Telecom "Change Your Email Settings"... How About Sendmail?

Forums › Spark New Zealand (including Skinny and BigPipe) › Telecom "Change Your Email Settings"... How About Sendmail?

hasso

76 posts

Master Geek

#140784 20-Feb-2014 09:28

I got a call from Telecom last night saying I need to amend my xtra email setings. It seems that they want everyone to use SSL and authentication to get their email. While the instructions are meant for users using "normall" email clients (Thunderbird, etc...), I've got an email server at home and use sendmail to send outgoing emails. Presently I use sendmail as an smtp relay to smtp.xtra.co.nz. This is still working (for now I guess but expect this server to be turned off at some point?).

The instructions indicate that they want users to use send.xtra.co.nz on port 465 (SSL). While this is OK for the usual clients, it seems this is not possible to setup with sendmail unless you use stunnel. Sendmail prefers TLS (using port 587). I see that send.xtra.co.nz has 587 open, so am wondering if I can use that instead of 465 (will it work and is it supported)?

1 | 2

1948 posts

Uber Geek
Inactive user

#990953 20-Feb-2014 09:59

Or if you run your own SMTP server, just get port 25 opened up yourself and run it all from home?

wasabi2k

2096 posts

Uber Geek

#990959 20-Feb-2014 10:09

plambrechtsen: Or if you run your own SMTP server, just get port 25 opened up yourself and run it all from home?

And get ~50% of your email blacklisted by spam providers for being on a dynamic ip range/isp customer ip range.

plambrechtsen

1948 posts

Uber Geek
Inactive user

#990976 20-Feb-2014 10:27

wasabi2k:
plambrechtsen: Or if you run your own SMTP server, just get port 25 opened up yourself and run it all from home?

And get ~50% of your email blacklisted by spam providers for being on a dynamic ip range/isp customer ip range.

Then perhaps request a Static IP, if you are planning to run an outbound email service it's worth having one.

Otherwise use GMail or the numerous other SMTP servers (or the Xtra/Yahoo one) all of which require Authentication.

gundar

488 posts

Ultimate Geek

Trusted

#991014 20-Feb-2014 11:24

plambrechtsen:
wasabi2k:
plambrechtsen: Or if you run your own SMTP server, just get port 25 opened up yourself and run it all from home?

And get ~50% of your email blacklisted by spam providers for being on a dynamic ip range/isp customer ip range.

Then perhaps request a Static IP, if you are planning to run an outbound email service it's worth having one.

Otherwise use GMail or the numerous other SMTP servers (or the Xtra/Yahoo one) all of which require Authentication.

IME a static IP isn't a complete solution, you will also require a valid PTR record, something most ISPs seem to be unwilling to provide.

While some ISPs charge $5 or $10 for a static IP and most won't provide that PTR, it mght be cheaper and more practical to build your own secure SMTP relay on a simple VPS. That should cost you a few hours of your time and about $5 per month. You'll then get a static IP and PTR included (you will need a domain name) and have full control of your own email platform which can be used for other services as you please.

Some instructions for your consideration are here: http://www.howtoforge.com/howto_postfix_smtp_auth_tls_howto

You can get a free SSL certificate here if you register as an individual or somebody who does not resell certificates: http://cert.startcom.org/

You can get a VPS for US$5 from here (aff. link): http://www.vpsnine.com/ - remember to check 'Auckland Datacentre' if you want a local instance with sub 10ms latency.

Hint: If you want a proxy service in the States or Europe later on for free web based TV or to circumvent GeoBlock, place your VPS in that region and at a later point, install a secure proxy service ;-)

gundar

488 posts

Ultimate Geek

Trusted

#991018 20-Feb-2014 11:39

Sorry, forgot to add: you may wish to consider creating an SPF record to help prevent spam and false blacklists.

Here is a wizard to create that record for you:

https://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

davidcole

6029 posts

Uber Geek

Trusted

#991059 20-Feb-2014 12:36

I created a mail server at home (so some dumb applications on my network could still use port 25) but this forwards to the gmail smtp setver via ssl so that it can send outbound.

Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight

gundar

488 posts

Ultimate Geek

Trusted

#991069 20-Feb-2014 12:50

davidcole: I created a mail server at home (so some dumb applications on my network could still use port 25) but this forwards to the gmail smtp setver via ssl so that it can send outbound.

You can still port 25 with a VPS server, by using either a VPN, firewall that includes only your IP (if it's fixed) or a free app like fail2ban which will blacklist IP addresses based on a number of configurable options, similar to what is described here.

Fail2Ban covers many other applications and network services, too and I believe it has SMTP security in place by default.

