Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » ISP blocks port 25 : workarounds ?
  •  
Eric_T

Messages: 7

Karma: 0
Send a private message to this user
Hi,

We have been satisfied users of KMS for quite some time now, but when we tried to give our travelling users access to the mailserver recently we ran into some problems.

Webmail via SSL works fine, as does IMAPS access from Outlook or Outlook Express. Unfortunately, Outlook users can not send mail via KMS when they connect via the internet because our ISP blocks port 25.
A quick fix would be to use another port for SMTP, but then I'd have to update all our internal users as well. A more convenient option (in my case) would be if I could run the SMTP service on both port 25 and one of the high port numbers (2525 for example). This can't be done through the admin console, but perhaps by editing the mailserver.cfg file directly ?

Can this be done ? Is it supported ? Any other possible solutions that come to mind ?

Thanks,

Eric
  •  
RHarmsen.nl

Messages: 186

Karma: 0
Send a private message to this user
I don't know if it can be done.

I have got my own solution using NAT for it
and mapping port 25 external to internal 25
and mapping port 26 external to internal 25

this way the local clients can use 25 and external 26.
external mailservers have no problem cause they are sending throug a MailRelay of my ISP (whitch needs port 25)
  •  
Eric_T

Messages: 7

Karma: 0
Send a private message to this user
Hmmm, I had actually thought of that but ... Our Mailserver can actually be configured that way since it runs on a system that is connected to the Internet using Kerio's Firewall 5.
The client that actually needs this feature is using a Zyxel Prestige 653 ADSL Router/Firewall and while this box understands port forwarding, it does NOT support port mapping.

Maybe I can still get it to work by enabling RRAS on the mailserver box...

Eric Teunen
  •  
sidbarker

Messages: 63
Karma: 0
Send a private message to this user
The zyxel routers can do port mapping, but not through the telnet / web interface. You need to go into command mode i'm afraid (they decided to hide the "complex features" from people so as not to frighten them!).

We use this feature on alot of our internet kiosks and find it works perfectly, but a pain to set up initially.

Whilst telnetting to the router, go to menu 24, 8 (Command Interpreter) and type the following (exchanging values with your own preferences)

ip nat server load 1
ip nat server edit 2
ip nat server edit 2 active yes
ip nat server edit 2 svrport 2525
ip nat server edit 2 intport 25
ip nat server edit 2 rulename ExternalSMTP
ip nat server edit 2 forwardip 192.168.1.100
ip nat server edit 2 protocol TCP
ip nat server save 1

svrport is the external port number (in your example you suggested 2525)
intport is the internet port (SMTP = 25)
rulename is just for your reference
forwardip is the IP address you want this mapping to go to (your kerio box)
protocol can be TCP, UDP or ALL

Hope this helps.

  •  
Eric_T

Messages: 7

Karma: 0
Send a private message to this user
Thanks, I knew that the command line was powerfull, but I haven't had the time to read through all 500+ pages of the Zywall manual (yet)!

I have updated the zywall config and at least the device did not complain about the changes.
Unfortunately I won't be able to test before this evening (behind an ISA srv in the office at the moment).

As soon as I have tested the setup, I'll post feedback.

Eric Teunen
  •  
Eric_T

Messages: 7

Karma: 0
Send a private message to this user
Sid,

One more question : those commands (finally) look very much like the way I'm used to configure CISCO routers : copy a "sh config" from one box, fix things up in Notepad and paste the result in the telnet session of another box.

Can something similar be done with Zyxel Zywalls or Prestiges ?
IE is there an equivalent for the sh config command, and can the output simply be pasted into another device ?

Thanks again for your help,

Eric

Eric Teunen
  •  
sidbarker

Messages: 63
Karma: 0
Send a private message to this user
as we want all our routers the same, we configure one and then use the backup / restore config in menu 24. Makes life a whole lot easier.

Other option is to telnet to it using Hyperterminal, then file transfer a text file with all the commands in it.

If you ever have problems / questions with Zyxel kit, their tech support department are very very helpful and pretty quick replying to emails.

Have fun :)

Previous Topic: HTML / Rich Text Emails?
Next Topic: problems receiving mail's
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 03:07:40 CET 2017

Total time taken to generate the page: 0.00426 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.