Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th February 2007, 13:01
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,036
Thanks: 268
Thanked 152 Times in 132 Posts
Default How safe is this (SMTP on a 2nd port)

One of my friends (who has got a domain on my server) his ISP is now blocking port 25 forcing him to use the ISP's SMTP server.

Now I could open an extra port in Postfix (master.cf) on my server for him (in this case port 26):
Code:
26        inet  n       -       -       -       -       smtpd
All he needs to do is set his mail client to use port 26 instead of 25.

My question is: Is this safe to do?? Am I not opening something that spammers can use for mail relaying??

I'm using Debian Sarge with ISPconfig.

Last edited by edge; 14th February 2007 at 13:06.
Reply With Quote
Sponsored Links
  #2  
Old 14th February 2007, 13:41
zcworld zcworld is offline
Senior Member
 
Join Date: Jul 2006
Location: South Australia
Posts: 329
Thanks: 2
Thanked 37 Times in 37 Posts
Send a message via MSN to zcworld Send a message via Skype™ to zcworld
Default

if the smtp server is just a relay server
where no user/password is needed to connect / send mail from it
than maybe you will used as a spamer relay

but .. to the key part : not sure
__________________
Shane Ebert :: Facebok
Reply With Quote
  #3  
Old 14th February 2007, 14:36
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,036
Thanks: 268
Thanked 152 Times in 132 Posts
Default

It's a "safe" system with just the port 25 open. (no open relay server)
All I want to do is add an extra port (26) to is, so that SMTP is open on 25 and 26.
Reply With Quote
  #4  
Old 15th February 2007, 15:42
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,036
Thanks: 268
Thanked 152 Times in 132 Posts
Default

I'm going for it, and I'll be monitor the mail trafic as good as possible for the next 24 hrs.
Reply With Quote
  #5  
Old 15th February 2007, 15:48
martinfst martinfst is offline
Senior Member
 
Join Date: Dec 2006
Location: Hilversum, The Netherlands
Posts: 880
Thanks: 1
Thanked 18 Times in 17 Posts
Send a message via MSN to martinfst Send a message via Skype™ to martinfst
Default

On the Postfix mailing list, a recent discussion has been done on using port 26 versus the "official" alternate port 587. Might be worth considering. Below the "final" email.

Quote:
> I have added submission on my system, but it occurs to me, is
> > there a way to allow ONLY authenticated users to connect to
> > port 587 while leaving port 25 open for regular mail deliveries?
> >
> > On Feb 13, 2007, at 12:40 PM, Coffey, Neal wrote:
> >
>> > > Joey wrote:
>>> > >> I just wanted to confirm that I wouldn't open up anything in the
>>> > >> process of setting up postfix to accept either port
>>> > >> 25 or port 26 for sending mail.
>>> > >>
>>> > >> As you know some ISP's block port 25 traffic, so the only way to
>>> > >> allow our clients to use our mail servers it to have their
> > traffic go
>>> > >> through port 26.
>> > >
>> > > To expand a little on what the others have said, so you know *why*
>> > > they're saying it (which I've always found important)...
>> > >
>> > > Port 26, though not currently assigned to any specific use,
> > is still
>> > > within the range of "Well Known" port numbers reserved by the IANA
>> > > (ports 0-1023), and it's generally considered bad practice
> > to use them
>> > > for anything but their intended purpose.
>> > >
>> > > There is already a Well Known Port for what you want -- submission
>> > > port 587, defined in RFC4409.
>> > >

In master.cf:

submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_use_tls=yes
-o smtpd_recipient_restrictions=permit_sasl_authentic ated,reject
Reply With Quote
  #6  
Old 15th February 2007, 20:49
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,036
Thanks: 268
Thanked 152 Times in 132 Posts
Default

Thanks for the info martinfst.

Exactly the info I was looking for.
Reply With Quote
  #7  
Old 15th February 2007, 21:25
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,036
Thanks: 268
Thanked 152 Times in 132 Posts
Default

Hmmm I'm getting a "bad transport type" error when I add the -o stuff

Quote:
Feb 15 21:13:59 host postfix/master[1037]: fatal: /etc/postfix/master.cf: line 83: bad transport type: smtpd_sasl_auth_enable=yes
Feb 15 21:17:16 host postfix/postfix-script: fatal: the Postfix mail system is not running
Feb 15 21:17:17 host postfix/master[1732]: fatal: /etc/postfix/master.cf: line 84: bad transport type: smtpd_use_tls=yes
Feb 15 21:17:51 host postfix/postfix-script: fatal: the Postfix mail system is not running
Feb 15 21:17:51 host postfix/master[1880]: fatal: /etc/postfix/master.cf: line 88: bad transport type: smtpd_recipient_restrictions=permit_sasl_authentic
Feb 15 21:18:14 host postfix/postfix-script: fatal: the Postfix mail system is not running
No clue why it's doing this. I'll do some more research on this the next day(s)
Reply With Quote
  #8  
Old 15th February 2007, 21:53
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,036
Thanks: 268
Thanked 152 Times in 132 Posts
Default

Okay I found my error problem..

I needed to add a whitespace for continue line.
Quote:
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_use_tls=yes
-o smtpd_recipient_restrictions=permit_sasl_authentic ated,reject
(in front of the -o it needs a [space] )
Reply With Quote
  #9  
Old 15th February 2007, 22:05
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,036
Thanks: 268
Thanked 152 Times in 132 Posts
Default

Hmm great (not)

Quote:
Feb 15 21:57:01 host postfix/smtpd[7271]: fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit
Feb 15 21:57:02 host postfix/master[6646]: warning: process /usr/lib/postfix/smtpd pid 7271 exit status 1
Feb 15 21:57:02 host postfix/master[6646]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Reply With Quote
  #10  
Old 15th February 2007, 22:10
martinfst martinfst is offline
Senior Member
 
Join Date: Dec 2006
Location: Hilversum, The Netherlands
Posts: 880
Thanks: 1
Thanked 18 Times in 17 Posts
Send a message via MSN to martinfst Send a message via Skype™ to martinfst
 
Default

I assume this
Quote:
permit_sasl_authentic ated
is a type in the forum post? (Watch the extra space between 'tic' and 'ated')
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sending e-mail using mail() function linuxuser1 HOWTO-Related Questions 38 21st April 2009 12:20
Getting e-mail working hansoffate Installation/Configuration 29 13th August 2008 16:33
Ask: ASSP -> between SMTP Destination & Listen Port abadi HOWTO-Related Questions 3 18th December 2006 14:15
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47
How to install BFD (Brute Force Detection) domino Tips/Tricks/Mods 9 31st March 2006 22:40


All times are GMT +2. The time now is 08:48.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.