Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Jay on July 01, 2003, 09:21:04 PM

Title: Working around blocked port 25
Post by: Jay on July 01, 2003, 09:21:04 PM

Last week our service provider blocked access to port 25, knocking out our mail server, we can send but not receive. I have configured easydns to send messages elsewhere but I need to get our server up and running again. As far as I can tell from outside I have forwarding working to port 2525 from the DNS, I just can't get it to work on the server. I am running v5.6u4
Pulling information from what sources I could find the following is now installed:
  e-smith-packetfilter-1.13.0-04
  dmc-mitel-portopening-0.0.1-4
  e-smith-portforwarding-0.1.0-20
  dmc-mitel-portscan-0.0.1-1
I  have tried to use portopen to open port 2525 but it is still not reported as open with portscan. I tried configuring portforward to direct port 2525 to the servers internal IP port 25, this didn't seem to gain anything.

Title: Re: Working around blocked port 25
Post by: TrevorB on July 02, 2003, 04:46:08 AM

http://forums.contribs.org/index.php?topic=17522.msg68244#msg68244 has one way of doing it with all the info required in the posts.

It is a good idea to search the forums first (make sure to look longer than the default 30 days) as this topic has been covered many, many times.

Good Luck
Trevor B

Title: Re: Working around blocked port 25
Post by: Craig F. on July 02, 2003, 04:48:05 AM

You need to port forward to ip address $OUTERNET port 25

This forwards traffic to the OUTSIDE IP address, otherwise the firewall blocks the "spoofed" traffic.

It's the same if you want to get around blocked port 80 web traffic

I'm running e-smith-portforwarding-0.1.0-31, e-smith-packetfilter-1.13.0-07 here on 5.6

Title: Re: Working around blocked port 25
Post by: Jay on July 02, 2003, 11:20:38 PM

How do I get portforwarding to recognize $OUTERNET? It indicates that I need to specify an IP address, I see in the scripting where this is defined to pick up the current IP but I found nothing for portforwarding.

Thanks

Title: Re: Working around blocked port 25
Post by: ProStar on September 02, 2003, 01:27:02 AM

Is there anybody out there who knows the answer to Jay's last question?

How can you get the portforwarding panel to recognize $OUTERNET?

Title: Re: Working around blocked port 25 -- Completed
Post by: Jay on September 10, 2003, 01:32:00 AM

I wanted to complete this thread with what I ended up doing...This is what has worked for me.

I used custom templates to change the port that was being used from 25 to 2525, I changed the templates as follows:
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/30AdjustTOS
       for port in 21 22 23 2525 80 110
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/45AllowSMTP
    $OUT = allow_tcp_in(2525,
/etc/e-smith/templates-custom/etc/services/10standard
    Changed smtp to be 2525 instead of just 25

I copied the templates from their original /etc/e-smith/templates/etc/ locations into new directories created under /etc/e-smith/templates-custom/etc/ I found the templates I needed to modify by using grep to find the string "25".

Then run:
/sbin/e-smith/signal-event post-upgrade
service masq restart

This seems to have fixed things for me.

Jay

Title: Getting Webmail working with these changes
Post by: Jay on October 27, 2003, 06:57:41 PM

You will need to modify the templates for IMP to get webmail working.
I added the following lines:
/etc/e-smith/templates-custom/home/httpd/html/horde/config/horde.php/220Mailer
   /* Attempt to get IMP to send using 2525 */
   $conf['mailer']['params'] = array('port' => '2525');