Question about how E-Mail works...
Bean
Posts: 8,129
My mail server (SMTP) won't let me connect because I am on a different network (at work).
So how does another mail server (like GMail) connect and get a message into my mailbox ???
Is there some kind of other protocol (beside SMTP) used to move mail from one server to another ???
I'm not seeing how it works...
Bean
So how does another mail server (like GMail) connect and get a message into my mailbox ???
Is there some kind of other protocol (beside SMTP) used to move mail from one server to another ???
I'm not seeing how it works...
Bean
Comments
So, if your mailserver is smtp.example.com, then anyone can connect to port 25 on smtp.example.com and send email to anyone with an address of @example.com. But if they try to send email to @somewhere.else.com then it's called relaying and denied. This is because otherwise spammers will use your mail server to send spam everywhere, pretending to come from the IP address of your mailserver.
On the other hand smtp.example.com will allow anyone from _inside_ the network to connect and send to everywhere. That's because those inside the network are considered authenticated.
You _can_ send through your mailserver to somewhere else if you use an authenticated service, like TLS on port 587, if your mailserver is set up that way. That's because you then authenticate to the mailserver, confirming that you are bean@example.com, and it'll allow you to send anywhere. That is, if your mailserver is set up with that additional SMTP+TLS service.
In addition to that, and that's what's probably hitting you first, ISPs as well as company firewalls will deny _outgoing_ connections to port 25, so that you can't sit at work (or home) and send spam through other folk's mailservers (which may not have relaying turned off).
However, the solution to that is the same as mentioned already: Use TLS and port 587. Most ISPs won't block it, nor will company firewalls.
Hope that made some sense,
-Tor
From what I am experiencing with the spinneret, I cannot even connect to port 25 from outside the network.
Also why wouldn't spammers just connect to each receipt's mail server to send spam (maybe they do) ?
Bean
The other possibility (because I don't know what your setup is) is if you have a verified, functioning mailserver on your network, i.e. one that can be reached from outside and receive emails? Because another thing ISPs tend to do for non-corporate network customers is to block _incoming_ connections to port 25 as well (because they don't want you to run servers).
They do.. they just have to find a network which doesn't block outgoing calls to port 25, and then they go via that network. What the ISPs (and company firewalls do) is just to try to make sure that their customer's network (or company network) isn't used for spamming. But there are enough of open networks everywhere.
So what I would do (unless it's clear already where the problem might be) is to first test the connections when you're on the same local network: One box is a mail server, listening on port 25 (or, if you can manage, port 587 and TLS/STARTTLS). The other connects to it (btw it's not clear to me if the spinneret is the client or server here.. not that it matters for the network part).
If that works, then move them to different networks. If it fails, there's a firewall issue somwhere. In any case, the way to do cross-network SMTP transport for individuals is via port 587. This is what Google do, for example: You can set up your gmail account not only to use another mail address, e.g. bean@example.com, but it can also be set up to send the emails via your .example.com mailserver. To do that it will send via port 587, with your provided user/password. It would not be able to do that via port 25 other than for emails to inside @example.com.
-Tor
edit: WIll be away from the forum for some hours from now..
I assumed that the the ISP block port 25 for anything outside their network. It doesn't even connect.
Bean
The firewall at work will typically block access for outgoing port 25 to outside the network (except for their own dedicated mail handler computer, which is allowed to connect to the world through port 25). The ISP (your home ISP) will do the same. So you're blocked on several levels.
The solution to this (if there is one) will be to use port 587 (and TLS), or, possibly, the earlier non-standard (but common) alternative of port 465 and SSL. But this only works if a) the mailserver(s) actually support these safer alternatives to non-encrypted, non-authenticated SMTP on port 25, and b) the ISP and / or work firewall isn't blocking this outgoing port as well. Home ISPs won't usually do that, they stick to just port 25. Companies may be a bit paranoid and block outgoing ports for just about everything that isn't port 80 (http), port 443 (https), or port 20/21 (ftp).
If you have a gmail account you should be able to connect to port 587 (with TLS) to the gmail mailserver, at least from home.
-Tor
Thank you for your explainations. I think I get it now.
Bean