Setting up SMTP traffic through port 587

Discussion in 'Installation/Configuration' started by kforbes, Aug 10, 2011.

  1. kforbes

    kforbes New Member

    Hi folks,

    A few months ago, I posted this thread: http://www.howtoforge.com/forums/showthread.php?p=253185 about trying to get SMTP traffic to work for our users outside of our office. Long story short, in the end, it was never our firewall but actually the ISP filtering port 25.

    So here I am, still trying to get SMTP to work outside of our office. Which has brought me to using port 587, but I'm hitting some snags.

    I found this thread: http://www.howtoforge.com/forums/showthread.php?t=31977 and went through the steps advised.

    Some Info

    • ISPConfig 2.2.6
    • My firewall has port 587 open
    • Through the WebGUI for ISPconfig, it also says port 587 is open.
    • As suggested by Antennipasi in the thread linked above, I uncommented the correct line and added the information he suggested.
    • I was able to telnet on localhost to port 25 and 587 and receive the same response.
    • I was unable to telnet to port 25 and 587 from another machine.

    Here is my master.cf file:
    Code:
    #
    # Postfix master process configuration file.  For details on the format
    # of the file, see the Postfix master(5) manual page.
    #
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    smtp      inet  n       -       -       -       -       smtpd
    submission inet n      -       -       -       -       smtpd
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,check_relay_dom                                                                              ains,reject
    #smtps    inet  n       -       -       -       -       smtpd
    #  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
    #submission inet n      -       -       -       -       smtpd
    #  -o smtpd_etrn_restrictions=reject
    #  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
    #628      inet  n       -       -       -       -       qmqpd
    pickup    fifo  n       -       -       60      1       pickup
    cleanup   unix  n       -       -       -       0       cleanup
    qmgr      fifo  n       -       n       300     1       qmgr
    #qmgr     fifo  n       -       -       300     1       oqmgr
    tlsmgr    unix  -       -       -       1000?   1       tlsmgr
    rewrite   unix  -       -       -       -       -       trivial-rewrite
    bounce    unix  -       -       -       -       0       bounce
    defer     unix  -       -       -       -       0       bounce
    trace     unix  -       -       -       -       0       bounce
    verify    unix  -       -       -       -       1       verify
    flush     unix  n       -       -       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    smtp      unix  -       -       -       -       -       smtp
    # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
    relay     unix  -       -       -       -       -       smtp
            -o fallback_relay=
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       -       -       -       showq
    error     unix  -       -       -       -       -       error
    discard   unix  -       -       -       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       -       -       -       lmtp
    anvil     unix  -       -       -       -       1       anvil
    scache    unix  -       -       -       -       1       scache
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent.  See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix  -       n       n       -       2       pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${                                                                              extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
    
    Thoughts?
     
  2. till

    till Super Moderator

    Please post the output of:

