Hello, ISPConfig3 installed behind firewall with NAT. I think I need to bind the external IP to something, but I am not sure how or what. I have searched the forums, but not sure my issue is the same as others. I am able to send mail, but not receive. I tried changing the main.cf in postfix interfaces from all to the 127.0.0.1 and the external, but neither "all" or the specific ip's works. I have forward TCP ports 20, 21, 22, 25, 53, 80, 110, 143, 443, 3306, 8080, and 10000 and UDP ports 53, 3306 please help. thanks, Matt
For receiving mail you should forward port 25 to your mailserver (tcp) then try from a different machine (outside your local network): telnet <ip> <port> you should get a connection then.
thanks Thanks very much, I wasn't able to connect and this led me to check the port forwarding on the firewall only to discover that I had mixed up the number in the local ip address for the port forwarding.
Port 465/587 Mark, Thanks again. How do I configure postfix to use 465? Or Do I simply open a port in the firewall and configure my client appropriately? For that matter 587 (which is TLS?)? Matt
hehe, depends on how you're gonna handle it .. you have TLS and SSL SSL is the predecessor of TLS. both are secure transport layers, but TLS start off insecure, then requests a secure connection (on the same port), creates one and continues .. SSL starts off encrypted right away. (in short ;-)) So TLS is the easiest i'd say for you so you don't have to open up extra ports, but if you want Implicit SSL, you could edit master.cf, uncomment the stuff that belongs to "smtps", and open up port 465 on your firewall, and make sure it's send to your mailserver with NAT. If you installed ispconfig with an how-to from this site (f.e. with a Perfect install) then you already have TLS support setup and you're good to go (no need to open extra ports then)
Welll, with TLS you can define when you want to have stuff encrypted or not .. SSL is just everything encrypted .. this image might give you some idea of what i mean: edit: and TLS = SSLv3
telnet port 25/465 Hi Mark (and anyone else). So I looked at master.cf and am lost. Do I just uncomment the following items: #smtps inet n - - - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING or is there more? Also will this secure the SMTP server to prevent spamming? (I was able to telnet and create a spam message to myself--somewhat scary.) thanks, Matt PS What are the perfect server default ports that I can close--in other words, are not used "out of the box" for Perfect server setup?
if you uncomment the lines you said you'll be able to have pure SSL connections to your mailserver, but you need to open port 465 and NAT it to your mailserver. The secure SMTP will not prevent spam, the secure SMTP is for your own mailsending, so you can send mail over a secure line. the perfect setup for firewalling would be by starting in a closed environment, as in: block ALL, then start opening ports you need.
Problems Mark, So for whatever reason I got this to work, but then I "fussed" with things and it stopped working. Part of the problem is that I am using the mail client on a PPC leopard for testing with obfuscates the port settings in the GUI and work has rendered me too tired to dig deeper until the weekend. Do I have to open the ports on the server as well as the router? Or is this done automatically when I uncomment the lines? thanks, Matt
If your mailserver is also your firewall, then yes open them up .. if your firewall is a seperate machine, then open the ports on that device and forward those ports to your mailserver.