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

old3eyes

9119 posts

Uber Geek

Subscriber

#991072 20-Feb-2014 12:54

davidcole: I created a mail server at home (so some dumb applications on my network could still use port 25) but this forwards to the gmail smtp setver via ssl so that it can send outbound.

Doesn't Gmail use port 465 for SMTP??

Regards,

Old3eyes

davidcole

6029 posts

Uber Geek

Trusted

#991074 20-Feb-2014 12:57

old3eyes:
davidcole: I created a mail server at home (so some dumb applications on my network could still use port 25) but this forwards to the gmail smtp setver via ssl so that it can send outbound.

Doesn't Gmail use port 465 for SMTP??

Yeah, the normal SSL/TLS ports - but my apps had no facility for being able to secure the connection (old UPS apps for windows).

hasso

76 posts

Master Geek

#991079 20-Feb-2014 13:01

Thanks for the advice... I'd prefer not get port 25 opened for the reasons mentioned and don't want to add another layer of complexity to sendmail by adding stunnel in order to send email to send.xtra.co.nz on port 465 (SSL). As mentioned in my previous message, send.xtra.co.nz has 587 (TLS) open which sendmail can apparently deal with quite easily. So the query I have is as to whether or not send.xtra.co.nz supports email through that port?

davidcole: If you are using sendmail to relay your email through gmail via SSL, I'd be interested in knowing your configuration as to how you got that to work, if you don't mind.

davidcole

6029 posts

Uber Geek

Trusted

#991082 20-Feb-2014 13:08

hasso: Thanks for the advice... I'd prefer not get port 25 opened for the reasons mentioned and don't want to add another layer of complexity to sendmail by adding stunnel in order to send email to send.xtra.co.nz on port 465 (SSL). As mentioned in my previous message, send.xtra.co.nz has 587 (TLS) open which sendmail can apparently deal with quite easily. So the query I have is as to whether or not send.xtra.co.nz supports email through that port?

davidcole: If you are using sendmail to relay your email through gmail via SSL, I'd be interested in knowing your configuration as to how you got that to work, if you don't mind.

Postfix

Something like this I believe

Postfix running on a linux server with smtp.gmail.com:587 as the relay host.

Then my applications (the stupid ones) use my linux server as the mail server - using port 25). I think I only sends to one address though.

hasso

76 posts

Master Geek

#991091 20-Feb-2014 13:29

davidcole:
Postfix

Something like this I believe

Postfix running on a linux server with smtp.gmail.com:587 as the relay host.

Then my applications (the stupid ones) use my linux server as the mail server - using port 25). I think I only sends to one address though.

Ah OK so that would be port 587, instead of 465. This would work with sendmail as well. Now the question I still have as to whether or not send.xtra.co.nz would permit/supports the sending of email to that same port (587).

plambrechtsen

1948 posts

Uber Geek
Inactive user

#991092 20-Feb-2014 13:30

davidcole:
hasso: Thanks for the advice... I'd prefer not get port 25 opened for the reasons mentioned and don't want to add another layer of complexity to sendmail by adding stunnel in order to send email to send.xtra.co.nz on port 465 (SSL). As mentioned in my previous message, send.xtra.co.nz has 587 (TLS) open which sendmail can apparently deal with quite easily. So the query I have is as to whether or not send.xtra.co.nz supports email through that port?

davidcole: If you are using sendmail to relay your email through gmail via SSL, I'd be interested in knowing your configuration as to how you got that to work, if you don't mind.

Postfix

Something like this I believe

Postfix running on a linux server with smtp.gmail.com:587 as the relay host.

Then my applications (the stupid ones) use my linux server as the mail server - using port 25). I think I only sends to one address though.

You could probably even run it on a Raspberry Pi without too much drama if there was an issue with having a machine on all the time in the building to do it.

Spyware

3761 posts

Uber Geek

Lifetime subscriber

#991133 20-Feb-2014 14:16

hasso:
Ah OK so that would be port 587, instead of 465. This would work with sendmail as well. Now the question I still have as to whether or not send.xtra.co.nz would permit/supports the sending of email to that same port (587).

It does.

Spark Max Fibre using Mikrotik CCR1009-8G-1S-1S+, CRS125-24G-1S, Unifi UAP, U6-Pro, UAP-AC-M-Pro, Apple TV 4K (2022), Apple TV 4K (2017), iPad Air 1st gen, iPad Air 4th gen, iPhone 13, SkyNZ3151 (the white box). If it doesn't move then it's data cabled.

hasso

76 posts

Master Geek

#991134 20-Feb-2014 14:17

Just talked to Telecom L2 support who indicated that they do not support port 587 TLS for send.xtra.co.nz. Port 465 (SSL) is the only thing supported.

1 | 2