    ntstat -tap

    and

    iptables -L
     
  3. kforbes

    kforbes New Member

    netstat -tap
    Code:
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State                                                                                               PID/Program name
    tcp        0      0 *:mysql                 *:*                     LISTEN     5                                                                                        474/mysqld
    tcp        0      0 *:submission            *:*                     LISTEN     1                                                                                        0408/master
    tcp        0      0 *:81                    *:*                     LISTEN     5                                                                                        800/ispconfig_http
    tcp        0      0 *:ftp                   *:*                     LISTEN     6                                                                                        203/proftpd: (acce
    tcp        0      0 192.168.1.100:domain    *:*                     LISTEN     6                                                                                        188/named
    tcp        0      0 localhost.locald:domain *:*                     LISTEN     6                                                                                        188/named
    tcp        0      0 *:smtp                  *:*                     LISTEN     1                                                                                        0408/master
    tcp        0      0 localhost.localdoma:953 *:*                     LISTEN     6                                                                                        188/named
    tcp        0      0 192.168.1.100:smtp      mail.kaestle-ski.:30934 ESTABLISHED5153/smtpd
    tcp        0      0 192.168.1.100:smtp      content120c.lga2.:48952 ESTABLISHED3034/smtpd
    tcp        0      0 192.168.1.100:smtp      mail-gw0-f43.goog:56613 ESTABLISHED5148/smtpd
    tcp        0      0 192.168.1.100:smtp      230.177.187.78.st:28890 ESTABLISHED3658/smtpd
    tcp6       0      0 *:imaps                 *:*                     LISTEN     5348/couriertcpd
    tcp6       0      0 *:pop3s                 *:*                     LISTEN     5383/couriertcpd
    tcp6       0      0 *:submission            *:*                     LISTEN     10408/master
    tcp6       0      0 *:pop3                  *:*                     LISTEN     5363/couriertcpd
    tcp6       0      0 *:imap2                 *:*                     LISTEN     5328/couriertcpd
    tcp6       0      0 *:www                   *:*                     LISTEN     6050/apache2
    tcp6       0      0 *:ssh                   *:*                     LISTEN     5641/sshd
    tcp6       0      0 *:smtp                  *:*                     LISTEN     10408/master
    tcp6       0      0 ip6-localhost:953       *:*                     LISTEN     6188/named
    tcp6       0      0 *:https                 *:*                     LISTEN     6050/apache2
    tcp6       0      0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%3:49358 TIME_WAIT  -
    tcp6       0      0 ::ffff:192.168.1.1:pop3 153.232.133.219.b:62512 ESTABLISHED5341/courierpop3d
    tcp6       0      0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%32:4567 TIME_WAIT  -
    tcp6       0    148 ::ffff:192.168.1.10:ssh ::ffff:10.0.0.1%3:51692 ESTABLISHED5373/0
    tcp6       0      0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%32:1948 TIME_WAIT  -
    tcp6       0      0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%3:51823 TIME_WAIT  -
    tcp6       0      0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%32:2820 TIME_WAIT  -
    tcp6       0      0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%3:52227 TIME_WAIT  -
    tcp6       0      0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%32:1870 TIME_WAIT  -
    tcp6       0      0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%32:1873 TIME_WAIT  -
    tcp6       0      0 ::ffff:192.168.1.1:pop3 bda-74-82-81-144.:45251 TIME_WAIT  -
    tcp6       0      0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%3:51317 TIME_WAIT  -
    tcp6       0      0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%3:49424 TIME_WAIT  -
    tcp6       0      0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%3:52242 TIME_WAIT  -
    tcp6       0      0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%32:2860 TIME_WAIT  -
    
    iptables -L
    Code:
    Chain INPUT (policy DROP)
    target     prot opt source               destination
    DROP       tcp  --  anywhere             127.0.0.0/8
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
    ACCEPT     all  --  anywhere             anywhere
    DROP       all  --  base-address.mcast.net/4  anywhere
    PUB_IN     all  --  anywhere             anywhere
    PUB_IN     all  --  anywhere             anywhere
    PUB_IN     all  --  anywhere             anywhere
    PUB_IN     all  --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
    DROP       all  --  anywhere             anywhere
    
    Chain INT_IN (0 references)
    target     prot opt source               destination
    ACCEPT     icmp --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere
    
    Chain INT_OUT (0 references)
    target     prot opt source               destination
    ACCEPT     icmp --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    PUB_OUT    all  --  anywhere             anywhere
    PUB_OUT    all  --  anywhere             anywhere
    PUB_OUT    all  --  anywhere             anywhere
    PUB_OUT    all  --  anywhere             anywhere
    
    Chain PAROLE (9 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere
    
    Chain PUB_IN (4 references)
    target     prot opt source               destination
    ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable
    ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply
    ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded
    ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ssh
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:smtp
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:domain
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:www
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:81
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:pop3
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:https
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:10000
    ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
    DROP       icmp --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere
    
    Chain PUB_OUT (4 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere
    
     
  4. till

    till Super Moderator

    Please add port 587 to the tcp ports in the firewall settings in ISPConfig under System > Firewall
     
  5. kforbes

    kforbes New Member

    Thanks till,

    I did that and can now send on port 587.

    EDIT
    I will try it from outside the office later today to confirm that it's working.
     
    Last edited: Aug 11, 2011

Share This Page