Is Outbound SMTP Too Restrictive


(Eddie Atherton) #1

Just a comment, which is my own personal opinion, after fighting to set up outbound SMTP from a couple of machines inside my home network. For all the local mail clients, they are set to deliver outbound mail directly to my ISP.

There is a blanket iptables rule, which rejects all outbound SMTP connections from inside the network. OK, I can see, maybe, this being a “good thing”. But shouldn’t this be something decided by the local administrator, not forced by NS.

My first attempt at bypassing this, by activating “Allow relay from trusted networks” in SMTP Access on the Email tab appeared to work, after I tested this from my local Thunderbird client. However, as soon as my wife started working, there was this plaintive cry of “Why isn’t my e-mail working”. :cry:

After investigating, it turns out her e-mails were being rejected by NS as: “helo command rejected need fully-qualified hostname”. Further investigation led me to that Outlook only sends the local machine name when connecting to the mail server, not the fully qualified name. Obviously, Thunderbird must have been sending this fully qualified.

Long story short. I created a new FW rule to allow SMTP traffic to flow directly from Green to Red. But to my mind, this should be handled by a configuration/UI setting.

Cheers.


(Artem Fedai) #2

@EddieA
Thansk you for your request.

It is must have restriction for SMB , emagine that you’v got the virus and your Windows is spamming throught 25 port.
So only for security reason .

BR.


(Davide Principi) #3

Hi @EddieA! Welcome on NethServer!

As @Nas pointed out port 25 is closed. This behaviour is documented on

http://docs.nethserver.org/en/latest/mail.html#block-port-25

Did you set up submission port (587) on your client? IIRC authenticated SMTP sessions don’t have EHLO restrictions.


(Eddie Atherton) #4

Ha. RTFM. A little bit of my own medicine back to me. :grinning:

I took the other option suggested in the manual: The administrator can change this policy creating a custom firewall rule inside the Rules page.

Cheers.