Mail Server Ports Needed?

Discussion in 'Networking & Security' started by Zarathustra[H], Sep 20, 2018.

  1. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    26,188
    Joined:
    Oct 29, 2000
    Hey all,

    I am considering setting up my own mail server, but I understand ISP's usually block the needed ports.

    So I decided to test.

    I set up ports 25, 465 and 587 on my router to forward to my SSH port on one of the servers on my network.

    Then I proceeded to ssh to a remote server, and try to ssh back.

    To my surprise I found that I could make incoming connections to my network on all three of those ports.

    Is this all I need to worry about, or is there something else? What about outgoing traffic? Might my port 25 outgoing be blocked? Could I just configure my mail server to send on a different port if that is the case? Would that work?

    Appreciate any thoughts on this. This should be a simple concept, but somehow I am getting myself confused.

    I'd appreciate someone setting me straight.

    Thanks
     
  2. Brian_B

    Brian_B [H]ard|Gawd

    Messages:
    1,833
    Joined:
    Mar 23, 2012
    Not all ISPs block ports

    Some may be packetsniffing and block based on traffic rather than port. Encryption should get around that though
     
    Zarathustra[H] likes this.
  3. pek

    pek prairie dog

    Messages:
    737
    Joined:
    Nov 7, 2005
    Zarathustra[H] likes this.
  4. tedych

    tedych Limp Gawd

    Messages:
    139
    Joined:
    Jan 18, 2013
    Output port 25 (and others) should not be blocked. Sending out mail connects to remote servers and those servers define what ports you connect them to.
    Running mail server is not an easy task if you want things well implemented and working.
    What incoming ports you need open depends also on what services you will offer to clients of your server, like IMAP, POP3 etc.
    You can test yourself what incoming/outgoing ports may be blocked by the ISP. An example for outgoing tests is: telnet someserver 25
     
  5. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    26,188
    Joined:
    Oct 29, 2000
    People keep saying this, but I have been running various servers for years and have a difficult time picturing any server I couldn't tackle at this point.

    Is this a cautionary tale for those who are new to running servers, or is there something particularly difficult about mail servers I should be aware of?
     
  6. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    26,188
    Joined:
    Oct 29, 2000
    May have to abandon this project.

    Turns out trying to run a mail server on a dynamic DNS won't allow me to set the PTR record, and will just result in constant blacklisting :/

    Goddamned annoying.
     
  7. ZeqOBpf6

    ZeqOBpf6 Gawd

    Messages:
    545
    Joined:
    Aug 24, 2014
    lol'd

    I was rooting for you but even the zealots in r/privacy don't bother with setting up their own mail server. From what they've said, even once it's up and running, maintaining it is way more trouble than it's worth. I guess there's also a lot of issues with actually getting your messages to go in to people's inboxes, and not straight in to spam or junk folders.
     
    FNtastic likes this.
  8. pek

    pek prairie dog

    Messages:
    737
    Joined:
    Nov 7, 2005
    Aww, was hoping for an entertaining thread about your trials & tribulations getting it set up, and you swearing at your isp for doing this & that to your traffic. All in an entirely clean, family-friendly way, of course.
     
  9. Brian_B

    Brian_B [H]ard|Gawd

    Messages:
    1,833
    Joined:
    Mar 23, 2012
    Yeah, setting up the server, technically, is pretty easy. Heck, most NASs and linux server distros, it is just a matter of entering your domain name and flipping the On switch.

    The hard part is convincing other mail servers to accept your outbound and staying off blacklists.

    I've run several mail servers. I usually end up sending all my outbound through a paid service so it makes it out and doesn't just get perma-bounced.

    I used to use a GoDaddy account for that years ago when I was cheap. More recently I'm using SocketLabs.
     
  10. tedych

    tedych Limp Gawd

    Messages:
    139
    Joined:
    Jan 18, 2013
    I run a local mail server for testing and development purposes. Sometimes I confuse things and send out an email message :) . Often, it gets received in gmail Inbox'es :) .
     
  11. Mega6

    Mega6 [H]ard|Gawd

    Messages:
    1,123
    Joined:
    Aug 13, 2017
    I just hacked my ISP a while time ago and connected to their mail-relay with sendmail. Dynamic was not a problem. Made up some MX record that didnt resolve elsewhere, ClamAV worked well for anti-spam, my apologies if the info is a bit dated. It was just for testing.
     
  12. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    26,188
    Joined:
    Oct 29, 2000

    Yeah, I am all for a challenge, but when I'm told something just doesn't work with dynamic DNS, then that doesn't leave me much in the way of options. Verizon does not offer static IP's to non business customers, and abusiness account is much more expensive for the same bandwidth, so that is not on the table.
     
  13. tedych

    tedych Limp Gawd

    Messages:
    139
    Joined:
    Jan 18, 2013
    If you are for reliable or business mail server, static IP is a must. Otherwise a rarely changing "home" IP address could also be Ok.
    Making so emails don't stop at people's SPAM/junk folders is a priority, also dealing with the SPAM to your server. Some servers won't even accept emails if several prerequisites are met, and not only just a PTR record which... most ISPs would just not approve for home users.
     
  14. FNtastic

    FNtastic [H]ard|Gawd

    Messages:
    1,090
    Joined:
    Jul 6, 2013
    You might want to check out migadu.com if you're looking for something that's privacy conscious...