# Getting around ISP sendmail (port 25) block...

## Zarathustra[H]

Hi.

As many of you know, a lot of ISP's (Including Verizon which I use) are trying to force their users to use their own SMTP server, which will only accept mail with the ISP email account in the "from" field.

This really pisses me off, and I am trying to find a way to get around it.  I'm thinking of trying to either set up sendmail and have it tunnel through an external free proxy server, OR just tunnel through the free proxy server to an external SMTP server.

Problem is,  I dont have a clue how to do this...

Anyone know where I can find more information on this subject?

Thanks,

Matt

----------

## xedx

How bout running sendmail on a different port.

Check the docs  :Smile: 

btw use qmail or postfix 

you are endangering yourself using sendmail...

----------

## CinqueX

#------------Verizon SMTP Server work-around---------------------

$IPTABLES -A INPUT -p tcp --dport 9999 -j ACCEPT

$IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --dport 9999 -j REDIRECT --to-port 25

This iptables rule will listen on port 9999 and redirect your requests to your local mail server. $IPTABLES is usually /sbin/iptables. eth0 is your external interface facing the internet.

Regards,

Cinque

----------

## joshdr77

hi, i have s imular problem, my ISP blocks traffic on port 80, and my school blocks all traffic on non-standard ports.....is there a way to work around this???

so i can get into my website from school...thanks

----------

## xedx

 *Quote:*   

> 
> 
> hi, i have s imular problem, my ISP blocks traffic on port 80, and my school blocks all traffic on non-standard ports.....is there a way to work around this???
> 
> so i can get into my website from school...thanks
> ...

 

u can use CinqueX's iptables snip or have ur httpd run on 

a different port 

 :Smile: 

----------

## joshdr77

i dont really understand how this all worls.

my ISP blocks port 80

i set my webserver to port 80

and put in that code into my ip tables

and some how it works?

im confused?

----------

## xedx

 *joshdr77 wrote:*   

> i dont really understand how this all worls.
> 
> my ISP blocks port 80
> 
> i set my webserver to port 80
> ...

 

that's portforwarding  :Smile: 

----------

## joshdr77

yes, i know that, but if all traffic is blocked on port 80, how does my firewall know there is incoming traffic on port 80 and to port forwad all that traffic to another port....   :Confused: 

ill try to set it up now....but i dont think it work...

----------

## xedx

 *joshdr77 wrote:*   

> yes, i know that, but if all traffic is blocked on port 80, how does my firewall know there is incoming traffic on port 80 and to port forwad all that traffic to another port....  
> 
> ill try to set it up now....but i dont think it work...

 

ofcourse that wont work if you want it that way.

the iptables rule is only applicable if you dont want to change 

your httpd config

 :Smile: 

----------

## joshdr77

LOL, i think we have lost track of my problem, i know i have..

my isp blocks all traffic on port 80 - in going and out going - think - all i know is that when i have a webserver running on that port...i cant get into..

but i run my website on port 8002 joshdr.pointclark.net:8002

at school they block all traffic from non standard ports...i cant get to port 8002.........i cant into into my site....

is there a way around this so i can access my site from home.....ill change ne config which needs to be done  :Smile:  thanks

----------

## joshdr77

LOL, i think we have lost track of my problem, i know i have..

my isp blocks all traffic on port 80 - in going and out going - think - all i know is that when i have a webserver running on that port...i cant get into..

but i run my website on port 8002 joshdr.pointclark.net:8002

at school they block all traffic from non standard ports...i cant get to port 8002.........i cant into into my site....

is there a way around this so i can access my site from home.....ill change ne config which needs to be done  :Smile:  thanks

----------

## Zarathustra[H]

 *CinqueX wrote:*   

> #------------Verizon SMTP Server work-around---------------------
> 
> $IPTABLES -A INPUT -p tcp --dport 9999 -j ACCEPT
> 
> $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --dport 9999 -j REDIRECT --to-port 25
> ...

 

Thank you...

Which brings back another problem..  I cant get IPTABLES to compile for the life of me.  One or more of the modules it uses fails every time I try to compile the kernel with it enabled.

I get an error 2...  :Sad:   I'm going to have to do more research on that...

----------

## xedx

 *joshdr77 wrote:*   

> LOL, i think we have lost track of my problem, i know i have..
> 
> my isp blocks all traffic on port 80 - in going and out going - think - all i know is that when i have a webserver running on that port...i cant get into..
> 
> but i run my website on port 8002 joshdr.pointclark.net:8002
> ...

 

Look for a way to find out all allowed ports...

or try a higher port no.

 :Smile: 

----------

## xedx

 *Zarathustra[H] wrote:*   

>  *CinqueX wrote:*   #------------Verizon SMTP Server work-around---------------------
> 
> $IPTABLES -A INPUT -p tcp --dport 9999 -j ACCEPT
> 
> $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --dport 9999 -j REDIRECT --to-port 25
> ...

 

what error would that be?

maybe i have already encountered it...

 :Smile: 

----------

## CinqueX

I have heard others report similar troubles.. their answer was to re-emerge gentoo-sources.  They go to your /usr/src/linux/ dir, back up your .config and do a make mrproper. Copy your .config back to the kernel dir, make your menuconfig and try to compile.

Make sure you do a emerge iptables again.

Good luck.

----------

## Diezel

 *CinqueX wrote:*   

> #------------Verizon SMTP Server work-around---------------------
> 
> $IPTABLES -A INPUT -p tcp --dport 9999 -j ACCEPT
> 
> $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --dport 9999 -j REDIRECT --to-port 25
> ...

 

Call me stupid(I am) but I really don't see how this works around the problem. If my ISP blocks port 25, no SMTP server can connect to my SMTP server or am I wrong. Doesn't SMTP's allways try to make the connection through port 25?

Correct me if I'm wron because if I am it's like christmas eve for me. I have Sennmail ready to fire up because I confed it last winter but becaus of the ISP I had to give up.

Cheers

----------

## CinqueX

ISP's typically block SMTP traffic IN to anything but their own SMTP server in an effort to prevent you as a spammer from sending out email to open-relays, and spam friendly mail servers from their IP block.

For this reason, if you do host your own email server, you will be blocked from connecting to them remotely through their packet filtering.

Most mail-admins do not want to have change their default SMTP port from 25, this makes it non-standard, and a pain in the a** for your users to connect to.  The solution is to set up a dummy listening port (in this case 9999) that will accept connections and forward them locally on to port 25.

Verizon will likely not be filtering requests to 9999 (its not a popular service port), so requests to 9999 still get through their filters to the email server listening on port 25. Users who don't have this fascist ISP policy can still connect to your server on the standard port.

That was longer than I had intended.. but I hope it helped.

C.

----------

## fragbert

 *mahellma wrote:*   

> Call me stupid(I am) but I really don't see how this works around the problem. If my ISP blocks port 25, no SMTP server can connect to my SMTP server or am I wrong. Doesn't SMTP's allways try to make the connection through port 25?

 

First of all, no, you are not stupid.  :Razz:  All forwarded SMTP traffic will go to port 25, and there is nothing you can do about it. When a relay server forwards a message, it will check the DNS MX record for the @hostname... portion, and use what it finds there. The MX record cannot specify the port (or even the IP address directly). Basically there is no simple way of hosting your own publicly accessible e-mail server if your ISP is blocking traffic over port 25.

Michael

----------

## Diezel

 *fragbert wrote:*   

>  Basically there is no simple way of hosting your own publicly accessible e-mail server if your ISP is blocking traffic over port 25.
> 
> Michael

 

This is how I reasond it also. Thanks...

----------

## CinqueX

 *mahellma wrote:*   

>  *fragbert wrote:*    Basically there is no simple way of hosting your own publicly accessible e-mail server if your ISP is blocking traffic over port 25.
> 
> Michael 
> 
> This is how I reasond it also. Thanks...

 

That premise is flawed. The question is whether your ISP blocks incoming traffic TO port 25 (to prevent you from hosting an email server) OR blocking OUTGOING traffic to foreign SMTP servers.

Either way, MX records have nothing to do with it.

C.

----------

## Diezel

The outgoing trafic works fine, but nbothing comes in so that kind of kills the eager to set up an mail server  :Sad: 

----------

## joshdr77

Hey

to get back to my problem.........Im with OptusNet........in australia......i think that they block incoming traffic to port 80, and not sure abut out going, but it is probably block to...

is there anyway to get a webserver working on port 80 if it is blocked...

im running my server on [url]http://joshdr.pointclark.net:8002/[img] as u can see port 8002......but at school all ports are blocked...

u tried to help me b4, one of you, but u didnt quite understand what im asking.....

i want to be able to run web traffic on port 80......is there any way at all to do this? thanks[/img][/url]

----------

## Diezel

EDIT= Sorry DIDN'T read the question properly.

