Mailing List Archive: exim: users

[Exim] Exim4 trying to talk to GMAIL

Index | Next | Previous | View Threaded

mark27q1 at gmail

Nov 7, 2007, 7:52 AM

Post #1 of 12 (867 views)
Permalink

[Exim] Exim4 trying to talk to GMAIL

Hello The List!

I'm having problems getting exim 4.63 to talk to Gmail. What I have done
is set up Exim4 on my Debian GNU/Linux laptop to use smtp.gmail.com as a
smarthost for sending email. This is to avoid narking off my ISP by
trying to send out mail directly from my own machine... ;-)

I initially had problems getting connected to Gmail as I was getting
errors returned by gnutls_handshake() (A TLS packet with unexpected
length was received) which was prompting exim4 to try to connect without
TLS, which Gmail wasn't having any of. The Debian exim4 package (Debian
etch) ships using GNUTLS, and Googling around (ironically enough) I
found that almost everyone who has faced this problem in a similar
situation to me has been told to switch to OpenSSL, so I rebuilt the
exim package from source, having modified the configuration to use
OpenSSL instead of GNUTLS. Now I am getting the below error when I
submit an email to exim4 for delivery to the outside world (my mobile
phone email, on the ezweb.ne.jp domain):

2007-11-07 23:05:02 1IplWg-0002Qp-Uo <= mark [at] satellit U=mark P=local
S=370
2007-11-07 23:06:44 1IplWg-0002Qp-Uo TLS error on connection to
gmail-smtp.l.google.com [64.233.179.109] (SSL_connect):
error:00000000:lib(0):func(0):reason(0)
2007-11-07 23:06:44 1IplWg-0002Qp-Uo TLS session failure: delivering
unencrypted to gmail-smtp.l.google.com [64.233.179.109] (not in
hosts_require_tls)
2007-11-07 23:06:45 1IplWg-0002Qp-Uo ** <deleted_user_name>@ezweb.ne.jp
R=smarthost T=remote_smtp_smarthost: SMTP error from remote mail server
after MAIL FROM:<mark [at] gmail> SIZE=1404: host gmail-smtp.l.google.com
[64.233.179.109]: 530 5.7.0 Must issue a STARTTLS command first
23sm6356717hsd
2007-11-07 23:06:45 1IplYL-0002Qs-Mv <= <> R=1IplWg-0002Qp-Uo
U=Debian-exim P=local S=1328
2007-11-07 23:06:45 1IplWg-0002Qp-Uo Completed
2007-11-07 23:06:45 1IplYL-0002Qs-Mv => mark <mark [at] satellit>
R=local_user T=mail_spool
2007-11-07 23:06:45 1IplYL-0002Qs-Mv Completed

I briefly got very excited when I saw this thread on this list -->
http://lists.exim.org/lurker/message/20010612.130811.9c23d3c7.en.html#exim-users

as it describes the same problem I am having since recompiling exim from
source. However, the solution offered there is that the other end is
broken, which patently isn't the case in my case because A) If Gmail
wasn't doing TLS properly it would cause a stupendous stink, B) I have
Evolution set up to use my Gmail account from the same machine, and I
don't know if Evolution is using GNUTLS or OpenSSL, but whatever it's
using, it's working -- as evidenced by the fact I am using it to send
this message, C) I did a telnet smtp.gmail.com 25 and was able to send a
HELO, then a STARTTLS, without having the other end drop the connection.

Now that actually has got me thinking -- is exim4 trying to do a
STARTTLS without first doing a HELO??? Is that configurable?

I am using libssl0.9.8 (Debian package name, to those to whom this means
anything) which is what is in the Debian etch (stable) distribution.

And before anyone asks, I have checked I can send an email using my
Gmail account from Evolution on the same machine, to my mobile phone
email, so this should definitely work... That's why I think it's an exim
config issue and not a local OpenSSL or other networking issue -- if it
were I'd expect Evolution also not to work.

Finally, the reason I'm trying to do this is I want to be able to send
emails to my cellphone from batch scripts running on this machine so I
can run batch jobs and have it email my phone when it's done so I don't
have to stand over it but know when to go check results etc.

Any help from anyone who's wrestled with this before, would be
appreciated.

