Solved

Linux Reassigning Port 25 to 26

Posted on 2008-10-31
10
635 Views
Last Modified: 2013-12-16
We have a program which uses an old Linux RaQ4 to sends mail to members of an organization of teachers, we can not switch to a newer server because this server is white listed by all the schools in the state which is not easy.

We just got a new DSL provider who has a closed Port 25 - we have been told to use Port 26

How can I redirect Port 26 to Port 25 on the old RaQ4 Server.
0
Comment
Question by:intlgd
  • 5
  • 5
10 Comments
 
LVL 20

Expert Comment

by:Daniel McAllister
Comment Utility
Actually, your problem is far deeper than that.

Welcome to DSL (the only ISPs that I know of that do STUPID things like blocking (or filtering) port 25 are all DSL providers. I'll bet you money that they won't make the requisite PTR (aka: reverse-DNS) entry for your new IP address either. You're going to LOVE your new DSL provider! (OUCH! My tongue got too far into my cheek!)

If I were to stand up on my HIGH HORSE, I'd say "Fix the REAL problem -- get a new ISP!" but I try not to climb to those heights...

OK... a little background here... Port 25 (SMTP) is a port that generally has 2 uses:
 a) receiving mail from outside domains for delivery into your (local) domain, and
 b) receiving messages from your internal users for delivery to both outside & inside domains

The only one you can FIX by using an alternate port (your ISP recommended 26, but there's nothing special about port 26) is part b. The rest of the world uses port 25.

So, the next part of the problem is to determine HOW (e.g.: which directions) your new DSL ISP is blocking.
 - Some will block it inbound, in which case your mail server won't be able to receive mail from most outside sources -- only the ones that have been configured especially for your server.
 - Some will block it outbound, in which case they potentially have a "smart host" (aka: mail relay) that could be used to get your outbound emails delivered. Unfortunately, this may break your "whitelisting" -- depending upon the method of whitelist used. If there is no "smart host" and your ISP is blocking outbound port 25, you can work with individual mail servers to arrange for an alternate port. But it's a one-on-one problem, and MOST ISPs won't make a special configuration for your domains.

So you see, if I just told you how to map port 26 to port 26 (and making the mail server listen on another port is usually VERY easy -- but it depends on the mail server program used), you'd get what you asked for -- but it wouldn't do what you need.

The good news is that if they're only blocking outbound port 25, most mail server programs can specifically route through the "smart host", and you'll be fine.

But I return to the easiest fix -- change ISPs back to a REAL provider who doesn't block ports! (If you're locked into a contract, break it with the explanation that they never revealed the limitations of their service to you. They can remove the blocks, or you're going elsewhere).

Good luck -- you've got yourself in a nice little hole there!

I hope this helps!

Dan
IT4SOHO
0
 

Author Comment

by:intlgd
Comment Utility
Actually I know that Port 26 works as I had no problem setting this for my personal email, but I can not do it for the older Linux Server used to contact School Teachers across the state. Schools use the white list approach to blocking SPAM and it was not easy getting on every school white list. Right now I have to take my laptop home where I can connect to Port 25. Since the teacher's association does not always want to wait until I go home at night and I can not change the DSL or move to a newer Server, my only option is to open port 26 to receive SMTP requests instead of port 25 because that DOES work
0
 
LVL 20

Expert Comment

by:Daniel McAllister
Comment Utility
Well, as I mentioned above -- if you've got a limited number of sources of INCOMING e-mail, then using port 26 is just fine -- but note then that the server will NOT be able to receive responses (or any other type of email message) from virtually any mail server on the Internet.

You will have effectively built a server that sends mail but cannot receive it.

If that's what you want, then what you want to do is change the port that the SMTP server is listening on. How to do that will depend upon what mail server you're running.

Please reply with what mail server program you're running, and I'll be happy to point you to the right config file, where you'll add or edit a single value, restart the program and be done with it.

Believe me -- I'm not trying to tell you not to use port 26 -- I just want you to understand the ramifications of using ONLY a non-standard port for SMTP. If you're OK with those ramifications, then cool... what you want to do is rather easy.

Awaiting to hear from you RE: mail server program (e.g.: sendmail, QMail, PostFix, exim, etc.)

Dan
IT4SOHO
0
 

Author Comment

by:intlgd
Comment Utility
It is not Port 110 that needs to be redirected for receiving mail.

It is port 25 that needs to listen to port 26

How is listening to port 26 going to effect incoming mail?

Blair
0
 
LVL 20

Expert Comment

by:Daniel McAllister
Comment Utility
Who said anything about 110? Port 110 is a POP3 port that is used by clients to RETRIEVE mail -- and as far as I can see, hasn't been part of the discussion until now.

Perhaps the term "incoming" threw you? If so, then please understand that from the server's perspective, port 25 is how it receives incoming mail. Those messages may be delivered locally, or relayed to other domains. Depending upon your mail server program, there are LOTS of ways to control who/when/how you deliver mail to outside domains.

But I've never said anything about port 110.

