Topic: sme8 mail server: how public mail port?

[Stefano]

I would add that 53 (dns) has no reason to be reachable from wan

[Jáder]

greats, today i try it!

@janet
Sorry, but i don't understood how use it

I´ll update wiki with more instructions about use and MAYBE a template to auto create XML file to server.

[cybermod]

Hi janet

Those ports might be open, but are they forwarded to your sme server ?

Yes, they are open and, with pfsense, i have did nat on my ips server.
Can i check it?

Also are the required services enabled on sme server, in server manager eg for mail services see the Email panel & so on in other panels for other services.
Enabling these will then open these ports in sme server (as well as enabling those services eg IMAPS).

I think that also this is done.
in SME server server manager=> E-mail => Change Email access settings
i have: pop3 server access: allow private and public (secure pop3s)
          imap server access: allow private and public (secure imaps)

You will also need to open port 25 if you want to run a mail server (smtp server), & forward it to sme server.

at this moment i prefer to use fechtmail and smartoast for learning sme server, is it ok?

Also port 22 for ssh acces, but I suggest you set sme server to use a different port, & open that alternative port in your pfsense firewall instead, makes it a little harder for hackers.

Are you talking me of Port Redirect?

Also are outgoing ports open in your pfsense firewall, usually traffic has to flow both ways ?

! I think! I have did a rule in my pfsense that allow ALL TRAFFIC from lan to wan

Also IIRC you might need port 113 for IDENT.

Sorry, but i don't understand this.... baaad english....

Things are more complicated when you have a seperate firewall.

Me too! But, if is a good choice, i can do nat 1:1 of one my public ip to sme server. So, all traffic of this ip is redirect to my server sme

your email client working with Outlook & not Thunderbird etc, it just suggests you have not set up the email client correctly, so review all your settings, IIRC Thunderbird has a number of places you need to setup details.

Off course, maybe!
In local lan i have this configurations:
IMAP: port 143 STARTTLS Normal Password
SMTP: port 25 STARTTLS Normal Password

In external lan (for ex: sme server is at work, thunderbird client is at my house) i think that is only necessary to change  port . Right?

@stefano:

I would add that 53 (dns) has no reason to be reachable from wan

sorry but at the moment i can't learn sftp, no time :,(
So, do you say to close (on my wan) port number 53?

@jader

I´ll update wiki with more instructions about use and MAYBE a template to auto create XML file to server.

Tnx, very kind!

[janet]

cybermod

Fetchmail is problematic & best avoided if you can. Better & easier to use domain based email addresses & use your sme server as a mail server (it is running by default), & forward mail from external accounts to domain based addresses on sme server. It's best to use the features of sme server rather than doing things other ways.

In server manager (I think remote access panel) you can set what port sme server will use for ssh. Changing the port to say 2200 or whatever does not stop hackers as they will still scan for open ports, but hides the obvious port 22. Always configure public private keys for ssh & disable password access, thay way you have very safe & secure ssh connections.

Depending what other services you have running on sme server, you might also need to open port 113 for IDENT, google it. The same reasoning & concept applies to many other ports.

As you have configured sme server to use secure mail services, then open ports 465, 993, 995 in your firewall & configure any remote or local email client (Thunderbird, Outlook etc) to use IMAPS port 993 & smtp port 465, etc. Refer to one of the wiki howtos for steps to setup email clients. Howto link is at top of forums.

Yes close port 53 in pfsense.

I would also add & ask, Why do you need pfsense firewall ?
Everything you are trying to do can be comfortably managed by sme server (using its own iptables firewall), & you have one less device to manage. Nothing you said so far seems to indicate a vital need for a seperate firewall. You just added complexity & higher maintenance & management requirements, whereas sme server is supposed to simplify & make things easier.

[cybermod]

Fetchmail is problematic & best avoided if you can. Better & easier to use domain based email addresses & use your sme server as a mail server (it is running by default), & forward mail from external accounts to domain based addresses on sme server. It's best to use the features of sme server rather than doing things other ways.

Ok, i understand.... it's only for study case (and, really, i'm afraid of hackers), but if you say "this is better", ok, i can try it!

In server manager (I think remote access panel) you can set what port sme server will use for ssh. Changing the port to say 2200 or whatever does not stop hackers as they will still scan for open ports, but hides the obvious port 22. Always configure public private keys for ssh & disable password access, thay way you have very safe & secure ssh connections.

but i i hold this port closed? Ssh only for vpn or lan.

Always configure public private keys for ssh

Next level to learn????

Depending what other services you have running on sme server, you might also need to open port 113 for IDENT, google it. The same reasoning & concept applies to many other ports.

It is a security protocol (read in italian site)

As you have configured sme server to use secure mail services, then open ports 465, 993, 995 in your firewall & configure any remote or local email client (Thunderbird, Outlook etc) to use IMAPS port 993 & smtp port 465, etc. Refer to one of the wiki howtos for steps to setup email clients. Howto link is at top of forums.

Like this? http://wiki.contribs.org/index.php?title=Howto:Configuring_Outlook_2010_or_2007_and_SME_8&redirect=no

however... not run (now i tried from my house......)

Yes close port 53 in pfsense.

Ok!

I would also add & ask, Why do you need pfsense firewall ?
Everything you are trying to do can be comfortably managed by sme server (using its own iptables firewall), & you have one less device to manage. Nothing you said so far seems to indicate a vital need for a seperate firewall. You just added complexity & higher maintenance & management requirements, whereas sme server is supposed to simplify & make things easier.

First- i know it, a little

Really, i use pfsense for varios reasons, for example: i have around 5 small companies, each have variuos needs... proxy, vpn  client to lan, vpn site to site, captive portal, etc etc.
And with pfsense i am amble to set trafing shaper ad other services.

If i do nat 1:1 a pubblic ip with sme server, is not better in my case? (for learning?)

I just tried outlook, i noticed this: server say 552 Mail with no Date header not accepted here
I found this: http://wiki.contribs.org/Email#I_can.27t_receive.2Fsend_email_from_my_application_.28ACT.21.2C_vTiger.2C_MS_Outlook.2C_etc.29

i try it?

[CharlieBrady]

sorry for bad english, i think that in italian is better

In that case you can ask your questions in Italian here:

http://forums.contribs.org/index.php/board,15.0.html

[CharlieBrady]

I just tried outlook, i noticed this: server say 552 Mail with no Date header not accepted here

That verifies you are connected to the SME server and will be able to send mail. But to read mail you will need to connect via imap or imaps.

[cybermod]

Hi all!!!
I am alive

1- marry cristmas and happy new year!

2- little update

I reinstalled all smeserver8 + sogo, but in gateway mode!
So, 2 network card, one ip pubblic and one local ip.
Now, i am shure that there isn't any firewall problem!!! Right?

Next day other test!

See you

[cybermod]

i all!!!!
I come back!

now i reinstalled sme8 but in gateway mode, it is directly on my connectivity, so no problems with open port.
again: i tested sme8 + sogo from my house, with another connectivity, and now it runs.

I also created ptr record but when i try to test with mxtoolbox.com i have this warning: Warning - Reverse DNS does not match SMTP Banner

now, my question:
PRT RECORD IS:

public ip      PRT    mail.mydomain.it

or

public ip      PTR    hostnameserver.mydomain.it?

In my banner i see (through local telnet on server)    hostnameserver.mydomain.it

tnx guys

[janet]

cybermod

You can change the server CommonName with a db ccommand to www.mydomain.it
Search forums on CommonName or look at one of the contribs.org wiki Certificate Howtos for details.

Then just use
www.mydomain.it
in your DNS & also specify www.mydomain.it for your mail server