Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




70 posts

Master Geek
+1 received by user: 2


# 140784 20-Feb-2014 09:28
Send private message

I got a call from Telecom last night saying I need to amend my xtra email setings. It seems that they want everyone to use SSL and authentication to get their email. While the instructions are meant for users using "normall" email clients (Thunderbird, etc...), I've got an email server at home and use sendmail to send outgoing emails. Presently I use sendmail as an smtp relay to smtp.xtra.co.nz. This is still working (for now I guess but expect this server to be turned off at some point?).

The instructions indicate that they want users to use send.xtra.co.nz on port 465 (SSL). While this is OK for the usual clients, it seems this is not possible to setup with sendmail unless you use stunnel. Sendmail prefers TLS (using port 587). I see that send.xtra.co.nz has 587 open, so am wondering if I can use that instead of 465 (will it work and is it supported)?

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
1948 posts

Uber Geek
+1 received by user: 469
Inactive user


  # 990953 20-Feb-2014 09:59
Send private message

Or if you run your own SMTP server, just get port 25 opened up yourself and run it all from home?

2091 posts

Uber Geek
+1 received by user: 849


  # 990959 20-Feb-2014 10:09
Send private message

plambrechtsen: Or if you run your own SMTP server, just get port 25 opened up yourself and run it all from home?


And get ~50% of your email blacklisted by spam providers for being on a dynamic ip range/isp customer ip range.

 
 
 
 


1948 posts

Uber Geek
+1 received by user: 469
Inactive user


  # 990976 20-Feb-2014 10:27
Send private message

wasabi2k:
plambrechtsen: Or if you run your own SMTP server, just get port 25 opened up yourself and run it all from home?


And get ~50% of your email blacklisted by spam providers for being on a dynamic ip range/isp customer ip range.


Then perhaps request a Static IP, if you are planning to run an outbound email service it's worth having one.

Otherwise use GMail or the numerous other SMTP servers (or the Xtra/Yahoo one) all of which require Authentication.

488 posts

Ultimate Geek
+1 received by user: 80

Trusted

  # 991014 20-Feb-2014 11:24
Send private message

plambrechtsen:
wasabi2k:
plambrechtsen: Or if you run your own SMTP server, just get port 25 opened up yourself and run it all from home?


And get ~50% of your email blacklisted by spam providers for being on a dynamic ip range/isp customer ip range.


Then perhaps request a Static IP, if you are planning to run an outbound email service it's worth having one.

Otherwise use GMail or the numerous other SMTP servers (or the Xtra/Yahoo one) all of which require Authentication.




IME a static IP isn't a complete solution, you will also require a valid PTR record, something most ISPs seem to be unwilling to provide.

While some ISPs charge $5 or $10 for a static IP and most won't provide that PTR, it mght be cheaper and more practical to build your own secure SMTP relay on a simple VPS. That should cost you a few hours of your time and about $5 per month. You'll then get a static IP and PTR included (you will need a domain name) and have full control of your own email platform which can be used for other services as you please.

Some instructions for your consideration are here: http://www.howtoforge.com/howto_postfix_smtp_auth_tls_howto

You can get a free SSL certificate here if you register as an individual or somebody who does not resell certificates: http://cert.startcom.org/

You can get a VPS for US$5 from here (aff. link): http://www.vpsnine.com/ - remember to check 'Auckland Datacentre' if you want a local instance with sub 10ms latency.


Hint: If you want a proxy service in the States or Europe later on for free web based TV or to circumvent GeoBlock, place your VPS in that region and at a later point, install a secure proxy service ;-)

488 posts

Ultimate Geek
+1 received by user: 80

Trusted

  # 991018 20-Feb-2014 11:39
Send private message

Sorry, forgot to add: you may wish to consider creating an SPF record to help prevent spam and false blacklists.

Here is a wizard to create that record for you:

https://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

4452 posts

Uber Geek
+1 received by user: 685

Trusted

  # 991059 20-Feb-2014 12:36
Send private message

I created a mail server at home (so some dumb applications on my network could still use port 25) but this forwards to the gmail smtp setver via ssl so that it can send outbound.




Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors and Bluetooth LE Sensors
Media:Chromecast v2, ATV4, Roku3, HDHomeRun Dual
Windows 10
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


488 posts

Ultimate Geek
+1 received by user: 80

Trusted

  # 991069 20-Feb-2014 12:50
Send private message

davidcole: I created a mail server at home (so some dumb applications on my network could still use port 25) but this forwards to the gmail smtp setver via ssl so that it can send outbound.


You can still port 25 with a VPS server, by using either a VPN, firewall that includes only your IP (if it's fixed) or a free app like fail2ban which will blacklist IP addresses based on a number of configurable options, similar to what is described here.

Fail2Ban covers many other applications and network services, too and I believe it has SMTP security in place by default.

 
 
 
 


8079 posts

Uber Geek
+1 received by user: 856

Subscriber

  # 991072 20-Feb-2014 12:54
Send private message

davidcole: I created a mail server at home (so some dumb applications on my network could still use port 25) but this forwards to the gmail smtp setver via ssl so that it can send outbound.

 

Doesn't Gmail use port 465 for SMTP??




Regards,

Old3eyes


4452 posts

Uber Geek
+1 received by user: 685

Trusted

  # 991074 20-Feb-2014 12:57
Send private message

old3eyes:
davidcole: I created a mail server at home (so some dumb applications on my network could still use port 25) but this forwards to the gmail smtp setver via ssl so that it can send outbound.

