On 03/16/2015 03:25 PM, Mark Hansel wrote:
Hi,
I want to use a relay host on port 10025. No matter what firewall rules I use, the port
is blocked. I tested this using 2 computers with local connections only. (Isolated from
the overall network by unplugging the router and plugging both computers into the same
switch). The tests involved using telnet to target ports. Error was "connection
refused." Port scans show different, but in important respects, similar results.
Way back in the days of inetd and xinetd, you told the daemon to fire up a
program whenever a port was accessed. I cannot find an analogous process with
SL.
I use postfix as my MTA. The relay host is properly defined in the
configuration file (main.cf). (This configuration worked with Ubuntu and with
Mint Linux.)
OS version is SL7, up to date, running firewalld, fail2ban (b/c of brute force
root attack) with SELINUX active.
Thank you,
m hansel
It is unclear if you are running into a blockage on outbound connections
(to a remote host listening on port 10025) or you have your daemon
(listener/MTA) misconfigured and simply not listening on port 10025.
To get the MTA listening on the port you want, I believe you will have
to edit postfix's master.cf and change the service to the port number
you want.
As for the outbound 10025, there is nothing by default (other than
perhaps SElinux, which I do not presently use) that would block postfix
from relaying to a remote server on port 10025.
Other than that, as you said, relayhost= should be defined in the
main.cf and if you have sasl or other required authnetication, you will
need the necessary auth files setup (i.e. saslpass)
To create a listener for your telnet test, you could use xinetd (still
available in SL7) or just use netcat (netcat -l 10025) to pop one up
quickly.
-Mark