Mark

(Pls CC me on replies to List if that doesn't breach list etiquette --
I'm a newbie here and not yet subscribed)

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim-users at spodhuis

Nov 9, 2007, 8:36 PM

Post #2 of 12 (820 views)
Permalink

Re: [Exim] Exim4 trying to talk to GMAIL [In reply to]

On 2007-11-08 at 00:52 +0900, Mark Fletcher wrote:
> I'm having problems getting exim 4.63 to talk to Gmail. What I have done
> is set up Exim4 on my Debian GNU/Linux laptop to use smtp.gmail.com as a
> smarthost for sending email. This is to avoid narking off my ISP by
> trying to send out mail directly from my own machine... ;-)

You probably also want to try port 587 to avoid hitting any port 25
restrictions imposed by your ISP.

I can confirm success using TLS and authentication to talk to Gmail. My
configuration is rather more complex than needed though, as it handles
multiple smarthosts for this laptop driven by a pair of external config
files and it's not really helpful for you (beyond saying use SASL PLAIN
(or the LOGIN gunk) authentication once you're past the TLS hurdle, and
be aware that no matter what you put in the SMTP Envelope Sender, Gmail
will replace it with the email address that you authenticated with).

> 2007-11-07 23:05:02 1IplWg-0002Qp-Uo <= mark [at] satellit U=mark P=local
> S=370
> 2007-11-07 23:06:44 1IplWg-0002Qp-Uo TLS error on connection to
> gmail-smtp.l.google.com [64.233.179.109] (SSL_connect):
> error:00000000:lib(0):func(0):reason(0)
> 2007-11-07 23:06:44 1IplWg-0002Qp-Uo TLS session failure: delivering
> unencrypted to gmail-smtp.l.google.com [64.233.179.109] (not in
> hosts_require_tls)

You can stop the rest of the output by using hosts_require_tls for
gmail.

hosts_require_tls = *.google.com

> Now that actually has got me thinking -- is exim4 trying to do a
> STARTTLS without first doing a HELO??? Is that configurable?

No. Exim has to do the EHLO to get the ESMTP capabilities returned in
response, whereupon it sees STARTTLS advertised. You can submit an
email with debugging enabled and trace the SMTP. See the "-d" option to
Exim; SMTP commands are included in the default output.

So the problem here is that your SSL library is failing when it tries to
set up SSL to the remote side, with no apparent logging of why. My gut
instinct reaction is to suspect that you're compiling Exim against
differently versioned headers of OpenSSL than the library you're
getting. Which version of "libssl-dev" is installed and which version
does "ldd" report that Exim is linked against?

Regards,
-Phil

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

mark27q1 at gmail

Nov 10, 2007, 7:58 AM

Post #3 of 12 (798 views)
Permalink

Re: [Exim] Exim4 trying to talk to GMAIL [In reply to]

On Fri, 2007-11-09 at 20:36 -0800, Phil Pennock wrote:

> You probably also want to try port 587 to avoid hitting any port 25
> restrictions imposed by your ISP.
>

Thanks for your reply. OK I'll bear that in mind. I don't _think_ that's
the problem here though. How would I change the port if I wanted to do
so?

> I can confirm success using TLS and authentication to talk to Gmail. My
> configuration is rather more complex than needed though, as it handles
> multiple smarthosts for this laptop driven by a pair of external config
> files and it's not really helpful for you (beyond saying use SASL PLAIN
> (or the LOGIN gunk) authentication once you're past the TLS hurdle, and
> be aware that no matter what you put in the SMTP Envelope Sender, Gmail
> will replace it with the email address that you authenticated with).
>

That's cool -- I don't care who the email looks like it came from, as
long as it gets to the other end ;-)

> > 2007-11-07 23:05:02 1IplWg-0002Qp-Uo <= mark [at] satellit U=mark P=local
> > S=370
> > 2007-11-07 23:06:44 1IplWg-0002Qp-Uo TLS error on connection to
> > gmail-smtp.l.google.com [64.233.179.109] (SSL_connect):
> > error:00000000:lib(0):func(0):reason(0)
> > 2007-11-07 23:06:44 1IplWg-0002Qp-Uo TLS session failure: delivering
> > unencrypted to gmail-smtp.l.google.com [64.233.179.109] (not in
> > hosts_require_tls)
>
> You can stop the rest of the output by using hosts_require_tls for
> gmail.
>
> hosts_require_tls = *.google.com

Yeah, the log file said something about that -- unfortunately I couldn't
find in the readme where that hosts_require_tls should be set and a
Fletcher classic find / grep combination of the exim-relevant
directories I know about failed to turn up which file this setting needs
to be in. Could you enlighten me?

