Re: [exim] smarthost relay problems

Top Page
Delete this message
Reply to this message
Author: Bill Hacker
Date:  
To: exim
Subject: Re: [exim] smarthost relay problems
Rob Brenart wrote:

> Fred Viles wrote:
>
>> On 21 Nov 2005 at 16:06, Rob Brenart wrote about
>>     "Re: [exim] smarthost relay problems":

>>
>> | Fred Viles wrote:
>> | >
>> | > What machine is this exim running on? Is it connected to the | >
>> Internet by an ISP that blocks outbound port 25?
>> | >
>> | > | It's on my local server sitting under my desk... connected
>> through SBC | DSL.. I didn't think port 25 was blocked, but I could be
>> wrong
>>
>> I think SBC has recently (for some value of "recent") started
>> instituting port 25 blocking. Demonstrably, they are doing it in your
>> case. Your smarthost definitely is listening on port 25, I can
>> connect to it just fine.
>>
>> I have no idea whether you can get SBC to remove the block for you.
>> If you have dynamic IP, almost certainly not. If you have static IP,
>> it may be worth a try.
>>
>> Port 25 blocking (or worse, transparent proxying) is becoming very
>> common these days, thanks to all the worms that turn PCs into spam
>> zombies. Any mail server that wants to support relaying for external
>> clients pretty much has to support connections on some other port.
>> That's one of the things port 587 (the MSA, "Mail Submission Agent"
>> port) is good for.
>>
>> - Fred
>>
>>
>>
>>
>>
>>
>
> OK, then I'm sold... trying to do this port 587 thing right now... just
> have to find how to do it :)
>
> Thanks to all for the advice, hopefully this will be the solution, I'll
> certainly let you know if it works
>


Upstream connectivity providers that block port 25 often *cannot* open it.

The law of the land (federal/national) in some jurisdictions, requires
subscribers to
send only over the ISP's facilities. One neck on the block when
tracking down abuse.

In such places, or in general, upgrading to a higher-grade 'business'
service,
one with fixed-IP, either from the same provider, or one that contracts
to work
over their 'wire', may be the easiest way to get an unblocked service.

In which case you no longer need their smarthost.

The fixed-IP covers the legal need to be able to track down abuse.
It is also a lot nicer to have for many reasons.

Expect to sign a higher-grade contract/ToS, to explain what you need to do,
and pay more for the same bandwidth. (double or even triple)

Bright side is you usually get to talk to an upstream tech that knows
more than just:

"Close all your applications and reboot Windows". ;-)

Ours even configured his firewall with my ruleset for me, and NAT'ed our
old internal
LAN IP's so we didn't have so many boxen to reconfigure.... then saved
the config so he
was able to DLD it into a new interface when ours succumbed to HKG
summertime heat a year later.

YMMV...

Bill