1
Smartermail not receiving email
Question asked by Nikolaj Ivancic - January 13, 2015 at 8:40 AM
Unanswered
SmarterMail 13 just installed on Windows Server 2008 R2 works almost completely - except that it does not receive email. My ISP (Comcast) likely blocks port 25, so I configured SmarterMail to use 527 instead, but this did not help. If I send email from that server (using Smartermail) than such email is received fine. 
 
Can anyone help with this oldest problem in the history of email server configuration, please ?

9 Replies

Reply to Thread
0
Employee Replied
January 13, 2015 at 9:19 AM
Employee Post
Hi Nikolaj,
 
Since Comcast is blocking port 25 you will not be able to receive emails.  Email server communicate on port 25 so even though you open up port 527 other mail server do not know this and will try to connect on port 25 which is being blocked by Comcast.  You will need to contact Comcast and probably move to a business account to get port 25 open.
0
Nikolaj Ivancic Replied
January 13, 2015 at 10:57 AM
I did call Comcast where I do have the business account and they stated that they simply cannot open port 25 ever for anyone. So, their advice was to use port 587 instead claiming that this should work as well for the purpose of my SmarterMail receiving emails
0
Nikolaj Ivancic Replied
January 13, 2015 at 12:14 PM
Steve, you seem to be quite convinced and the fact that there are several services that will redirect the email sent to my mail server for a fee, seems to speak in favor of your statement. So, I escalated my query at comcast support and am expecting some answers from them - which I will share for the sake of all "comcast victims".
 
In the meantime can you point me to some authoritative document that states what you just said, please
 
Inbound email communication can only happen on port 25, period
as I do not want to be run around by various level of incompetence at comcast :-(
 
0
Steve Reid Replied
January 13, 2015 at 12:29 PM
I'm not sure I can find what you are looking for exactly...
 
This KB may help:
 
 
 
0
Nikolaj Ivancic Replied
January 13, 2015 at 2:30 PM
I already dealt with this KB (found it myself). So, here is the whole scoop:
 
1. Correctly installed current version (1.13) of Smartermail passes all internal checks and everything works except receiving email - unless I send the email from the browser based email client running on the server itself.
 
2. Running the nslookup as explained in the KB results with
C:\WINDOWS\system32>nslookup
Default Server:  router.asus.com
Address:  192.168.1.1
> set type=mx
> petcms.us
Server:  router.asus.com
Address:  192.168.1.1
Non-authoritative answer:
petcms.us       MX preference = 0, mail exchanger = mail.petcms.us
petcms.us       MX preference = 10, mail exchanger = mail.petcms.us
All this seems right, so running telnet, yields
 
Microsoft Telnet> open petcms.us 25
Connecting To petcms.us...Could not open connection to the host, on port 25: Connect failed
Microsoft Telnet>
 
Indicating that port 25 is blocked. I have configured Smartermail to also listen on 587. Sure enough telnet petcms.us 587 connects just fine.
 
So it must be that the comcast support guy gives me false information when claiming that my server (I lease static IP from comcast) has no ports blocked whatsoever.
 
 
0
Bruce Barnes Replied
January 13, 2015 at 2:45 PM
If you have a Comcast Business class account, WITH an assigned block of PUBLIC, STATIC, IP addresses, even if it's only a single public, static IP address, then Comcast will allow MX to MX server traffic across their network. They will BLOCK all client to MX, as well as MX to client, and client to client traffic on port 25 - no exceptions. Ob a RESISIDENTIAL class service, they prohibit all traffic on port 25, again, without exception. They have been doing this since December, 2011, orior to which all Business Class and residential customers were were notified, via a small-print billing insert. Client to client MX connections must use port 587, which can run as enxrypted or non enxrypted. Port 587 is designated by the IETF as a MUST BE OPENED on ALL MX server port, as it is the official CLIENT to MX SERVER alternate port. Port 587 will not xarry traffic betweento MX servers unless specially configured for a custom, NON-IETF, conforming configuration, as all MX to MX communication is always carried on port 25, including MX to MX TLS enxrypted traffic.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Nikolaj Ivancic Replied
January 13, 2015 at 9:31 PM
Hi Bruce - long time no see :-)
 
If I understand your description of Comcast behavior correctly, I simply cannot run email server on my machine. This comes as a consequence of my belief that even if I configure my server to use port 587 for both outbound and inbound traffic, other email servers that participate in carrying email to me, would not know about my configuration.
 
Specifically I am not sure that I understand what means "They will BLOCK all client to MX, as well as MX to client, and client to client traffic on port 25 - no exceptions", so let me drop the from the jargon to plain English and describe by problem:
 
My business email (congral.com) is with Google and I want to run Smarter Mail on my domain petcms.us on my own server using Comcast static IP address. So, here is the scenario that fails:
 
Using Outlook and my congral.com email I send an email message to my account on SmarterMail (petcms.us). This includes the following steps:
 
1. Outlook sends the email to Gmail server - this is what you call client to MX I guess and this works as I am not getting any rejections from Google.
 
2. Gmail server sends this email to Smarter Mail - this ought to be the MX to MX and this is what I believe where the failure occurs.
 
3. I use Web Browser to connect to SmarterMail on petcms.us - and this (client to MX) works fine again as I can successfully send email from SmarterMail to my congral.com account.
 
If all this is true, my configuration should work - but it does not.
 
Lastly, I tried to use a service like dnsexit.com by pointing my petcms.us MX record to dnsexit.com which then redirects my email to petcms.us port 587 -- and then everything works just fine, with the caveat that I am now paying to two service providers to support my mail server and that does not bode with me. 
 
Am I understanding my situation correctly meaning that Comcast is screwing me for no good reason?
0
Bruce Barnes Replied
January 13, 2015 at 11:23 PM
Your are correct in everything except the fact that "Comcast is screwing me for no good reason?"
 
Comcast, along with AOL, GMAIL, Time Warner, YAHOO, and other large providers put this restriction in place to cut down on SPAM.
 
There is no getting around the requirement that you use a BUSINESS class circuit if your provider is Comcast, or one of the others who block port 25.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Nikolaj Ivancic Replied
January 14, 2015 at 7:07 AM
I disagree with your assessment since Comcast IS screwing me while it should not. Their attempts to cut down spam, should not interfere with the communications between the boundary MTA and the target host, both being instances of SMTP servers which HAVE to use port 25. 
 
In my case, the SmarterMail server which is the target host does not have the access to port 25. That should not be the case, as you stated yourself in your first analysis of my case, right?

Reply to Thread