>
> > Now that actually has got me thinking -- is exim4 trying to do a
> > STARTTLS without first doing a HELO??? Is that configurable?
>
> No. Exim has to do the EHLO to get the ESMTP capabilities returned in
> response, whereupon it sees STARTTLS advertised. You can submit an
> email with debugging enabled and trace the SMTP. See the "-d" option to
> Exim; SMTP commands are included in the default output.
>

Thanks. Didn't know that.

> So the problem here is that your SSL library is failing when it tries to
> set up SSL to the remote side, with no apparent logging of why. My gut
> instinct reaction is to suspect that you're compiling Exim against
> differently versioned headers of OpenSSL than the library you're
> getting. Which version of "libssl-dev" is installed and which version
> does "ldd" report that Exim is linked against?
>

Unfortunately, it doesn't appear to be that.

ldd /usr/sbin/exim-4.63-1 gives the following output:

mark [at] satellit:/usr/sbin$ ldd exim-4.63-1
linux-gate.so.1 => (0xffffe000)
libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7f31000)
libnsl.so.1 => /lib/tls/i686/cmov/libnsl.so.1 (0xb7f1b000)
libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7eed000)
libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7ec8000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7ec4000)
libdb-4.4.so => /usr/lib/libdb-4.4.so (0xb7dc9000)
libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8
(0xb7d89000)
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8
(0xb7c4f000) libc.so.6 => /lib/tls/i686/cmov/libc.so.6
(0xb7b1e000)
/lib/ld-linux.so.2 (0x80000000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7b0a000)

/usr/lib/i686/cmov/libssl.so.0.9.8 is contained in the Debian package
named libssl0.9.8, version 0.9.8c-4etch1 of which is installed on my
machine. The version number of libssl-dev I have is... wait for it...
0.9.8c-4etch1. While we're about it, libcrypto.so.0.9.8 is also provided
by libssl0.9.8 and hence is at the same version.

I had a look at the files in the libssl-dev package, and that led me to
look at /usr/include/openssl where a ton of files are provided by this
package. There I found a tls1.h which is just a bunch of #defines --
including a TLS1_VERSION set to 0x0301. Clearly this doesn't relate to
the version number of the openssl library but it was a piece of
information I didn't have before, which someone might make something
of...

Any other ideas?

Mark

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

mark27q1 at gmail

Nov 10, 2007, 8:00 AM

Post #4 of 12 (810 views)
Permalink

Re: [Exim] Exim4 trying to talk to GMAIL [In reply to]

On Sun, 2007-11-11 at 00:58 +0900, Mark Fletcher wrote:
> On Fri, 2007-11-09 at 20:36 -0800, Phil Pennock wrote:
>
> > You probably also want to try port 587 to avoid hitting any port 25
> > restrictions imposed by your ISP.
> >
>
> Thanks for your reply. OK I'll bear that in mind. I don't _think_ that's
> the problem here though. How would I change the port if I wanted to do
> so?
>

Just remembered how this is done -- sorry for the stupid question.
Anyway, back to the main issue -- my dev and runtime libraries seem to
be matching versions, what else could be the problem?

Thanks

Mark

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim-users at spodhuis

Nov 11, 2007, 4:25 AM

Post #5 of 12 (800 views)
Permalink

Re: [Exim] Exim4 trying to talk to GMAIL [In reply to]

On 2007-11-11 at 00:58 +0900, Mark Fletcher wrote:
> >
> > hosts_require_tls = *.google.com
>
> Yeah, the log file said something about that -- unfortunately I couldn't
> find in the readme where that hosts_require_tls should be set and a
> Fletcher classic find / grep combination of the exim-relevant
> directories I know about failed to turn up which file this setting needs
> to be in. Could you enlighten me?

