Solved

ISP blocking port 25 outbound

Posted on 2004-09-27
11
4,373 Views
Last Modified: 2013-12-17
My ISP just started blocking port 25 outbound to reduce spam.  Don't get me started on my feelings baout this, but basically they said if I want unfiltered access I would need to upgrade to the business plan which is double the cost.  Anway, I have sendmail on a remote server that I use to send email.  I have it to listen on port 25 and now I would like to have it listen on port 2525 as well which is not blocked.  The server uses TLS.

If I add DAEMON_OPTIONS(`Port=2525, Name=MTA, M=Ea') to the sendmail.mc then it stops listening on port 25.  If I add

DAEMON_OPTIONS(`Port=smtp, Name=MTA, M=Ea')
DAEMON_OPTIONS(`Port=2525, Name=MTA, M=Ea')

Then it listens on both ports but when someone tries to send me email I get a proper authentication required error.  Can someone help?  Thanks.

0
Comment
Question by:ingenito
  • 5
  • 5
11 Comments
 
LVL 6

Expert Comment

by:anfi
ID: 12162891
Try this:
DAEMON_OPTIONS(`Port=smtp, Name=MTA')
DAEMON_OPTIONS(`Port=2525, Name=MTA-2, M=Ea)

In M= section:
* "E" disables ETRN support
* "a" forces SMTP AUTh from all connecting clients

0
 
LVL 40

Expert Comment

by:jlevie
ID: 12164373
Have you considered using:

dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl


0
 

Author Comment

by:ingenito
ID: 12167461
jlevie,

I tried uncommenting that section but then it disables port 25 which I do not want to do.  I want to have both port 25 and 2525(or whatever other port I really dont care).

anfi,
This works and makes sendmail listen on both ports.  However, port 2525 no does not work correctly.  Port 25 works great, it still requires an SSL connection and a logon.  However, when I change Outlook to use port 2525 instead I get this error from Outlook

'Your ourgoing (SMTP) server does not support SSL-secured connections.  If SSL-secured connections have worked in the past, contact your server administrator'

and this error in the maillog:
Sep 28 04:23:01 ns1 sendmail[3283]: i8S8N1xF003283: ool-4354896d.dyn.optonline.net [67.84.137.109] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-2

And like I said, this works fine from port 25, the only thing I change is the port to 2525.

Thanks for the help
0
 
LVL 6

Expert Comment

by:anfi
ID: 12167646
Sendmail support 2 types of encrypted connections:
a) STARTTLS
it is a special ESMTP command to turn unecrypted connection into encrypted one
b) SMTPS
The connection is enctyped from the very begin

All modern email clients support STARTTLS, some older email client support SMTPS but no STARTTLS.

To make sendmail 8.13 service  SMPTS port use:
DAEMON_OPTIONS(`Port=2525, Name=MTA-2, M=Es)

http://www.sendmail.org/8.13.0.html
[...]
      Support for SMTP over SSL (smtps), activated by Modifier=s
            for DaemonPortOptions.
0
 

Author Comment

by:ingenito
ID: 12168711
anfi,

I want to use STARTTLS, since that is what is working correctly on port 25.  These are the lines from my sendmail.mc file:

DAEMON_OPTIONS(`Port=smtp, Name=MTA')
DAEMON_OPTIONS(`Port=2525, Name=MTA-2, M=Ea')

I still see this error in the log
Sep 28 08:25:37 ns1 sendmail[9558]: i8SCPb9M009558: [12.111.3.130] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-2
Sep 28 08:25:37 ns1 sendmail[9559]: i8SCPb9M009559: [12.111.3.130] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-2

Please help.

0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 
LVL 6

Expert Comment

by:anfi
ID: 12168790
telnet port 2525, write "EHLO xxx"(enter) command, check if STARTTLS is listed in the reply.
0
 

Author Comment

by:ingenito
ID: 12169541
Yes it is, here is the reply

250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-STARTTLS
250-DELIVERBY
250 HELP

Here is the reply from port 25:
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP

It looks like ETRN is on port 25 but not 2525.  I am not sure what that is.  Thanks.
0
 

Author Comment

by:ingenito
ID: 12169602
Also, I tried using DAEMON_OPTIONS(`Port=2525, Name=MTA-2, M=a') instead but it still doesn't work.
0
 
LVL 6

Expert Comment

by:anfi
ID: 12169743
Add this to your *.mc file and check if your outlook can send email via encrypted connection to port 2526:

DAEMON_OPTIONS(`Port=2526, Name=MTA-2, M=Es)

NO=> Write which version of outlook to you use
(Outlook/Outlook Express + version number)
0
 
LVL 6

Accepted Solution

by:
anfi earned 100 total points
ID: 12169746
Sotty use the following line:

DAEMON_OPTIONS(`Port=2526, Name=MTA-3, M=Es)
0
 

Author Comment

by:ingenito
ID: 12169849
anfi,

This worked, thanks alot.  I changed the lines in my mc file to:

DAEMON_OPTIONS(`Port=smtp, Name=MTA')
DAEMON_OPTIONS(`Port=2525, Name=MTA-2, M=Es')

and it worked.  Thanks!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now