Solved

ISP blocking port 25 outbound

Posted on 2004-09-27
11
4,376 Views
Last Modified: 2013-12-17
My ISP just started blocking port 25 outbound to reduce spam.  Don't get me started on my feelings baout this, but basically they said if I want unfiltered access I would need to upgrade to the business plan which is double the cost.  Anway, I have sendmail on a remote server that I use to send email.  I have it to listen on port 25 and now I would like to have it listen on port 2525 as well which is not blocked.  The server uses TLS.

If I add DAEMON_OPTIONS(`Port=2525, Name=MTA, M=Ea') to the sendmail.mc then it stops listening on port 25.  If I add

DAEMON_OPTIONS(`Port=smtp, Name=MTA, M=Ea')
DAEMON_OPTIONS(`Port=2525, Name=MTA, M=Ea')

Then it listens on both ports but when someone tries to send me email I get a proper authentication required error.  Can someone help?  Thanks.

0
Comment
Question by:ingenito
  • 5
  • 5
11 Comments
 
LVL 6

Expert Comment

by:anfi
ID: 12162891
Try this:
DAEMON_OPTIONS(`Port=smtp, Name=MTA')
DAEMON_OPTIONS(`Port=2525, Name=MTA-2, M=Ea)

In M= section:
* "E" disables ETRN support
* "a" forces SMTP AUTh from all connecting clients

0
 
LVL 40

Expert Comment

by:jlevie
ID: 12164373
Have you considered using:

dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl


0
 

Author Comment

by:ingenito
ID: 12167461
jlevie,

I tried uncommenting that section but then it disables port 25 which I do not want to do.  I want to have both port 25 and 2525(or whatever other port I really dont care).

anfi,
This works and makes sendmail listen on both ports.  However, port 2525 no does not work correctly.  Port 25 works great, it still requires an SSL connection and a logon.  However, when I change Outlook to use port 2525 instead I get this error from Outlook

'Your ourgoing (SMTP) server does not support SSL-secured connections.  If SSL-secured connections have worked in the past, contact your server administrator'

and this error in the maillog:
Sep 28 04:23:01 ns1 sendmail[3283]: i8S8N1xF003283: ool-4354896d.dyn.optonline.net [67.84.137.109] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-2

And like I said, this works fine from port 25, the only thing I change is the port to 2525.

Thanks for the help
0
 
LVL 6

Expert Comment

by:anfi
ID: 12167646
Sendmail support 2 types of encrypted connections:
a) STARTTLS
it is a special ESMTP command to turn unecrypted connection into encrypted one
b) SMTPS
The connection is enctyped from the very begin

All modern email clients support STARTTLS, some older email client support SMTPS but no STARTTLS.

To make sendmail 8.13 service  SMPTS port use:
DAEMON_OPTIONS(`Port=2525, Name=MTA-2, M=Es)

http://www.sendmail.org/8.13.0.html
[...]
      Support for SMTP over SSL (smtps), activated by Modifier=s
            for DaemonPortOptions.
0
 

Author Comment

by:ingenito
ID: 12168711
anfi,

I want to use STARTTLS, since that is what is working correctly on port 25.  These are the lines from my sendmail.mc file:

DAEMON_OPTIONS(`Port=smtp, Name=MTA')
DAEMON_OPTIONS(`Port=2525, Name=MTA-2, M=Ea')

I still see this error in the log
Sep 28 08:25:37 ns1 sendmail[9558]: i8SCPb9M009558: [12.111.3.130] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-2
Sep 28 08:25:37 ns1 sendmail[9559]: i8SCPb9M009559: [12.111.3.130] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-2

Please help.

0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 6

Expert Comment

by:anfi
ID: 12168790
telnet port 2525, write "EHLO xxx"(enter) command, check if STARTTLS is listed in the reply.
0
 

Author Comment

by:ingenito
ID: 12169541
Yes it is, here is the reply

250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-STARTTLS
250-DELIVERBY
250 HELP

Here is the reply from port 25:
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP

It looks like ETRN is on port 25 but not 2525.  I am not sure what that is.  Thanks.
0
 

Author Comment

by:ingenito
ID: 12169602
Also, I tried using DAEMON_OPTIONS(`Port=2525, Name=MTA-2, M=a') instead but it still doesn't work.
0
 
LVL 6

Expert Comment

by:anfi
ID: 12169743
Add this to your *.mc file and check if your outlook can send email via encrypted connection to port 2526:

DAEMON_OPTIONS(`Port=2526, Name=MTA-2, M=Es)

NO=> Write which version of outlook to you use
(Outlook/Outlook Express + version number)
0
 
LVL 6

Accepted Solution

by:
anfi earned 100 total points
ID: 12169746
Sotty use the following line:

DAEMON_OPTIONS(`Port=2526, Name=MTA-3, M=Es)
0
 

Author Comment

by:ingenito
ID: 12169849
anfi,

This worked, thanks alot.  I changed the lines in my mc file to:

DAEMON_OPTIONS(`Port=smtp, Name=MTA')
DAEMON_OPTIONS(`Port=2525, Name=MTA-2, M=Es')

and it worked.  Thanks!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nearly six years ago I was hired by a company to be their senior server engineer. One of my first projects was to implement Exchange Server 2007 on a Windows Server 2008 Single Copy Cluster for high availability. That was the easy part; read on to l…
Utilizing an array to gracefully append to a list of EmailAddresses
Familiarize people with the process of utilizing SQL Server stored procedures from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Micr…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now