Running SMTP Postfix on Multiple Ports?

[donb01]

I am familiar with the basic default configuration of postfix and POP mail for my application. I'm running Mandrake 2009 with postfix and vmpop3d, plus AVG E-mail server filter for Linux.

My wonderful employer apparently just blocked port 25 at the firewall so now I can't send mail out from my own server anymore like I have been doing the last 10 years. I assume they probably blocked the port and not the protocol.

So can I configure postfix to listen on both port 25 and also some other port that I can configure outlook at work to use? I assume I would also need to make an additional set of configuration entries for AVG to monitor the new port as well, and I think I can figure that out.

My question (finally) is what changes do I make to postfix to get it listening on an additional port, and what port is a good choice? (AVG is already using 10025).

Thanks

 

[RhythmAce]

It wouldn't do any good to get posfix or any other mail server to listen on a different port. Mail coming in or going out will use port 25 by default. Your boss would have to forward all smtp traffic to your server on a pre arranged port. Since that would defeat the purpose of blocking the port in the first place, there wouldn't be much sense in it.

 

[donb01]

I'm not stupid, but confused. When I configure outlook to send and receive mail port 25 is the default. I can change it to anything I want. So why is it wrong to assume that if postfix is listening - say on port 26 or something that it would not get the communication if outlook is told to use that port?

Thanks for the reply )

 

[Annihilannic]

That would sort out the communication between Outlook and your server; but I'm presuming that the firewall is between your server and the rest of the Internet? If so, you would have to configure every other email server on the Internet to send to your alternate port...

Presumably your organisation has an email gateway (a.k.a. smart host) that you could (and probably should) use instead?

Annihilannic.

 

[donb01]

My organization is blocking me from sending email out my personal server. I'm trying to get around that because our corporate email system has software that encrypts the mail if there are certain keywords in it, etc and that sure makes a mess when you try to send a personal message to someone's blackberry and it bombs because of the encryption junk.

The firewall is between my outlook client and the internet - there is nothing between the internet and my own server (for this purpose anyway). All of the mail to my server from the world will come in on port 25 - I just need a special extra slot for me to use to be able to send mail out from work. It's kinda like having some websites come in on port 80 and others on 8080 - I just need to do the same deal with port 25 for mail... They also use OpenDNS to block most of the internet, but I've found that hotspotshield fixes that right up with a VPN tunnel - I just can't pass mail across that VPN tunnel too though, it doesn't work...

 

[Annihilannic]

Ah, it's make more sense now.

I think you just need to add another line to /etc/postfix/master.cf to listen on an additional port; see man 5 master for details.

Not sure about the AVG stuff.

Annihilannic.

 

[Grenage]

Are you sure it's actually wise to bypass your company's security measures? Isn't that err, a sackable offense?

"We can categorically state that we have not released man-eating badgers into the area" - Major Mike Shearer

 

[donb01]

It may end up even simpler than that. I was told by other IS staff that they blocked the port, but I noticed last night they changed what IP address they are going out on and that IP wasn't on my server's access list. I'll find out in the next hour or so whether my own server security was blocking me - I have everything running off an IP-based access list (only a few send mail through my server) to prevent open relay, etc....

Otherwise I think I figured out how to add the port. Today I actually have to do some major work so may not have time to goof around with it...

Thanks for the help folks.

 

[Noway2]

Just a thought. You are rightfully concerned about security, but is IP filtering necessarilly the correct way to go?

For example have you considered using SASL?

 

[donb01]

I just added the "26" line below to master.cf and now it lets me access the server and says it is sending my mail but I'm not sure exactly where it is going. The log file gives me '250 - message delivered' but they never show up. I suspect AVG is deleting them now and I need to look at that.

smtp inet n - y - - smtpd
26 inet n - y - - smtpd

 

[donb01]

In answer to above, the only people sending mail on my server are on my physical network, me from work, my sister from a fixed location, and another friend or two. It was just easy to toss in the IP addresses.

I'm also using pop-before-smtp which works well too.

 

[donb01]

Final follow-up. The above line with "26" in it being added to postfix's master.cf file and reloading postfix was all that it took to get mail flowing on port 26. Seems to be working good so far. The disappearing message issue was because my company had changed our outbound IP address and that IP was not on the 'auto whitelist' for the spam filter.

Thanks to all.