On 2015-09-29 05:13, Robert Sharp wrote:
I have been trying to use a third-party backup provider to cover occasional outages (SiXwishlist). I set up an MX record as instructed but I get no emails sent on when my server recovers. I asked them to check what was happening and they told me my port was not open. It seems they were expecting postfix to be listening to port 4000. I asked for clarification and got a response that they would send emails on 587, 2525, 3000, and 4000, but that 25 was not recommended and "is blocked for 90% of service hosting providers".
as wietse mentioned, it sounds like they are used to acting as the primary mx for customers whose providers block 25/tcp inbound. in those cases, they receive mail on 25/tcp on your behalf and then connect to your mail server on an alternate port (such as one of the above) that is not blocked by your provider.
this can -- and does -- happen often enough that there is a market for this service.
I thought that smtp/25 was the backbone of email systems. I use 587 internally for submission so I don't see why I would make it accessible to the outside world. Do I need to open another port? Have I got port 25 wrong all this time? Or do I need to get myself a proper backup provider?
you're correct and you're doing things the right way, afaict. 25/tcp *is* the standard port for mta to mta delivery and 587/tcp *is* the standard port for mua to mta delivery.
probably the easiest thing to do in your particular case is to make your mta available on one of these non-standard ports that they will attempt to deliver to -- in addition to, not instead of, 25/tcp.
there are a few different ways to accomplish this but the simplest, in my opinion, would be to simply forward incoming connections to 2525/tcp from their mail servers to 25/tcp on your mail server.
if you are using linux & iptables on your mail server, it's as easy as adding rules such as the following (substituting in the ip addresses/ranges of their outgoing mail servers, of course):
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2525 -s x.x.x.x/yy -j REDIRECT --to-port 25
hth, /chl
