colin
/
uninsane
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

blog: postfix: clarify port 25 blocking

This commit is contained in:
Colin 2022-04-06 19:32:54 +00:00
parent 5f80d3b458
commit 28ca6ae1d8
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
content/blog/2022-04-05-systemd-nspawn-postfix.md
View File

@ -1,6 +1,6 @@
+++
title = "A Reasonably Secure Mailserver Installation"
description = ""
description = "installing postfix into a systemd-nspawn container with SPF/DKIM/DMARC support"
date = "2022-04-05"
extra.hidden = true
+++
@ -239,13 +239,15 @@ validate your DMARC record (and DKIM, SPF if you want): <https://dmarcian.com/dm
try sending/receiving mail: <https://www.appmaildev.com/en/dkim>.
if these fail, check `journalctl -u postfix`. if there's no indication of traffic, it may be that your ISP blocks port 25.
if these fail, check `journalctl -u postfix`. if there's no indication of traffic, it may be that your ISP blocks outbound port 25.
you can check for that with `nc -vz gmail.com 25` (will exit 0 if the port is open, hang if the port is blocked).
in my case, Centurylink blocks both port 25 outbound _and_ inbound, meaning that i can't even use this setup to _receive_ mail.
less probably, your ISP might block _inbound_ port 25. check for that here: <https://canyouseeme.org/>.
in my case, Centurylink blocks both directions, so i can't even use this setup to _receive_ mail.
for this case, i'll explore running postfix on a non-standard port and using a mail forwarder or transparent proxy in a subsequent blog post.
if these are working, instruct systemd to launch the container when the host boots.
but if your mail server is working, then instruct systemd to launch the container when the host boots.
with the container running:
```sh
[root@host /]# ln -s /opt/postfix /var/lib/machines/postfix
@ -253,6 +255,8 @@ with the container running:
[root@host /]# systemctl enable machines.target
```
alternatively, you could move the whole machine into `/var/lib/machines/postfix` instead of symlinking it.
populate `/etc/systemd/nspawn/postfix.nspawn` (you may need to create the directory) with the settings we used earlier:
```toml
[Network]
@ -271,7 +275,6 @@ once it's stable, consider disabling password login for root.
<!--
Notes:
pass: (itsallinyour...)
https://wiki.archlinux.org/title/OpenDMARC
gmail.com has port 25 open, but not 465 nor 587. so it probably only does plain SMTP with STARTTLS
*inbound* port 25 is blocked, so i can't *receive* email