Here's what I HAVE gathered so far:
 - Your DSL ISP will not allow port 25 (standard SMTP) inbound connections to your server.
 - Outbound traffic on port 25 appears to go through without a problem (you said you've tested it)
 - You want your mail server (unknown type) to listen on port 26 (vs. port 25 -- or perhaps on BOTH ports) for receipt of SMTP messages. This is so that messages can be submitted to this server (on port 26) for delivery to a number of other systems who have whitelisted this server.

So I'll say it again... all you need to do is reconfigure your mail server program to listen to a different (or additional) port. MUCH simpler than trying to get your server to take port 26 and "map" it to port 25.

If your mail server was sendmail, you'd just change your senfmail.mc file to add or change the listening port from 25 to 26, re-compile the sendmail.cf file, & restart sendmail.

If it was QMail, you'll change (or add) an entry in your supervise directory for the appropriate run entry (entries).

And so forth. But for specific directions for YOUR server, we'll need to know what program you're using!

Dan
IT4SOHO

Tell me your server type & I'll be able to tell you WHERE to make the change. Again, MOST mail servers can make the adjustment easily -- to either listen to port 26 in addition to, or instead of, port 25.

Awaiting to hear from you RE: mail server program (e.g.: sendmail, QMail, PostFix, exim, etc.)

Dan
IT4SOHO
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:intlgd
Comment Utility
As stated above the server type is a RaQ4 which is what makes it complicated. On our newer servers - this is a no-brainer. I have read a number of posts re using port 26 on Sun Servers, but it seems that the RaQ4 does not deploy many of the easy solutions. My biggest concern in making this change is that doing so will open it to abuse.

Blair
0
 
LVL 20

Expert Comment

by:Daniel McAllister
Comment Utility
I think I understand... as with MOST distributions, the RaQ4 comes "standard" with Sendmail. As you have apparently not added anything else, I'm assuming that your server is indeed running a sendmail SMTP service.

First, something about your system -- The OS is a moderately modified RedHat. However, if you have the Security Hardening Package installed, there is a CERT advisory out against that version of the Cobalt software. The vulnerability is in a CGI script, and can be patched by actually removing part of the SHP patch... details at http://www.cert.org/advisories/CA-2002-35.html include links to Sun (who bought Cobalt and promptly end-of-life'd most of the older Cobalt products) sources to fixes. THIS IS A SERIOUS vulnerability, if you were not already aware of it.

Now, BEFORE I go on, let me say that... IF what I've understood so far is complete & true, THEN all you really need to do to send mail to your schools is to adjust your Mail Client to use what is called a SUBMISSION port... instead of 25 (or 26), just tell your client to use port 587.

If I read my RaQ4 documentation right, that should work just like that, no other mods necessary.

HOWEVER, if that doesn't work, then you'll need to modify your sendmail.cf file. So, you'll want a patch (actually, a package) that will add the ability to manually modify your sendmail configuration from the GUI. I found one at
  ftp://www.zeffie.com/RaQ4-cfbuilder-1.1a-Built-by-Zeffie.com.pkg

Download & install the package, then look for the SENDMAIL.CF button on the BROWN section of the GUI.

In the Sendmail.CF file, you'll want to look for the following lines (these are default, and so may not be present, or may be commented out -- I don't have a RaQ4 system to test):
  DAEMON_OPTIONS(`Port=smtp, Name=MTA')
  DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')

Basically, these (default) settings say that sendmail should listen on port 25 (smtp) and act as an MTA (Mail Transport Agent) for those connections. In addition, it should listen on port 587 (submission) and act as an MSA (Mail Submission Agent). (The M=E part actually turns off some of the filtering, epecifically ERTN).

So, you could either use (force) those 2 lines, or CHANGE the "smtp" part of the MTA line to 26, thus:
  DAEMON_OPTIONS(`Port=26, Name=MTA')
  DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')

In this way, your sendmail server will now listen on ports 26 & 587 (but not 25 -- which is fine, because your ISP is blocking that anyway!)

Sorry if this got too long-winded... but I hope it helps!

Dan
IT4SOHO
0
 

Author Comment

by:intlgd
Comment Utility
I can pico sendmail.cf

It has:
# SMTP daemon options
O DaemonPortOptions=Name=MTA

# SMTP client options
#O ClientPortOptions=Address=0.0.0.0


I suppose this should change to:
# SMTP daemon options
O DaemonPortOptions=Name=MTA
O DaemonPortOptions=Port=587, Name=MSA, M=E

# SMTP client options
#O ClientPortOptions=Address=0.0.0.0

Thanks,
Blair
0
 
LVL 20

Accepted Solution

by:
Daniel McAllister earned 500 total points
Comment Utility
PICO is a fine editing tool, and adding that line may (if it's not already working) turn on port 587 -- HOWEVER, don't forget to restart sendmail to effect the changes!

RaQ4 did quite a bit of "hacking" a RHL distribution -- mainly to support their GUI admin tools. (IMHO, WebMin does a better job of making a GUI for administering a Linux box.)

Let me know how it goes!

Dan
IT4SOHO

0
 

Author Comment

by:intlgd
Comment Utility
That worked.

Thanks,
Blair
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
More or less everybody in the IT market understands the basics of Networking, however when we start talking about Storage Networks, things get a bit dizzier, and this is where I would like to help.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now