Our server was recently blacklisted by a couple of automated blacklist services.
Automated services are the worst. It's been two days since we found and fixed the problem but these service won't clear our IP so we still have mail bouncing all over the place. It is absurd to me that anyone could set up a blacklist server and ultimately cause hardship to small companies that depend on their emails getting out.
That said, one of those companies offer this text;
>We strongly suggest blocking outgoing connections with a destination port of 25 TCP in your firewall for all systems not used as mail relays.
We have one mail server and all of our Linux servers relay via sendmail to that server. Sendmail is using port 25.
Since I don't deal with mail servers day in and out, it's easy for me to forget how things work and the question might sound pretty amateurish .
SMTP servers send and receive email using port 25 right. Meaning, I could add a firewall rule on the zimbra server to allow port 25 connections only from our known Linux servers.
Their suggestion seems to say block outgoing port 25 so how would world wide servers receive email from our zimbra server?
I'm missing something and it's very simple I'm sure.
Help!
zimbra sending without port 25?
zimbra sending without port 25?
Last edited by zim_mike on Wed Apr 26, 2023 5:41 pm, edited 2 times in total.
-
- Outstanding Member
- Posts: 536
- Joined: Sat Sep 13, 2014 12:54 am
- ZCS/ZD Version: Release 9.0.0.ZEXTRAS.20221203 FOSS
Re: zimbra sending without port 25?
SMTP servers send and receive email using port 25 right. Meaning, I could add a firewall rule on the zimbra server to allow port 25 connections only from our known Linux servers.
Their suggestion seems to say block outgoing port 25 so how would world wide servers receive email from our zimbra server?
They're talking about for the end users.
I use ASSP for SPAM filtering and only accept port 587 (Submission port) for authentication. So, I have ASSP set to not allow for authentication on port 25. As a bonus, I've got Fail2Ban rule blocking those that do try to do auth on port 25.
As for my servers, I've got rules for them in ASSP to allow auth on 25, if they don't support anything else.
How you'd do this in SPAM Assassin, I do not know, since I've never used it.
Doug
Re: zimbra sending without port 25?
Thanks for the reply. I used ASSP in front of the mail server for a long time but ASSP and it's never ending addition of featrues and controls eventually overwhelmed so I got rid of it.
I posted this thinking maybe I was not aware of some new methods that don't use port 25 or something but I guess like you say, that is not the case.
I posted this thinking maybe I was not aware of some new methods that don't use port 25 or something but I guess like you say, that is not the case.
- Rony
- Posts: 45
- Joined: Fri Jan 27, 2017 3:50 pm
- Location: Canada-Montreal
- ZCS/ZD Version: Zimbra 9.0.0_GA_4174
- Contact:
Re: zimbra sending without port 25?
Hello Mike,
I am having the same issues with my ISP blocking port 25.
I haven't find any solution yet and I am not as advanced as you are, did you manage to bypass that?
The issue is not on the mail server as I have seen solutions to redirect 25 to another port but that will not solve it since nothing would pass the wan IP on port 25 to redirect it.
Thank you
I am having the same issues with my ISP blocking port 25.
I haven't find any solution yet and I am not as advanced as you are, did you manage to bypass that?
The issue is not on the mail server as I have seen solutions to redirect 25 to another port but that will not solve it since nothing would pass the wan IP on port 25 to redirect it.
Thank you
- L. Mark Stone
- Ambassador
- Posts: 2802
- Joined: Wed Oct 09, 2013 11:35 am
- Location: Portland, Maine, US
- ZCS/ZD Version: 10.0.7 Network Edition
- Contact:
Re: zimbra sending without port 25?
This post is almost three years old. Suggest you contact your ISP if they are blocking TCP port 25 either outbound or inbound to find out why, rather than wait for a reply from the OP.Rony wrote:Hello Mike,
I am having the same issues with my ISP blocking port 25.
I haven't find any solution yet and I am not as advanced as you are, did you manage to bypass that?
The issue is not on the mail server as I have seen solutions to redirect 25 to another port but that will not solve it since nothing would pass the wan IP on port 25 to redirect it.
Thank you
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
Re: zimbra sending without port 25?
Hi,
ISP's don't block port 25, that would be crazy on their part to get caught doing that.
@Rony,
>I am having the same issues with my ISP blocking port 25.
>I haven't find any solution yet and I am not as advanced as you are, did you manage to bypass that?
>The issue is not on the mail server as I have seen solutions to redirect 25 to another port but that will not solve it since nothing
>would pass the wan IP on port 25 to redirect it.
If your provider is blocking port 25, you should file a complaint because they should not be doing that.
I'm not sure what you are facing but the point of that is simply not to allow non known mail servers to send email out.
Email should always be sent from an authorized email server and not directly from any server as it will be seen as spam.
An official mail server simply means one that has everything set up correctly, forward/reverse DNS including in your providers records if needed, SPA, DMARC, etc etc.
ISP's don't block port 25, that would be crazy on their part to get caught doing that.
@Rony,
>I am having the same issues with my ISP blocking port 25.
>I haven't find any solution yet and I am not as advanced as you are, did you manage to bypass that?
>The issue is not on the mail server as I have seen solutions to redirect 25 to another port but that will not solve it since nothing
>would pass the wan IP on port 25 to redirect it.
If your provider is blocking port 25, you should file a complaint because they should not be doing that.
I'm not sure what you are facing but the point of that is simply not to allow non known mail servers to send email out.
Email should always be sent from an authorized email server and not directly from any server as it will be seen as spam.
An official mail server simply means one that has everything set up correctly, forward/reverse DNS including in your providers records if needed, SPA, DMARC, etc etc.