Re: Backup MX port

Wed, 28 Oct 2015 10:07:42 -0700 


On 29/09/15 21:47, coolhandluke wrote:

On 2015-09-29 05:13, Robert Sharp wrote:

I have been trying to use a third-party backup provider to cover
occasional outages (SiXwishlist). I set up an MX record as instructed
but I get no emails sent on when my server recovers. I asked them to
check what was happening and they told me my port was not open. It
seems they were expecting postfix to be listening to port 4000. I
asked for clarification and got a response that they would send emails
on 587, 2525, 3000, and 4000, but that 25 was not recommended and "is
blocked for 90% of service hosting providers".



as wietse mentioned, it sounds like they are used to acting as the 
primary mx for customers whose providers block 25/tcp inbound.  in 
those cases, they receive mail on 25/tcp on your behalf and then 
connect to your mail server on an alternate port (such as one of the 
above) that is not blocked by your provider.



this can -- and does -- happen often enough that there is a market for 
this service.



I thought that smtp/25 was the backbone of email systems. I use 587
internally for submission so I don't see why I would make it
accessible to the outside world. Do I need to open another port? Have
I got port 25 wrong all this time? Or do I need to get myself a proper
backup provider?



you're correct and you're doing things the right way, afaict. 25/tcp 
*is* the standard port for mta to mta delivery and 587/tcp *is* the 
standard port for mua to mta delivery.



probably the easiest thing to do in your particular case is to make 
your mta available on one of these non-standard ports that they will 
attempt to deliver to -- in addition to, not instead of, 25/tcp.



there are a few different ways to accomplish this but the simplest, in 
my opinion, would be to simply forward incoming connections to 
2525/tcp from their mail servers to 25/tcp on your mail server.



if you are using linux & iptables on your mail server, it's as easy as 
adding rules such as the following (substituting in the ip 
addresses/ranges of their outgoing mail servers, of course):



  iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2525 -s 
x.x.x.x/yy -j REDIRECT --to-port 25


hth,
/chl




Thanks for the advice. I asked the provider about this and they 
eventually told me that had enabled a port 25 backup server (just for me 
it seems). I adjusted my MX record and Virgin kindly arranged an outage 
to test the whole thing. Works like a dream!
























					Reply via email to