PDA

View Full Version : Running SMTP on multiple ports (postfix)


eKg
9th June 2006, 06:16
Hello all;

As with most large ISP's, my ISP filters port 25 (SMTP). As a web hosting provider, I felt that my customers should be able to use my email server to send email, as well as receive it. It's kind of a value added feature :)

So, here's how I did it:

Open /etc/postfix/master.cf and add the following line:
587 inet n - n - - smtpd

This is for postfix only. Restart postfix and your done. This doesn't really have anything to do with ISPConfig, however maybe it should be an option...?

EDIT: I forgot to tell you, SMTP will listen on ports 25 and 587

alex916
31st July 2006, 17:10
This is a great solution but when i try to send an email using 587 port, no auth is required and the server become an open relay.
Any idea?

falko
1st August 2006, 14:02
Have a look here: http://www.howtoforge.com/forums/showpost.php?p=3728&postcount=4

alex916
2nd August 2006, 18:52
Yes, i tried to send a email from my network.
Running telnet localhost 587 this is the output:

debian:/etc/postfix# telnet localhost 587
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 debian.domain.tld ESMTP Postfix (Debian/GNU)
ehlo localhost
250-debian.domain.tld
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
quit
221 Bye
Connection closed by foreign host.

alex916
3rd August 2006, 09:21
I tried to use this tip from a remote pc with an outside ip but it doesn't work.
When I send an email, i can't authenticate me using port 587.

falko
3rd August 2006, 16:59
Running telnet localhost 587 this is the output:

debian:/etc/postfix# telnet localhost 587
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 debian.domain.tld ESMTP Postfix (Debian/GNU)
ehlo localhost
250-debian.domain.tld
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
quit
221 Bye
Connection closed by foreign host.
Looks fine.

I tried to use this tip from a remote pc with an outside ip but it doesn't work.
When I send an email, i can't authenticate me using port 587.What's the exact error message? What's in the mail log? Did you enable "Server requires authentication." in your email client?

alex916
3rd August 2006, 18:05
Looking mail.log, when i use port 587, i have this error:

Aug 3 16:14:58 debian postfix/smtpd[3759]: connect from unknown[192.168.0.4]
Aug 3 16:14:58 debian postfix/smtpd[3759]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Aug 3 16:14:58 debian postfix/smtpd[3759]: warning: unknown[192.168.0.4]: SASL LOGIN authentication failed
Aug 3 16:14:58 debian postfix/smtpd[3759]: lost connection after AUTH from unknown[192.168.0.4]
Aug 3 16:14:58 debian postfix/smtpd[3759]: disconnect from unknown[192.168.0.4]

Thanks Falko

falko
4th August 2006, 13:50
Is saslauthd running? What's the output of ps aux|grep saslauthd?
What's in /etc/postfix/master.cf?

alex916
4th August 2006, 14:19
debian:~# ps aux|grep saslauthd
root 1805 0.0 0.6 6556 1580 ? Ss Jul20 0:00 /usr/sbin/saslauthd -m /var/spool/postfix/var/run/saslauthd -a pam
root 1806 0.0 0.7 6664 1928 ? S Jul20 0:00 /usr/sbin/saslauthd -m /var/spool/postfix/var/run/saslauthd -a pam
root 1807 0.0 0.7 6664 1928 ? S Jul20 0:00 /usr/sbin/saslauthd -m /var/spool/postfix/var/run/saslauthd -a pam
root 1808 0.0 0.7 6664 1928 ? S Jul20 0:00 /usr/sbin/saslauthd -m /var/spool/postfix/var/run/saslauthd -a pam
root 1809 0.0 0.6 6556 1580 ? S Jul20 0:00 /usr/sbin/saslauthd -m /var/spool/postfix/var/run/saslauthd -a pam
root 22604 0.0 0.3 2048 780 pts/0 S+ 12:26 0:00 grep saslauthd

And Master.cf

#================================================= ========
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
#================================================= =======
smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_etrn_restrictions=reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}

# only used by postfix-tls
#tlsmgr fifo - - n 300 1 tlsmgr
#smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
587 inet n - n - - smtpd

The problem occurs only when i try to use like smtp port 587.
Using 25 it's all ok.

falko
5th August 2006, 17:42
Change this line:

587 inet n - n - - smtpd

to

587 inet n - - - - smtpd
in /etc/postfix/master.cf and restart Postfix.

alex916
6th August 2006, 22:00
Great! Now it's perfect and i can send email using m isp-config server also if another isp block port 25.

