Postfix port 25 to another (ISP Blocks port 25)

Hi everyone, I just recently (about 6 days ago) moved from ISP to another due to very slow internet, but I just find out that the new ISP blocks port 25 and is no way to open according to them, they said for security reasons, so I was thinking is any way that I can change the port to another.

I already read as many topics from your list, but no topics actually guide me to the right direction.

Please help.

Version is = NethServer release 7.6.1810

Have you tried port 587?
This is also more secure port then 25

Originally, the Simple Mail Transfer Protocol (SMTP) used port 25. Today, SMTP should instead use port 587 — this is the port for encrypted email transmissions using SMTP Secure (SMTPS). Port 465 is also used sometimes for SMTPS. However, this is an outdated implementation and port 587 should be used if possible

Hi Mad,

Yes indeed, my new ISP allow me to open port 587, also 143 and everything else except 25, but for some reason is not receiving or sending email, now I do have still the old ISP and I soon I connect the old ISP router I can send and receive emails, and when I go to Port Checker - Check Open Ports Online, to check open port, the 25 is the only different in between old ISP vs the new ISP, so I assume that even the nethserver use 587 it still needs 25.

your thoughts…

@MadPatrick, @giancarlos

SMTP between mail servers on the Internet still must use Port 25.

Port 587 is mainly for clients sending through that mailserver and needing authentification.

I have NOT seen 587 used, neither by Google or any others so far on the Internet.

Port 465 was NEVER an official, authorized mail port by the RFCs. It was only a work around between POPbeforeSMTP (another workaround) and finally a correct TLS implementation with Port 587.

The english Wiki explanation is more precise than Cloudflare, a large hoster, but not a RFC maker!
Simple Mail Transfer Protocol - Wikipedia.

Ports

Communication between mail servers generally uses the standard TCP port 25 designated for SMTP.

Mail clients however generally don’t use this, instead using specific “submission” ports. Mail services generally accept email submission from clients on one of:

  • 587 (Submission), as formalized in RFC 6409 (previously RFC 2476)
  • 465 This port was deprecated after RFC 2487, until the issue of RFC 8314.

Port 2525 and others may be used by some individual providers, but have never been officially supported.

Many Internet service providers now block all outgoing port 25 traffic from their customers. Mainly as an anti-spam measure,[20] but also to cure for the higher cost they have when leaving it open, perhaps by charging more from the few customers that require it open.

The latest RFC:

My 2 cents
Andy

2 Likes

Hi Andy,

Thanks for the answer, so let me ask, at this point even if we change the port 25 from the nethserver to another it will not work still am I right?.

So what solution I do have that do not involve another 3rd party services where they deal with ISP Port 25 block?.

Hi @giancarlos

This is correct.

The only real, working, headache free method to achieve this would be to change to a provider that allows self-hosting a mail server. Depending on country, etc, this might mean using a more expensive “business” subscription, instead of the cheaper “Residential” connection most people use.
In some countries, this is not even an option… :frowning:

Spamming is, globally, still a major problem, using a lot of overhead and network resources, so it’s understandable that providers and hosters don’t want this. And restrictive governments are, well restricive… :slight_smile:

And the only way your server can recieve mail directly from the Internet (And also have a good basis for anti spam measures) is to have the server accessible on port 25…

For my home mail (only for maintenence messages), I use imapsync from my official web site hoster and have a mail account there so my homs server can use that as a “smarthost”. This works well.
(But uses a third party…).

My 2 cents
Andy

1 Like

Hi Andy,

Thanks.

Are you sure? Not the latest 7.9.2009?

Hi LayLow,

:rofl:, yeah I deployed this long ago I keep updating, but I haven’t upgraded to 7.9, anyway because of this issue I’m working on an alternative solution, like VPS, currently installing NS8 at this moment to redirect all traffic.

I will post my solution if it works. :wink:

Yep, many run a VPS with the various VPS providers for various reasons. I like ‘cloud only’, so no local dependencies, hardware and annoying providers :wink:

Good luck!

Hi all,

Progress on the VPS, so far is being a failure, NS8 does install in AlmaLinux and Rocky Linux, I can even access to the WEB UI, LDAP as account provider, I can add users, I can install software… in my case MAIL, but once you start configuring it, it does fail, a lot of errors messages.

In Debian for some reason the installation disable the network, so at some point it fails trying to connect and continue with the installation.

Keep it posted.

Can you show some error examples and what you are doing. Rocky 9.4 should install and configure flawlessly on a VPS. I have several, and I am not the only one.

What are the specs of the VPS pls?

Hi all,

Well I have good progress on this, my first attempt errors was me, so my bad, I apologize.

Now everything’s seems to be working accordingly, all the configuration is working I can even receive emails from outside, but I have one issue, and I’m looking to see what the issue is, but I cannot send emails, again I can receive, but I cannot send.

For information this is my configurations

VPS = vultr.com

vCPU/s:
2 vCPUs
RAM:
2048.00 MB
Storage:
60 GB NVMe

NS8 = Rocky Linux 9
Account provider = OpenLDAP
APP = Mail and Webtop (I kinda like SOGo please add this, change the green to blue)

I’ll keep posting.

Hi all,

I’m looking at the mail logs and I see some issue down here, I’ll paste the picture of the log below.

Something about users not been in the usersdb

Hi all,

After a reboot, now none of the nodes or apps want to work, a lot of error message, check below.

Maybe I am a bit late to the conversation, but any decent ISP offers a SMTP relay service so you still can host your own mailserver at home.
The mailserver of NS allows to configure this.

Hi Robb,

Thanks for your answer, yes indeed, I just call them to see what option they do have, and they do have options, but I will have to move to Business class, and it will pump up the price up to $70 dollar more in my monthly payment, I think I can get cheaper solution like the one that I’m working on (VPS or SMTP Relay for a 3rd party), but thank you for you advise it make me to question so that is why I call them.

Hi all,

Finally, everything is working, so here is the advice, almost everyone is blocking port 25 lately, for some reason Vultr.com the deployment was not working good, maybe not likening the NS8 script, but every time after a reboot it just breaks NS8, so I move to Linodes, and boy this is faster even with the same configuration.

Now the advice:

  1. You will need to contact support to allow port 25 outbound, because the inbound is already open. I guess it was the same at Vultr, they will ask you about the reason in why you need P25, as Andy said above, the battle against spams is the reason for questioning.

  2. Always ask for promo and discount, because of my call they offer me a $100 promo, even without the promo my monthly will be only $12 per month way better that moving to Business class at Comcast for $70 dollar more.

Thanks everyone for the support.

NOTE: this issue is solved, and it was not an issue from NS8 product or team.

Good for you!

No commercial intent, but as a comparison contabo.com is a popular choice with DC’s across the globe. No restrictions on port usage.

1 Like

+1 on contabo.com
Happily using a vps m for more than 5 years now.
Currently moving to a vps s and migrating ns7 on vps m to ns8 on vps s

1 Like