Postfix Request Port 587?

carlosinfl · 06-21-2011, 09:13 AM

I got a request today from someone on the software development team that reads as follows:

Quote:

According to RFC 4409 client mail submission to an email server is supposed to use port 587.

Server to server SMTP relays are to use port 25.

When I am not on site, I can't email via my work account via my iPhone or my residential internet because my ISP(s) filter port 25 to only allow traffic to and from their mail servers. They do however allow 587 anywhere per RFC 4409.

Just to send this email I am having to relay off my own server in California.

Can we please get the proper ports opened on the mail server?

http://www.ietf.org/rfc/rfc4409.txt

So my question now is I'm wondering if my Postfix server isn't properly configured? Right now it's listening on the following ports:

Code:

[root@mail ~]# netstat --listen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0      0 localhost.localdomain:10024 *:*                         LISTEN      
tcp        0      0 localhost.localdomain:10025 *:*                         LISTEN      
tcp        0      0 *:cadview-3d                *:*                         LISTEN      
tcp        0      0 *:sunrpc                    *:*                         LISTEN      
tcp        0      0 localhost.localdomain:60115 *:*                         LISTEN      
tcp        0      0 *:veritas_pbx               *:*                         LISTEN      
tcp        0      0 localhost.loca:arbortext-lm *:*                         LISTEN      
tcp        0      0 *:bpcd                      *:*                         LISTEN      
tcp        0      0 *:smtp                      *:*                         LISTEN      
tcp        0      0 *:vnetd                     *:*                         LISTEN      
tcp        0      0 *:10022                     *:*                         LISTEN      
tcp        0      0 *:imap                      *:*                         LISTEN      
tcp        0      0 *:http                      *:*                         LISTEN      
tcp        0      0 *:veritas_pbx               *:*                         LISTEN      
tcp        0      0 *:https                     *:*                         LISTEN      
udp        0      0 *:sanity                    *:*                                     
udp        0      0 *:ldp                       *:*                                     
udp        0      0 *:sunrpc                    *:*                                     
udp        0      0 mail.iamghost.org:ntp       *:*                                     
udp        0      0 localhost.localdomain:ntp   *:*                                     
udp        0      0 *:ntp                       *:*                                     
udp        0      0 fe80::213:72ff:fe69:ntp     *:*                                     
udp        0      0 localhost6.localdomain6:ntp *:*                                     
udp        0      0 *:ntp                       *:*

Can anyone please tell me if I have misconfigured my Postfix mail server or if I can ignore this port? I've never had a request to have this port opened on the Firewall and actually it's open even on my Firewall but nothing's listening on it.

TB0ne · 06-21-2011, 09:52 AM

Quote:

Originally Posted by carlosinfl

I got a request today from someone on the software development team that reads as follows:

So my question now is I'm wondering if my Postfix server isn't properly configured? Right now it's listening on the following ports:

Can anyone please tell me if I have misconfigured my Postfix mail server or if I can ignore this port? I've never had a request to have this port opened on the Firewall and actually it's open even on my Firewall but nothing's listening on it.

Nope, you've done it right, and the developer is only partially informed. Ports 25/110 are the typical, widely used ports. 587 *CAN* be used as a more 'secure' port, but really, unless you go IMAP/TLS, you're still transmitting basically in the clear.

Reminds me of a DBA I had to deal with..she was CONVINCED we had not set up X on servers correctly, since ONLY SHE couldn't make it work. Tons of emails and meetings, just to deal with her whining. The fact that she was using a pirated X emulator (which was ELEVEN versions behind), on a PC that had the port blocked, didn't matter..nor did the fact that NO ONE ELSE had a problem but her.

So, the developer has a problem with THEIR ISP...I would file this in the "cry me a river" folder, personally.

They're wanting YOU to do something so that THEY won't have to. And also, this makes no sense...on my iPhone, I can set up multiple mailboxes, and it doesn't whine at all about port 25, and I'd find it hard to believe that ANY ISP would 'filter' port 25, since they would never know WHICH mail systems their customers would want to access.

You can run postfix with multiple submission ports, though:
http://www.howtoforge.com/forums/arc...hp/t-4788.html

However, this (in my opinion) creates more problems. You're now exposing your mail server on TWO ports, rather than just one...more access ways in=greater vulnerabilities.