Yet another: I can't receive mail

Discussion in 'Installation/Configuration' started by MattJo., Jun 6, 2010.

  1. MattJo.

    MattJo. New Member

    Hello,

    ISPConfig3 installed behind firewall with NAT. I think I need to bind the external IP to something, but I am not sure how or what. I have searched the forums, but not sure my issue is the same as others.

    I am able to send mail, but not receive.

    I tried changing the main.cf in postfix interfaces from all to the 127.0.0.1 and the external, but neither "all" or the specific ip's works.

    I have forward TCP ports 20, 21, 22, 25, 53, 80, 110, 143, 443, 3306, 8080, and 10000 and UDP ports 53, 3306

    please help. thanks,

    Matt
     
  2. Mark_NL

    Mark_NL New Member

    For receiving mail you should forward port 25 to your mailserver (tcp)

    then try from a different machine (outside your local network): telnet <ip> <port>

    you should get a connection then.
     
  3. MattJo.

    MattJo. New Member

    thanks

    Thanks very much, I wasn't able to connect and this led me to check the port forwarding on the firewall only to discover that I had mixed up the number in the local ip address for the port forwarding.
     
  4. Mark_NL

    Mark_NL New Member

    Hehehe, good to hear, don't forget port 465 if you want to use SMTPS (Secure connection)

    good luck!
     
  5. MattJo.

    MattJo. New Member

    Port 465/587

    Mark,

    Thanks again.

    How do I configure postfix to use 465? Or Do I simply open a port in the firewall and configure my client appropriately? For that matter 587 (which is TLS?)?


    Matt
     
  6. Mark_NL

    Mark_NL New Member

    hehe, depends on how you're gonna handle it ..

    you have TLS and SSL

    SSL is the predecessor of TLS.

    both are secure transport layers, but TLS start off insecure, then requests a secure connection (on the same port), creates one and continues .. SSL starts off encrypted right away. (in short ;-))

    So TLS is the easiest i'd say for you so you don't have to open up extra ports, but if you want Implicit SSL, you could edit master.cf, uncomment the stuff that belongs to "smtps", and open up port 465 on your firewall, and make sure it's send to your mailserver with NAT.

    If you installed ispconfig with an how-to from this site (f.e. with a Perfect install) then you already have TLS support setup and you're good to go (no need to open extra ports then)
     
  7. MattJo.

    MattJo. New Member

    Thanks, I will try this tonight.

    Interesting I always thought TLS was more secure.

    thanks,

    Matt
     
  8. Mark_NL

    Mark_NL New Member

    Welll, with TLS you can define when you want to have stuff encrypted or not .. SSL is just everything encrypted ..

    this image might give you some idea of what i mean:
    [​IMG]

    edit: and TLS = SSLv3 ;)
     
  9. MattJo.

    MattJo. New Member

    telnet port 25/465

    Hi Mark (and anyone else).

    So I looked at master.cf and am lost. Do I just uncomment the following items:

    #smtps inet n - - - - smtpd
    # -o smtpd_tls_wrappermode=yes
    # -o smtpd_sasl_auth_enable=yes
    # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    # -o milter_macro_daemon_name=ORIGINATING

    or is there more?

    Also will this secure the SMTP server to prevent spamming? (I was able to telnet and create a spam message to myself--somewhat scary.)

    thanks,

    Matt


    PS What are the perfect server default ports that I can close--in other words, are not used "out of the box" for Perfect server setup?
     
    Last edited: Jun 9, 2010
  10. Mark_NL

    Mark_NL New Member

    if you uncomment the lines you said you'll be able to have pure SSL connections to your mailserver, but you need to open port 465 and NAT it to your mailserver.

    The secure SMTP will not prevent spam, the secure SMTP is for your own mailsending, so you can send mail over a secure line.

    the perfect setup for firewalling would be by starting in a closed environment, as in: block ALL, then start opening ports you need.
     
  11. MattJo.

    MattJo. New Member

    Problems

    Mark,

    So for whatever reason I got this to work, but then I "fussed" with things and it stopped working. Part of the problem is that I am using the mail client on a PPC leopard for testing with obfuscates the port settings in the GUI and work has rendered me too tired to dig deeper until the weekend.

    Do I have to open the ports on the server as well as the router? Or is this done automatically when I uncomment the lines?

    thanks,

    Matt
     
  12. Mark_NL

    Mark_NL New Member

    If your mailserver is also your firewall, then yes open them up .. if your firewall is a seperate machine, then open the ports on that device and forward those ports to your mailserver.
     

Share This Page