1 (edited by zaphod444 2022-05-19 23:18:19)

Topic: Port 25 blocked (I read both guides)

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.5.2
- Deployed with iRedMail Easy or the downloadable installer? Download
- Linux/BSD distribution name and version: Ubuntu 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PGSQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I'm trying to enable non-secure port 25 for an MTA to connect.

NOTE: This will connect from the outside world (so it will be public)

Also note: I could change the port if needed to 2525, it just must still be non-secure. I noticed the other guide about 2525 but it said it's dangerous to expose it to the outside world so I didn't follow that guide.

I edited `/etc/postfix/master.cf` to be:

#smtp      inet  n       -       y       -       1       postscreen
#smtpd     pass  -       -       y       -       -       smtpd
smtp       inet  n       -       -       -       -       smtpd

And I changed in `/etc/postfix/main.cf`

smtpd_tls_security_level = none
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = no

After I reboot the server, when I try to connect it still times out

nc -zv xxx.xxx.xxx.xxx 25

The actual error from the MTA is:

Error: connection closed by the remote host while connected from ...

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Port 25 blocked (I read both guides)

Default iRedMail configuration accepts insecure inbound smtp traffic, so nothing should be changed ideally.
What error did you get on that MTA server?

3

Re: Port 25 blocked (I read both guides)

I solved it, thank you. My ISP (for my home internet) was blocking port 25 so I couldnt actually connect unless I tried from a different server