[SOLVED] Adding another port for receiving email

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
User avatar
Zecca
Posts: 4
Joined: Mon Sep 11, 2017 1:56 am

[SOLVED] Adding another port for receiving email

Post by Zecca »

Dear,
I want to ask about adding another port for receiving email, not for sending email. I try looking on the forum but it seems i can't find it.
The reason is my ISP got port 25 blocked. So i decided using SMTP Relay. Sending email is good. But we have problem with the receiving.
I would like to add another port for receiving, because when the main ISP down and change to backup, we can't receive email.
And got some email forward service to help me receiving on another port.

How to add another port for receiving email on zimbra 8.8.15?

Regards,
Arief
Last edited by Zecca on Wed May 05, 2021 2:46 am, edited 1 time in total.
User avatar
porokh
Posts: 17
Joined: Tue May 14, 2019 10:02 am
Location: Ukraine
ZCS/ZD Version: 8.8.15 RHEL7 FOSS

Re: Adding another port for receiving email

Post by porokh »

Hello!

First of all, because ZCS are using postfix for receiving mail, you can change standard 25/tcp to another port (e.g. 3425/tcp) via postfix config: in /opt/zimbra/common/conf/master.cf change line

Code: Select all

smtp      inet  n       -       n       -       1       postscreen
by this one

Code: Select all

3425      inet  n       -       n       -       1       postscreen
and then perform zmmtactl restart as zimbra user and check telnet localhost 3425

But this solution may be broken after any upgrade (possibly this could be avoided by editing /opt/zimbra/common/conf/master.cf.in in the same way too). So the better way is to use a local port redirection, by iptables -t nat -I PREROUTING -p tcp --dport 25 -j REDIRECT 3425 or some userspace utility (like redir --lport 25 --cport 3425)
User avatar
Zecca
Posts: 4
Joined: Mon Sep 11, 2017 1:56 am

Re: Adding another port for receiving email

Post by Zecca »

porokh wrote:Hello!

First of all, because ZCS are using postfix for receiving mail, you can change standard 25/tcp to another port (e.g. 3425/tcp) via postfix config: in /opt/zimbra/common/conf/master.cf change line

Code: Select all

smtp      inet  n       -       n       -       1       postscreen
by this one

Code: Select all

3425      inet  n       -       n       -       1       postscreen
and then perform zmmtactl restart as zimbra user and check telnet localhost 3425

But this solution may be broken after any upgrade (possibly this could be avoided by editing /opt/zimbra/common/conf/master.cf.in in the same way too). So the better way is to use a local port redirection, by iptables -t nat -I PREROUTING -p tcp --dport 25 -j REDIRECT 3425 or some userspace utility (like redir --lport 25 --cport 3425)
Hi porokh,

Thank you for the amazing answer. :idea:
Can i use two ports?
the standard one and additional port?

Thank you.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Adding another port for receiving email

Post by phoenix »

How do you expect to receive email if you no longer have port 25 available to receive that email? All mail servers will send you an email on port 25 to your mail server. If that is not available to you then you would need an external relay to receive your email (on port 25) then relay it to your server on a different port. You could also (possibly) change your ISP to one that allows you to have a mail server on your IP.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
User avatar
porokh
Posts: 17
Joined: Tue May 14, 2019 10:02 am
Location: Ukraine
ZCS/ZD Version: 8.8.15 RHEL7 FOSS

Re: Adding another port for receiving email

Post by porokh »

Zecca wrote:Hi porokh,

Thank you for the amazing answer. :idea:
Can i use two ports?
the standard one and additional port?

Thank you.
Hi Zecca!

First of all, I'm sorry for mistakenly swapping ports in examples (correct commands is iptables -t nat -I PREROUTING -p tcp --dport 3425 -j REDIRECT 25 and redir --lport 3425 --cport 25; its means that we are waiting for packets on 3425/tcp and then redirects it to 25/tcp).

About your question -- if you use port redirection, of course you can use both standard and additional port. In fact, ZCS still listening 25/tcp for incoming packets, and can receive it directly from the outer world or redirected local from 3425/tcp to 25/tcp.
User avatar
Zecca
Posts: 4
Joined: Mon Sep 11, 2017 1:56 am

Re: Adding another port for receiving email

Post by Zecca »

phoenix wrote:How do you expect to receive email if you no longer have port 25 available to receive that email? All mail servers will send you an email on port 25 to your mail server. If that is not available to you then you would need an external relay to receive your email (on port 25) then relay it to your server on a different port. You could also (possibly) change your ISP to one that allows you to have a mail server on your IP.
Hi, Bill (phoenix)
Yes, im going to use external relay, but still confused how to configure zimbra to keep port 25 on, and using additional port for ex. port 2525

I was going to use porokh alternative, to add two of this
smtp inet n - n - 1 postscreen
3425 inet n - n - 1 postscreen

by editing /opt/zimbra/common/conf/master.cf.in
and then perform zmmtactl restart as zimbra user and check telnet localhost 3425.
can i use this one Bill?
porokh wrote: Hi Zecca!