----------

## Zarathustra[H]

Hey  I'm still working on the IPTABLES problem..  The make mrproper didnt work for me...  :Sad: 

Meanwhile..

I have decided, against your warnings (sorry) to use sendmail after all, as my preferred email client (evolution) can interface sendmail directly.

Problem I am having thouhg, is that only root can access sendmail for some silly reason...

```

matt@localhost matt $ sendmail

bash: sendmail: command not found

matt@localhost matt $ su

Password:

root@localhost matt # sendmail

^C

root@localhost matt #

```

Does anyone know why this is, or how to fix it?

Thanks,

Matt

----------

## uzik

 *joshdr77 wrote:*   

> hi, i have s imular problem, my ISP blocks traffic on port 80, and my school blocks all traffic on non-standard ports.....is there a way to work around this???
> 
> so i can get into my website from school...thanks

 

This can't be right... They're block everything? Why connect you at

all if everything is blocked? Are you sure they just aren't blocking

'proscribed' web sites instead of all web traffic?

----------

## joshdr77

they block traffic port 80 traffic on servers......using i do use a cjb redirector.... but that does not help with school  :Sad: .....traffic is still being sent form a non standard port  :Sad: 

----------

## xedx

 *Zarathustra[H] wrote:*   

> Hey  I'm still working on the IPTABLES problem..  The make mrproper didnt work for me... 
> 
> Meanwhile..
> 
> I have decided, against your warnings (sorry) to use sendmail after all, as my preferred email client (evolution) can interface sendmail directly.
> ...

 

sendmail needs is binding to port 25 which needs root permissions.

btw what do u mean by interface directly with sendmail?

 :Smile: 

----------

## Diezel

 *uzik wrote:*   

>  *joshdr77 wrote:*   hi, i have s imular problem, my ISP blocks traffic on port 80, and my school blocks all traffic on non-standard ports.....is there a way to work around this???
> 
> so i can get into my website from school...thanks 
> 
> This can't be right... They're block everything? Why connect you at
> ...

 

His ISP blocks INCOMMING trafic on port 80(normal) and his schools firewall blocks outgoing calls to non-standard ports. Also quite normal since a webserver normaly runs on port 80

----------

## uzik

 *mahellma wrote:*   

> 
> 
> His ISP blocks INCOMMING trafic on port 80(normal) and his schools firewall blocks outgoing calls to non-standard ports. Also quite normal since a webserver normaly runs on port 80

 

Oh!

You need a vpn.

You set up a connection between the boxes on your port of choice

and all your traffic flows over it. It's very slow though

----------

## zaftro

 *joshdr77 wrote:*   

> they block traffic port 80 traffic on servers......using i do use a cjb redirector.... but that does not help with school .....traffic is still being sent form a non standard port 

 

Hey joshdr77,

I think I understand what your saying. Your ISP blocks port 80 inbound connections to your home computer, and your school blocks out bound connections on non-standard ports. A work around this would be to redirect traffic from a "standard" port that isn't being used, to your httpd.

So which "standard" ports aren't being used on your home server? ftp - 21, ssh - 22, telnet - 23 etc. If you school allows outbound connections on any of these ports, and if you aren't already using them, you might be set. I also use OptusNet and know that they don't block ssh, they probably don't block telnet either.

Try and run httpd on whatever port (say httpd_port) and see if your school allows connections on 22 or 23. And I'm sure you school's IP would be static so you could use an iptables rule that redirects all inbound traffic on port 22 from your schools address to the port that you serve on. Something like,

iptables -t NAT -A PREROUTING -i ${ext_eth} -s ${school_ip} -p tcp --dport 22 -j REDIRECT --to-port ${httpd_port}

Hopefully that makes sense... Goodluck anyways

zaftro

----------

## Diezel

Usually when ISP's block ports they block all usefull blocks. Mine block's ports 0-1024 so everything i run i run above 1024. I hate this, it would be really nice to be able to run my own SMTP and Webmail and so on. G** D*** ISP's.  :Laughing: 

----------

## joshdr77

hmm, i chnaged my webserver to port 21, but that was blocked at school too.....

how do i find out what ports are open for outside communication

if there are none...

then what do i do?

thanks ppl for your help  :Smile: 

----------

## uzik

Just a thought, but you might ask someone at school.

If you're not supposed to be doing this project you'll just get

yourself in trouble. Why bother when there are lots of projects

that won't get you in trouble?

----------

## Zarathustra[H]

Thanks for all your help guys...

I wound up not using port forwarding to solve my verizon problem at all.

