I read several posts about SMTP being blocked at ISP. My ISP has the same limitation. My ADSL connection (1 fixed IP) only permits outbound connection to port 25 to their server. None of those posts answered my need. I tried FAQ also. I have several internal email clients/bots that needs to retrieve/send messages, some of then are notebooks. It''s not fair to change SMTP server to the ISP while internal, and change back to the original SMTP while external. My ideia: redirect all internal connections to any SMTP server on the Net to ISP''s SMTP server. I tried: DNAT loc net:<other.smtp.server> tcp 25 - <my.isp.smtp.server> without success. How can I do this ? -Gilson
On 6 Jan 2003 at 23:07, Gilson Soares wrote:> I read several posts about SMTP being blocked at ISP. > My ISP has the same limitation. > My ADSL connection (1 fixed IP) only permits outbound connection toport 25> to their server. > None of those posts answered my need. I tried FAQ also. > > I have several internal email clients/bots that needs toretrieve/send> messages, some of then are notebooks. > > It''s not fair to change SMTP server to the ISP while internal, andchange> back to the original SMTP while external. > > My ideia: redirect all internal connections to any SMTP server onthe Net> to ISP''s SMTP server. > > I tried: > DNAT loc net:<other.smtp.server> tcp 25 - <my.isp.smtp.server> > without success. > > How can I do this ? > > -GilsonBefore we help you, I gotta ask: Are you a spammer? ;-) (bots with outbound smtp connections always worry me). Since your bots are sometimes inside and sometimes outside your firewall roaming around on laptops, and you have the bandwidth, why not have the laptops connect to your firewall machine by resolvable name, (even a dynamic dns name will do) and some non-blocked port (say 3725). Then configure a MTA on the firewall to forward to your isp''s smpt server. That way you never change anything on the laptops. There are several ways to prevent this from becoming a an open relay, such as pop-before-smtp, smpt-auth, etc, but just having it on a nonstandard port will go a long way. ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386_______________________________________ John S. Andersen NORCOM mailto:JAndersen@norcomsoftware.com Juneau, Alaska http://www.screenio.com/
At 1/6/2003 11:44 PM, you wrote:>On 6 Jan 2003 at 23:07, Gilson Soares wrote: > > > I read several posts about SMTP being blocked at ISP. > > My ISP has the same limitation. > > My ADSL connection (1 fixed IP) only permits outbound connection to >port 25 > > to their server. > > None of those posts answered my need. I tried FAQ also. > > > > I have several internal email clients/bots that needs to >retrieve/send > > messages, some of then are notebooks. > > > > It''s not fair to change SMTP server to the ISP while internal, and >change > > back to the original SMTP while external. > > > > My ideia: redirect all internal connections to any SMTP server on >the Net > > to ISP''s SMTP server. > > > > I tried: > > DNAT loc net:<other.smtp.server> tcp 25 - <my.isp.smtp.server> > > without success. > > > > How can I do this ? > > > > -Gilson > >Before we help you, I gotta ask: Are you a spammer? ;-)Absolutely NO! I work with remote network management.>(bots with outbound smtp connections always worry me). > >Since your bots are sometimes inside and sometimes outside your >firewall roaming around on laptops, and you have the bandwidth, why >not have the laptops connect to your firewall machine by resolvable >name, (even a dynamic dns name will do) and some non-blocked port >(say 3725). >Then configure a MTA on the firewall to forward to your isp''s smpt >server. That way you never change anything on the laptops. > >There are several ways to prevent this from becoming a an open relay, >such as pop-before-smtp, smpt-auth, etc, but just having it on a >nonstandard port will go a long way.I already pay my ISP to be my SMTP delivery. It has many smtp/spam mechanisms that I don''t need to replicate in my installation. I never said this limitation is a problem for me. I just want an easy solution, using Shorewall, for this. -Gilson
On Mon, 2003-01-06 at 19:23, Gilson Soares wrote:> At 1/6/2003 11:44 PM, you wrote: > >On 6 Jan 2003 at 23:07, Gilson Soares wrote: > > > I read several posts about SMTP being blocked at ISP. > > > My ISP has the same limitation. > > > My ADSL connection (1 fixed IP) only permits outbound connection to > > > port 25 to their server.<snip>> > > I have several internal email clients/bots that needs to > > > retrieve/send messages, some of then are notebooks. > > > > > > It''s not fair to change SMTP server to the ISP while internal, and > > > change back to the original SMTP while external.Gilson, Let me see if I understand your question/problem correctly. You have some clients/employees that have laptops setup to use their normal connection (off-site). When they come to your site they''re unable to reach their normal smtp server, because your ISP is blocking the outbound connection.> > > My ideia: redirect all internal connections to any SMTP server on > > > the Net to ISP''s SMTP server.I''m not sure if the smtp protocol will allow redirection in this manner. You may be able to setup redirection rules for each of the client smtp setups to your ISP''s smtp server. This may be what you''re after, but I''m unsure how to tell you to proceed if this is the case. See RFC 2821 ftp://ftp.rfc-editor.org/in-notes/rfc2821.txt The two easiest solutions I see are: 1) switch to an ISP that doesn''t block outbound smtp connections 2) pay for a business connection from your ISP. Business accounts allow for running servers, and usually don''t block outgoing smtp. -- Mike Noyes <mhnoyes @ users.sourceforge.net> http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ http://sitedocs.sf.net/ http://ffl.sf.net/
At 1/7/2003 02:54 AM, Mike Noyes wrote:> > > > My ideia: redirect all internal connections to any SMTP server on > > > > the Net to ISP''s SMTP server. > >I''m not sure if the smtp protocol will allow redirection in this manner.I believe so. My IP is already authenticated at ISP. So, the client intention is to deliver the email to any smtp server. The protocol/dialog is standard for all of them.>You may be able to setup redirection rules for each of the client smtp >setups to your ISP''s smtp server.How ? -Gilson
On Tue, 2003-01-07 at 08:56, Gilson Soares wrote:> At 1/7/2003 02:54 AM, Mike Noyes wrote: > >You may be able to setup redirection rules for each of the client smtp > >setups to your ISP''s smtp server. > > How ?Gilson, As I said in my previous message, I''m unsure. I would think you may run into DNS problems responding for valid smtp hosts on your lan. Other than that vague notion, I have no idea how to accomplish what you''re after. Someone else will need to address your situation. Sorry. -- Mike Noyes <mhnoyes @ users.sourceforge.net> http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ http://sitedocs.sf.net/ http://ffl.sf.net/
This should be the same as setting up a proxy / port forwarding. Something along the lines of: REDIRECT LOC NET:X.X.X.X TCP SMTP (where X.X.X.X is the ISP mail server) Beat me with a flamestick or cluebat if I''m wrong.... Wayne> At 1/7/2003 02:54 AM, Mike Noyes wrote: > > > > My ideia: redirect all internal connections to any SMTP server > > > > on the Net to ISP''s SMTP server. > > > > I''m not sure if the smtp protocol will allow redirection in this > > manner. > > I believe so. My IP is already authenticated at ISP. So, the client > intention is to deliver the email to any smtp server. The > protocol/dialog > is standard for all of them. > > > You may be able to setup redirection rules for each of the client > > smtp setups to your ISP''s smtp server. > > How ? > > -Gilson() Join the ASCII ribbon campaign against HTML email /\ and Microsoft specific attachments. If I wanted to read HTML, I would have visited your website! Support open standards.
On Tue, 2003-01-07 at 08:56, Gilson Soares wrote:> At 1/7/2003 02:54 AM, Mike Noyes wrote: > > > > > My ideia: redirect all internal connections to any SMTP server on > > > > > the Net to ISP''s SMTP server. > > > >I''m not sure if the smtp protocol will allow redirection in this manner. > > I believe so. My IP is already authenticated at ISP. So, the client > intention is to deliver the email to any smtp server. The protocol/dialog > is standard for all of them. > > >You may be able to setup redirection rules for each of the client smtp > >setups to your ISP''s smtp server. > > How ?Gilson, I just noticed this Netfilter patch that may provide you with the redirection you''re looking for. Note: it is a pre Alpha patch. ROUTE http://www.netfilter.org/documentation/pomlist/pom-extra.html#ROUTE -- Mike Noyes <mhnoyes @ users.sourceforge.net> http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ http://sitedocs.sf.net/ http://ffl.sf.net/
Gilson, Mike Noyes post today to this thread prompted me to go back and read it. --On Monday, January 06, 2003 11:07 PM -0200 Gilson Soares <g.soares@datacraft.com.br> wrote:> I read several posts about SMTP being blocked at ISP. > My ISP has the same limitation. > My ADSL connection (1 fixed IP) only permits outbound connection to port > 25 to their server. None of those posts answered my need. I tried FAQ > also. > > I have several internal email clients/bots that needs to retrieve/send > messages, some of then are notebooks. > > It''s not fair to change SMTP server to the ISP while internal, and change > back to the original SMTP while external. > > My ideia: redirect all internal connections to any SMTP server on the Net > to ISP''s SMTP server. > > I tried: > DNAT loc net:<other.smtp.server> tcp 25 - <my.isp.smtp.server> > without success. > > How can I do this ?The other way around: DNAT loc net:<my.isp.smtp.server> tcp 25 - !<my.isp.smtp.server> That will redirect all SMTP traffic from the local network to your ISP''s SMTP server. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Wed, 2003-01-22 at 13:02, Tom Eastep wrote:> --On Monday, January 06, 2003 11:07 PM -0200 Gilson Soares > <g.soares@datacraft.com.br> wrote: > > My ideia: redirect all internal connections to any SMTP server on the Net > > to ISP''s SMTP server. > > > > I tried: > > DNAT loc net:<other.smtp.server> tcp 25 - <my.isp.smtp.server> > > without success. > > > > How can I do this ? > > The other way around: > > DNAT loc net:<my.isp.smtp.server> tcp 25 - !<my.isp.smtp.server> > > That will redirect all SMTP traffic from the local network to your ISP''s > SMTP server.Tom, Nice simple solution to Gilson''s problem. :-) I guess I need to do some more reading to effectively answer queries on this list. :-( -- Mike Noyes <mhnoyes @ users.sourceforge.net> http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ http://sitedocs.sf.net/ http://ffl.sf.net/