Doesn't Gmail use port 465 for SMTP??


Yeah, the normal SSL/TLS ports - but my apps had no facility for being able to secure the connection (old UPS apps for windows).




Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors and Bluetooth LE Sensors
Media:Chromecast v2, ATV4, Roku3, HDHomeRun Dual
Windows 10
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex




70 posts

Master Geek
+1 received by user: 2


  # 991079 20-Feb-2014 13:01
Send private message

Thanks for the advice... I'd prefer not get port 25 opened for the reasons mentioned and don't want to add another layer of complexity to sendmail by adding stunnel in order to send email to send.xtra.co.nz on port 465 (SSL). As mentioned in my previous message, send.xtra.co.nz has 587 (TLS) open which sendmail can apparently deal with quite easily. So the query I have is as to whether or not send.xtra.co.nz supports email through that port?

davidcole: If you are using sendmail to relay your email through gmail via SSL, I'd be interested in knowing your configuration as to how you got that to work, if you don't mind. 

4452 posts

Uber Geek
+1 received by user: 685

Trusted

  # 991082 20-Feb-2014 13:08
Send private message

hasso: Thanks for the advice... I'd prefer not get port 25 opened for the reasons mentioned and don't want to add another layer of complexity to sendmail by adding stunnel in order to send email to send.xtra.co.nz on port 465 (SSL). As mentioned in my previous message, send.xtra.co.nz has 587 (TLS) open which sendmail can apparently deal with quite easily. So the query I have is as to whether or not send.xtra.co.nz supports email through that port?

davidcole: If you are using sendmail to relay your email through gmail via SSL, I'd be interested in knowing your configuration as to how you got that to work, if you don't mind. 


Postfix

Something like this I believe


Postfix running on a linux server with  smtp.gmail.com:587 as the relay host.

Then my applications (the stupid ones) use my linux server as the mail server - using port 25).  I think I only sends to one address though.





Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors and Bluetooth LE Sensors
Media:Chromecast v2, ATV4, Roku3, HDHomeRun Dual
Windows 10
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex




70 posts

Master Geek
+1 received by user: 2


  # 991091 20-Feb-2014 13:29
Send private message

davidcole:
Postfix

Something like this I believe


Postfix running on a linux server with  smtp.gmail.com:587 as the relay host.

Then my applications (the stupid ones) use my linux server as the mail server - using port 25).  I think I only sends to one address though.



Ah OK so that would be port 587, instead of 465. This would work with sendmail as well. Now the question I still have as to whether or not send.xtra.co.nz would permit/supports the sending of email to that same port (587).

1948 posts

Uber Geek
+1 received by user: 469
Inactive user


  # 991092 20-Feb-2014 13:30
Send private message

davidcole:
hasso: Thanks for the advice... I'd prefer not get port 25 opened for the reasons mentioned and don't want to add another layer of complexity to sendmail by adding stunnel in order to send email to send.xtra.co.nz on port 465 (SSL). As mentioned in my previous message, send.xtra.co.nz has 587 (TLS) open which sendmail can apparently deal with quite easily. So the query I have is as to whether or not send.xtra.co.nz supports email through that port?

davidcole: If you are using sendmail to relay your email through gmail via SSL, I'd be interested in knowing your configuration as to how you got that to work, if you don't mind. 


Postfix

Something like this I believe


Postfix running on a linux server with  smtp.gmail.com:587 as the relay host.

Then my applications (the stupid ones) use my linux server as the mail server - using port 25).  I think I only sends to one address though.



You could probably even run it on a Raspberry Pi without too much drama if there was an issue with having a machine on all the time in the building to do it.

2263 posts

Uber Geek
+1 received by user: 471

Lifetime subscriber

  # 991133 20-Feb-2014 14:16
Send private message

hasso:
Ah OK so that would be port 587, instead of 465. This would work with sendmail as well. Now the question I still have as to whether or not send.xtra.co.nz would permit/supports the sending of email to that same port (587).


It does.




Ross

 

Spark FibreMAX using Mikrotik CCR1009-8G-1S-1S+

 


Speed Test




70 posts

Master Geek
+1 received by user: 2


  # 991134 20-Feb-2014 14:17
Send private message

Just talked to Telecom L2 support who indicated that they do not support port 587 TLS for send.xtra.co.nz. Port 465 (SSL) is the only thing supported.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Dunedin selects Telensa to deliver smart street lighting for 15,000 LEDs
Posted 18-Jul-2019 10:21


Sprint announces a connected wallet card with built-in IoT support
Posted 18-Jul-2019 08:36


Educational tool developed at Otago makes international launch
Posted 17-Jul-2019 21:57


Symantec introduces cloud access security solution
Posted 17-Jul-2019 21:48


New Zealand government unveils new digital service to make business easier
Posted 16-Jul-2019 17:35


Scientists unveil image of quantum entanglement
Posted 13-Jul-2019 06:00


Hackers to be challenged at University of Waikato
Posted 12-Jul-2019 21:34


OPPO Reno Z now available in New Zealand
Posted 12-Jul-2019 21:28


Sony introduces WF-1000XM3 wireless headphones with noise cancellation
Posted 8-Jul-2019 16:56


Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35


Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.