First of all, I'm sorry for mistakenly swapping ports in examples (correct commands is iptables -t nat -I PREROUTING -p tcp --dport 3425 -j REDIRECT 25 and redir --lport 3425 --cport 25; its means that we are waiting for packets on 3425/tcp and then redirects it to 25/tcp).

About your question -- if you use port redirection, of course you can use both standard and additional port. In fact, ZCS still listening 25/tcp for incoming packets, and can receive it directly from the outer world or redirected local from 3425/tcp to 25/tcp.
Hi Porokh,
Im ever use iptables, but would like to try. if i do like ur commands, so it's possible receiving for example port 3425/tcp and 25/tcp.
So then i must open NAT from outer world to 3425
Because my zimbra behind mikrotik.

Still thinking of use the first one by editing /opt/zimbra/common/conf/master.cf.in, because it's so easy to reach for me anyway.
Btw can i use like this?
smtp inet n - n - 1 postscreen
3425 inet n - n - 1 postscreen
leave the first line, and adding new line, so the two ports active at the same time.
User avatar
porokh
Posts: 17
Joined: Tue May 14, 2019 10:02 am
Location: Ukraine
ZCS/ZD Version: 8.8.15 RHEL7 FOSS

Re: Adding another port for receiving email

Post by porokh »

Zecca wrote:Hi Porokh,
Im ever use iptables, but would like to try. if i do like ur commands, so it's possible receiving for example port 3425/tcp and 25/tcp.
So then i must open NAT from outer world to 3425
Because my zimbra behind mikrotik.

Still thinking of use the first one by editing /opt/zimbra/common/conf/master.cf.in, because it's so easy to reach for me anyway.
Btw can i use like this?
smtp inet n - n - 1 postscreen
3425 inet n - n - 1 postscreen
leave the first line, and adding new line, so the two ports active at the same time.
Hi, Zecca!

If you are using Mikrotik, you probably may not touch your ZCS at all. Just add DST rule on Mikrotik, something like (assuming your internal IP is 192.168.0.101):

Code: Select all

/ip firewall nat
add action=dst-nat chain=dstnat comment="non-std SMTP" dst-port=3425 in-interface-list=WAN protocol=tcp to-addresses=192.168.0.101 to-ports=25
About your second question: yes, you can add multiple line in master.cf.in and then do zmmtactl restart -- SMTP will be accepted both on 25/tcp and 3425/tcp.
User avatar
Zecca
Posts: 4
Joined: Mon Sep 11, 2017 1:56 am

Re: Adding another port for receiving email

Post by Zecca »

porokh wrote:
Zecca wrote:Hi Porokh,
Im ever use iptables, but would like to try. if i do like ur commands, so it's possible receiving for example port 3425/tcp and 25/tcp.
So then i must open NAT from outer world to 3425
Because my zimbra behind mikrotik.

Still thinking of use the first one by editing /opt/zimbra/common/conf/master.cf.in, because it's so easy to reach for me anyway.
Btw can i use like this?
smtp inet n - n - 1 postscreen
3425 inet n - n - 1 postscreen
leave the first line, and adding new line, so the two ports active at the same time.
Hi, Zecca!

If you are using Mikrotik, you probably may not touch your ZCS at all. Just add DST rule on Mikrotik, something like (assuming your internal IP is 192.168.0.101):

Code: Select all

/ip firewall nat
add action=dst-nat chain=dstnat comment="non-std SMTP" dst-port=3425 in-interface-list=WAN protocol=tcp to-addresses=192.168.0.101 to-ports=25
About your second question: yes, you can add multiple line in master.cf.in and then do zmmtactl restart -- SMTP will be accepted both on 25/tcp and 3425/tcp.
Hi, Porokh !!,

Thank you very much. Because my zimbra behind nat (im using mikrotik). i'm using your mikrotik way.
I was try using the two line too, then dst-nat port 3425 to-ports=3425. But it seems so easy using the mikrotik way.
Thank you very much Porokh.
Post Reply