest firewall tool ever, iptables.
|
I'm not sure that I fully understand your question but you're on a dead end if it comes down to informing "outside" mailservers that your mailserver is listening on port 9999. Your mx-records do not contain a "port", only a host-name.
The solution to this is subscribing to an e-mail-forwarding service that 'accepts' all the mails destined for your domain and forwards them to your mailserver on your specified tcp-port.
I'm using DNSPlus from EasyDNS http://www.easydns.com and i'm very happy with it. |
|
| Back to top |
|
|
splooge
l33t
Joined: 30 Aug 2002
Posts: 636
|
| Posted: Thu Apr 15, 2004 8:49 pm Post subject: |
|
|
Possible? Sure. Probable? No. Feasible? No. Will it work well? Not a chance.
You'd have to configure (err, get the administrators of the smtp server that's sending you mail -- one of a billion on the internet) the server that's sending you the e-mail to use port 9999. You think AOL is going to configure their servers to do that for you and break an internet standard?
Port redirection would work but no way you're gonna get all the servers on the internet to recognize your special case port at 9999.
If your inbound port 25 traffic is blocked, you're screwed. No mail server for you.
_________________
http://get.a.clue.de |
|
| Back to top |
|
|
kpack
Tux's lil' helper
Joined: 29 Mar 2004
Posts: 137
|
| Posted: Thu Apr 15, 2004 8:57 pm Post subject: |
|
|
Are you sure your ISP blocks inbound traffic on port 25? My last ISP blocked outbound traffic on port 25 to stop customers from spamming. They didn't block inbound port 25 connections, so it didn't stop me from operating my own mail server.
The only hitch was that my mail server had to forward outgoing mail to the ISP's mail server. I use PostFix, so I did that with the relayhost parameter:
| Code: | | relayhost=smtp.foo.bar |
The MX record for my domain pointed to my internal mail server and incoming mail came straight through. |
|
| Back to top |
|
|
fleed
l33t
Joined: 28 Aug 2002
Posts: 756
Location: London
|
| Posted: Fri Apr 16, 2004 9:51 am Post subject: |
|
|
| Even if they block your incoming 25 you could get a service that redirects your mail for you, I think www.zoneedit.com does it. For free too. |
|
| Back to top |
|
|
MadOtis
Apprentice
Joined: 14 Dec 2002
Posts: 163
Location: Georgia
|
| Posted: Fri Apr 16, 2004 11:19 am Post subject: |
|
|
I use DynDNS.com to handle my redirects. What they do is create what they call a mailhop, or webhop. These are real-world addresses that actually point to their servers. They in turn redirect or forward the request to whatever url you specify when you set up the hop. So, I can create a URL like so: www.fredco.com, which would be publicly available to the whole internet, and where it would possibly end up on my machines would be sproing.fredco.com:8888. The same concept works with their mailhop service, but it's implemented a little differently because you're not dealing with a browser, and thus, does not handle redirects well.
HTH,
Randy |
|
| Back to top |
|
|
|
Networking & Security
