https://www.perplexity.ai/search/perplexity-im-delving-a-little-AUH9I.uuTGKeQDVRZd1QBA#3
# Perplexity, I’m delving a little trying to install guix, on the install cd, and I’d like to set up a temporary email account to access the lists. My isp appears to let me connect to port 587 on the gnu mx host. It’s confusing to me to set up normal guix services while still on the install cd. Is there a dead simple postfix setup, or a more simple utility, to just leave running to _receive_ mail? Do I need to maintain a domain or can I get mail at an ip address if I have a stable ip? ## Receiving Mail on Guix Install CD: Practical Approaches While setting up email on the Guix install CD presents challenges, there are several approaches worth considering based on your situation. Let me address your specific questions about receiving mail with minimal setup. ### Can You Receive Mail at an IP Address? Technically, RFC 5321 (the SMTP specification) allows email addresses to use IP literals in the format `user@[192.0.2.1]`. However, this approach has significant practical limitations:[^1_1][^1_2][^1_3] - Most mail servers reject or filter these addresses as spam by default[^1_2] - Multi-domain mail servers need domain names to route messages correctly[^1_2] - The vast majority of sending servers won't attempt delivery to bare IP addresses[^1_4][^1_1] Even with a stable IP, you would need proper MX records or at least an A record pointing to your mail server. Without DNS configuration, receiving mail reliably doesn't seem reasonable.[^1_5][^1_6] ### Simplest Mail Reception Options For minimal mail reception on the install CD, you have a few lightweight options: **1. Basic Postfix (Receive-Only Configuration)** Postfix can be configured minimally to only receive mail. The essential configuration in `/etc/postfix/main.cf` would be:[^1_7][^1_8][^1_9] ``` inet_interfaces = all mydestination = yourdomain.com, localhost mynetworks = 127.0.0.0/8 recipient_delimiter = + ``` This tells Postfix to listen on all interfaces and accept mail for your domain. However, you still need a domain with proper MX records pointing to your IP.[^1_8][^1_9] **2. Fetchmail/Getmail (Retrieval Approach)** If your goal is accessing mailing list archives, a different approach might be more practical: use `fetchmail` or `getmail` to retrieve mail from an existing account. This sidesteps the need to receive mail directly:[^1_10][^1_11][^1_12] - Fetchmail retrieves mail from POP3/IMAP servers and delivers locally[^1_11][^1_13] - Getmail offers similar functionality with simpler configuration[^1_12] - Both can run without complex MTA setup For fetchmail, a basic `~/.fetchmailrc` might look like: ``` poll mail.yourprovider.com proto imap user '[email protected]' password 'PASSWORD' is 'localuser' here ``` **3. Temporary Email Services** For quick mailing list access, consider temporary email services like Guerrilla Mail or use a standard webmail provider. This avoids the complexity of running mail infrastructure on an install CD entirely.[^1_14][^1_15] ### The Guix Services Challenge You're right that setting up Guix services on the install CD is confusing. The install environment isn't designed for running persistent services with the declarative configuration system. Most Guix service examples assume you're on a fully installed system.[^1_16][^1_17][^1_18][^1_19] ### Port 587 Consideration You mentioned your ISP lets you connect to port 587 (submission port) on GNU's MX host. Port 587 is for **sending** mail (client submission), not receiving. For receiving mail, servers need port 25 open, which many ISPs block for residential connections.[^1_20][^1_21][^1_22][^1_23][^1_24] ### Most Practical Recommendation Given your constraints (install CD environment, wanting to access Guix mailing lists), the most reasonable approach would be: 1. **Use a temporary/disposable email service** to subscribe to the lists initially, or 2. **Set up fetchmail/getmail** to retrieve mail from a regular email account (Gmail, etc.) where list mail is delivered[^1_25][^1_26][^1_10] 3. **Wait until after installation** to set up proper mail infrastructure using Guix's declarative mail server services[^1_18] The Guix project's mailing lists are accessible via web archives at yhetil.org and lists.gnu.org, which might be sufficient for reading discussions without setting up mail reception at all.[^1_27][^1_28] Would you like guidance on any specific approach? If you're determined to receive mail directly during installation, I can provide more detailed Postfix configuration, though that path seems less reasonable given the temporary nature of the install environment. <span style="display:none">[^1_29][^1_30][^1_31][^1_32][^1_33][^1_34][^1_35][^1_36][^1_37][^1_38][^1_39][^1_40][^1_41][^1_42][^1_43][^1_44][^1_45][^1_46][^1_47][^1_48][^1_49][^1_50][^1_51][^1_52][^1_53][^1_54][^1_55][^1_56][^1_57][^1_58][^1_59][^1_60][^1_61][^1_62][^1_63][^1_64][^1_65][^1_66][^1_67][^1_68][^1_69][^1_70][^1_71][^1_72][^1_73][^1_74][^1_75][^1_76][^1_77][^1_78][^1_79]</span> <div align="center">⁂</div> [^1_1]: https://stackoverflow.com/questions/26429868/sending-receiving-external-email-without-a-domain-name [^1_2]: https://www.serviceobjects.com/blog/ip-address-vs-domain-in-an-email-address/ [^1_3]: https://digilicious.com/mailbox-address-syntax.html [^1_4]: https://www.reddit.com/r/AskNetsec/comments/1cixo05/what_would_be_the_issue_if_we_send_email_over_ip/ [^1_5]: https://exchangepedia.com/2006/11/rfc-2821-and-the-implicit-mx-rule-can-you-really-get-mail-without-an-mx-record.html [^1_6]: https://www.suped.com/knowledge/email-deliverability/technical/when-is-it-ok-to-deliver-email-without-an-mx-record [^1_7]: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-22-04 [^1_8]: https://docs.gitlab.com/administration/reply_by_email_postfix_setup/ [^1_9]: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/deploying_mail_servers/deploying-and-configuring-a-postfix-smtp-server [^1_10]: https://stackoverflow.com/questions/17044097/how-to-receive-email-using-linux-bash-and-imaps [^1_11]: https://webmin.com/docs/modules/fetchmail-mail-retrieval/ [^1_12]: https://wiki.archlinux.org/title/Getmail [^1_13]: https://www.fetchmail.info/fetchmail-man.html [^1_14]: https://www.reddit.com/r/YouShouldKnow/comments/a0c9tw/ysk_that_you_dont_actually_need_to_share_your/ [^1_15]: https://www.guerrillamail.com [^1_16]: https://systemcrafters.net/craft-your-system-with-guix/full-system-install/ [^1_17]: https://willschenk.com/howto/2019/installing_guix_on_nuc/ [^1_18]: https://ieong.ovh/posts/guix-mail-server/ [^1_19]: https://forum.systemcrafters.net/t/nginx-certbot-config-simple-reverse-proxy-using-guix-services/764 [^1_20]: https://github.com/orgs/docker-mailserver/discussions/3213 [^1_21]: https://community.spiceworks.com/t/which-ports-are-used-for-receiving-an-email/742254 [^1_22]: https://www.reddit.com/r/selfhosted/comments/f62o14/self_hosted_email_how_to_get_around_isp_blocking/ [^1_23]: https://blog.noip.com/my-isp-blocks-smtp-port-25-can-i-still-host-a-mail-server [^1_24]: https://www.hostgator.com/help/article/are-you-able-to-receive-emails-but-not-send [^1_25]: https://phoenixnap.com/kb/linux-mail-command [^1_26]: https://www.digitalocean.com/community/tutorials/send-email-linux-command-line [^1_27]: https://savannah.gnu.org/mail/?group=guix [^1_28]: https://github.com/kitnil/notes/blob/master/guix.org [^1_29]: https://systemcrafters.net/craft-your-system-with-guix/installing-the-package-manager/ [^1_30]: https://www.youtube.com/watch?v=Nk8sprN7oZ0 [^1_31]: https://wiki.archlinux.org/title/Postfix [^1_32]: https://www.noip.com/support/knowledgebase/can-i-run-an-email-server-using-a-free-no-ip-hostname [^1_33]: https://www.youtube.com/watch?v=oSy-TmoxG_Y [^1_34]: https://www.postfix.org/STANDARD_CONFIGURATION_README.html [^1_35]: https://stackoverflow.com/questions/6139032/sending-email-using-ip-address-instead-of-domain-name [^1_36]: https://www.reddit.com/r/GUIX/comments/nznjpm/installing_guix_as_a_complete_gnulinux_system/ [^1_37]: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/deploying_mail_servers/assembly_mail-transport-agent_deploying-mail-servers [^1_38]: https://www.youtube.com/watch?v=WTvS9inXA2M [^1_39]: https://www.youtube.com/watch?v=nK3I4O1GOjI [^1_40]: https://www.postfix.org/BASIC_CONFIGURATION_README.html [^1_41]: https://www.usercheck.com/domain/kucix.com [^1_42]: https://savannah.gnu.org/mail/?group=gwl [^1_43]: https://www.suped.com/knowledge/email-deliverability/technical/is-it-bad-practice-to-send-email-from-a-domain-without-an-mx-record [^1_44]: https://www.zoho.com/mail/help/adminconsole/configure-email-delivery.html [^1_45]: https://linuxvox.com/blog/mailx-command-linux/ [^1_46]: https://www.reddit.com/r/sysadmin/comments/8zk8m1/how_is_email_working_without_a_valid_mx/ [^1_47]: https://stackoverflow.com/questions/20318770/send-mail-from-linux-terminal-in-one-line [^1_48]: https://www.reddit.com/r/techsupport/comments/1bq0qgi/no_mx_record_for_domain_message_when_i_email_a/ [^1_49]: https://dev.to/letsbsocial1/how-to-sendreceive-local-emails-in-linux-mintvirtualbox-33i8 [^1_50]: https://www.mailenable.com/forum/viewtopic.php?t=22588 [^1_51]: https://stackoverflow.com/questions/57410259/how-to-send-an-email-using-sendmail-command-in-linux [^1_52]: https://mailtrap.io/blog/setup-smtp-server/ [^1_53]: https://docker-mailserver.github.io/docker-mailserver/latest/config/advanced/mail-fetchmail/ [^1_54]: https://github.com/lfam/guix/blob/master/gnu/packages/mail.scm [^1_55]: https://runcloud.io/blog/best-self-hosted-email-server [^1_56]: https://wiki.deimos.fr/fetchmail-the-ultimate-mail-collector/ [^1_57]: https://www.youtube.com/watch?v=QS5MnN_fits [^1_58]: https://contabo.com/blog/linux-mail-server-setup-and-configuration/ [^1_59]: https://99rdp.com/the-top-15-mail-servers-for-linux/ [^1_60]: https://stackoverflow.com/questions/1298771/setting-up-a-mra-fetchmail-getmail-to-pull-all-folders-from-gmail-over-pop-ima [^1_61]: https://www.youtube.com/watch?v=0OSU7u5cFCM [^1_62]: https://www.reddit.com/r/selfhosted/comments/1kv852x/whats_the_easiest_most_lightweight_mail_server/ [^1_63]: https://systemcrafters.net/craft-your-system-with-guix/how-to-organize-your-config/ [^1_64]: https://www.gmass.co/blog/smtp-server-linux/ [^1_65]: https://www.linode.com/docs/guides/using-fetchmail-to-retrieve-email/ [^1_66]: https://www.reddit.com/r/GUIX/comments/p9n8xd/does_guix_have_modules_options_that_abstract_away/ [^1_67]: https://www.reddit.com/r/exchangeserver/comments/1b7turx/i_can_send_email_without_authentication_with/ [^1_68]: https://perkinstuff.com/nullmailer-simple-mail-transfer-agent/ [^1_69]: https://opensourcehacker.com/2013/01/02/sendmail-using-nullmailer-and-gmail-account-on-linux-server/ [^1_70]: https://wiki.debian.org/nullmailer [^1_71]: https://stackoverflow.com/questions/39510992/gmail-responds-with-not-valid-rfc-5321-address-error-for-rcpt-but-not-mail-ver [^1_72]: https://wiki.alpinelinux.org/wiki/Relay_email_(nullmailer) [^1_73]: https://datatracker.ietf.org/doc/html/rfc5321 [^1_74]: