Re: relays - port configuration
Le 23 avril 2021 11:11:56 GMT+04:00, Sean Kamath a écrit : >> On Apr 22, 2021, at 13:01, ED Fochler wrote: >> >> No. >> >> You're only trying to send mail. Your ISP is only trying to stop you from >> sending mail. >> >> Mail delivery is meant to be very well defined and easy to identify. If >> your ISP is blocking connections to port 25 then they are blocking all mail, >> spam and otherwise. The solution is to set up a mail server on a network >> that allows mail. This can be a $5/mo cloud server. You can then 'submit' >> mail to your mail server using other ports, but the mail server will talk to >> other mail servers on standard ports, primarily port 25. > >So, I actually have this same problem. > >I do have a VPS, which is my mail server (and have no problems sending mail, >such as this one, using my MUA to connect to the VPS-based MTA). I have about >8 little PCEngines Alix and APU devices, all sitting at home, with an ISP that >blocks port 25 (and lord do I wish I had the option for another ISP). They >all run OpenBSD/OpenSMTP. > >The problem I’ve run into is I’m not sure how to use the submission port to >“submit” mail to my mail server. Since I have the cron emails being sent, how >do I get those routed to the VPS? How do I get basically all the emails for a >couple of users forwarded to the VPS without, you know, relaying mail? > >Do I set up an account on the VPS, and tell SMTPD to relay all mail to my >domain to that submission port? That sounds like relaying, and, as stated >elsewhere in this thread, "Emails must be relayed on port 25.” But relaying to a controlled host, which is nothing like the original issue. >Back in the before-times, I used sendmail’s concept of a smarthost, and just >pointed it at that host, and could also tell it what port to connect on. > >I’m fine with “you can’t relay on any port other than 25”, but then how do I >get the mails the system generates to my mailserver running on the VPS? >Frankly, I think it’s kinda an odd restriction that you MUST use port 25 to >relay mail between hosts if you own both hosts. Yes that would be odd, but this restriction does not exists thanksfully. >If I want to use port 2525, I should be able to the one MTA to relay to the >other MTA on this IP:port combination. I get that OpenSMTPD doesn’t have this >ability, but I don’t see what this breaks if it’s allowed. OpenSMTPD does have this ability, as Demi Marie Obenour pointed out. ;)
Re: relays - port configuration
On 4/23/21 3:11 AM, Sean Kamath wrote: >> On Apr 22, 2021, at 13:01, ED Fochler wrote: >> >> No. >> >> You're only trying to send mail. Your ISP is only trying to stop you from >> sending mail. >> >> Mail delivery is meant to be very well defined and easy to identify. If >> your ISP is blocking connections to port 25 then they are blocking all mail, spam and otherwise. The solution is to set up a mail server on a network that allows mail. This can be a $5/mo cloud server. You can then 'submit' mail to your mail server using other ports, but the mail server will talk to other mail servers on standard ports, primarily port 25. > > So, I actually have this same problem. > > I do have a VPS, which is my mail server (and have no problems sending mail, > such as this one, using my MUA to connect to the VPS-based MTA). I have about 8 little PCEngines Alix and APU devices, all sitting at home, with an ISP that blocks port 25 (and lord do I wish I had the option for another ISP). They all run OpenBSD/OpenSMTP. > > The problem I’ve run into is I’m not sure how to use the submission port to > “submit” mail to my mail server. Since I have the cron emails being sent, > how do I get those routed to the VPS? How do I get basically all the emails > for a couple of users forwarded to the VPS without, you know, relaying mail? > > Do I set up an account on the VPS, and tell SMTPD to relay all mail to my > domain to that submission port? That sounds like relaying, and, as stated > elsewhere in this thread, "Emails must be relayed on port 25.” > > Back in the before-times, I used sendmail’s concept of a smarthost, and just > pointed it at that host, and could also tell it what port to connect on. OpenSMTPD has full smarthost support. Use smtps://your.host:port or smtp+tls://your.host:port OpenSMTPD also supports authenticating this connection, which your mail server should be requiring. Demi OpenPGP_0xB288B55FFF9C22C1.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Re: relays - port configuration
> On Apr 22, 2021, at 13:01, ED Fochler wrote: > > No. > > You're only trying to send mail. Your ISP is only trying to stop you from > sending mail. > > Mail delivery is meant to be very well defined and easy to identify. If your > ISP is blocking connections to port 25 then they are blocking all mail, spam > and otherwise. The solution is to set up a mail server on a network that > allows mail. This can be a $5/mo cloud server. You can then 'submit' mail > to your mail server using other ports, but the mail server will talk to other > mail servers on standard ports, primarily port 25. So, I actually have this same problem. I do have a VPS, which is my mail server (and have no problems sending mail, such as this one, using my MUA to connect to the VPS-based MTA). I have about 8 little PCEngines Alix and APU devices, all sitting at home, with an ISP that blocks port 25 (and lord do I wish I had the option for another ISP). They all run OpenBSD/OpenSMTP. The problem I’ve run into is I’m not sure how to use the submission port to “submit” mail to my mail server. Since I have the cron emails being sent, how do I get those routed to the VPS? How do I get basically all the emails for a couple of users forwarded to the VPS without, you know, relaying mail? Do I set up an account on the VPS, and tell SMTPD to relay all mail to my domain to that submission port? That sounds like relaying, and, as stated elsewhere in this thread, "Emails must be relayed on port 25.” Back in the before-times, I used sendmail’s concept of a smarthost, and just pointed it at that host, and could also tell it what port to connect on. I’m fine with “you can’t relay on any port other than 25”, but then how do I get the mails the system generates to my mailserver running on the VPS? Frankly, I think it’s kinda an odd restriction that you MUST use port 25 to relay mail between hosts if you own both hosts. If I want to use port 2525, I should be able to the one MTA to relay to the other MTA on this IP:port combination. I get that OpenSMTPD doesn’t have this ability, but I don’t see what this breaks if it’s allowed. Sean PS I’ve debated just setting up matching pf rules that accept connections on the internal side on port 25 and route-to the mail server on port 2525, and on the mail server taking connections on port 2525 and sending it to port 25. . . seems like unnecessary pf gymnastics (if it would even work).
