# Need to bypass ISP's port 25 block for mail

## audiodef

I'm running a test server in a vm on my local network. Part of that test server is a Postfix/Cyrus setup. I'm unable to send test messages while connected via telnet from a local email address to an external address, and I think the problem is my ISP blocks port 25. How can I get around this?

I get error messages like so:

```

Jul 15 08:15:03 audiodef postfix/smtp[16311]: connect to f.mx.mail.yahoo.com[98.137.54.237]:25: Connection timed out

Jul 15 08:15:33 audiodef postfix/smtp[16311]: connect to b.mx.mail.yahoo.com[74.6.136.64]:25: Connection timed out

```

And so on, followed by:

```

Jul 15 08:15:33 audiodef postfix/smtp[16311]: 61CC8CE19B: to=<MY_EMAIL_HANDLE@yahoo.com>, relay=none, delay=177, delays=26/0.02/150/0, dsn=4.4.1, status=deferred (connect to b.mx.mail.yahoo.com[74.6.136.64]:25: Connection timed out)

```

----------

## audiodef

Now that I've thought about it some more, the above error message is probably sufficient to know that it would work if port 25 were not blocked. 

Unless someone disagrees with that...

----------

## chiefbag

I doubt if any ports are blocked from an outgoing connection. 

Most probably your VM is not bridged to your host VM. 

Are you able to ping anything on the Internet from the VM?

If yes then check you have no local firewall rules on the host box and also check that you can send mail from the host box. 

A simple telnet from your host and VM to a known mail server on port 25 should give you a better idea.

----------

## audiodef

Well, there's this: http://www22.verizon.com/residentialhelp/highspeed/general+support/top+questions/questionsone/124274.htm

And similar pages. It's apparently common for ISPs to block outgoing port 25 now. Verizon also apparently blocks incoming port 25, and I had to have Postfix use 587 in order to be able to check my mail with Thunderbird. 

iptables -L on my host OS shows:

```

Beethoven audiodef # iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain

ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     all  --  anywhere             192.168.122.0/24     state RELATED,ESTABLISHED

ACCEPT     all  --  192.168.122.0/24     anywhere            

ACCEPT     all  --  anywhere             anywhere            

REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination  

```

Looks alright to me.

192.168.122.0/24 is my vm bridge and I can ping anything except port 25 from both host and guest.

----------

## chiefbag

That probably sums it up so. 

Curious one. I am located in Ireland so have no experience with that ISP. 

It's a sad state of affairs that we pay good money for Internet connectivity and ISPs try at every turn to f*ck us over. 

Anyhow at least you can get your gmail out over 587

----------

## audiodef

Well, not gmail, just my own mail server. And no problem on my production server - a VPS hosted by vr.org, who I think also hosts Gentoo.org - with port 25 outgoing. Just on my test server at home. 

It's pretty sad in this country. The "reason" for blocking port 25 is to cut down on spam, forcing people to use 587 with TLS. Yeah, that's real bright. What happens when hackers break THAT down and every two-bit spammer knows how to spam on that port - with TLS? It'd be nice if people started solving problems and stopped merely treating symptoms.   :Twisted Evil: 

----------

## paziu

it sux, I would consider using a service similar to 

 *Quote:*   

> http://www.smtpport.com/about/

 

only if there is no other workaround... such as a private smtp server running on port other than 25 + mail forwarding service

----------

## audiodef

"Since ISP's now require you to relay all outgoing mail through their servers, they have exceedingly easy access to all of your sent mail."   :Shocked: 

I was thinking earlier about how this ISP block of port 25 could be hacked by people using legitimate mail services. You know, honest, hard-working people just getting screwed over in yet another way by The Man. This would be another reason to righteously hack such blocking. 

Write your congressman and the FCC today to tell them this blocking is wrong! No, wait, your congressman and the FCC are in the pocket of your ISP! Hack away! 

Incidentally, SmtpPort.com only offers a service no different from an ISP's SMPT services - meaning SmtpPort.com could go down just as your ISP's servers could go down, leaving you... drum roll, please... back at square one and wondering if you should become a big, fat, white hat hacker.

----------

## Raptor85

since you have a remote server you could just ssh tunnel the smtp traffic to your server, so you could at least test things locally with the same basic settings.  just take care though when sending, depending on what service you send a test message too, if you don't have a valid rdns that matches the domain being sent as the mail is quite often blocked. (iirc gmail is one of the services that will block anything without valid rdns)

----------

## audiodef

That's a good idea, Raptor.   :Very Happy:   How would I do that?

----------

## Raptor85

we really need a "my recent posts" button, I often post from work and forget about it when i get home  :Very Happy: 

since you want to send to port 25 locally, but it's getting blocked when sendmail tries to send it from your machine, open a ssh tunnel from port 25 local to port 25 remote (make sure nothing local is running on that port while you do this, disable local sendmail!).  Now when you send to localhost:25 it acts normally but in reality sends it to port 25 on your remote machine. (Note: this will only help if you're actually sending to port 25 local)

anyways, decent summary here if you haven't figured it out already

http://www.brandonhutchinson.com/ssh_tunnelling.html

nothing too it really, just using ssh to make a local port effectively be a different port on a remote machine, it's great for bypassing annoying firewalls.

----------

## truc

 *Raptor85 wrote:*   

> we really need a "my recent posts" button, I often post from work and forget about it when i get home 

 

There is the view your posts button which sounds like what you're looking for;)

----------

## audiodef

I wish the ego search would show more than two pages. Sometimes I want to look up an old thread I posted in and it doesn't show up, so I have to go hunting for it.

----------

## truc

then you can try looking for it via the button "show user's posts" (or something like that) in your profile

HTH

----------