https://ps.zoethical.org/t/nullmailer-setup/8727 [^1_75]: https://en.wikipedia.org/wiki/Email_address [^1_76]: https://www.gurutechnologies.net/blog/nullmailer-simple-mta/ [^1_77]: https://www.tech-invite.com/y50/tinv-ietf-rfc-5321-3.html [^1_78]: https://stackoverflow.com/questions/18139102/how-to-get-around-an-isp-block-on-port-25-for-smtp [^1_79]: https://managingwp.io/2023/03/22/sending-email-from-your-server-using-an-mta-or-null-mailer-mail-transport-agent/ --- # Can you tell me how MX records work? Could i receive mail at any domain I can set an mx record for? Are there public subdomains where one could do that freely? What do most people do to receive mail in their basement? ## Understanding MX Records and Home Email Setup Let me walk you through how MX records work and the practical realities of receiving email at home. ### How MX Records Work MX (Mail Exchange) records are DNS entries that tell the email system which mail servers are responsible for accepting incoming email for a domain. When someone sends email to `[email protected]`, here's what happens:[^2_1][^2_2][^2_3][^2_4][^2_5] 1. **DNS Lookup**: The sender's mail server queries DNS for the MX records of `example.com` 2. **Priority Selection**: MX records include priority numbers (lower = higher priority). The sending server tries the highest priority server first[^2_2][^2_6] 3. **SMTP Connection**: Once the correct mail server is identified, an SMTP connection is established on port 25[^2_3] 4. **Delivery**: The email is delivered to your mail server A typical MX record looks like:[^2_6][^2_5] ``` example.com. MX 10 mail.example.com. example.com. MX 20 backup.example.com. ``` The multiple records provide redundancy—if the primary server (priority 10) is unavailable, mail routes to the backup (priority 20).[^2_2][^2_3] ### Can You Receive Mail at Any Domain with MX Records? **In theory, yes**—you can receive mail at any domain where you control the MX records. When you set an MX record pointing to your server, you're telling the world "this is where email for this domain should be delivered". However, there are critical practical requirements beyond just setting the MX record:[^2_4][^2_7][^2_8][^2_1] - **A valid A record**: Your MX record must point to a hostname that has an A record pointing to an actual IP address[^2_9][^2_5] - **Port 25 accessibility**: Your mail server must be reachable on port 25 for incoming SMTP connections[^2_10][^2_11][^2_12] - **Reverse DNS (PTR record)**: Your IP should have proper reverse DNS configured[^2_13][^2_14][^2_15] - **Static IP address**: Dynamic IPs create serious deliverability problems[^2_16][^2_17][^2_18] ### Free Subdomains for Email Regarding free subdomains where you could set MX records, the situation is somewhat limited: **FreeDNS (afraid.org)** does support MX records on their free subdomains. You can create MX records on domains you host there. However, users report mixed experiences.[^2_19][^2_20][^2_21][^2_22] **DuckDNS** has very limited DNS functionality—it provides only A/AAAA records and one TXT record. They do create a hardcoded MX record pointing to your subdomain, but you cannot customize it or point it elsewhere. This doesn't seem reasonable for proper email hosting.[^2_23] **deSEC (dedyn.io)** previously offered free subdomains under `dedyn.io` and is a full-featured DNS provider that would support MX records. However, as of recent reports, dynDNS registrations under dedyn.io are suspended. If you have your own domain, you can still use deSEC as your DNS provider with full MX record support.[^2_24][^2_25][^2_26][^2_27][^2_28] ### What Most People Do for Basement Email The harsh reality is that **most people don't successfully run email servers from home**. Here's why and what they actually do:[^2_29][^2_30][^2_31][^2_18] **The Residential IP Problem**:[^2_17][^2_30][^2_31][^2_32][^2_33] - Most ISPs block port 25 (both inbound and outbound) on residential connections[^2_33][^2_34][^2_35][^2_10] - Residential IP ranges are blacklisted by major email providers as spam prevention[^2_31][^2_16][^2_17] - Even with port 25 open, residential IPs are highly suspect[^2_30][^2_17] - Dynamic IPs make SPF records invalid every time your IP changes[^2_18][^2_17] - No SLA guarantees on residential connections—downtime means lost email[^2_30][^2_18] **What Self-Hosters Actually Do**:[^2_36][^2_37][^2_29][^2_17] 1. **VPS-based hosting**: Rent a cheap VPS (\$3-5/month) with a clean IP and run Mail-in-a-Box or similar[^2_38][^2_39][^2_40][^2_14][^2_29][^2_13] 2. **SMTP relay for sending**: Keep a home server but relay outgoing mail through a service like SendGrid, Mailgun, or Amazon SES[^2_11][^2_12][^2_37][^2_17] 3. **Email forwarding services**: Use services like ImprovMX or Zoho to forward emails from your domain to a regular Gmail/Outlook account[^2_41] 4. **Business ISP connection**: Upgrade to business-tier internet with static IP and unblocked port 25[^2_16][^2_31] 5. **External mail service entirely**: Use Google Workspace, Proton, or other hosted email with your custom domain[^2_7][^2_42] **Mail-in-a-Box** is popular among self-hosters because it automates DNS configuration including MX records. But it requires a VPS with a non-residential IP, static addressing, and unblocked port 25.