Airport Extreme TCP port 587 Won't Open

What is the exact model of your Arris modem?

By default, with NAT enabled on the AirPort base station ALL outbound ports are open. Only the inbound ports are closed. The AirPort base stations do not support UPnP for automatic port configuration by applications that use this IP protocol. Instead, they support something similar, called NAT-PMP. However, the application must support this protocol to work with it.

Tesserax is the expert on this subject....but I have one thing to note, that unfortunately probably will not help that much....but may save some of your time.

That would be that I've found consistently that popular "port checking" utilities are more often wrong than they are right when I've used them to check port settings.

For example, I'm at the coffee shop right now using the wireless network and I can connect back to my home network and access the Time Capsule hard drive just fine. To do that, port 548 must be open on the main AirPort router.

Yet, a quick check of three popular "port checking" utilities shows that port 548 is closed.......when it can't be because I'm connected with no problems at all.

So, I would not spend a lot of time trying to check ports on most utilities.

The Arris cable model here is a TM822G.

Thank you. I just wanted to make sure that your modem is only a modem and not a combination modem & router or gateway device which would complicate setting up port mapping.

Again, the AirPort base station's ports are all open going outbound. Typically when there are issues "opening" an outbound port, it's due to running a software firewall on the application's host computer or with the application itself.

You mentioned that the there is a pool control server. Is this a standalone computer or device that you have administrator access to?

I don' have a particular site or tool that I could recommend, but Tesserax may know of something.

It's important to understand that there are potential for serious security implications when probing ports. Most commercial, and many consumer-grade routers are equipped to prevent probes from "doing their job." ... and that is exactly what we would want them to do.

When it comes to aggressive probing there are, fortunately or unfortunately, a number of "black hat-like" web-based and dedicated non-web-based tools out there. Hopefully, you can understand that I can't recommend any of them. No offense intended.

Regardless, we can try to understand how your pool application works so we can make some recommendations on how it can send SMTP emails out port 587. Receiving emails on this same port would require port mapping on the AirPort base station and we can help you with that as well.

One thing I would need to understand is the pool application's email feature performing as an SMTP email server and sending email(s) out to email clients or vice-versa?

Ok, I'm good with that it is a stand-alone PC performing as a pool controller server.

The key is two things:

1. Is it running a software firewall? If so, this firewall could prevent outbound traffic from the server.
2. Is it running an email server? If it is, I would assume that, even with a software firewall, it would know to open the required ports on that firewall at least ... but if it is dependent on using UPnP, it won't be able to on the AirPort base station.

The following is a method to test sending emails:

(Note: I am assuming that the PC is running Windows. We will attempt to open an email session to the iCloud SMTP email server.)

• Open a Windows Command window.
• At the prompt, enter: telnet smtp.mail.me.com 587
  (Note: To exit a telnet session, enter: quit <Return> at the command line.)
• A successful response would be something like: 220 pv33p00im-asmtp002.me.com - - Server ESMTP ...
• If you get something like the following error: "Connecting to servername.domain.com...Could not open connection to the host, on port 587: Connect failed," the email was not sent properly. Some of reasons are:
  • The SMTP server is not configured to receive mail on this port.
  • The SMTP server is not running properly.
  • There is a network issue preventing the email client from accessing the server:
    • Software or hardware firewall not properly configured, or
    • Misconfigured DNS servers (on the PC or router or both)
• However, if you get an error like the following: Trying 17.142.163.8...
  • The port is being blocked by your ISP or by the email service provider.
  • The destination SMTP service is unavailable.
  • There are restrictions on the destination firewall.
  • Incorrect port number.

Thanks for the update.

I suggest that you go ahead and try the "telnet test" I mentioned earlier from your Mac or PC. It should, at least, verify that SMTP email communication can go outbound from the same network that the Distech card is connected to. If not, then we will need to investigate further. If it is successful, then it may be something with the card or how it's configured.