Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


hasso

76 posts

Master Geek


#140784 20-Feb-2014 09:28
Send private message

I got a call from Telecom last night saying I need to amend my xtra email setings. It seems that they want everyone to use SSL and authentication to get their email. While the instructions are meant for users using "normall" email clients (Thunderbird, etc...), I've got an email server at home and use sendmail to send outgoing emails. Presently I use sendmail as an smtp relay to smtp.xtra.co.nz. This is still working (for now I guess but expect this server to be turned off at some point?).

The instructions indicate that they want users to use send.xtra.co.nz on port 465 (SSL). While this is OK for the usual clients, it seems this is not possible to setup with sendmail unless you use stunnel. Sendmail prefers TLS (using port 587). I see that send.xtra.co.nz has 587 open, so am wondering if I can use that instead of 465 (will it work and is it supported)?

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
plambrechtsen
1948 posts

Uber Geek
Inactive user


  #990953 20-Feb-2014 09:59
Send private message

Or if you run your own SMTP server, just get port 25 opened up yourself and run it all from home?



wasabi2k
2096 posts

Uber Geek


  #990959 20-Feb-2014 10:09
Send private message

plambrechtsen: Or if you run your own SMTP server, just get port 25 opened up yourself and run it all from home?


And get ~50% of your email blacklisted by spam providers for being on a dynamic ip range/isp customer ip range.

plambrechtsen
1948 posts

Uber Geek
Inactive user


  #990976 20-Feb-2014 10:27
Send private message

wasabi2k:
plambrechtsen: Or if you run your own SMTP server, just get port 25 opened up yourself and run it all from home?


And get ~50% of your email blacklisted by spam providers for being on a dynamic ip range/isp customer ip range.


Then perhaps request a Static IP, if you are planning to run an outbound email service it's worth having one.

Otherwise use GMail or the numerous other SMTP servers (or the Xtra/Yahoo one) all of which require Authentication.



gundar
488 posts

Ultimate Geek

Trusted

  #991014 20-Feb-2014 11:24
Send private message

plambrechtsen:
wasabi2k:
plambrechtsen: Or if you run your own SMTP server, just get port 25 opened up yourself and run it all from home?


And get ~50% of your email blacklisted by spam providers for being on a dynamic ip range/isp customer ip range.


Then perhaps request a Static IP, if you are planning to run an outbound email service it's worth having one.

Otherwise use GMail or the numerous other SMTP servers (or the Xtra/Yahoo one) all of which require Authentication.




IME a static IP isn't a complete solution, you will also require a valid PTR record, something most ISPs seem to be unwilling to provide.

While some ISPs charge $5 or $10 for a static IP and most won't provide that PTR, it mght be cheaper and more practical to build your own secure SMTP relay on a simple VPS. That should cost you a few hours of your time and about $5 per month. You'll then get a static IP and PTR included (you will need a domain name) and have full control of your own email platform which can be used for other services as you please.

Some instructions for your consideration are here: http://www.howtoforge.com/howto_postfix_smtp_auth_tls_howto

You can get a free SSL certificate here if you register as an individual or somebody who does not resell certificates: http://cert.startcom.org/

You can get a VPS for US$5 from here (aff. link): http://www.vpsnine.com/ - remember to check 'Auckland Datacentre' if you want a local instance with sub 10ms latency.


Hint: If you want a proxy service in the States or Europe later on for free web based TV or to circumvent GeoBlock, place your VPS in that region and at a later point, install a secure proxy service ;-)

gundar
488 posts

Ultimate Geek

Trusted

  #991018 20-Feb-2014 11:39
Send private message

Sorry, forgot to add: you may wish to consider creating an SPF record to help prevent spam and false blacklists.

Here is a wizard to create that record for you:

https://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

davidcole
6029 posts

Uber Geek

Trusted

  #991059 20-Feb-2014 12:36
Send private message

I created a mail server at home (so some dumb applications on my network could still use port 25) but this forwards to the gmail smtp setver via ssl so that it can send outbound.




Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server
Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight 


gundar
488 posts

Ultimate Geek

Trusted

  #991069 20-Feb-2014 12:50
Send private message

davidcole: I created a mail server at home (so some dumb applications on my network could still use port 25) but this forwards to the gmail smtp setver via ssl so that it can send outbound.


You can still port 25 with a VPS server, by using either a VPN, firewall that includes only your IP (if it's fixed) or a free app like fail2ban which will blacklist IP addresses based on a number of configurable options, similar to what is described here.

Fail2Ban covers many other applications and network services, too and I believe it has SMTP security in place by default.

 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
old3eyes
9119 posts

Uber Geek

Subscriber

  #991072 20-Feb-2014 12:54
Send private message

davidcole: I created a mail server at home (so some dumb applications on my network could still use port 25) but this forwards to the gmail smtp setver via ssl so that it can send outbound.

