It has been about 8 years since I had to do this, but I find myself having to do it again. We have installed postfix on a Fedora server. When I configured it before, albeit many years ago, I used port 25 without a relay server defined and it used to go out and find the destination and deliver the mail. Now I get connection timed out.

Jun 15 18:19:46 klinux postfix/smtp[1641]: connect to gmail-smtp-in.l.google.com[209.85.201.27]:25: Connection timed out
Jun 15 18:20:16 klinux postfix/smtp[1641]: connect to alt1.gmail-smtp-in.l.google.com[64.233.186.26]:25: Connection timed out
Jun 15 18:20:46 klinux postfix/smtp[1641]: connect to alt2.gmail-smtp-in.l.google.com[209.85.202.26]:25: Connection timed out
Jun 15 18:21:16 klinux postfix/smtp[1641]: connect to alt3.gmail-smtp-in.l.google.com[74.125.206.26]:25: Connection timed out

I am assuming that is because people do not like to use port 25 anymore for security reasons. If I configure the system for 587 I assume I need to configure TLS, but do I need to configure a relay so I can authenticate?

Just trying to understand how things are done now-a-days.

It is true that many US ISPs now block port 25 and block open relays in an effort to minimize the spread of spam. Also, most U. S. ISPs' terms of service forbid public facing servers, including mail servers, on less than permitted business-level accounts.

If you are running your own mail server on a business level account, I suspect that your questions could probably be best answered by your ISP (unless, of course, you are your own ISP). If that's the case, a traceroute to your destination may tell you where the connection is breaking down.

Port 25 is the port on which smtp servers listen for incoming connections.
If you want to relay using gmail, you need to configure postfix to authenticate the connection to gmail
Sorry...I don’t know how to do that, but the Google help/knowledge-base should provide the solution.

Thank you scasey and frankbell for the responses. I checked with my ISP and they are saying they are indeed blocking port 25. Is there a way to change that in the postfix configuration? Thank you again.

You haven't described your network configuration so it's a bit tough to diagnose but...

Have you tried connecting to the mail server using telnet? Normally, you'll see something like:
What is/was the result?

I'd do this inside your LAN as well as outside. If you get a "220" message when connecting on the "inside", you at least know Postfix is listening. You can also issue:
If you telnet from outside your firewall/ISP-router (I once did testing by dragging a laptop to a book store where their coffee shop had free wifi) and get no banner but, instead, no response of an error, you may have to talk to your ISP about what ports are being blocked. Often ports 25 and 80 are blocked for non-business accounts---business accounts cost a bit more but are de rigeur for setting up servers.

Can't help much with SMTP+TLS. I haven't found a burning need -- and nobody's been clamoring for it, either -- to access our email outside the LAN. (For now...)

Good luck...

Sorry, rnturn. I have an application that sends out e-mail alerts. Postfix came with the server. It uses mailx to construct the e-mail and points to the local postfix server running in the same system. I can use port 25 there and the postfix server will accept it, but when it tryies to forward it out of to the destination, I get the errors I originally posted. When I telnet to port 25 to the destination, I get a connection refused error. I called my ISP and the are saying they are blocking port 25, even if I have a business class connection. Is there a way to configure postfix to forward out on a different port?

Hope that clarifies my configuration/setup.

Thank you,
Keith

I don't think you can do a lot in this case, unless you use an intermediate e-mail relay (which listens on some other alternative port), which in turn would forward all your emails. But then the question pops up: why wouldn't you use that intermediate mail relay instead of your own? So I'm not sure how logical that would be.

I'm a little bit surprised that your ISP is so resolute about that. In my country, while port 25 is indeed blocked, you can submit a request to get it unblocked and it's fine, they'll do it for you. Are you sure you can't do anything about that? The problem is that port 25 is actually important and is the port that mail servers communicate with one another.

I don't know postfix, but when I connect to gmail to send email from this desktop (or any other device) I connect to port 465, not port 25.
AFAIK, port 25 is used for incoming mail. The ISP blocks are done by not allowing a connection to a remote server's port 25, I believe.
Can you receive email at your server?

Hmm... I suspect a postfix config error. My desktop system seems to be experiencing a similar mail sending problem as you're seeing. Sending email from my desktop using T-bird works, but using mailx it fails to send anything. (Desktop email works for my local cron jobs as they're sending email to my local account which is forwarding it to the "Official" IMAP server on the LAN where I read it via T-bird.) My desktop's postfix configuration has never really been configured to do anything but handle mail local to the desktop (which it tends to be able to do out of the box w/o special setup). So I'll have to dig into master.cf and main.cf a bit. But I'll need to put off doing that until tomorrow. (Late, tired -> errors) If my fixes work, I'll post what I did and you might try it on your system.

Not that I'm aware of nor should that even be necessary. I poked around in my postfix configuration files and didn't see anything that looked like I could change that port setting. They would be blocking inbound port 25 connections.

Business class plus port blocking? I've had three different business class connection providers and never had any of them blocking any ports. (There was one new provider in town that offered static IP addresses but... no servers. Near as I could tell the only different between their consumer- and business-level accounts was the higher prices for the static IP addresses... that you didn't need if no servers were allowed. They weren't in business too long.)

Good luck... I'll let you know what I find after my postfix config tweaks; it might help you out. (At least for outbound email.)

UPDATE: Now I'm scratching my head. I am unable to do much of anything with gmail except read the stuff that is now populating that system's Inbox sent by organizations who I've supplied gmail.com an alternate email address to---sending from gmail to home works but replies disappear into a black hole. I don't send emails between home and gmail very often -- the last time was back in February -- so something has changed since then. I'm wondering if this isn't part of the problem you're having as well. Only gmail seems to have this problem. I can send/receive to tons of other people---unless they're on gmail I guess.