blog: postfix: clarify port 25 blocking
This commit is contained in:
parent
5f80d3b458
commit
28ca6ae1d8
|
@ -1,6 +1,6 @@
|
|||
+++
|
||||
title = "A Reasonably Secure Mailserver Installation"
|
||||
description = ""
|
||||
description = "installing postfix into a systemd-nspawn container with SPF/DKIM/DMARC support"
|
||||
date = "2022-04-05"
|
||||
extra.hidden = true
|
||||
+++
|
||||
|
@ -239,13 +239,15 @@ validate your DMARC record (and DKIM, SPF if you want): <https://dmarcian.com/dm
|
|||
|
||||
try sending/receiving mail: <https://www.appmaildev.com/en/dkim>.
|
||||
|
||||
if these fail, check `journalctl -u postfix`. if there's no indication of traffic, it may be that your ISP blocks port 25.
|
||||
if these fail, check `journalctl -u postfix`. if there's no indication of traffic, it may be that your ISP blocks outbound port 25.
|
||||
you can check for that with `nc -vz gmail.com 25` (will exit 0 if the port is open, hang if the port is blocked).
|
||||
|
||||
in my case, Centurylink blocks both port 25 outbound _and_ inbound, meaning that i can't even use this setup to _receive_ mail.
|
||||
less probably, your ISP might block _inbound_ port 25. check for that here: <https://canyouseeme.org/>.
|
||||
|
||||
in my case, Centurylink blocks both directions, so i can't even use this setup to _receive_ mail.
|
||||
for this case, i'll explore running postfix on a non-standard port and using a mail forwarder or transparent proxy in a subsequent blog post.
|
||||
|
||||
if these are working, instruct systemd to launch the container when the host boots.
|
||||
but if your mail server is working, then instruct systemd to launch the container when the host boots.
|
||||
with the container running:
|
||||
```sh
|
||||
[root@host /]# ln -s /opt/postfix /var/lib/machines/postfix
|
||||
|
@ -253,6 +255,8 @@ with the container running:
|
|||
[root@host /]# systemctl enable machines.target
|
||||
```
|
||||
|
||||
alternatively, you could move the whole machine into `/var/lib/machines/postfix` instead of symlinking it.
|
||||
|
||||
populate `/etc/systemd/nspawn/postfix.nspawn` (you may need to create the directory) with the settings we used earlier:
|
||||
```toml
|
||||
[Network]
|
||||
|
@ -271,7 +275,6 @@ once it's stable, consider disabling password login for root.
|
|||
|
||||
<!--
|
||||
Notes:
|
||||
pass: (itsallinyour...)
|
||||
https://wiki.archlinux.org/title/OpenDMARC
|
||||
gmail.com has port 25 open, but not 465 nor 587. so it probably only does plain SMTP with STARTTLS
|
||||
*inbound* port 25 is blocked, so i can't *receive* email
|
||||
|
|
Loading…
Reference in New Issue