 

Doesn't Gmail use port 465 for SMTP??




Regards,

Old3eyes


davidcole
6029 posts

Uber Geek

Trusted

  #991074 20-Feb-2014 12:57
Send private message

old3eyes:
davidcole: I created a mail server at home (so some dumb applications on my network could still use port 25) but this forwards to the gmail smtp setver via ssl so that it can send outbound.

Doesn't Gmail use port 465 for SMTP??


Yeah, the normal SSL/TLS ports - but my apps had no facility for being able to secure the connection (old UPS apps for windows).




Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server
Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight 


hasso

76 posts

Master Geek


  #991079 20-Feb-2014 13:01
Send private message

Thanks for the advice... I'd prefer not get port 25 opened for the reasons mentioned and don't want to add another layer of complexity to sendmail by adding stunnel in order to send email to send.xtra.co.nz on port 465 (SSL). As mentioned in my previous message, send.xtra.co.nz has 587 (TLS) open which sendmail can apparently deal with quite easily. So the query I have is as to whether or not send.xtra.co.nz supports email through that port?

davidcole: If you are using sendmail to relay your email through gmail via SSL, I'd be interested in knowing your configuration as to how you got that to work, if you don't mind. 

davidcole
6029 posts

Uber Geek

Trusted

  #991082 20-Feb-2014 13:08
Send private message

hasso: Thanks for the advice... I'd prefer not get port 25 opened for the reasons mentioned and don't want to add another layer of complexity to sendmail by adding stunnel in order to send email to send.xtra.co.nz on port 465 (SSL). As mentioned in my previous message, send.xtra.co.nz has 587 (TLS) open which sendmail can apparently deal with quite easily. So the query I have is as to whether or not send.xtra.co.nz supports email through that port?

davidcole: If you are using sendmail to relay your email through gmail via SSL, I'd be interested in knowing your configuration as to how you got that to work, if you don't mind. 


Postfix

Something like this I believe


Postfix running on a linux server with  smtp.gmail.com:587 as the relay host.

Then my applications (the stupid ones) use my linux server as the mail server - using port 25).  I think I only sends to one address though.





Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server
Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight 


hasso

76 posts

Master Geek


  #991091 20-Feb-2014 13:29
Send private message

davidcole:
Postfix

Something like this I believe


Postfix running on a linux server with  smtp.gmail.com:587 as the relay host.

Then my applications (the stupid ones) use my linux server as the mail server - using port 25).  I think I only sends to one address though.



Ah OK so that would be port 587, instead of 465. This would work with sendmail as well. Now the question I still have as to whether or not send.xtra.co.nz would permit/supports the sending of email to that same port (587).

plambrechtsen
1948 posts

Uber Geek
Inactive user


  #991092 20-Feb-2014 13:30
Send private message

davidcole:
hasso: Thanks for the advice... I'd prefer not get port 25 opened for the reasons mentioned and don't want to add another layer of complexity to sendmail by adding stunnel in order to send email to send.xtra.co.nz on port 465 (SSL). As mentioned in my previous message, send.xtra.co.nz has 587 (TLS) open which sendmail can apparently deal with quite easily. So the query I have is as to whether or not send.xtra.co.nz supports email through that port?

davidcole: If you are using sendmail to relay your email through gmail via SSL, I'd be interested in knowing your configuration as to how you got that to work, if you don't mind. 


Postfix

Something like this I believe


Postfix running on a linux server with  smtp.gmail.com:587 as the relay host.

Then my applications (the stupid ones) use my linux server as the mail server - using port 25).  I think I only sends to one address though.



You could probably even run it on a Raspberry Pi without too much drama if there was an issue with having a machine on all the time in the building to do it.

Spyware
3761 posts

Uber Geek

Lifetime subscriber

  #991133 20-Feb-2014 14:16
Send private message

hasso:
Ah OK so that would be port 587, instead of 465. This would work with sendmail as well. Now the question I still have as to whether or not send.xtra.co.nz would permit/supports the sending of email to that same port (587).


It does.




Spark Max Fibre using Mikrotik CCR1009-8G-1S-1S+, CRS125-24G-1S, Unifi UAP, U6-Pro, UAP-AC-M-Pro, Apple TV 4K (2022), Apple TV 4K (2017), iPad Air 1st gen, iPad Air 4th gen, iPhone 13, SkyNZ3151 (the white box). If it doesn't move then it's data cabled.


hasso

76 posts

Master Geek


  #991134 20-Feb-2014 14:17
Send private message

Just talked to Telecom L2 support who indicated that they do not support port 587 TLS for send.xtra.co.nz. Port 465 (SSL) is the only thing supported.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.