Thanks

gwa7
15th November 2007, 02:29
I'm having the same problem and getting the same error message, but the fix does not work for me. Any ideas?

gwa7
15th November 2007, 06:01
This is what worked for me. I had to make both lines match:

smtp inet n - n - - smtpd
587 inet n - n - - smtpd

(I actually used a different port number than 587)

One more thing for Evolution users:
If you change the default smtp port, add the port to the end of your mail server like this: mail.yourserver.com:587

Cools
10th December 2007, 19:16
thanks to you guys i have the company email working..

as they are so tight on security. i cant use port 25 properly over the vpn so i now have 587 doing the same job.

Keep up the good work guys.




----------------------------------------------------
i bookmark pages incase i become thick one day!!

gwa7
12th February 2008, 02:44
As I stated earlier, these settings worked for me:

smtp inet n - n - - smtpd
587 inet n - n - - smtpd

TLS encryption works on the new port 587. It also works without encryption on this port.
SSL encryption works on port 25.
However, when I try to send an email to my server with SSL on port 587, it just sits in the outbox. Any ideas on what I need to change to make this work?

I appreciate your help and thanks again for ISPconfig!

Gary

falko
12th February 2008, 21:32
What's in /etc/postfix/master.cf? Any errors in your mail log?

gwa7
12th February 2008, 21:45
Thanks for your quick reply. I am actually using port 2525 instead of 587.
Here is what you requested:

What's in /etc/postfix/master.cf:
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - n - - smtpd
2525 inet n - n - - smtpd

#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#localhost:10025 inet n - n - - smtpd -o content_filter=
scache unix - - n - 1 scache
#
# ================================================== ==================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ================================================== ==================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
# 26 inet n - - - - smtpd
# 587 inet n - n - - smtpdmail:/etc/postfix #


From mail log:
Feb 12 13:37:57 mail postfix/smtpd[30309]: connect from r74-193-117-236.suspcmta01.slsptx.tl.dh.suddenlink.net[74.193.117.236]
Feb 12 13:40:41 mail postfix/smtpd[30175]: timeout after CONNECT from r74-193-117-236.suspcmta01.slsptx.tl.dh.suddenlink.net[74.193.117.236]
Feb 12 13:40:41 mail postfix/smtpd[30175]: disconnect from r74-193-117-236.suspcmta01.slsptx.tl.dh.suddenlink.net[74.193.117.236]

blocker
31st March 2008, 14:25
Hi All,

it worked for me perfectly, however i want to use my ispconfig server as alternative smtp server for domains that are not hosted on the ispconfig server. I add the domain and create the desired users that should be able to use the ispconfig alternative smtp server, everything works perfect, only 1 thing do not - sending mails from that domain to itself. The ispconfig handles these mails internal. I have set "External Mailserver" for that domain but that didnt helped at all. I also deleted the domain from /etc/postfix/local-host-names but after running /root/ispconfig/php/bin/php /root/ispconfig/scripts/writeconf.php this domain is automaticaly added in /etc/postfix/local-host-names. What can i do to achieve my target?
N/B I hope there will be an "ISPconfig way" doing this because i want ppl that do nnot have access to the server but only to ispconfig admin interface to be able to add domains and users which will be able to use the alternative SMTP port...

Thanks in advance!!!!!

falko
1st April 2008, 18:13
I have set "External Mailserver" for that domain but that didnt helped at all.
Did you do this only for the main FQDN (e.g. www.example.com), or also for the Co-Domains? Each Co-Domain has its own Options tab where you can select "External Mailserver".

blocker
1st April 2008, 21:10
Did you do this only for the main FQDN (e.g. www.example.com), or also for the Co-Domains? Each Co-Domain has its own Options tab where you can select "External Mailserver".

only for FQDN, i have no subdomains for the test domain... but postfix tries to deliver locally...

falko
2nd April 2008, 16:18
Have you checked the Co-Domains tab? Because when you create the web site www.example.com, the Co-Domain example.com is created automatically.

blocker
2nd April 2008, 16:52
Have you checked the Co-Domains tab? Because when you create the web site www.example.com, the Co-Domain example.com is created automatically.


yes - that was the problem!!!

thanks! :D

i have now an alternative SMTP relay gateway :D

createch
4th May 2008, 17:41
Thanks I changed the master.cf file but it doesn't work ... until I found out the fact that I also need to add the port in my ISPConfig firewall setting.

I have tested and am sure that the added port also require authentication (so it is not an open relay... great)

Thanks again.
Createch
:D

bizna
29th August 2010, 12:36
It's late 2010, and this solution still works.

It's important to notice what gwa7 suggested, and that is to have the smtp and 587 lines match. For example:

smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes
587 inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes

Thanks for the quick solution!

This is what worked for me. I had to make both lines match:
smtp inet n - n - - smtpd
587 inet n - n - - smtpd