Judging by the Debian system I just logged into:
/usr/share/doc/exim4/spec.txt.gz

Answer: on the smtp transport.

Eg:
smarthost_smtp:
driver = smtp
port = 587
hosts_require_tls = *
hosts_require_auth = *

which is roughly what my smtp transport on the laptop boils down to for
Gmail, after all the string-expansions I have.

> Any other ideas?

$ f=your [at] sender
$ t=recipient [at] gmail
$ printf "From: $f\nTo: $t\nSubject: test\n\nfoo" | exim -d+all $t \
2>&1 | tee exim.output.log

After a line containing:
>>>>>>>>>>>>>>>> Remote deliveries >>>>>>>>>>>>>>>>
you should have full debug trace data, including SSL data; Exim
registers a trace callback with OpenSSL which will log all the OpenSSL
trace data to the "tls" selector (so -d+tls is sufficient to get it,
instead of -d+all).

Eg, I see this, modulo EHLO and IP address munging:
12:15:18 8394 SMTP>> EHLO XXX-something-else-here-XXX
12:15:18 8394 waiting for data on socket
12:15:18 8394 read response data: size=125
12:15:18 8394 SMTP<< 250-mx.google.com at your service, [192.0.2.1]
12:15:18 8394 250-SIZE 28311552
12:15:18 8394 250-8BITMIME
12:15:18 8394 250-STARTTLS
12:15:18 8394 250 ENHANCEDSTATUSCODES
12:15:18 8394 209.85.147.111 in hosts_avoid_tls? no (option unset)
12:15:18 8394 SMTP>> STARTTLS
12:15:18 8394 waiting for data on socket
12:15:18 8394 read response data: size=30
12:15:18 8394 SMTP<< 220 2.0.0 Ready to start TLS
12:15:18 8394 Initialized TLS
12:15:18 8394 Calling SSL_connect
12:15:18 8394 SSL info: before/connect initialization
12:15:18 8394 SSL info: before/connect initialization
12:15:18 8394 SSL info: SSLv2/v3 write client hello A
12:15:18 8394 SSL info: SSLv3 read server hello A
12:15:18 8394 SSL info: SSLv3 read server certificate A
12:15:18 8394 SSL info: SSLv3 read server done A
12:15:18 8394 SSL info: SSLv3 write client key exchange A
12:15:18 8394 SSL info: SSLv3 write change cipher spec A
12:15:18 8394 SSL info: SSLv3 write finished A
12:15:18 8394 SSL info: SSLv3 flush data
12:15:18 8394 SSL info: SSLv3 read finished A
12:15:18 8394 SSL info: SSL negotiation finished successfully
12:15:18 8394 SSL info: SSL negotiation finished successfully
12:15:18 8394 SSL_connect succeeded
12:15:18 8394 Cipher: TLSv1:DES-CBC3-SHA:168
12:15:18 8394 SMTP>> EHLO XXX-something-else-here-XXX
12:15:18 8394 tls_do_write(bfffc813, 34)
12:15:18 8394 SSL_write(SSL, bfffc813, 34)
12:15:18 8394 outbytes=34 error=0
12:15:18 8394 waiting for data on socket
12:15:18 8394 Calling SSL_read(608e40, bfffcc13, 4096)
12:15:18 8394 read response data: size=133
12:15:18 8394 SMTP<< 250-mx.google.com at your service, [192.0.2.1]
12:15:18 8394 250-SIZE 28311552
12:15:18 8394 250-8BITMIME
12:15:18 8394 250-AUTH LOGIN PLAIN
12:15:18 8394 250 ENHANCEDSTATUSCODES

Regards,
-Phil

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim-users at securitects

Nov 11, 2007, 7:46 AM

Post #6 of 12 (808 views)
Permalink

Re: [Exim] Exim4 trying to talk to GMAIL [In reply to]

Mark Fletcher schrieb:
>
> I had a look at the files in the libssl-dev package, and that led me to
> look at /usr/include/openssl where a ton of files are provided by this
> package. There I found a tls1.h which is just a bunch of #defines --
> including a TLS1_VERSION set to 0x0301. Clearly this doesn't relate to
> the version number of the openssl library but it was a piece of
> information I didn't have before, which someone might make something
> of...

