The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Previous Message  |  Next Message 
 Re: Is your ISP blocking port 25? Here's a Postfix solution.
Author: Dan 
Date:   26-03-07 15:33

Max P. wrote:

> Your article states:
> ------------------------------------------------------------------------------------
> I started by adding the following line to
> /usr/local/etc/postfix/ on my Postfix mail server at
> home:

At home.. this is my home server.

> inet n - n - - smtpd
> where is the public IP address of my mail server [no,
> that's not really my IP address]. This instructs Postfix to
> listen on that IP address on port 587. This is known as the
> submission port:

That is the public IP address of my gateway.... that is, the one facing the ISP, not the one facing my internal LAN.

> ------------------------------------------------------------------------------------
> It seems to be that should be the home mail server IP
> address (yy.yy.yy.yy) rather than public mail server IP address
> (xx.xx.xx.xx). The wording "where is the public IP
> address of my mail server" leaves this a little unclear to me.
> In most Postfix configurations I see, the relevant
> configuration line in is usually:
> smtp inet n - n - - smptd
> meaning that the Postfix listens on the local host at port 25
> for incoming mail. Thus I would guess that should be
> IP address of the machine that mail server can be reached
> at---namely, the home mail server IP address (yy.yy.yy.yy).

I see the confusion. But read above carefully, with my comments. Got it now.

> Most people I know who run mail servers at home usually have a
> router such as a Linksys or Netgear that performs NATing and
> port forwarding. If the router can be configured so that the
> submission port 587 is forwarded to port 25 on the machine
> where the home mail server is running,
> yy.yy.yy.yy:587 ------->
> then doesn't that mean that no changes need be made to the
> file on the home mail server? Ie, when the public
> mail server forwards the email to yy.yy.yy.yy:587 the router,
> in turn, forwards it to so that the Postfix
> server need only listen to port 25 on localhost, as it usually
> does?

I am not redirecting incoming SMTP to an internal mail server. The MTA is on the firewall.

> 2) I also have a question about testing. You wrote:
> -------------------------------------------------------------------------
> Then I sent a test message from the public mail server
> $ echo 'test' | mail
> I confirmed that it was coming in on port 587 with this command
> on my mail server at home:
> tcpdump -i fxp0 port 587
> Where fxp0 is the outside NIC on my firewall (the one with IP
> as shown above.
> Then, on the public mail server, I requeued all the messages,
> so they'd use the right transport:
> postsuper -r ALL
> It's magic!
> All the messages were delivered to the right spot.
> -------------------------------------------------------------------------
> I really appreciate tips on testing a configuration, so I
> wanted to understand how this works. Unfortunately, I don't
> quite get it. Why is it necessary to execute:
> postsuper -r ALL
> at all? If the public mail server is configured properly then
> shouldn't any email message sent to get
> forwarded to the private mail server automatically. Why was it
> necessary to re-queue the messages?

The messages were already queued for delivery via port 25. The requeue made Postfix notice they were to be sent to port 587.

> 3) Finally, in the command,
> tcpdump -i fxp0 port 587
> the network device fxp0 should correspond to the home mail
> server IP address (yy.yy.yy.yy) right? But what if, once
> again, the actual machine the home mail server is running on
> resides on a LAN behind a router performing NAT and port
> forwarding? Should the network device then correspond to the
> NATed address such as en0 (or perhaps the localhost
> device lo1)? Ie, would the following work?
> tcpdump -i en0 port 25
> tcpdump -i lo0 port 25

Sounds right, given a redirect. But I am not redirecting.


 Reply To This Message  |  Forum List  |  Flat View   Newer Topic  |  Older Topic 

 Topics Author  Date
 Re: Is your ISP blocking port 25? Here's a Postfix solution.   new
Max P. 26-03-07 10:03 
 Re: Is your ISP blocking port 25? Here's a Postfix solution.   new
Dan 26-03-07 15:33 

 User Login
 User Name:
 Remember my login:
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum