How safe is this (SMTP on a 2nd port)

[edge]

One of my friends (who has got a domain on my server) his ISP is now blocking port 25 forcing him to use the ISP's SMTP server.

Now I could open an extra port in Postfix (master.cf) on my server for him (in this case port 26):

Code:

26        inet  n       -       -       -       -       smtpd

All he needs to do is set his mail client to use port 26 instead of 25.

My question is: Is this safe to do?? Am I not opening something that spammers can use for mail relaying??

I'm using Debian Sarge with ISPconfig.

[zcworld]

if the smtp server is just a relay server
where no user/password is needed to connect / send mail from it
than maybe you will used as a spamer relay

but .. to the key part : not sure

[edge]

It's a "safe" system with just the port 25 open. (no open relay server)
All I want to do is add an extra port (26) to is, so that SMTP is open on 25 and 26.

[edge]

I'm going for it, and I'll be monitor the mail trafic as good as possible for the next 24 hrs.

[martinfst]

On the Postfix mailing list, a recent discussion has been done on using port 26 versus the "official" alternate port 587. Might be worth considering. Below the "final" email.

Quote:

> I have added submission on my system, but it occurs to me, is
> > there a way to allow ONLY authenticated users to connect to
> > port 587 while leaving port 25 open for regular mail deliveries?
> >
> > On Feb 13, 2007, at 12:40 PM, Coffey, Neal wrote:
> >
>> > > Joey wrote:
>>> > >> I just wanted to confirm that I wouldn't open up anything in the
>>> > >> process of setting up postfix to accept either port
>>> > >> 25 or port 26 for sending mail.
>>> > >>
>>> > >> As you know some ISP's block port 25 traffic, so the only way to
>>> > >> allow our clients to use our mail servers it to have their
> > traffic go
>>> > >> through port 26.
>> > >
>> > > To expand a little on what the others have said, so you know *why*
>> > > they're saying it (which I've always found important)...
>> > >
>> > > Port 26, though not currently assigned to any specific use,
> > is still
>> > > within the range of "Well Known" port numbers reserved by the IANA
>> > > (ports 0-1023), and it's generally considered bad practice
> > to use them
>> > > for anything but their intended purpose.
>> > >
>> > > There is already a Well Known Port for what you want -- submission
>> > > port 587, defined in RFC4409.
>> > >

In master.cf:

submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_use_tls=yes
-o smtpd_recipient_restrictions=permit_sasl_authentic ated,reject

[edge]

Thanks for the info martinfst.

Exactly the info I was looking for.

[edge]

Hmmm I'm getting a "bad transport type" error when I add the -o stuff

Quote:

Feb 15 21:13:59 host postfix/master[1037]: fatal: /etc/postfix/master.cf: line 83: bad transport type: smtpd_sasl_auth_enable=yes
Feb 15 21:17:16 host postfix/postfix-script: fatal: the Postfix mail system is not running
Feb 15 21:17:17 host postfix/master[1732]: fatal: /etc/postfix/master.cf: line 84: bad transport type: smtpd_use_tls=yes
Feb 15 21:17:51 host postfix/postfix-script: fatal: the Postfix mail system is not running
Feb 15 21:17:51 host postfix/master[1880]: fatal: /etc/postfix/master.cf: line 88: bad transport type: smtpd_recipient_restrictions=permit_sasl_authentic
Feb 15 21:18:14 host postfix/postfix-script: fatal: the Postfix mail system is not running

No clue why it's doing this. I'll do some more research on this the next day(s)

[edge]

Okay I found my error problem..

I needed to add a whitespace for continue line.

Quote:

submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_use_tls=yes
-o smtpd_recipient_restrictions=permit_sasl_authentic ated,reject

(in front of the -o it needs a [space] )

[edge]

Hmm great (not)

Quote:

Feb 15 21:57:01 host postfix/smtpd[7271]: fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit
Feb 15 21:57:02 host postfix/master[6646]: warning: process /usr/lib/postfix/smtpd pid 7271 exit status 1
Feb 15 21:57:02 host postfix/master[6646]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

[martinfst]

I assume this

Quote:

permit_sasl_authentic ated

is a type in the forum post? (Watch the extra space between 'tic' and 'ated')