[^2_40][^2_14][^2_15][^2_13][^2_36] ### The Port 25 Blocker Issue Even if you set up perfect MX records, if port 25 is blocked (inbound or outbound), email won't work:[^2_12][^2_10][^2_11] - **Blocked outbound port 25**: You can't send email directly; must use SMTP relay on port 587[^2_10][^2_11] - **Blocked inbound port 25**: You cannot receive email at all—there's no workaround for this[^2_37][^2_11][^2_12] Port 587 is for **submission** (sending from email clients), not for server-to-server mail transfer. MX records always expect port 25 for delivery.[^2_12][^2_10] ### Bottom Line While it's technically possible to receive email anywhere you control MX records and have a reachable server, the practical barriers for home hosting are substantial. The port 25 requirement, IP reputation issues, and reliability concerns make basement email servers challenging. Most successful self-hosters either use a VPS or hybrid approaches with SMTP relays.[^2_29][^2_17][^2_18][^2_30] For your Guix install CD situation, using a temporary email service or standard webmail account still seems more reasonable than trying to configure email reception on temporary installation media with residential connectivity constraints. <span style="display:none">[^2_43][^2_44][^2_45][^2_46][^2_47][^2_48][^2_49][^2_50][^2_51][^2_52][^2_53][^2_54][^2_55][^2_56][^2_57][^2_58][^2_59][^2_60]</span> <div align="center">⁂</div> [^2_1]: https://abnormal.ai/glossary/mx-record [^2_2]: https://www.proofpoint.com/us/threat-reference/mx-record [^2_3]: https://heimdalsecurity.com/blog/understanding-dns-mx-records-and-their-role-in-email-security/ [^2_4]: https://postale.io/blog/the-mx-record-explained/ [^2_5]: https://mailtrap.io/blog/dns-mx-records/ [^2_6]: https://www.mailreach.co/blog/mx-record-why-does-it-matter [^2_7]: https://support.google.com/a/answer/16004259?hl=en [^2_8]: https://www.reddit.com/r/dns/comments/1an2mdq/adding_mx_records_for_subdomain/ [^2_9]: https://www.dynu.com/Resources/Tutorials/DynamicDNS/CreateMXRecord [^2_10]: https://help.dreamhost.com/hc/en-us/articles/217071167-Port-25-Blocking [^2_11]: https://forwardemail.net/en/guides/port-25-blocked-by-isp-workaround [^2_12]: https://support.plesk.com/hc/en-us/articles/12377774694423-Is-it-possible-to-use-another-port-for-SMTP-relaying-of-emails-if-25-port-is-blocked-by-ISP-or-server-provider [^2_13]: https://najigram.com/2023/07/mail-in-a-box-email-server-setup/ [^2_14]: https://www.digitalocean.com/community/tutorials/how-to-run-your-own-mail-server-with-mail-in-a-box-on-ubuntu-14-04 [^2_15]: https://blog.alphavps.com/setting-up-your-own-mail-server-with-mail-in-a-box/ [^2_16]: https://proton.me/blog/private-email-server [^2_17]: https://techdecode.online/decode/billionmail/ [^2_18]: https://www.reddit.com/r/homelab/comments/wfg8pd/hosting_a_home_mail_server_with_dynamic_dns/ [^2_19]: https://www.reddit.com/r/webhosting/comments/1ubp2n/ddns_and_email_hosting/ [^2_20]: https://freedns.afraid.org/signup/features/ [^2_21]: https://community.spiceworks.com/t/freedns-afraid-org/442541 [^2_22]: https://freedns.afraid.org/faq/type.php [^2_23]: https://www.reddit.com/r/selfhosted/comments/1aqqpoq/duckdns_addremove_records/ [^2_24]: https://www.reddit.com/r/selfhosted/comments/13kyngc/finding_a_free_subdomainprovider_with_decent_dns/ [^2_25]: https://talk.desec.io/t/subdomain-free-at-desec/1007 [^2_26]: https://wiki.r-selfhosted.com/guides/software/web-hosting/getting-a-free-domain-and-tls-certificates/ [^2_27]: https://lmfaowhocareas.bearblog.dev [^2_28]: https://www.reddit.com/r/webdev/comments/wybyds/is_there_a_free_subdomain_provider_that_allows/ [^2_29]: https://www.reddit.com/r/selfhosted/comments/12ohez7/how_do_i_host_my_own_email/ [^2_30]: https://www.reddit.com/r/selfhosted/comments/17w21f8/selfhosted_email_server_at_home_with_residential/ [^2_31]: https://www.youtube.com/watch?v=awZoWqJHnBU [^2_32]: https://github.com/VedikaBang/Sending-Email-from-a-Residential-ISP [^2_33]: https://blog.noip.com/my-isp-blocks-smtp-port-25-can-i-still-host-a-mail-server [^2_34]: https://github.com/orgs/docker-mailserver/discussions/3213 [^2_35]: https://www.reddit.com/r/selfhosted/comments/f62o14/self_hosted_email_how_to_get_around_isp_blocking/ [^2_36]: https://www.reddit.com/r/mailserver/comments/1g3bluk/mailinabox_setup_guide/ [^2_37]: https://www.reddit.com/r/selfhosted/comments/nl6k33/setting_up_a_mail_server_when_port_25_inbound_is/ [^2_38]: https://www.bluehost.com/blog/host-your-own-email-server/ [^2_39]: https://www.hostinger.com/tutorials/how-to-host-your-own-email-server [^2_40]: https://mailinabox.email [^2_41]: https://forum.infinityfree.com/t/how-can-i-make-free-business-email-on-infinityfree-subdomains/82702 [^2_42]: https://moosend.com/blog/free-email-domain-providers/ [^2_43]: https://themeisle.com/blog/free-email-domain/ [^2_44]: https://runcloud.io/blog/best-self-hosted-email-server [^2_45]: https://powerdmarc.com/what-is-a-dns-mx-record/ [^2_46]: https://www.reddit.com/r/synology/comments/1cjb0pd/howto_freedns_ddns_dyndns_afraidorg/ [^2_47]: https://www.youtube.com/watch?v=Dm5MyuUdq2s [^2_48]: https://www.youtube.com/watch?v=mu02Ute0VTI [^2_49]: https://www.youtube.com/watch?v=Dme1vZU-G4w [^2_50]: https://sensorsiot.github.io/IOTstack/Containers/Duckdns/ [^2_51]: https://www.home-assistant.io/integrations/duckdns/ [^2_52]: https://freedns.afraid.org [^2_53]: https://talk.desec.io/t/subdomains-where/839 [^2_54]: https://mailinabox.email/guide.html [^2_55]: https://stackoverflow.com/questions/18139102/how-to-get-around-an-isp-block-on-port-25-for-smtp [^2_56]: https://www.linode.com/docs/guides/mail-in-a-box-email-server/ [^2_57]: https://learn.microsoft.com/en-us/answers/questions/2259831/smtp-port-25-is-blocked-need-to-unblock [^2_58]: https://www.reddit.com/r/selfhosted/comments/16onn8n/looking_for_a_free_domain_that_offers_its/ [^2_59]: https://www.youtube.com/watch?v=dAaDLUmzJ1I [^2_60]: https://www.authsmtp.com/faqs/faq-4.html --- # Let’s think optimistically here. This router uses remote administration nobody knows the login to at this time, but since it’s a home router there are likely network protocols that would tell it to forward a port for an application on the LAN. I’m on iOS right now, but also have the guix machine nearby it might change my state of mind to go back to it, many other projects. Is there a reasonable way to _test_ if my isp lets port 25 through, and if the router lets me forward it temporarily? # Testing Port 25 and Automatic Port Forwarding: A Practical Guide Great thinking! Let me walk you through how to test whether your ISP allows port 25 through and how UPnP/NAT-PMP could help you with automatic port forwarding—all while keeping things optimistic about what might be possible. ## Testing If Your ISP Allows Port 25 ### From iOS On iOS, you can test port connectivity using simple apps or online tools:[^3_1][^3_2] **Using an iOS Port Scanning App**: - Install "iNetTools Free" from the App Store[^3_1] - Choose "Port Scan" - Enter a known mail server address (like `smtp.gmail.com` or `smtp.gnu.org`) - Enter port 25 - Tap "Start" - If it shows "Open," port 25 is accessible from your connection[^3_1] **Using Online Port Checkers**: >From Safari on your iOS device, visit services like:[^3_3][^3_4][^3_2] - portchecker.co - yougetsignal.com/tools/open-ports - dnschecker.org/port-scanner.php - openportchecking.com These services test from the outside whether your external IP has port 25 open and reachable.[^3_4][^3_2][^3_3] ### From Your Guix Machine The classic method uses telnet to test port 25 connectivity:[^3_5][^3_6][^3_7][^3_8][^3_9] ```bash telnet smtp.gmail.com 25 ``` **If port 25 is accessible**, you'll see something like:[^3_10][^3_5] ``` 220 smtp.gmail.com ESMTP ``` **If port 25 is blocked**, you'll get:[^3_11][^3_5][^3_10] ``` telnet: connect to address XX.XX.XX.XX: Connection refused telnet: Unable to connect to remote host ``` or a timeout after waiting.[^3_9][^3_12][^3_11] You can also test against specific port-testing services:[^3_13][^3_10] ```bash telnet portquiz.net 25 ``` ### Testing If Inbound Port 25 Can Be Opened To test whether you can receive connections on port 25, you need something listening on that port first. From your Guix machine, you could run a simple listener:[^3_14][^3_13] **Using Python**:[^3_13] ```bash sudo python3 -m http.server 25 ``` Then test from an external service like yougetsignal.com whether port 25 on your external IP is reachable.[^3_15][^3_2][^3_3] **Using netcat**:[^3_13] ```bash sudo nc -l 25 ``` This creates a listener on port 25 that you can then test from outside.[^3_13] ## Automatic Port Forwarding Protocols You're absolutely right that home routers often support protocols for automatic port forwarding! There are two main ones: ### UPnP (Universal Plug and Play) UPnP allows applications to automatically request port forwarding from your router without manual configuration:[^3_16][^3_17][^3_18][^3_19] **How it works**:[^3_17][^3_18][^3_19][^3_16] 1. Application discovers the router via UPnP 2. Application requests port forwarding (e.g., "forward external port 25 to my internal IP port 25") 3. Router automatically creates the mapping 4. When done, the application can remove the mapping **Requirements**:[^3_18][^3_16] - Router must support UPnP (most modern routers do) - UPnP must be enabled on the router (often enabled by default on TP-Link, ASUS, etc.)[^3_16][^3_18] - The application must support UPnP to make the requests[^3_18][^3_16] **Note**: UPnP has security concerns because it lacks authentication—any device on your LAN can request port forwards. However, for temporary testing, this seems reasonable.[^3_19][^3_17][^3_18] ### NAT-PMP (NAT Port Mapping Protocol) NAT-PMP is Apple's alternative to UPnP, introduced in 2005 as part of Bonjour. It's simpler and more lightweight than UPnP:[^3_20][^3_21][^3_22] **Key features**:[^3_21][^3_22][^3_23][^3_20] - Uses UDP on ports 5350 (client) and 5351 (server) - Provides automatic port mapping with known expiration times - Supported by Apple routers (AirPort, etc.) and increasingly by other vendors[^3_20][^3_21] - Superseded by Port Control Protocol (PCP) but still widely used[^3_22][^3_21][^3_20] ## Testing UPnP/NAT-PMP on Your Network ### Checking if Your Router Supports UPnP >From your Guix machine, you could install and use command-line UPnP tools to discover if your router responds:[^3_18][^3_13] Many Linux systems have `upnpc` (miniupnpc client) available. You could test: ```bash upnpc -l ``` This lists current UPnP mappings on your router.[^3_24][^3_18] ### iOS and Port Forwarding While iOS itself doesn't provide built-in UPnP testing apps that I found strong evidence for, there are frameworks available for developers:[^3_25][^3_26][^3_24] - **TCMPortMapper**: A Cocoa framework that can request port mappings via UPnP or NAT-PMP[^3_25][^3_24] - **DNSServiceNATPortMappingCreate()**: Native iOS API in dns_sd.h for NAT-PMP port mapping[^3_26] However, these require custom app development rather than being user-accessible testing tools.[^3_26][^3_25] ### Manual Testing of NAT-PMP You can test NAT-PMP from Linux using `natpmpc`:[^3_27] ```bash natpmpc -g 10.2.0.1 ``` This queries the gateway about NAT-PMP support. If supported, you could request a port mapping:[^3_23][^3_27] ```bash natpmpc -a 1 0 tcp 60 -g 10.2.0.1 ``` This requests forwarding of an external TCP port to your machine.