The information you're looking at is the protocol version of TLSv1. TLS
being the non-propriatory successor to SSLv3 uses the protocol version
3.1 in its messages, compared to SSLv3 using 3.0.

Cheers,
Patrick Eisenacher

Attachments:

smime.p7s (2.68 KB)

mark27q1 at gmail

Nov 12, 2007, 5:06 AM

Post #7 of 12 (793 views)
Permalink

Re: [Exim] Exim4 trying to talk to GMAIL [In reply to]

On Sun, 2007-11-11 at 04:25 -0800, Phil Pennock wrote:
> On 2007-11-11 at 00:58 +0900, Mark Fletcher wrote:
> > >

> Answer: on the smtp transport.
>
> Eg:
> smarthost_smtp:
> driver = smtp
> port = 587
> hosts_require_tls = *
> hosts_require_auth = *
>
> which is roughly what my smtp transport on the laptop boils down to for
> Gmail, after all the string-expansions I have.
>

That pointed me in the right direction -- the transport was actually
called remote_smtp_smarthost. I asked the question because I had some
confusion on whether the Debian package had set me up to run from
multiple config files or one template one -- I was modifying the wrong
file and wondering why it wasn't having any effect... :-)

> $ f=your [at] sender
> $ t=recipient [at] gmail
> $ printf "From: $f\nTo: $t\nSubject: test\n\nfoo" | exim -d+all $t \
> 2>&1 | tee exim.output.log
>

AND THAT NAILED IT! You were right in the very beginning. The issue was
the port -- I was getting a similarly unhelpful failure in the debug
output on ssl_connect() when I used port 25, but when I switched to port
587, bingo -- my mobile phone started vibrating!

Thanks a lot for your help.

Mark

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

kroshka at atypon

Nov 13, 2007, 12:44 PM

Post #8 of 12 (793 views)
Permalink

Re: [Exim] Exim4 trying to talk to GMAIL [In reply to]

Phil Pennock wrote:
> You probably also want to try port 587 to avoid hitting any port 25
> restrictions imposed by your ISP.

Which reminds me. There is probably no easy way to avoid a block on
incoming port 25 by an ISP. Except to have an MTA outside the block
which receives your email and sends it to your MTA configured to listen
on a different port?

Thank you,
Jeroen

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim-users at spodhuis

Nov 13, 2007, 5:37 PM

Post #9 of 12 (791 views)
Permalink

Re: [Exim] Exim4 trying to talk to GMAIL [In reply to]

On 2007-11-13 at 12:44 -0800, Jeroen van Aart wrote:
> Which reminds me. There is probably no easy way to avoid a block on
> incoming port 25 by an ISP. Except to have an MTA outside the block
> which receives your email and sends it to your MTA configured to listen
> on a different port?

If you have inbound mail, you should have a static IP address; any ISP
selling static IP addresses should be willing to remove the inbound port
25 block once you confirm that you really are running a mail-server.

If you're in NL, then there should be a few decent ISPs around who'll do
this. Here in the USA, I'm stuck with Comcast (no DSL available at
home) which is part of why I still have a colo box in NL.

If the ISP is filtering inbound SYN, then you could use ssh with
port-forwarding and a session which is kept alive at all times. If you
have more than minimal guest access to a colocated system (ie, it's
yours to do with as you will) then you could set up IMAP on that system
and turn your home MTA setup into a satellite service, smarthosting via
your own box. Then you can travel and not be dependent upon your home
connection being up; given the quality of service that seems to be
common with those ISPs who filter ports without exceptions, this might
well be much safer.

mvg,
-Phil

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim-users at spodhuis

Nov 13, 2007, 6:34 PM

Post #10 of 12 (791 views)
Permalink

Re: [Exim] Exim4 trying to talk to GMAIL [In reply to]

On 2007-11-12 at 22:06 +0900, Mark Fletcher wrote:
> AND THAT NAILED IT! You were right in the very beginning. The issue was
> the port -- I was getting a similarly unhelpful failure in the debug
> output on ssl_connect() when I used port 25, but when I switched to port
> 587, bingo -- my mobile phone started vibrating!

