|
Home > Archive > Unix administration > April 2006 > external mail submission
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
external mail submission
|
|
| Logan Shaw 2006-04-27, 7:57 am |
| I'm trying to set up our corporate e-mail server so that people who
are on the road (i.e. outside the corporate network) can send mail
through our SMTP server, which is running sendmail. I've got sendmail
running with TLS and user/password ("LOGIN" and "PLAIN") authentication
over the encrypted connection, so that works pretty OK.
The problem is this: some ISPs and other networks block all outbound
access to port 25. So, my question is this: is there a standard
alternate port to use for roving users submitting mail? I thought
about opening the firewall so that the mail submission port (port
587) is open to the outside world, and so that outside connections
require authentication to submit messages to port 587.
I can think of a few different solutions that would work here (such
as firewall magic to make port an alternate port pass through to
the same place as port 25 does), but what I'm really looking for
is whether there is any kind of standard practice on this. Anyone
have comments?
- Logan
| |
| Michael B. Trausch 2006-04-27, 7:57 am |
| Logan Shaw wrote in <QlW3g.37570$0Z4.9512@tornado.texas.rr.com> on Wed April
26 2006 22:52:
> I'm trying to set up our corporate e-mail server so that people who
> are on the road (i.e. outside the corporate network) can send mail
> through our SMTP server, which is running sendmail. I've got sendmail
> running with TLS and user/password ("LOGIN" and "PLAIN") authentication
> over the encrypted connection, so that works pretty OK.
>
> The problem is this: some ISPs and other networks block all outbound
> access to port 25. So, my question is this: is there a standard
> alternate port to use for roving users submitting mail? I thought
> about opening the firewall so that the mail submission port (port
> 587) is open to the outside world, and so that outside connections
> require authentication to submit messages to port 587.
>
> I can think of a few different solutions that would work here (such
> as firewall magic to make port an alternate port pass through to
> the same place as port 25 does), but what I'm really looking for
> is whether there is any kind of standard practice on this. Anyone
> have comments?
>
> - Logan
You can run the SSL enabled SMTP service on port 465. The IANA doesn't seem
to have it listed on their list of well-known ports, though it is the most
common use for the port that I've seen.
Linux says that it's SMTPS:
fd0man@cinnamon:~$ cat /etc/services |grep 465
ssmtp 465/tcp smtps # SMTP over SSL
fd0man@cinnamon:~$
IANA says that it's for something else:
urd 465/tcp URL Rendesvous Directory for SSM
However, the mail providers that I use all use 465 for secure SMTP mail
transport. I would recommend staying with that, unless you have a reason
not to. You can always use some arbitrary port > 1024, as well; find one
that isn't blocked for any common reason and you should be good to go.
- Mike
| |
| Damian Menscher 2006-04-27, 1:28 pm |
| Logan Shaw <lshaw-usenet@austin.rr.com> wrote:
> I'm trying to set up our corporate e-mail server so that people who
> are on the road (i.e. outside the corporate network) can send mail
> through our SMTP server, which is running sendmail. I've got sendmail
> running with TLS and user/password ("LOGIN" and "PLAIN") authentication
> over the encrypted connection, so that works pretty OK.
> The problem is this: some ISPs and other networks block all outbound
> access to port 25. So, my question is this: is there a standard
> alternate port to use for roving users submitting mail? I thought
> about opening the firewall so that the mail submission port (port
> 587) is open to the outside world, and so that outside connections
> require authentication to submit messages to port 587.
> I can think of a few different solutions that would work here (such
> as firewall magic to make port an alternate port pass through to
> the same place as port 25 does), but what I'm really looking for
> is whether there is any kind of standard practice on this. Anyone
> have comments?
Connecting to 587/tcp with TLS is the standard solution.
Damian Menscher
--
-=#| <menscher@uiuc.edu> www.uiuc.edu/~menscher/ Ofc 650)253-2757 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-
|
|
|
|
|