[Info-vax] SMTP server using port 587 outgoing?

[Stephen Hoffman]

On 2014-09-11 21:46:32 +0000, snowshoe said:

> On 09/11/2014 05:05 PM, Stephen Hoffman wrote:
>> 
>> You're about the billionth person to discover that trying to run a mail
>> server on a dynamic IP and with port blocks in place — that's best
>> practices for most ISPs, too, as differentiating a mail server from a
>> spam engine isn't obvious — involves shenanigans.  Unfortunately, this
>> all involves somewhat more shenanigans on OpenVMS.
> 
> Thanks, Steve. I am really trying to forward mail off the VMS box to 
> another account, and the easiest way seemed to be MAIL>FORWARD. I guess 
> not. I assume such things as POP and IMAP are right out.

So you're asking this for all the obvious reasons, and are making all 
the usual mistakes, and — somewhat unusually for folks asking these 
questions around the 'net — working with a mail server that's most 
charitably referred to as feature- and security-poor.

Mail servers need valid and matching forward and reverse DNS 
translations in DNS per the SMTP RFC, and those with mismatched DNS 
will cause other mail servers will make the usual assumption — it's a 
spam engine — and drop the outbound mail, and some will variously drop 
the inbound mail.


>> Relay through another local box, or subscribe to a mail hop service, or 
>> switch to another IP stack.
> 
> How do I set up such a relay (VMS side setup)?

There is no relay.

You'll have to gateway from your mail server into another local box 
running a more capable mail server, and then set up the authenticated 
relay from there.

> And VMS doesn't know SMTP AUTH?

Nope.  VMS SMTP is ancient, and exceedingly limited, and it's 
definitely not secure against eavesdropping, and that's before we get 
to any STARTTLS discussions.

Or switch to the Process Software stack for outbound mail.

>> Accepting inbound mail involves setting up DNS or remote hosts can and 
>> will drop messages to your server — assuming there's not also an 
>> inbound port block — and if this thread follows the usual arc of these 
>> discussions, you'll end up using an add-on IMAPSYNC or some other tool
> 
> Incoming mail works just fine.

No, it doesn't work just fine.   You're undoubtedly getting some mail, 
but various mail servers with decent anti-spam settings are just 
dropping the mail.

The next question you'll ask: no, there's nothing you can do about 
that, short of a mail relay through a server with valid DNS, or getting 
static IP with correct DNS.

>  I pointed the MX for a domain I have to my ISP's address, and although 
> dynamic, it rarely changed.

That's nice.   Your DNS is broken, and other DNS servers won't play 
with DNS servers with broken DNS.  There is nothing you can do about 
this, short of relays through a server with valid DNS configuration.

> I originally had the VMS box as a normal mail server until the ISP took 
> Port 25 away.

It mostly worked, but your public DNS is broken.   Other mail servers 
will drop outbound mail from that server, and some servers won't send 
to that server.

>   It continued to receive email (still does) but I went elsewhere to do 
> most of my email. Right now I wanted to forward email I want to save to 
> another account, and it appeared updating the VMS configuration was the 
> easiest way. I guess not.

Nope.  Postfix or Lampson will be easier, or a relay established via 
same, or (for outbound mail) switching to the Process Software IP 
stack.  This if you lack a static IP.  Getting static IP ties into 
getting matching forward and reverse DNS, BTW — all this stuff is 
related, and all of this stuff is tied to spam filtering, and all this 
stuff is on OTHER mail servers, and well outside of your reach, short 
of getting your DNS correctly configured.

I have various articles on DNS and mail services posted at the HL web 
site, including on folks trying to use mail servers and dynamic DNS.  
There are other articles around the 'net, too.


-- 
Pure Personal Opinion | HoffmanLabs LLC