[Dshield] ISP's not blocking egress 25/tcp

Brian Dessent brian at dessent.net
Mon Jan 26 05:00:42 GMT 2004


Alan Frayer wrote:

> > If the local ISP requires SMTP authorization, configure that. If they check
> > "From" addresses on outbound mail and reject mismatches, there are
> > workarounds for this too - I don't recall the specifics, though.
> 
> I wish you would recall these workarounds, and, if preferred, send them
> to me off list. I have a few sites that have e-mail trouble because they
> cannot connect to an outgoing SMTP without using their local ISP's
> assigned e-mail address, instead of the one the corporate office paid
> for with their domain.

One of the easiest workarounds is just to have your corp SMTP smarthost
listen on 26 (or any arbitrary port, e.g. 10025) in addition to the
normal 25.  That way the client in the net that denies 25 outbound can
just connect directly to the central SMTP server (preferably with
authentication) and send away.

If the central SMTP server cannot be changed to listen on an additional
port, then you could either setup another server inside the organization
to proxy that port to something other than 25; or just setup a small
relay that accepts on 26, authenticates, and forwards to the main
server.

Brian




More information about the list mailing list