Gmail's servers only advertise STARTTLS on port 25 if your source IP
address is in a netblock setup to make it so, by an organisation paying
money for the Premier version of Google Apps for your Domain. I forgot
this at first and the double-check I did was from such a whitelisted IP.
Oops.

So if STARTTLS was advertised on port 25 then:
(a) lucky you, re Gmail, but unfortunately someone else is filtering
your outbound port 25 connections with forced-proxy
(b) it's not portable for other source IPs

The debug output which you already have will show if it was actually
advertised.

I don't think that there's a way to tell Exim to use SSL-on-connect for
outbound connections, so I can't really see how else Exim would have
started TLS and then failed.

-Phil

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

kroshka at atypon

Nov 14, 2007, 5:09 PM

Post #11 of 12 (783 views)
Permalink

Re: [Exim] Exim4 trying to talk to GMAIL [In reply to]

Phil Pennock wrote:
> If you have inbound mail, you should have a static IP address; any ISP
> selling static IP addresses should be willing to remove the inbound port
> 25 block once you confirm that you really are running a mail-server.

I have a static IP ($6 a month extra...). It doesn't hurt to ask I
guess. It's a local isp, they ought to be a bit more flexible. I can
however send out email, just not receive.

> If you're in NL, then there should be a few decent ISPs around who'll do
> this. Here in the USA, I'm stuck with Comcast (no DSL available at
> home) which is part of why I still have a colo box in NL.

I used xs4all back in NL, they're good imo. Though I never tried if they
blocked port 25 I would assume they don't, they gave a free static IP.
Sadly I have no root access to a box in NL. Or anywhere where it'd be
decent to configure an MTA for my home setup.

> If the ISP is filtering inbound SYN, then you could use ssh with

How to check this? I checked to see if port 25 is blocked by just
running nmap and check if indeed the port was open. Trying various
services configured to port 25 (including smtp of course). It would just
show up as blocked. I guess using syn stealth scan on nmap would reveal
if inbound syn is being filtered.

> port-forwarding and a session which is kept alive at all times. If you

I have little experience with ssh port forwarding, how would I go about
doing that?

Thanks,
Jeroen

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim-users at spodhuis

Nov 15, 2007, 7:07 PM

Post #12 of 12 (762 views)
Permalink

Re: [Exim] Exim4 trying to talk to GMAIL [In reply to]

On 2007-11-14 at 17:09 -0800, Jeroen van Aart wrote:
> I used xs4all back in NL, they're good imo. Though I never tried if they
> blocked port 25 I would assume they don't, they gave a free static IP.

*cough* I used to work for Demon NL until KPN bought it and told the
NOC staff that there were no jobs for them; I didn't stay around to
migrate my job away to XS4All. But yeah, XS4All has clueful tech staff.
:-)

> > If the ISP is filtering inbound SYN, then you could use ssh with
>
> How to check this? I checked to see if port 25 is blocked by just
> running nmap and check if indeed the port was open. Trying various
> services configured to port 25 (including smtp of course). It would just
> show up as blocked. I guess using syn stealth scan on nmap would reveal
> if inbound syn is being filtered.

Forced silent proxy? telnet in to port 25 and see if you get the
service you expect to see; that includes seeing if STARTTLS is
advertised and can be negotiated.

> > port-forwarding and a session which is kept alive at all times. If you
>
> I have little experience with ssh port forwarding, how would I go about
> doing that?

You'd need root access on the box, or risk having another user hijack
your email delivery. Generally though, ssh(1) can bind a listening
socket on one side of the link, accept connections, pass the data on
through the multiplexed channel it has between source and destination
hosts and open up connections to the specified host of your choice; you
can even make it be to multiple hosts since ssh can be a SOCKS server.

In this case, getting email delivered to you via SMTP without being able
to accept port 25 inbound or having administrative control of another
machine means you pretty much need to get it as a pre-packaged service
and probably pay for what nowadays is a niche service. Probably cheaper
to just get IMAP, whether free from the company the OP was trying to use
or paid-for from someone like, eg: http://emailthatworks.net/

If you want inbound SMTP email, then you need to be able to listen to
port 25 on some machine where it's not filtered inbound, or arrange for
a mail-service which will relay mail on a non-standard port. No getting
away from that.

-Phil

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads