I'm in Honduras with 2 laptops. My email server is in Texas and requires
authentication. The local ISP is intercepting all outbound SMTP traffic and
routing it to one of his mail servers.
Laptop1 = Fedora9, “shorewall version” yields 4.0.15
eth0=192.168.168.x (Used by Laptop2 (Windows) to hit the net via cross over
cable)
ppp0=10.x.x.x via DHCP (Goes to ISP via HSDPA modem)
masq file contains : “ppp0 eth0”
Everything was working fine till the ISP started intercepting all SMTP
traffic and returning successful status codes thus routing all our outbound
emails into the bit bucket.
I want to rewrite SMTP packets headed for my server in Texas (registered
static IP) to use port 26 instead of 25, so I can bypass the ISP's rules.
Then in Texas, I want to accept all inbound port 26 traffic and rewrite it
to port 25 so the qmail on the box is happy.
I've read the FAQ's, and scoured the DNAT archives and tried every
combination I can think of and can't get this accomplished on my end, never
mind in Texas. Here's a sample of what I tried on laptop1:
DNAT net net:206.123.231.123:26 TCP 25
and several dozen variations.
I test using laptop1 via
telnet 206.123.231.123 25
and always end up on the ISP's box. I run a terminal session with
tcpdump -i ppp0 dst host 206.123.231.123
and always see it going to :smtp instead of :26 .
Where am I going wrong?
BTW - I wrote this using a webmail interface on my server as I can't send
any email normally. 8-)
--
Bill Gradwohl
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
I'm in Honduras with 2 laptops. My email server is in Texas and requires authentication. The local ISP is intercepting all outbound SMTP traffic and routing it to one of his mail servers. Laptop1 = Fedora9, “shorewall version” yields 4.0.15 eth0=192.168.168.x (Used by Laptop2 (Windows) to hit the net via cross over cable) ppp0=10.x.x.x via DHCP (Goes to ISP via HSDPA modem) masq file contains : “ppp0 eth0” Everything was working fine till the ISP started intercepting all SMTP traffic and returning successful status codes thus routing all our outbound emails into the bit bucket. I want to rewrite SMTP packets headed for my server in Texas (registered static IP) to use port 26 instead of 25, so I can bypass the ISP's rules. Then in Texas, I want to accept all inbound port 26 traffic and rewrite it to port 25 so the qmail on the box is happy. I've read the FAQ's, and scoured the DNAT archives and tried every combination I can think of and can't get this accomplished on my end, never mind in Texas. Here's a sample of what I tried on laptop1: DNAT net net:206.123.231.123:26 TCP 25 and several dozen variations. I test using laptop1 via telnet 206.123.231.123 25 and always end up on the ISP's box. I run a terminal session with tcpdump -i ppp0 dst host 206.123.231.123 and always see it going to :smtp instead of :26 . Where am I going wrong? BTW - I wrote this using a webmail interface on my server as I can't send any email normally. 8-) -- Bill Gradwohl ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
bill wrote:> > Where am I going wrong?You are making things much too complicated. Have your server in texas listen on port 26 and configure your mailer to send on port 26. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H
On Sat, Feb 28, 2009 at 08:30:41PM -0600, bill wrote:> > Where am I going wrong? >Set your mail server to use the submission port (587) and then also set your client to use it. It is the standard way to accept new mail. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H
> ... The local ISP is intercepting all outbound SMTP traffic and > routing it to one of his mail servers. ...In my experience an ISP blocking or rerouting port 25 is very common here in north america (forging successful return codes is a new twist though:-). In most cases it''s sold (probably accurately) as an "anti-SPAM measure".> ... I want to rewrite SMTP packets ...That''s the hard way, don''t. The SMTP standard has always set aside separate ports for send and for receive, and every mail program and server already supports them. Both receiving and sending on the same port 25 was just a "shortcut" that has been used so widely folks usually think of it as standard, but it''s not. (Even if you can''t use the standard SMTP sending port, IMHO it''s much easier to just change the mail program''s configuration than to try to "rewrite" packets.)> ... to use port 26 instead of 25 ...Despite widespread documentation, port 26 is often not a good idea. Try the standard SMTP sending port 587 first. One advantage is every mail exchanger and mail program already fully supports it and no packet rewriting is necessary. Another advantage is that most ISPs know what it is and treat it sensibly. thanks -Chuck Kollars ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H
On Sat, 2009-02-28 at 19:04 -0800, Tom Eastep wrote:> You are making things much too complicated. Have your server in texas > listen on port 26 and configure your mailer to send on port 26.I can''t do that as the mail server is there for all inbound mail which is expected to be on the SMTP port. That box also happens to be 5 years old in a colo facility and runs Fedora Core 4 till I can get back there and replace it with a new box and O/S. I can''t chance monkeying with it too much given I''m 2,000 miles away in Honduras. My local mailer here is an Evolution client. I thought of having my client send mail to the local sendmail server on my box, and then have it forward to the box in Texas via an SSH tunnel port 25 to port 25, but my server in Texas needs authentication and sendmail won''t cooperate in sending it. I''ve thought of all the options and the only one that works is via the firewall bypassing the local ISP''s trap by rewriting the packets generated on port 25 to port "somethingelse", i.e. port 26. -- Bill Gradwohl ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H
bill wrote:> On Sat, 2009-02-28 at 19:04 -0800, Tom Eastep wrote: >> You are making things much too complicated. Have your server in texas >> listen on port 26 and configure your mailer to send on port 26. > I can''t do that as the mail server is there for all inbound mail which > is expected to be on the SMTP port.SMTP servers are capable of listening on more than one port. You are going to have to change the configuration on the other end no matter what approach you take. Might as do it right. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H