Howto/20230921 Use a cheap VPS to bypass ISP blocking of port 25 to postfix mail server
My Howtos are mainly for me to document the steps required in case I ever have to re-do them again. Hopefully they will help other system admins out there, but I regret that this is not my primary objective.
We just switched to a new Internet Service Provider (ISP) that blocks port 25, both ways, making us no longer able to send or receive emails.
- For outbound emails, use the ISP's smtp server to send emails.
- For inbound emails, use a cheap VPS whose port 25 is open to receive and then forward emails to the main mail server on external port 2025 (not blocked by ISP). We already have a cheap VPS for our OpenVPN server with racknerd that costs 11USD/year so, for us, there is no extra cost to setup this mail forwarder.
- Our solution is based on the following guide to setup a backup MX: https://www.howtoforge.com/postfix_backup_mx
- You already have a working email server (mail1.interpause.com) configured with postfix, but port 25 is completely blocked
- You have rented a cheap VPS (mail2.interpause.com) and have installed postfix using the default configuration
- You have access to your ISP's smtp server (smtp.ebox.ca on port 587).
- Be sure to swap my domains and ISP's smtp server for your own!
- 1) Setup MX records on domain provider to point to VPS
- For namecheap, it looks like this:
- 2) Setup /etc/postfix/main.cf on mail1.interpause.com
myhostname = mail1.interpause.com mydestination = mail1.interpause.com, localhost, localhost.localdomain mynetworks = 127.0.0.0/8 [::1]/128 mail1.interpause.com mail2.interpause.com relayhost = [smtp.ebox.ca]:587
- 3) Setup /etc/postfix/main.cf on mail2.interpause.com
myhostname = mail2.interpause.com mydestination = $myhostname, localhost, localhost.localdomain, localhost relayhost = [mail1.interpause.com]:2025 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mail1.interpause.com mail2.interpause.com smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination relay_domains = $mydestination, interpause.com relay_recipient_maps =
- 4) Update port forwarding on router
- Forward unblocked external port 2025 to internal port 25 of mail1.interpause.com
- 5) (Optional, but recommended) Add postfix restrictions to prevent spam/spoofing using the following guide
- 6) Reboot both servers mail1 and mail2, or restart postfix
sudo service postfix restart
- We like this solution because all our mail data and accounts remains safe and sound on our primary mail server. Cheap VPS providers can always go bankrupt with very short notice (happened to us twice so far over the many years). Mail may queue briefly on the cheap VPS mail2 server, but will soon get forwarded to the safety of the primary mail1 server.
- If you have multiple VPSes available, then you may also setup additional mail forwarders as backup (mail3, mail4, etc.) in case mail2 goes down/offline and update the MX record accordingly.
- If your mail server manages multiple domains, then you would need update the MX record of each domain and append the virtual domains appropriately to relay_domains and possibly elsewhere too (interpause.com, interpause2.com, interpause3.com, etc.).
- Check the log file at /var/log/mail.log and google any error messages
- Use telnet to test connections:
telnet mail2.interpause.com 25 telnet mail1.interpause.com 2025 telnet smtp.ebox.ca 587