[ previous ] [ next ] [ threads ]
 
 From:  Ryan Mullins <rmullins at ciscomonkey dot net>
 To:  e+p <elgerb at hotmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] port 25
 Date:  Mon, 1 Jan 2007 16:26:56 -0600
If you are seeing the HELO/EHLO coming from the other mail server, then there is not an 
issue with your m0n0 setup.  To test it to make sure, you can actually just use telnet to 
emulate a connection from a mail server.  Here's an example that I did with my mail server:

$ telnet mail.ciscomonkey.net 25

220 mail.ciscomonkey.net ESMTP Postfix
helo mail.example.net
250 mail.ciscomonkey.net
mail from: externalemailuser at example dot net
250 2.1.0 Ok
rcpt to: rmullins at ciscomonkey dot net
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
This is just a test message from outside.
.
250 2.0.0 Ok: queued as 18A6790CCDB
quit
221 2.0.0 Bye

Connection to host lost.

* e+p <elgerb at hotmail dot com> [2007-01-01 19:52:31]:

> I think I didn't make it quite clear what the issue is...
> Sending mail is no problem (so outgoing traffic on port 25 is no issue).
> Incoming mail (incoming on port 25) is an issue, the signal comes in over port 25, 
> gets to my mailserver (port 25), my mailserver sends a reply (I guess something like EHLO) 
> from port 25 to the mailsendig-server -> -that- message gets blocked by the firewall... :S
> 
> 
> 
> > Date: Mon, 1 Jan 2007 18:16:54 +0200> From: kimmo dot jaskari at gmail dot com> To: m0n0wall at lists dot m0n0 dot ch>
Subject: Re: [m0n0wall] port 25> > On 1/1/07, Christoph Hanle <christoph dot hanle at leinpfad dot de> wrote:>
> e+p wrote:> > > I can't figure out why external mailservers can't reach my mailserver.I've
forwarded port 25 to the internal ipaddress of my mailserver (the NAT & rule).But when I look in the
logging, port 25 seems to be natted to my mailserver but when my mailserver replyes the reply is
being blocked my the firewall.It doesn't make a difference if I add a rule to allow traffic from
internal mailserver port 25 to any ipaddress/any port. Can anyone help me out?? TIA> > > Error, you
have a misunderstanding of source- and destinationport.> > the destinationport is always port 25. so
you need an outgoing rule> > like: allow my mailserver TCP all to port 25 TCP,address 0.0.0.0.> > In
fact you need rules to allow traffic on port 25 both in and out. In> addition, you might want to add
port 587, the "submission" port.> > If you're on a (home) DSL or cable, keep in mind that some ISP's
do> block traffic on port 25 these days to keep down the spam and virus> floods that propagate
themselves via mail. You can always try the> tried-and-true approach of using telnet to connect to
an external> mailserver on port 25 to see if you get a response. The block may not> be in your
firewall, that is, it may be externally imposed by your> ISP.> > -- > -{ Kimmo Jaskari }--{
kimmo dot jaskari at gmail dot com }--> > "In the beginning the Universe was created. This made a lot of
people> very angry and has been widely regarded as a bad move."> - "Hitchhikers Guide", Douglas
Adams> > ---------------------------------------------------------------------> To unsubscribe,
e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch> For additional commands, e-mail:
m0n0wall dash help at lists dot m0n0 dot ch> 
> _________________________________________________________________
> Probeer Live.com: jouw leven online met nieuws, sport, weer en nog veel meer.
> http://www.live.com/getstarted