I just set up the postfix mailserver instead, and it seems to work fine.  Makes me wonder why this isnt the default option for all mail systems.  It is much faster and better than using an STMP server.

/Matt

----------

## joshdr77

 *uzik wrote:*   

> Just a thought, but you might ask someone at school.
> 
> If you're not supposed to be doing this project you'll just get
> 
> yourself in trouble. Why bother when there are lots of projects
> ...

 

i could ask, but that wont be fun.....besides....im not sure they tell me, its not that ill get into trouble, or that im not suppose to do it.......

they might just take it the wrong way...."i think he is trying to hack, etc"

so ne ideas?

----------

## uzik

The only way I know of to find out which ports are open is to try

and use them.

Generally the ports about 1024 are open. Pick one that's not used

for something else, put a listen command in your web server's

config file (if you use Apache), check and see if it works, then try it

from school.

----------

## joshdr77

hmm arnt there 10,000 ports...it might take a long time :S LOL

----------

## uzik

unless you're a programmer and can automate it.

----------

## joshdr77

im learning php at the mom, and vb...might be a whike  :Smile: 

----------

## Xor

well, I don't really have to deal with this "sneaking around" stuff.... but maybe port 443 (https) is open.... 

on the other hand - you probably have one of these next to free dsl accounts... so if you want do "hosting" your is would be glad to sell you a leased line connection.... or change to a isp who may charges you the double, but doesn't any filtering.... sometimes you can't get everything for nothing....

sorry for beeing so blunt.

----------

## Zarathustra[H]

 *Xor wrote:*   

> on the other hand - you probably have one of these next to free dsl accounts... so if you want do "hosting" your is would be glad to sell you a leased line connection.... or change to a isp who may charges you the double, but doesn't any filtering.... sometimes you can't get everything for nothing....

 

I dont know about you, but I don't consider $50 / month for 768/128kbit next to free...

In fact it is ridiculously expensive for what it is.

Really pisses me off how much I am paying for it, when in other countries (sweden to name an example) for the same monthly fee they get 10mbits in both directions without any port blocking...

Sigh...  There just isnt enough competition in the broadband market to bring prices and bitrates to a reasonable level...  :Sad: 

----------

## uzik

[quote="Zarathustra[H]"] *Xor wrote:*   

> 
> 
> Really pisses me off how much I am paying for it, when in other countries (sweden to name an example) for the same monthly fee they get 10mbits in both directions without any port blocking...
> 
> 

 

Perhaps you and a neighbor, or two, can form your own ISP?

Offer to sell them part of your bandwidth

----------

## Xor

 *Quote:*   

> I dont know about you, but I don't consider $50 / month for 768/128kbit next to free... 

 

well, $50 is about 75.- in my currency (Swiss Francs) - and for that you get a 512/128 at one of our beloved discount adsl sellers.... but I dunno if they du Port Blocking....

for the same you would get a 256/64 at our company with a fixed IP, preconfigured Router and NO BLOCKING at all.... (except telnet - we need to access the router) - but you can get 8 additional IP's for a fee....

but that's still way cheaper than a leased line - so ISPs may want to make the difference clear:

leased line: you get all the bells and whistles - high price

dsl: you may surf - and surf onyl - that's for what it's designed - nothing else

I don't know about sweden - never been - but heard they are in some areas quite ahead of other countries....

The problem in switzerland is, that the "last mile" is still maintained by a single next to non govermental company (was once.... ) - so they set the minimum price of a dsl and often leased line

anyhow - you might consider changing ISP.....

----------

## xedx

here in the philippines a 128/128 leased line costs $400

 :Shocked: 

----------

## dispatriot

Boy, you guys certainly make me appreciate my ISP. I'm running every service imaginable behind my little adelphia account... and I think we pay  $75 for all the cable channels and everything. The upspeed doesn't even suck...

----------

## shaung

 *joshdr77 wrote:*   

> Hey
> 
> to get back to my problem.........Im with OptusNet........in australia......i think that they block incoming traffic to port 80, and not sure abut out going, but it is probably block to...
> 
> is there anyway to get a webserver working on port 80 if it is blocked...
> ...

 

Hi joshdr,

I'm also with optusnet and have found the same problem there.  The only way around it is to pick a different port, which it looks like you have done (port 8002).  There is no way that *all* ports will be blocked at your school, so why not move your HTTP server to listen to a different port (say SMTP 25 for example) that is more likely to be left open by your school.  Of course, if you are running a SMTP server at home as well, then you may not want to gobble up port 25 so use something else instead.

----------

