I have been attempting to host my own email server for several days. I can receive mail, but unfortunately i cannot send mail from my server. Running telnet tells me that the outbound port 25 is blocked. I checked with my ISP and they advised that they do not block any ports inbound or outbound. At this point I believe it is my MicroTik router preventing me from using the outbound port.
What is the firewall filter that will allow me to do this?
RouterOS v6.39.1 is installed.
Thank you
Joe
Re: Outbound Port 25
It quite normal nowadays that operators block outbound smtp port 25 on consumer connections to prevent spam-bots. Test outbound port 25 using Netcat (nc) with verbose and debug flags (usually -D -and -v) from a computer connected directly to the WAN-port. For example use the following command line:
If you don't get an immediate connection, then port 25 is probably blocked...
Code: Select all
nc -D -v smtp.your-isp.com 25
Re: Outbound Port 25
Using the built-in telnet command line, this is what I got in return.....
[admin@XXX-XXX Router] > /system telnet smtp.mydomain.com 25
Trying xxx.xxx.xxx.xxx...
telnet: Unable to connect to remote host: Connection refused
Do you think that my ISP is blocking port 25?
[admin@XXX-XXX Router] > /system telnet smtp.mydomain.com 25
Trying xxx.xxx.xxx.xxx...
telnet: Unable to connect to remote host: Connection refused
Do you think that my ISP is blocking port 25?
Re: Outbound Port 25
You can not test your server with public DNS when you are on the inside of your net.
Try this from inside of your net, where your mail server is.
Then you should get some like this:
If your ISP block port 25, you can try to ask for them to open it. I guess you will get no.
You can in that case relay on a google account using secure SMTP. That should work in most cases.
Try this from inside of your net, where your mail server is.
Code: Select all
telnet alt4.gmail-smtp-in.l.google.com 25Code: Select all
Trying 64.233.181.27...
Connected to alt4.gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP b11si3382378itd.167 - gsmtp
ehlo test
250-mx.google.com at your service, [193.x.x.x]
250-SIZE 157286400
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
quit
221 2.0.0 closing connection b7si3257545itj.17 - gsmtp
Connection closed by foreign host.You can in that case relay on a google account using secure SMTP. That should work in most cases.
Re: Outbound Port 25
Do you know how to perform an SMTP transaction using telnet? If so, then you should telnet to port 25 on some mail server out on the Internet where you know the destination is local - especially if you have a gmail account or something - I just did a quick nslookup to discover that the preferred MX host for gmail is gmail-smtp-in.l.google.com
So if you have my-email@gmail.com as an account, do the following:
open a cmd prompt
Of course you'll know if you're being blocked or not because if you are, you'll never even get the initial 220 mx.google.com ESMTP banner.
If telnet pauses for a while and then says Could not open connection to the host, on port 25: Connect failed - in this case, your traffic is being silently discarded.
If it says "connection refused" immediately, then it's being either refused by a firewall or else redirected to some host that does not run SMTP
Unfortunately, there's no work-around for this if you cannot establish connections on port 25 outbound and inbound. This is because port 25 is what mail exchangers use and there's no real standard for setting any alternate port. You can use a different one, but the rest of the Internet won't know to use that port.
So if you have my-email@gmail.com as an account, do the following:
open a cmd prompt
Code: Select all
telnet gmail-smtp-in.l.google.com 25
>220 mx.google.com ESMTP s4si2757645ywl.792 - gsmtp
helo testhost
> 250 mx.google.com at your service
mail from:<somename@somedomain.com> My Name
(use your real non-gmail address there)
> 250 2.1.0 OK s4si2757645ywl.792 - gsmtp
rcpt to:<my-email@gmail.com> My Name
> 250 2.1.5 OK s4si2757645ywl.792 - gsmtp
DATA
> 354 Go ahead s4si2757645ywl.792 - gsmtp
Subject: Test message
From:<my-email@somedomain.com> My Name
To:<my-email@gmail.com> My Name
This is a test of outbound SMTP
.
QUITIf telnet pauses for a while and then says Could not open connection to the host, on port 25: Connect failed - in this case, your traffic is being silently discarded.
If it says "connection refused" immediately, then it's being either refused by a firewall or else redirected to some host that does not run SMTP
Unfortunately, there's no work-around for this if you cannot establish connections on port 25 outbound and inbound. This is because port 25 is what mail exchangers use and there's no real standard for setting any alternate port. You can use a different one, but the rest of the Internet won't know to use that port.
Re: Outbound Port 25
As long as google reply, you do not need to tak a full email test.
If google does reply, port 25 is open at your ISP
If google does reply, port 25 is open at your ISP
Re: Outbound Port 25
Thanks for all your help....
This is my response...
Connecting To alt4.gmail-smtp-in.l.google.com...Could not open connection to the host, on port 25: Connect failed
This is my response...
Connecting To alt4.gmail-smtp-in.l.google.com...Could not open connection to the host, on port 25: Connect failed
Re: Outbound Port 25
Sounds like it's being blocked by the ISP - or perhaps your router.
Just to verify, in your router, open a terminal window and run the command: /ip firewall nat export
post the results here
Just to verify, in your router, open a terminal window and run the command: /ip firewall nat export
post the results here
Code: Select all
preferably in a code block like this so that it's most readable.Re: Outbound Port 25
I recommend you skip the router and hook up a PC directly to the WAN port where you have your mail server. If you are using Windows download nc.exe and then run an outbound test using:
If you don't get a similar result like above and the command just hangs then outbound port 25 is blocked. It's also possible to run nc.exe in listening mode ("nc -l -p 25") to test inbound connections.
Code: Select all
C:\> nc -v smtp.gmail.com 25
gmail-smtp-msa.l.google.com [64.233.161.108] 25 (smtp) open
220 smtp.gmail.com ESMTP w10sm100437lfi.40 - gsmtp
If you don't get a similar result like above and the command just hangs then outbound port 25 is blocked. It's also possible to run nc.exe in listening mode ("nc -l -p 25") to test inbound connections.