Re: relays - port configuration
Hello, ED. From your response, I'm not entirely sure if I explained my intent properly. Sorry if I'm just being dumb, but to clarify: I'm running OpenBSD in a VM on my home machine in hopes of getting better acquainted with the OS for later use in a VPS hopefully. From the VM, I'm trying to send a basic test mail to, for example, any Gmail address. I'm not expecting any inbound mails to the VM (i.e. a "do-not-reply", outbound-only mailer). I'm using the default smtpd.conf file, so if I've understood the documentation correctly, it should be trying to perform MX lookups instead of relying on an external SMTP service, right? I've read that this should be doable anyway? Albeit higher risk of being flagged as spam. So, theoretically, if my ISP did not block port 25, would I then be able to send a mail without the need for an external SMTP service? Or would I likely be getting other errors? Please forgive my lack of knowledge on e-mail protocols and networking in general, and thanks so much for your time! On 4/22/2021 at 10:01 PM, "ED Fochler" wrote:No. You're only trying to send mail. Your ISP is only trying to stop you from sending mail. Mail delivery is meant to be very well defined and easy to identify. If your ISP is blocking connections to port 25 then they are blocking all mail, spam and otherwise. The solution is to set up a mail server on a network that allows mail. This can be a $5/mo cloud server. You can then 'submit' mail to your mail server using other ports, but the mail server will talk to other mail servers on standard ports, primarily port 25. ED. > On 2021, Apr 22, at 3:18 PM, ni...@hush.ai wrote: > > Hi. Is it possible to configure smtpd to relay via a port other than port 25? Since my ISP is blocking port 25, it seems smtpd is failing to perform MX lookups (or some other step?) when I try to send mail, as seen via "tail -f /var/log/maillog". At least, the only solution I've succeeded with so far is to use an external SMTP service (whereby a different port can be set), which I'm trying to avoid if possible. I'm only trying to send mail, nothing else. > > Sample maillog output: > > Apr 22 21:02:12 openbsd smtpd[85598]: smtp-out: Enabling route [] x.x.x.x > Apr 22 21:02:12 openbsd smtpd[85598]: smtp-out: x mta connecting address=smtp://x.x.x.x:25 host=x > Apr 22 21:02:12 openbsd smtpd[85598]: smtp-out: x mta error reason=Connection timeout > Apr 22 21:02:12 openbsd smtpd[85598]: smtp-out: Disabling route [] x.x.x.x > Apr 22 21:02:27 openbsd smtpd[85598]: smtp-out: Enabling route [] x.x.x.x > Apr 22 21:02:27 openbsd smtpd[85598]: smtp-out: x mta error reason=IO Error: No route to host > Apr 22 21:02:27 openbsd smtpd[85598]: smtp-out: Disabling route [] x.x.x.x > Apr 22 21:02:27 openbsd smtpd[85598]: smtp-out: x mta connecting address=smtp://x.x.x.x:25 host=x
Re: relays - port configuration
Le 23 avril 2021 01:24:03 GMT+04:00, ni...@hush.ai a écrit : >> Emails must be relayed on port 25. > >Thanks guys. This is the confirmation I needed. So then it's a limitation due >to protocol specs as opposed to smtpd, yes? It’s a limitation due to the fact most servers listen on port 25 because this is the standard and expected configuration (don’t even remember if there is a mecanism in DNS to specify a non-default port for MTA).
