A question on port 25

[satimis]

Hi folks,


I'm building a LAMP server on Ubuntu 6.05 drake amd64 running local IP 192.168.0.52 w/o ports forwarded to this IP address.

After finishing installing Postfix mails can be sent to Internet on the server. But it can't receive mails from Internet if w/o port 25 forwarded to its IP address. I can't figure out why it can send mails w/o port 25 forwarded but not the other way round. Please shed me some light. TIA

B.R.
satimis

[secondmouse]

To send emails you don't need port forwarding. To receive (means the email server listens on port 25), if the lamp server is behind the gateway, you'll definitely need port forwarding for it to work. The reason is simple, when the gateway receives tcp 25 requests, it can either takes care of it itself if it runs email service on port 25, or forward the request to your 192.168.0.52 box (regardlessly whether the gateway runs email service or not, depending on your iptables rules)

If the lamp server is the gateway but you still can't see incoming traffic on port 25, you ISP is most likely blocking it.

[satimis]

To send emails you don't need port forwarding. To receive (means the email server listens on port 25), if the lamp server is behind the gateway, you'll definitely need port forwarding for it to work. The reason is simple, when the gateway receives tcp 25 requests, it can either takes care of it itself if it runs email service on port 25, or forward the request to your 192.168.0.52 box (regardlessly whether the gateway runs email service or not, depending on your iptables rules)

Hi secondmouse,


Thanks for your advice.


The mail server, under testing, is behind the gateway controlled by a router. I have to forward port 25 to its local IP, 192.168.0.52, before it can receive mails.


I have only one public IP which is used by a working mail server. To test a new mail server, under building, I have to forward port 25 temporarily to its local IP. Is there a way to get around it? TIA


B.R.
satimis

[secondmouse]

Hi satimis,
I think the easiest way w/o getting an additional public IP involved is:
On your gateway have incoming traffic on tcp port 2525 forwarded to your testing email server on port 25: [ suppose your gateway is Linux box ]

Code:

/sbin/iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xxxx -dport 2525 -j DNAT --to 192.168.0.52:25

xxx.xxx.xxx.xxx is your public IP.

Then on a remote email client, change the sending port to 2525 for testing. Other ports such as 110,143, you can use the same method. Usually the way I test is I prefix the normal ports with "200" or " 20", that is, 25 becomes 20025, 110 becomes 20110. Of course you can select whatever ports you like to test. The goal is to avoid port conflicts with the existing email server.

Good luck.

[satimis]

Hi satimis,
I think the easiest way w/o getting an additional public IP involved is:
On your gateway have incoming traffic on tcp port 2525 forwarded to your testing email server on port 25: [ suppose your gateway is Linux box ]

Code:

/sbin/iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xxxx -dport 2525 -j DNAT --to 192.168.0.52:25

xxx.xxx.xxx.xxx is your public IP.

Hi secondmouse,


I suppose setting above rule on iptables of the mail server under testing? The router is only a simple router on loan from ISP. I don't think I can edit it. If I'm wrong please correct me. Thanks.

Then on a remote email client, change the sending port to 2525 for testing. Other ports such as 110,143, you can use the same method. Usually the way I test is I prefix the normal ports with "200" or " 20", that is, 25 becomes 20025, 110 becomes 20110. Of course you can select whatever ports you like to test. The goal is to avoid port conflicts with the existing email server.

Please explain in more detail. TIA.


If I run yahoo/gmail to test. What can I do?


B.R.
satimis

[secondmouse]

Hi satimis,
Since your current mail server got an public IP, I assume it's either a DMZ host to the router, or the router is a pass-through device (in which case you usually don't have control over, but check with your ISP to make sure).
You can run the iptables on the current mail server (server A) to redirect the 2525 traffic if:

1) server A has a second NIC connected to the 192.168.0.0 network
2) the mail server under testing (server B) uses server A as its default gateway.

Regarding the gmail/yahoo issue, you have the option at all to change the sending port etc. My assumption was you use email clients such as Outlook/Eudora/ThunderBird etc to test by specifying
xxx.xxx.xxx.xxx:2525 in the outgoing smtp server field.

If you still got more questions, could you post along how your network is set up so I can better (hopefully) answer your questions.

B.R.
secondmouse