[^3_23][^3_27] ## Realistic Expectations for Port 25 Here's the optimistic-but-honest assessment: **What seems reasonably possible**: - Testing whether your ISP blocks outbound port 25 (likely takes 2-3 minutes with telnet)[^3_6][^3_5][^3_9] - Discovering if your router supports UPnP/NAT-PMP (5-10 minutes with command-line tools)[^3_24][^3_18] - Requesting automatic port forwarding for testing purposes via UPnP if supported[^3_16][^3_18] **What doesn't seem as reasonable**: - Most residential ISPs block both inbound and outbound port 25[^3_8][^3_28][^3_29][^3_11] - Even with UPnP working perfectly, if your ISP blocks port 25 at their level, port forwarding won't help[^3_28][^3_29][^3_3] - Port 25 is commonly blocked at the ISP level to reduce spam, and this blocking happens upstream of your router[^3_29][^3_11][^3_8][^3_3] ## Recommended Testing Sequence Here's an optimistic path forward for testing: 1. **Quick telnet test from Guix machine** (2 min):[^3_5][^3_6] ```bash telnet smtp.gmail.com 25 ``` 2. **Online external port test** from iOS (2 min):[^3_3][^3_4] - Visit yougetsignal.com/tools/open-ports/ - Test your external IP on port 25 3. **Check router for UPnP** support (5 min):[^3_16][^3_18] - If you can access router web interface, look for UPnP setting - Or use `upnpc -l` from Guix machine if available 4. **Test simple listener** (5 min):[^3_13] - Run `sudo python3 -m http.server 25` on Guix machine - Test from external port checker[^3_4][^3_3] - This tells you if inbound port 25 can reach your network at all This sequence would give you definitive answers about both ISP blocking and router capabilities without needing admin access to the router—the UPnP protocol bypasses that need if it's enabled.[^3_17][^3_18][^3_16] The fact that you can connect to port 587 on GNU's MX host suggests your ISP at least allows outbound SMTP on submission ports, which is encouraging for eventual email sending even if port 25 is blocked for reception.[^3_9][^3_29] <span style="display:none">[^3_30][^3_31][^3_32][^3_33][^3_34][^3_35][^3_36][^3_37][^3_38]</span> <div align="center">⁂</div> [^3_1]: https://www.ysoft.com/knowledge/ios-test-and-verify-ports-from-apple-device-to-server [^3_2]: https://dnschecker.org/port-scanner.php [^3_3]: https://www.yougetsignal.com/tools/open-ports/ [^3_4]: https://www.openportchecking.com [^3_5]: https://www.siteground.com/kb/check-port-blocked-isp/ [^3_6]: https://inguide.in/how-to-check-if-port-25-is-open-or-not/ [^3_7]: https://www.youtube.com/watch?v=ugERWGw7x_k [^3_8]: https://www.maxprog.com/site/support/us/maxbulkmailer/port-25-blocking-how-to-find-out.php [^3_9]: https://portal.datapacket.net/knowledgebase/18/How-to-Check-if-Your-ISP-Blocks-SMTP-Port-25.html [^3_10]: https://www.notepage.net/manuals/pg/v8/server/html/testing-port-25.htm [^3_11]: https://www.maxprog.com/site/support/us/emailverifier/port-25-blocking-how-to-find-out.php [^3_12]: https://www.reddit.com/r/sysadmin/comments/10wxvte/how_to_prove_that_port_25_outgoing_connection_is/ [^3_13]: https://www.reddit.com/r/selfhosted/comments/uzvdna/any_way_to_check_if_port_25_is_blocked_or/ [^3_14]: https://help.brevo.com/hc/en-us/articles/11228044967954-Check-if-an-SMTP-port-is-open-on-a-server [^3_15]: https://www.portcheckers.com [^3_16]: https://community.tp-link.com/us/home/kb/detail/348 [^3_17]: https://blog.qnap.com/en/what-is-upnp-port-forwarding-en/ [^3_18]: https://www.homenethowto.com/ports-and-nat/upnp-automatic-port-forward/ [^3_19]: https://protonvpn.com/blog/upnp [^3_20]: https://en.wikipedia.org/wiki/NAT_Port_Mapping_Protocol [^3_21]: https://en.wikipedia.org/wiki/NAT-PMP [^3_22]: https://datatracker.ietf.org/doc/html/rfc6886 [^3_23]: https://www.rapid7.com/blog/post/2014/10/21/r7-2014-17-nat-pmp-implementation-and-configuration-vulnerabilities/ [^3_24]: https://www.codingmonkeys.de/portmap/ [^3_25]: https://stackoverflow.com/questions/7147932/port-forwarding-in-iphone [^3_26]: https://stackoverflow.com/questions/9090956/iphone-upnp-port-mapping [^3_27]: https://protonvpn.com/support/port-forwarding-manual-setup [^3_28]: https://forwardemail.net/en/guides/port-25-blocked-by-isp-workaround [^3_29]: https://help.dreamhost.com/hc/en-us/articles/217071167-Port-25-Blocking [^3_30]: https://stackoverflow.com/questions/44461516/esp8266-upnp-port-forwarding-iot [^3_31]: https://www.reddit.com/r/HomeNetworking/comments/1755a43/help_understanding_upnp_port_forwarding_with/ [^3_32]: https://help.videoexpertsgroup.com/kb/upnp-port-forwarding [^3_33]: https://apps.apple.com/us/app/port-forwarding-wizard/id588638252 [^3_34]: https://hackertarget.com/nmap-online-port-scanner/ [^3_35]: https://www.reddit.com/r/qBittorrent/comments/fw83nm/proper_use_of_option_to_use_upnp_natpmp_port/ [^3_36]: https://gbhackers.com/open-port-scanner-port-checker-tools/ [^3_37]: https://www.reddit.com/r/mikrotik/comments/1gim8hy/automatic_port_forwarding_natpmp_upnp_from/ [^3_38]: https://www.xldevelopment.net/upnpwiz.php --- # If port 25 is blocked, and I want to have maximal control over my mail reception for a bit, what other options are there? Can I receive mail via tor, nym, i2p, yggdrasil, anything else? Are there community mail forwarding networks, or nonprofits hosting something? # Alternative Email Reception Options Beyond Port 25 Great optimistic thinking! If port 25 is blocked, there are indeed several alternative networks and services that could give you more control over your mail reception. Let me explore the full