Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Feature Request

  1. #1
    Newbie
    Join Date
    Aug 2010
    Posts
    8

    Default Feature Request

    I would like to see the ability to change the smtp port that the spam blocker listens on. ISPs are starting to block it for regular users and want more money for what they call "features". Everything else is great. Love the product.

    Paul

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,412

    Default

    This is pointless.

    You cannot have a publicly facing SMTP server operating on a port other than TCP 25 and have it capable of receiving e-mail directly. You must bounce your mail off a public mail server that has this connectivity, and forward it to your non-standard configuration.

    That forwarding process removes your ability to effectively operate any SMTP level filtration. At this point, you need to put your mail server on a DMZ, and have your clients pop their mail through the Untangle. That will engage the IMAP and POP3 scanners and give you the best scanning you can have.

    Finally, I agree with the general port 80, 25, 110, and other inbound major service blocks on residential class internet connections. End users don't operate these services and when they do they are likely the victims of malware. If you want to operate a server, get a connection designed to do so.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Master Untangler Big D's Avatar
    Join Date
    Nov 2008
    Posts
    719

    Default

    It would be nice if they blocked it until the user requested the service ports opened.

    I don't think its right to charge more cash to essentially do less filtration on my ip/subnet/device ID. Shrug my ISP doesn't do this which I like but I know of a few that do.

    Sky-Knight has a very good point in his statment though.
    The beatings shall continue until morale improves!

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,412

    Default

    Residential connections are priced for intermittent use. Commercial connections are priced for constant use.

    I realize that most commercial applications use less bandwidth than residential connections these days. But the point is there are business processes on the ISP side that demand the residential connection stay a client in every aspect that it can. They don't charge you more because they want the money, they charge you more because the service is more expensive to deliver and maintain.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Newbie
    Join Date
    Aug 2010
    Posts
    8

    Default

    It is not pointless. I dont want to pay more for something i think i should have anyway all this port blocking crap only started in the last few years. And yes i know that mail only comes in on port 25. My dns provider offers smtp redirection because of all these port blocks. So its not a useless request. When you run exchange you don't use pop or IMAP for the clients located on the internal network and if you do then you loose a lot of the features of exchange. Being able to change the spam blocker smtp port would be a very useful thing. You can do it with spamassassin and qmail. There is a config file and you change 1 line from smtp .. .. ... .. to 2525 . . . . . and it filers inbound mail on that port. And as for the cost comcast offers like 60mbps service for 99 with all the same crappy restrictions.

  6. #6
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,040

    Default

    as we said in your other post, bugzilla.untangle.com is where you want to submit your request.
    m.


    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.

    It often helps troubleshooting if you have a good network map. Look here if you want my advice on how to draw one.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,412

    Default

    Quote Originally Posted by pwostran View Post
    It is not pointless. I dont want to pay more for something i think i should have anyway all this port blocking crap only started in the last few years. And yes i know that mail only comes in on port 25. My dns provider offers smtp redirection because of all these port blocks. So its not a useless request. When you run exchange you don't use pop or IMAP for the clients located on the internal network and if you do then you loose a lot of the features of exchange. Being able to change the spam blocker smtp port would be a very useful thing. You can do it with spamassassin and qmail. There is a config file and you change 1 line from smtp .. .. ... .. to 2525 . . . . . and it filers inbound mail on that port. And as for the cost comcast offers like 60mbps service for 99 with all the same crappy restrictions.
    You need to read up on what you're doing. Changing the port the mail exchanger is listening on isn't the issue. The DNS structure has no provision for the definition of the port a given service operates on. When a mail exchanger goes to send a message, it simply looks for a mx record on the given domain. That MX record returns an IP address or a record that is then resolved to an IP.

    If that IP doesn't listen on TCP 25, it won't get the mail.

    The process you are describing uses a dyndns service, that dyndns service returns its own mail server that is operating on port 25. That mail server is then configured to relay mail to your mail server address on the non-standard port.

    SMTP filtration is utterly dependent on being able to see the client trying to connect to the mail server. This process of redirection via an SMTP proxy means the only thing Untangle can see is the upstream mail server. Because of this perspective shift, the SMTP filtration NO LONGER WORKS.

    Moving the filtration to another port is entirely fruitless. The filtration can't work when placed at that point in the SMTP chain.

    As for the internet as a whole, commercial connections out here have dropped in price rather dramatically. If you can't handle $40 for a basic commercial cable pipe... it's time to close your doors. I can't believe such low cost alternatives aren't available to you. You just need to take a look.

    Alternatively you can get a smarthost service that does spam filtration have them get the mail and forward it on to your exchange server. But no matter what you do, you simply can't filter spam at your level.

    And if you need even more detail I suggest the forum search feature. This horse has been beaten often enough.
    Last edited by sky-knight; 08-18-2010 at 05:59 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Master Untangler
    Join Date
    Apr 2007
    Posts
    643

    Default

    if you really want to try this and think it really might work your solution is to use a firewall/router in front of untangle and make it the first device after the modem. Have that device do a port forward from 2525 outside to 25 inside. Then behind this device have untangle in bridge mode and it will look at the traffic then.

    This is the only way you are going to make this happen, and like others are saying it will be pointless because all traffic will look like it is coming from your proxy and not the "true" originating SMTP server.

  9. #9
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,813

    Default

    Bug 5716
    Last edited by mrunkel; 08-19-2010 at 09:34 AM. Reason: HTMLized it

  10. #10
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,559

    Default

    Do it right...get a business grade ISP account, (static IP, no restrictions) and you won't have to play monkey business.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2