Topic: Working around blocked port 25

[Jay]

Last week our service provider blocked access to port 25, knocking out our mail server, we can send but not receive. I have configured easydns to send messages elsewhere but I need to get our server up and running again. As far as I can tell from outside I have forwarding working to port 2525 from the DNS, I just can't get it to work on the server. I am running v5.6u4
Pulling information from what sources I could find the following is now installed:
  e-smith-packetfilter-1.13.0-04
  dmc-mitel-portopening-0.0.1-4
  e-smith-portforwarding-0.1.0-20
  dmc-mitel-portscan-0.0.1-1
I  have tried to use portopen to open port 2525 but it is still not reported as open with portscan. I tried configuring portforward to direct port 2525 to the servers internal IP port 25, this didn't seem to gain anything.

[TrevorB]

http://forums.contribs.org/index.php?topic=17522.msg68244#msg68244 has one way of doing it with all the info required in the posts.

It is a good idea to search the forums first (make sure to look longer than the default 30 days) as this topic has been covered many, many times.

Good Luck
Trevor B

[Craig F.]

You need to port forward to ip address $OUTERNET port 25

This forwards traffic to the OUTSIDE IP address, otherwise the firewall blocks the "spoofed" traffic.

It's the same if you want to get around blocked port 80 web traffic

I'm running e-smith-portforwarding-0.1.0-31, e-smith-packetfilter-1.13.0-07 here on 5.6

[Jay]

How do I get portforwarding to recognize $OUTERNET? It indicates that I need to specify an IP address, I see in the scripting where this is defined to pick up the current IP but I found nothing for portforwarding.

Thanks

[ProStar]

Is there anybody out there who knows the answer to Jay's last question?

How can you get the portforwarding panel to recognize $OUTERNET?

[Jay]

I wanted to complete this thread with what I ended up doing...This is what has worked for me.

I used custom templates to change the port that was being used from 25 to 2525, I changed the templates as follows:
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/30AdjustTOS
       for port in 21 22 23 2525 80 110
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/45AllowSMTP
    $OUT = allow_tcp_in(2525,
/etc/e-smith/templates-custom/etc/services/10standard
    Changed smtp to be 2525 instead of just 25

I copied the templates from their original /etc/e-smith/templates/etc/ locations into new directories created under /etc/e-smith/templates-custom/etc/ I found the templates I needed to modify by using grep to find the string "25".

Then run:
/sbin/e-smith/signal-event post-upgrade
service masq restart

This seems to have fixed things for me.

Jay

[Jay]

You will need to modify the templates for IMP to get webmail working.
I added the following lines:
/etc/e-smith/templates-custom/home/httpd/html/horde/config/horde.php/220Mailer
   /* Attempt to get IMP to send using 2525 */
   $conf['mailer']['params'] = array('port' => '2525');