Topic: SMTP port closed on external interface - No external mail co

[Niels Leeuwis]

> Try telnetting to port 25 *internally*, from the same subnet
> as the SME.  This will tell you if the problem is on your SME
> box or your NAT/router setup.  If you connect properly you
> should see something like:
>
> 220 pdc.brummell.net mailfront ESMTP

Tried that allready, netstat -a -n on the mitel indicates that ithe server is listening on port 25 (0.0.0.0:25 LISTEN) but that is no guarantee it is responding

(I have the same problem sometimes..."is this dress okay ???" LOL)

[Terry Brummell]

Yes, but did it connect?  Trying to establish WHERE the problem is...it's not necessarily the SME that's not working.

[Upaboveit]

This seems to be a promising solution:

http://www.davideous.com/smtp-poplock/

I haven't tried it but its description seems to answer the prayers.

[Bill Talcott]

Upaboveit wrote:
>
> This seems to be a promising solution:
>
> http://www.davideous.com/smtp-poplock/
>
> I haven't tried it but its description seems to answer the
> prayers.

This is probably a fancier, more secure version of Nathan Fowler's pop-before-smtp script. Damien's SASL contrib adds authentication to the SMTP connection itself, and already works just fine for SME.

Regarding my SMTP issue, it works great from inside. However, port 25 is being blocked from the outside. It appears stealthed in a scan. I've tried restarting everything, and signalling update events and such so that the config files will get rebuilt. Opening the port causes everything to work great again, and removing the port opening entry causes it to stop working again.

[Niels Leeuwis]

Hello,

After extensive testing I was able to narrow the problem down, port 25 reacts fine from inside (telnet x.x.x.x 25) even when trying it from the other subnet (server is in a DMZ). From the outside no response is coming. At this point I suspect qmail not answering on SMTP calls that are from IP numbers that it doesn't know. Being an absolute nitwit on qmail I'm going to read the documentation on
http://www.qmail.org/man/index.html
to find a solution there..
Any other hints are welcome, Bill can you explain me how you opend up port 25 ??

Thnx
Niels

[Charlie Brady]

Bill Talcott wrote:

> Regarding my SMTP issue, it works great from inside. However,
> port 25 is being blocked from the outside. It appears
> stealthed in a scan.

Is smtpfront-qmail set to "private" in the config db?

What does:

/sbin/e-smith/config show smtpfront-qmail

say?

Charlie

[Bill Talcott]

Charlie Brady wrote:
>
> Is smtpfront-qmail set to "private" in the config db?
>
> What does:
>
> /sbin/e-smith/config show smtpfront-qmail
>
> say?
>
> Charlie

# /sbin/e-smith/config show smtpfront-qmail
smtpfront-qmail=service
    access=public
    filter=/usr/sbin/qmail-queue.amavis
    status=enabled

[Bill Talcott]

Niels Leeuwis wrote:
>
> Bill can you explain me how you
> opend up port 25 ??

I installed the "Port Opening" contrib from contribs.org. I then went into the Port Opening panel in Server Manager, and typed in 25 and clicked "Open".

[Niels Leeuwis]

Hello,

Just a quickie to let all interested ones know that I think I have pinned down the problem, it seems that my uplink (provider, I have an ADSL connection) is blocking all SMTP traffic that is not adressed to his server or originating from his downlinks. After some discussion with the first line of the helpdesk I was able to convince them that I needed to talk to someone that knew what he (or she) was talking about and after explaining the problems he send me a small how-to about relaying mailtraffic. Yesterday evening I changed my MX records, so I'm able to test this evening.
If it works I'll let you know so others can profit of this knowledge.

Bye

Niels

[dave]

How does one "Downgraded to 5.5"?
I assume a downgrade is the reverse of a upgrade, so files and data would not be disturbed. But I do not understand how to do it.

[Niels Leeuwis]

dave wrote:
>
> How does one "Downgraded to 5.5"?
> I assume a downgrade is the reverse of a upgrade, so files
> and data would not be disturbed. But I do not understand how
> to do it.

In this case downgrading doesn't mean anymore then installing a previous version (in this case 5.5). Normally you should have to back up all files on the server manually and after the downgrade restore them on the right places. In this case I am building and testing a brand new server so the only thing I had on it were the configuration files, no big deal to enter that information by hand. After I finish the testing process (propably in a month or so) the server goes live and then downgrading will be a problem.

Niels

[Emmanuel Mortier]

Hello,
I find this forum after a long long long way to look after the problem of stopping recieve of incoming messages. I upgrade to v5.6, downgrade, re-upgrade,  bit my computer, and so on...

But the main reason was that (without notice) my provider blocked port 25 (for anti-spamming reasons) and no way to ammend his decision.

We (because in my search I found a lot of people with the same problem) have to find solution to use an other port (2525 seems to be the good choice).  I'm sure you can help me to change the listening port of qmail but the problem is to have an external mail forwarding which can send mails on the new port.

Dyndns (my dynamic DNS provider) denies.
TZO can do it but is expensive (150 $ a year)
SMTP.com seems to be the best solution for 50$ a year.

My questions are:
-how to change the port (service link needed?). I never go on my server exept witadmin!! but I use Linux.

-Do you know a way to change the port during the auth. protocol?

-Do you know a port forwarding method in the MX protocol?

Best regards

[Niels Leeuwis]

Emmanuel Mortier wrote:

>
> -Do you know a port forwarding method in the MX protocol?

When I got it clear that my problem was my provider I tried to change my MX records to www.xxx.yyy.zzz:2525 and rerouting that port to 25 with my firewall, I knows this is standard procedure with port 80 requests but my domain host didn't accept that syntax.

I'm afraid I can't help you with this problem

Niels

[schrikbeeld]

So everything stops here? This discussion ends up with no email from an e-smith box from the outside world!
I just can't imagine that this is what the Mitel guys intended to make. Except from the opening of port 25, and that opens a relaying risk, doesn't it?