landscape of options. ## Privacy Network Email Solutions ### I2P Email Services **I2P-Bote** is perhaps the most sophisticated serverless email system. It's a plugin for I2P that stores emails in a distributed hash table, eliminating the need for traditional mail servers entirely:[^4_1][^4_2] **Key features**:[^4_2][^4_1] - No mail server required—emails stored in DHT - Automatic encryption and digital signing - One-click email identity creation - Can send emails anonymously or under a sender identity - IMAP and SMTP support for use with traditional clients[^4_3][^4_1][^4_2] - ElGamal, Elliptic Curve, and NTRU encryption options[^4_1][^4_2] **i2pmail (mail.i2p)** is the traditional email service within I2P. It operates more conventionally:[^4_4][^4_5][^4_6][^4_3] - Run by Postman (hq.postman.i2p)[^4_5][^4_6] - Provides `[email protected]` addresses[^4_6][^4_4][^4_3] - Can communicate with clearnet email addresses using `[email protected]`[^4_7][^4_4] - Works with Thunderbird, K-9 Mail, and other standard clients[^4_4][^4_3] - Uses local SMTP (port 7659) and POP3 (port 7660) tunnels[^4_3][^4_5] **Setup process**:[^4_5][^4_3] 1. Register at hq.postman.i2p 2. Configure your email client with localhost:7659 (SMTP) and localhost:7660 (POP3)[^4_3] 3. No SSL/TLS needed—I2P provides transport security[^4_3] The advantage here is that you maintain **maximal control** over reception—I2P-Bote doesn't even require you to be online constantly to receive mail, as the DHT stores messages until you retrieve them.[^4_2][^4_1] ### Yggdrasil Network Email **Yggmail** is a fascinating single-binary mail transfer agent for the Yggdrasil Network:[^4_8][^4_9] **How it works**:[^4_8] - Email addresses are based on your public key (e.g., `89cd...063d0@yggmail`)[^4_8] - All traffic between Yggmail nodes is end-to-end encrypted[^4_10][^4_8] - Works in closed networks without Internet connectivity[^4_8] - Implements standard IMAP (port 1143) and SMTP (port 1025)[^4_8] - Inbox stored locally on your machine[^4_8] **Setup**:[^4_8] ```bash go install github.com/neilalexander/yggmail/cmd/yggmail@latest yggmail -password # Set your password yggmail -multicast -peer=tls://... # Start with peer discovery ``` **Important limitation**: You can only email other Yggmail users, not regular Internet addresses. But this gives you **complete control** over your mail infrastructure without any dependency on DNS or port 25.[^4_9][^4_8] For receiving mail on a static Yggdrasil IPv6 address, you can also set up OpenSMTPD to listen on your Yggdrasil interface. This would let you receive mail at `[IPv6:your_yggdrasil_ip]`.[^4_9] ### Tor Hidden Service Email Running email as a **Tor hidden service** is technically possible:[^4_11][^4_12][^4_13][^4_14][^4_15] **Approaches**:[^4_12][^4_15] 1. Configure Postfix to listen on a .onion address[^4_13][^4_16][^4_12] 2. Set up port forwarding in torrc for SMTP (25), POP3 (110), IMAP (143)[^4_12][^4_13] 3. Retrieve your .onion address from Tor 4. Use this for email among Tor users[^4_15] **Practical challenges**:[^4_15] - Without SPF, DKIM, IP reputation, spam becomes unmanageable[^4_15] - Interoperating between different .onion mail providers breaks down quickly[^4_15] - Most useful for same-server communication or webmail-only access[^4_15] **Riseup's approach**: They provide access to their email service via Tor onion services, but they handle the mail server infrastructure. You'd be accessing `5gdvpfoh6kb2iqbizb37lzk2ddzrwa47m6rpdueg2m656fovmbhoptqd.onion` via IMAP/POP3/SMTP.[^4_14][^4_17][^4_18] **Mail2Tor** offers free anonymous email with .onion access. Their SMTP address is `xc7tgk2c5onxni2wsy76jslfsitxjbbptejnqhw6gy2ft7khpevhc7ad.onion:25`.[^4_19] ### Nym Mixnet **Nym** is an interesting evolving mixnet, but currently it **does not support email services directly**. Nym focuses on:[^4_20][^4_21][^4_22][^4_23] - Anonymizing messaging, file transfers, payments, web browsing[^4_21][^4_20] - Protecting metadata through packet mixing with cover traffic[^4_22][^4_23][^4_20] - Multi-layer encryption and timing obfuscation[^4_22] Unlike Tor and I2P, Nym doesn't support hidden services like .onion sites, which would be necessary for email hosting. However, their architecture could theoretically be integrated into email applications via their SDK.[^4_20][^4_21][^4_22] ## Community and Nonprofit Email Services ### Riseup Collective **Riseup** is the gold standard for activist-focused nonprofit email hosting:[^4_17][^4_24][^4_25][^4_26][^4_18][^4_27] **Services**:[^4_24][^4_26][^4_18][^4_17] - Secure email with full disk encryption[^4_25][^4_17] - No logging of IP addresses or identifiable information[^4_18][^4_17] - Email headers contain no personally identifiable info[^4_24][^4_18] - Tor onion service access[^4_26][^4_14][^4_17] - VPN service (RiseupVPN)[^4_17][^4_26] - Mailing lists (14,000+ lists, 4+ million subscribers)[^4_27][^4_26][^4_24] - Collaborative tools (wikis, pads, file sharing)[^4_26][^4_17] **Getting access**: Riseup requires either an **invite code** from an existing user or submission of a request explaining why you need the service. This threshold helps maintain their community focus and security.[^4_25][^4_27] **Philosophy**: Volunteer-run, donation-funded, no advertising, supports social justice movements worldwide. They've famously resisted government subpoenas.