I need to modify Postfix to listen to port 587

the location of master.cf has thanged to:

/Library/Server/Mail/Config/postfix/master.cf

you'll find the edit to edit in that location

As you clearly well know, TCP port 587 is the default message submission port. It should be active automatically, too. (I've never seen it not active, when Postfix is working and active. Anything mail-related and unexpected in the server logs?)

Here's the usual test command, when SSL/TLS is (and as it should preferably always be) enabled:

openssl s_client -connect server.example.com:587 -starttls smtp

or:

openssl s_client -connect localhiost:587 -starttls smtp

Hi,

Is this what I need to do to get past the blocking of port 25 by my ISP to get SMTP to work? I have been struggling with that for a while now.

@kraftwerk

You are dealing with something different.

Your ISP is likely blocking inbound port 25.

This means you are using an ISP connection geared towards consumers, but someone that runs a server.

inbound mail from other serve is always going to be on port 25.

if your ISP blocks that port, then you need to route your mail somewhere else (google smtp reflector).

You have 3 considerations

a) inbound mail from other public mail servers: this will always be on port 25 even if you choose to enable oher ports

b) smtp submission: users that submit mail to your server for delivery/relay. This cab bo on an alternae port

c) outbound mail: if outbound port 25 is blocked, you'll need to set your server to relay through another smtp server. Often, this is the ISP's smtp server - if not, you may need to pay for an SMTP-Auth service.

Souns like you aren't on a static IP.

I would host mail elsewhere (google apps, rackspace, etc)

If you are on a dynamic IP (which would typically block port 25), you can certainly make it work with a reflector and/or outbound smto relay service - but why bother?

@Kraftwerk: You cannot change the TCP port used for SMTP. Well, technically, you can, but then no other mail servers on the Internet will find and communicate with your mail server. So... forget that.

The ISP controls the terms and conditions for the network connection, and particularly controls the network and network access. There's just no way 'round that either, as the ISP has the network position to implement port blocks and firewalls, and usually the contractual authority to allow or deny access.

With the proper (static) network connection and proper DNS, there is nothing to struggle with; this stuff works.

Which implies your ISP does not offer static connections, or there's an ISP error, or you're attempting to operate a mail server on a dynamic address. None of this works.

You might try mailhop service — if that's permitted within the limits of the terms of service — but it'll be easier and cheaper to host your mail elsewhere. Or to get a static IP address and proper public DNS, if your ISP offers that.

SMTP services are also tied to DNS, as well; other mail servers use DNS checks to detect rogue (spam) servers, and a mail server erroneously configured on a dynamic IP address will have mismatched DNS, and other mail servers will detect that and drop mail from and often to that mail server; that server is indistinguishable from a spam engine.

There's rather more the ISP can do as part of best-practices networking, too. TCP port 25 connections both inbound and outbound are usually spam engines operating on malware-infested, so it's common to block that traffic to reduce the volume of spam. Various ISPs will further blacklist dynamic IP address blocks, which means other SMTP servers using these blacklist services will ignore servers in these address ranges.

Get static IP. Or host elsewhere. Or (if permitted) mail hop.

If you want to run your email server with a consumer ISP, I would recommend an email gateway/store-and-forward service like this one:

http://dyn.com/email/dyn-email-gateway/

1) If your email server goes down, such a service will hold inbound email for you until your server is up again (store and forward service)

2) This service will reduce load on your server and inbound connection by pre-filtering some spam for you

3) If your ISP blocks port 25, such a service will accept mail for you on port 25 and redirect to another port for delivery to your server.

I use a similar service (although my ISP does not block port 25 - but items 1 and 2 are still relevant and valuable for me)

One recommendation: KEEP your mail server inbound-non-relaying port at 25. Use the port mapping/forwarding in your ROUTER to map the "alternative port" brought in from an e-mail gateway service back to port 25. So, for example, if you decide to use port 2525 as your alternate port, and your server is at 192.168.1.2 on your local network, then set your router to redirect connections for port 2525 to 192.168.1.2 on port 25.

Doing this will keep you from having to do any nonstandard configuration at the server. The server can continue to listen to port 25 as usual - and the router will take care of getting the connections to it.

Thanks to all that have posted responses. I will check each of them out and see what option will work bester for me when I am home over the weekend.

Again, thanks 🙂

I found a free solution that works for me.

Servers to.com offers a free smtp relay service for up to 200 emails a day, which for now is enough for me :)

I tested it and it is working :)

Thanks for everyone's help :)

I meant to say http://www.serversmtp.com