Re: relays - port configuration
> Emails must be relayed on port 25. Thanks guys. This is the confirmation I needed. So then it's a limitation due to protocol specs as opposed to smtpd, yes? > And in any case, I would advise this over trying to set it up at home. I will eventually rent a VPS from a proper provider. I'm really just testing things out right now before maybe realizing this is all too big of a challenge or something. On 4/22/2021 at 11:03 PM, "Archange" wrote: > >Hi, > >Le 23/04/2021 à 00:52, ni...@hush.ai a écrit : >> Hello, ED. From your response, I'm not entirely sure if I >explained my >> intent properly. > >It was very clear. > >> Sorry if I'm just being dumb, but to clarify: I'm running >OpenBSD in a >> VM on my home machine in hopes of getting better acquainted with >the >> OS for later use in a VPS hopefully. From the VM, I'm trying to >send a >> basic test mail to, for example, any Gmail address. I'm not >expecting >> any inbound mails to the VM (i.e. a "do-not-reply", outbound- >only >> mailer). I'm using the default smtpd.conf file, so if I've >understood >> the documentation correctly, it should be trying to perform MX >lookups >> instead of relying on an external SMTP service, right? > >Yes, and it likely did. But then it tried to reach them on port >25, and >failed. > >> I've read that this should be doable anyway? Albeit higher risk >of >> being flagged as spam. > >When sending from home, yes. Some people even totally block IP >coming >from “home ISP”. The reason why your ISP is blocking port 25 and >people >do this, is that most emails coming from those kinds of hosts are >in >fact botnets. > >> So, theoretically, if my ISP did not block port 25, would I then >be >> able to send a mail without the need for an external SMTP >service? Or >> would I likely be getting other errors? > >It should work. But since your ISP *is* blocking port 25, it >won’t. >Emails must be relayed on port 25. > >If you cannot unblock it from your ISP, then the solution is >indeed a >VPS somewhere in a proper data center. Might not even be 5$/month, >VPS >start event at 1$/month if you have very low needs (in this case >just >relaying emails). And in any case, I would advise this over trying >to >set it up at home. > >Regards, >Archange
Re: relays - port configuration
Hi, Le 23/04/2021 à 00:52, ni...@hush.ai a écrit : Hello, ED. From your response, I'm not entirely sure if I explained my intent properly. It was very clear. Sorry if I'm just being dumb, but to clarify: I'm running OpenBSD in a VM on my home machine in hopes of getting better acquainted with the OS for later use in a VPS hopefully. From the VM, I'm trying to send a basic test mail to, for example, any Gmail address. I'm not expecting any inbound mails to the VM (i.e. a "do-not-reply", outbound-only mailer). I'm using the default smtpd.conf file, so if I've understood the documentation correctly, it should be trying to perform MX lookups instead of relying on an external SMTP service, right? Yes, and it likely did. But then it tried to reach them on port 25, and failed. I've read that this should be doable anyway? Albeit higher risk of being flagged as spam. When sending from home, yes. Some people even totally block IP coming from “home ISP”. The reason why your ISP is blocking port 25 and people do this, is that most emails coming from those kinds of hosts are in fact botnets. So, theoretically, if my ISP did not block port 25, would I then be able to send a mail without the need for an external SMTP service? Or would I likely be getting other errors? It should work. But since your ISP *is* blocking port 25, it won’t. Emails must be relayed on port 25. If you cannot unblock it from your ISP, then the solution is indeed a VPS somewhere in a proper data center. Might not even be 5$/month, VPS start event at 1$/month if you have very low needs (in this case just relaying emails). And in any case, I would advise this over trying to set it up at home. Regards, Archange
Re: relays - port configuration
No. You're only trying to send mail. Your ISP is only trying to stop you from sending mail. Mail delivery is meant to be very well defined and easy to identify. If your ISP is blocking connections to port 25 then they are blocking all mail, spam and otherwise. The solution is to set up a mail server on a network that allows mail. This can be a $5/mo cloud server. You can then 'submit' mail to your mail server using other ports, but the mail server will talk to other mail servers on standard ports, primarily port 25. ED. > On 2021, Apr 22, at 3:18 PM, ni...@hush.ai wrote: > > Hi. Is it possible to configure smtpd to relay via a port other than port 25? > Since my ISP is blocking port 25, it seems smtpd is failing to perform MX > lookups (or some other step?) when I try to send mail, as seen via "tail -f > /var/log/maillog". At least, the only solution I've succeeded with so far is > to use an external SMTP service (whereby a different port can be set), which > I'm trying to avoid if possible. I'm only trying to send mail, nothing else. > > Sample maillog output: > > Apr 22 21:02:12 openbsd smtpd[85598]: smtp-out: Enabling route [] <-> x.x.x.x > Apr 22 21:02:12 openbsd smtpd[85598]: smtp-out: x mta connecting > address=smtp://x.x.x.x:25 host=x > Apr 22 21:02:12 openbsd smtpd[85598]: smtp-out: x mta error reason=Connection > timeout > Apr 22 21:02:12 openbsd smtpd[85598]: smtp-out: Disabling route [] <-> x.x.x.x > Apr 22 21:02:27 openbsd smtpd[85598]: smtp-out: Enabling route [] <-> x.x.x.x > Apr 22 21:02:27 openbsd smtpd[85598]: smtp-out: x mta error reason=IO Error: > No route to host > Apr 22 21:02:27 openbsd smtpd[85598]: smtp-out: Disabling route [] <-> x.x.x.x > Apr 22 21:02:27 openbsd smtpd[85598]: smtp-out: x mta connecting > address=smtp://x.x.x.x:25 host=x