[^4_27][^4_17][^4_24][^4_25][^4_26] ### Forward Email **Forward Email** offers free services specifically for nonprofits:[^4_28][^4_29] **Free tier features**:[^4_29][^4_28] - Unlimited domains - Unlimited inbound email - Spam protection - Catch-all addresses - Multiple recipients per alias - Webhook integration[^4_28] **Paid tier (\$3/month)**:[^4_29][^4_28] - Send and receive as `[email protected]` - 10GB storage - Full IMAP/SMTP access - Works with any email client[^4_28][^4_29] This doesn't bypass port 25 (you'd still need it for direct reception), but it **reduces complexity** by handling mail infrastructure for you while giving you a custom domain. ### Other Nonprofit Options - **IncogNET's MyPrivateInbox**: Hosted in Netherlands, accessible over Tor and I2P, SMTP/IMAP/POP support, webmail, encryption at rest[^4_30] - **Microsoft 365 Nonprofit**: Free Office 365 licenses via TechSoup[^4_31] - **Google Workspace for Nonprofits**: Heavily discounted or free[^4_31] ## Community Forwarding Networks True **community mail forwarding networks** in the P2P sense don't really exist in a mature form. However: - **nym.alias.net** (historical): Was an email pseudonym server using anonymous remailers. Users could create pseudonymous addresses that forwarded to their real addresses through mixnets. This service is no longer active, but the concept demonstrates what's possible.[^4_32][^4_33] - **Anonymous remailers**: Type I (Cypherpunk) and Type II (Mixmaster) remailers historically provided forwarding with anonymity. These have largely been superseded by newer technologies.[^4_33][^4_32] ## Practical Recommendation Matrix For **maximal control** with blocked port 25: **Best options ranked by control**: 1. **I2P-Bote** — Completely decentralized, no server needed, DHT-based storage[^4_1][^4_2] 2. **Yggmail** on Yggdrasil Network — Self-hosted on mesh network, E2E encrypted[^4_8] 3. **mail.i2p** on I2P — Traditional email within I2P network, can bridge to clearnet[^4_6][^4_4][^4_3] 4. **OpenSMTPD on Yggdrasil** — Full control, runs on your Yggdrasil IPv6[^4_9] **For practical access to mailing lists**: 1. **Riseup** email — If you can get an invite, highly secure and activist-focused[^4_18][^4_17][^4_26] 2. **Forward Email** nonprofit tier — Custom domain with managed infrastructure[^4_29][^4_28] 3. **Tor .onion webmail** — Access existing services like Riseup via Tor[^4_14] **Hybrid approach for your Guix use case**: Since you want to access GNU mailing lists temporarily from the install CD, consider: 1. Set up **I2P** on your Guix machine 2. Register for **mail.i2p** service[^4_6] 3. Subscribe to GNU lists using your `[email protected]` address[^4_7][^4_4] 4. Receive mail via I2P while maintaining full local control[^4_4][^4_3] This bypasses all port 25 issues, requires no domain or MX records, and gives you the control you're seeking—all while being installable on the Guix install CD environment if needed. <span style="display:none">[^4_34][^4_35][^4_36][^4_37][^4_38][^4_39][^4_40][^4_41][^4_42]</span> <div align="center">⁂</div> [^4_1]: https://i2pbote.xyz [^4_2]: https://github.com/i2p/i2p.i2p-bote [^4_3]: https://eyedeekay.github.io/Thunderbird-I2P-Configuration/index.html [^4_4]: https://habitus.blog/i2pmail-set-up [^4_5]: https://navigating-the-darkweb.readthedocs.io/en/latest/chapter3_i2p.html [^4_6]: https://wiki.debian.org/I2P [^4_7]: https://www.youtube.com/watch?v=js7ldFYZelk [^4_8]: https://github.com/neilalexander/yggmail [^4_9]: https://nicolaschartoire.com/meshnet/yggdrasil-email-HOWTO.html [^4_10]: https://mango.vg/post/11 [^4_11]: https://github.com/fflo/docker-smtp-tor [^4_12]: https://anonvm.wtf/knowledgebase/760/How-to-Set-Up-an-Anonymous-Email-Service-Using-Tor.html?language=english [^4_13]: https://anonvm.wtf/knowledgebase/760/How-to-Set-Up-an-Anonymous-Email-Service-Using-Tor.html?language=dutch [^4_14]: https://riseup.net/email/settings/tor [^4_15]: https://www.reddit.com/r/TOR/comments/ns9sxb/email_onion/ [^4_16]: https://forum.yunohost.org/t/how-to-configure-postfix-to-send-mail-through-tor-smtp-through-tor/4789 [^4_17]: https://www.openmindsproject.eu/?RiseuP2 [^4_18]: https://riseup.net/en/email [^4_19]: https://mail2tor.email [^4_20]: https://en.wikipedia.org/wiki/Nym_(mixnet) [^4_21]: https://en.wikipedia.org/wiki/The_Nym_mixnet [^4_22]: https://nym.com/mixnet [^4_23]: https://techcrunch.com/2021/07/16/nym-gets-6m-for-its-anonymous-overlay-mixnet-to-sell-privacy-as-a-service/ [^4_24]: https://riseup.net/en/about-us/projects [^4_25]: https://myshadow.org/resources/riseup?locale=en [^4_26]: https://riseup.net [^4_27]: https://en.wikipedia.org/wiki/Riseup [^4_28]: https://forwardemail.net/en/non-profits-email-api [^4_29]: https://forwardemail.net/en/non-profits-email-service [^4_30]: https://incognet.io/hosted-email [^4_31]: https://www.reddit.com/r/sysadmin/comments/1cqbsak/looking_for_email_forwarding_service_for_own/ [^4_32]: https://www.freehaven.net/anonbib/cache/nym-alias-net.pdf [^4_33]: http://www.umiacs.umd.edu/~tdumitra/courses/ENEE759D/Fall13/papers/Mazieres98.pdf [^4_34]: https://yggdrasil-network.github.io [^4_35]: https://dev.to/byteknight/yggdrasil-network-join-the-global-mesh-1kcc [^4_36]: https://mailcast.io/email-for-nonprofits [^4_37]: https://www.officense.com/nonprofit-mail-forwarding-services/ [^4_38]: https://donorbox.org/nonprofit-blog/mailchimp-alternatives-nonprofits [^4_39]: https://discuss.privacyguides.net/t/nym-and-nymvpn-next-gen-privacy-with-mixnet-and-vpn-service/25072?page=6 [^4_40]: https://wiredimpact.com/blog/nonprofit-email-service-provider/ [^4_41]: https://support.delta.chat/t/ideas-on-intelligent-transmission-of-mail-attachments/1809 [^4_42]: https://geti2p.net/en/docs/how/tech-intro
