Results 1 to 3 of 3
  1. #1

    Mail Server vs. Firewall -- the Death Match

    I am in the market for a new Windows mail server for a small small business, with fairly modest requirements webmail, anti-spam, doesn't crash the machine, that's it ...

    Except for one other modest, perhaps obscure requirement -- the local port that the mail server uses to initiate an SMTP connection to another server must be known and/or configurable so I can open it in my firewall.

    I was all set on Smartermail, but then it turned out that it uses a .NET component to handle its TCP connections, and the developers didn't think the local port was important, and they let the .NET component choose it (from a range of 1024 to 5000, I think, by only god knows what logic.) They seemed to think I was a bit nuts even to ask the question.

    Am I nuts? Is this hopelessly obscure information about a mail server, that no one else ever cared about? It's hard to find in any mail server documentation.

    Or does anyone know of a Windows mail server that uses known or configurable ports to connect out?

    Currently the machine uses an old version of Merak, with no webmail or anti-spam. It works, and I guess it works because Merak uses local port 25 to initiate outbound connections. One choice I have is to upgrade Merak, but it's expensive, and for all I know, the newer version would give me the same problem as Smartermail.

  2. #2
    Join Date
    Jun 2001
    Location
    Denver, CO
    Posts
    3,302
    What firewall are you using? This seems more like a problem with your firewall to me than anything else. You should be able to allow your firewall to allow outbound connections to external port 25, regarldess of whichever local port is used to establish the connection. In fact, the same thing occurs whenever you browse a web site or whatever -- you externally connect to port 80 and you use a random local port to establish the connection. This is really just the way things work ...
    Jay Sudowski // Handy Networks LLC // Co-Founder & CTO
    AS30475 - Level(3), HE, Telia, XO and Cogent. Noction optimized network.
    Offering Dedicated Server and Colocation Hosting from our SSAE 16 SOC 2, Type 2 Certified Data Center.
    Current specials here. Check them out.

  3. #3
    My firewall is just a set of Windows IPSec filters, which are simple packet filters. They don't know which application is making the connection, or whether the connection originates inside our outside. Maybe that sounds dumb, but I could never find a software firewall that was usable, stable, and affordable. I spent weeks on that problem, and don't ever want to go there again.

    I could create a filter in IPSec that allowed what you say, but then my machine would be totally open to any attacker who happened to use port 25. I could also create several hundred rules specifying one local port at a time, since IPSec filers won't accept a port range. That is a pain, obviously.

    My entire problem would be solved instantly if a mail server would use a defined port or range of ports, but maybe that's asking too much.

    It would be great also if I could configure the Windows OS to limit the ports that .NET components would consider usable, but that is definitely asking too much. Even god doesn't know how to do that. Satan knew but forgot.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •