The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Previous Message  |  Next Message 
 Re: Is your ISP blocking port 25? Here's a Postfix solution.
Author: Dan 
Date:   26-03-07 15:33

Max P. wrote:

> Your article states:
>
> ------------------------------------------------------------------------------------
> I started by adding the following line to
> /usr/local/etc/postfix/master.cf on my Postfix mail server at
> home:

At home.. this is my home server.

>
> 10.34.0.1:587 inet n - n - - smtpd
>
> where 10.34.0.1 is the public IP address of my mail server [no,
> that's not really my IP address]. This instructs Postfix to
> listen on that IP address on port 587. This is known as the
> submission port:

That is the public IP address of my gateway.... that is, the one facing the ISP, not the one facing my internal LAN.

> ------------------------------------------------------------------------------------
>
>
> It seems to be that 10.34.0.1 should be the home mail server IP
> address (yy.yy.yy.yy) rather than public mail server IP address
> (xx.xx.xx.xx). The wording "where 10.34.0.1 is the public IP
> address of my mail server" leaves this a little unclear to me.
> In most Postfix configurations I see, the relevant
> configuration line in master.cf is usually:
>
> smtp inet n - n - - smptd
>
> meaning that the Postfix listens on the local host at port 25
> for incoming mail. Thus I would guess that 10.34.0.1 should be
> IP address of the machine that mail server can be reached
> at---namely, the home mail server IP address (yy.yy.yy.yy).

I see the confusion. But read above carefully, with my comments. Got it now.

> Most people I know who run mail servers at home usually have a
> router such as a Linksys or Netgear that performs NATing and
> port forwarding. If the router can be configured so that the
> submission port 587 is forwarded to port 25 on the machine
> where the home mail server is running,
>
> yy.yy.yy.yy:587 -------> 192.168.1.2:25
>
> then doesn't that mean that no changes need be made to the
> master.cf file on the home mail server? Ie, when the public
> mail server forwards the email to yy.yy.yy.yy:587 the router,
> in turn, forwards it to 192.168.1.2:25 so that the Postfix
> server need only listen to port 25 on localhost, as it usually
> does?

I am not redirecting incoming SMTP to an internal mail server. The MTA is on the firewall.

> 2) I also have a question about testing. You wrote:
>
> -------------------------------------------------------------------------
> Then I sent a test message from the public mail server
>
> $ echo 'test' | mail me@myserver.example.org
>
> I confirmed that it was coming in on port 587 with this command
> on my mail server at home:
>
> tcpdump -i fxp0 port 587
>
> Where fxp0 is the outside NIC on my firewall (the one with IP
> 10.34.0.1) as shown above.
>
> Then, on the public mail server, I requeued all the messages,
> so they'd use the right transport:
>
> postsuper -r ALL
>
> It's magic!
>
> All the messages were delivered to the right spot.
> -------------------------------------------------------------------------
>
> I really appreciate tips on testing a configuration, so I
> wanted to understand how this works. Unfortunately, I don't
> quite get it. Why is it necessary to execute:
>
> postsuper -r ALL
>
> at all? If the public mail server is configured properly then
> shouldn't any email message sent to me@myserver.example.org get
> forwarded to the private mail server automatically. Why was it
> necessary to re-queue the messages?

The messages were already queued for delivery via port 25. The requeue made Postfix notice they were to be sent to port 587.

> 3) Finally, in the command,
>
> tcpdump -i fxp0 port 587
>
> the network device fxp0 should correspond to the home mail
> server IP address (yy.yy.yy.yy) right? But what if, once
> again, the actual machine the home mail server is running on
> resides on a LAN behind a router performing NAT and port
> forwarding? Should the network device then correspond to the
> NATed address 192.168.1.2 such as en0 (or perhaps the localhost
> 127.0.0.1 device lo1)? Ie, would the following work?
>
>
> tcpdump -i en0 port 25
>
> tcpdump -i lo0 port 25

Sounds right, given a redirect. But I am not redirecting.

--
Webmaster

 Reply To This Message  |  Forum List  |  Flat View   Newer Topic  |  Older Topic 

 Topics Author  Date
 Re: Is your ISP blocking port 25? Here's a Postfix solution.   new
Max P. 26-03-07 10:03 
 Re: Is your ISP blocking port 25? Here's a Postfix solution.   new
Dan 26-03-07 15:33 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org