• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4400
  • Last Modified:

ISP blocking port 25 outbound

My ISP just started blocking port 25 outbound to reduce spam.  Don't get me started on my feelings baout this, but basically they said if I want unfiltered access I would need to upgrade to the business plan which is double the cost.  Anway, I have sendmail on a remote server that I use to send email.  I have it to listen on port 25 and now I would like to have it listen on port 2525 as well which is not blocked.  The server uses TLS.

If I add DAEMON_OPTIONS(`Port=2525, Name=MTA, M=Ea') to the sendmail.mc then it stops listening on port 25.  If I add

DAEMON_OPTIONS(`Port=smtp, Name=MTA, M=Ea')
DAEMON_OPTIONS(`Port=2525, Name=MTA, M=Ea')

Then it listens on both ports but when someone tries to send me email I get a proper authentication required error.  Can someone help?  Thanks.

0
ingenito
Asked:
ingenito
  • 5
  • 5
1 Solution
 
anfiCommented:
Try this:
DAEMON_OPTIONS(`Port=smtp, Name=MTA')
DAEMON_OPTIONS(`Port=2525, Name=MTA-2, M=Ea)

In M= section:
* "E" disables ETRN support
* "a" forces SMTP AUTh from all connecting clients

0
 
jlevieCommented:
Have you considered using:

dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl


0
 
ingenitoAuthor Commented:
jlevie,

I tried uncommenting that section but then it disables port 25 which I do not want to do.  I want to have both port 25 and 2525(or whatever other port I really dont care).

anfi,
This works and makes sendmail listen on both ports.  However, port 2525 no does not work correctly.  Port 25 works great, it still requires an SSL connection and a logon.  However, when I change Outlook to use port 2525 instead I get this error from Outlook

'Your ourgoing (SMTP) server does not support SSL-secured connections.  If SSL-secured connections have worked in the past, contact your server administrator'

and this error in the maillog:
Sep 28 04:23:01 ns1 sendmail[3283]: i8S8N1xF003283: ool-4354896d.dyn.optonline.net [67.84.137.109] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-2

And like I said, this works fine from port 25, the only thing I change is the port to 2525.

Thanks for the help
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
anfiCommented:
Sendmail support 2 types of encrypted connections:
a) STARTTLS
it is a special ESMTP command to turn unecrypted connection into encrypted one
b) SMTPS
The connection is enctyped from the very begin

All modern email clients support STARTTLS, some older email client support SMTPS but no STARTTLS.

To make sendmail 8.13 service  SMPTS port use:
DAEMON_OPTIONS(`Port=2525, Name=MTA-2, M=Es)

http://www.sendmail.org/8.13.0.html
[...]
      Support for SMTP over SSL (smtps), activated by Modifier=s
            for DaemonPortOptions.
0
 
ingenitoAuthor Commented:
anfi,

I want to use STARTTLS, since that is what is working correctly on port 25.  These are the lines from my sendmail.mc file:

DAEMON_OPTIONS(`Port=smtp, Name=MTA')
DAEMON_OPTIONS(`Port=2525, Name=MTA-2, M=Ea')

I still see this error in the log
Sep 28 08:25:37 ns1 sendmail[9558]: i8SCPb9M009558: [12.111.3.130] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-2
Sep 28 08:25:37 ns1 sendmail[9559]: i8SCPb9M009559: [12.111.3.130] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-2

Please help.

0
 
anfiCommented:
telnet port 2525, write "EHLO xxx"(enter) command, check if STARTTLS is listed in the reply.
0
 
ingenitoAuthor Commented:
Yes it is, here is the reply

250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-STARTTLS
250-DELIVERBY
250 HELP

Here is the reply from port 25:
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP

It looks like ETRN is on port 25 but not 2525.  I am not sure what that is.  Thanks.
0
 
ingenitoAuthor Commented:
Also, I tried using DAEMON_OPTIONS(`Port=2525, Name=MTA-2, M=a') instead but it still doesn't work.
0
 
anfiCommented:
Add this to your *.mc file and check if your outlook can send email via encrypted connection to port 2526:

DAEMON_OPTIONS(`Port=2526, Name=MTA-2, M=Es)

NO=> Write which version of outlook to you use
(Outlook/Outlook Express + version number)
0
 
anfiCommented:
Sotty use the following line:

DAEMON_OPTIONS(`Port=2526, Name=MTA-3, M=Es)
0
 
ingenitoAuthor Commented:
anfi,

This worked, thanks alot.  I changed the lines in my mc file to:

DAEMON_OPTIONS(`Port=smtp, Name=MTA')
DAEMON_OPTIONS(`Port=2525, Name=MTA-2, M=Es')

and it worked.  Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now