external mail submission - Unix

This is a discussion on external mail submission - Unix ; I'm trying to set up our corporate e-mail server so that people who are on the road (i.e. outside the corporate network) can send mail through our SMTP server, which is running sendmail. I've got sendmail running with TLS and ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: external mail submission

  1. external mail submission

    I'm trying to set up our corporate e-mail server so that people who
    are on the road (i.e. outside the corporate network) can send mail
    through our SMTP server, which is running sendmail. I've got sendmail
    running with TLS and user/password ("LOGIN" and "PLAIN") authentication
    over the encrypted connection, so that works pretty OK.

    The problem is this: some ISPs and other networks block all outbound
    access to port 25. So, my question is this: is there a standard
    alternate port to use for roving users submitting mail? I thought
    about opening the firewall so that the mail submission port (port
    587) is open to the outside world, and so that outside connections
    require authentication to submit messages to port 587.

    I can think of a few different solutions that would work here (such
    as firewall magic to make port an alternate port pass through to
    the same place as port 25 does), but what I'm really looking for
    is whether there is any kind of standard practice on this. Anyone
    have comments?

    - Logan

  2. Re: external mail submission

    Logan Shaw wrote in on Wed April
    26 2006 22:52:

    > I'm trying to set up our corporate e-mail server so that people who
    > are on the road (i.e. outside the corporate network) can send mail
    > through our SMTP server, which is running sendmail. I've got sendmail
    > running with TLS and user/password ("LOGIN" and "PLAIN") authentication
    > over the encrypted connection, so that works pretty OK.
    >
    > The problem is this: some ISPs and other networks block all outbound
    > access to port 25. So, my question is this: is there a standard
    > alternate port to use for roving users submitting mail? I thought
    > about opening the firewall so that the mail submission port (port
    > 587) is open to the outside world, and so that outside connections
    > require authentication to submit messages to port 587.
    >
    > I can think of a few different solutions that would work here (such
    > as firewall magic to make port an alternate port pass through to
    > the same place as port 25 does), but what I'm really looking for
    > is whether there is any kind of standard practice on this. Anyone
    > have comments?
    >
    > - Logan


    You can run the SSL enabled SMTP service on port 465. The IANA doesn't seem
    to have it listed on their list of well-known ports, though it is the most
    common use for the port that I've seen.

    Linux says that it's SMTPS:

    fd0man@cinnamon:~$ cat /etc/services |grep 465
    ssmtp 465/tcp smtps # SMTP over SSL
    fd0man@cinnamon:~$

    IANA says that it's for something else:
    urd 465/tcp URL Rendesvous Directory for SSM

    However, the mail providers that I use all use 465 for secure SMTP mail
    transport. I would recommend staying with that, unless you have a reason
    not to. You can always use some arbitrary port > 1024, as well; find one
    that isn't blocked for any common reason and you should be good to go.

    - Mike


  3. Re: external mail submission

    Logan Shaw wrote:
    > I'm trying to set up our corporate e-mail server so that people who
    > are on the road (i.e. outside the corporate network) can send mail
    > through our SMTP server, which is running sendmail. I've got sendmail
    > running with TLS and user/password ("LOGIN" and "PLAIN") authentication
    > over the encrypted connection, so that works pretty OK.


    > The problem is this: some ISPs and other networks block all outbound
    > access to port 25. So, my question is this: is there a standard
    > alternate port to use for roving users submitting mail? I thought
    > about opening the firewall so that the mail submission port (port
    > 587) is open to the outside world, and so that outside connections
    > require authentication to submit messages to port 587.


    > I can think of a few different solutions that would work here (such
    > as firewall magic to make port an alternate port pass through to
    > the same place as port 25 does), but what I'm really looking for
    > is whether there is any kind of standard practice on this. Anyone
    > have comments?


    Connecting to 587/tcp with TLS is the standard solution.

    Damian Menscher
    --
    -=#| www.uiuc.edu/~menscher/ Ofc650)253-2757 |#=-
    -=#| The above opinions are not necessarily those of my employers. |#=-

+ Reply to Thread