Simple port redirection

By jbayer - Last updated: Wednesday, August 3, 2011 - Save & Share - Leave a Comment

The mail provider where I work is an Exchange-only provider, and refuses to have anything to do with anything else.  What this means from a security perspective is that they have none, at least in regards to IMAP or SMTP.  From a practical point, in addition to the Exchange ports, they only have the standard port open:  25,110,143, 993 and 995.  Note that while they do provide secure ports for IMAP and POP3, they do NOT provide a secure SMTP port.

Before you ask, they do use NTLM security, so at least the communications, once established, are secure.

Our problem came in because most if not all ISPs block port 25 for outgoing except to their own servers.  This is an attempt to block spammers; and actually not a bad idea.

Our mail provider refused to open any other port for SMTP, so those employees who actually use email clients other than Outlook were screwed.

So we decided to create our own port-forwarder at our data center.  My first thought was to simply create a secure mail relay system using Postfix, TLS and SASL.  While successfully created, it did not solve the problem because I would have had to add each employee to the server, creating double work.  So after a little searching, I found this little gem called:  redir

This gem was written by Sam Creasey, you can get in touch with him at: sammy_AT_sammy.net

This link takes you to his home page:  http://sammy.net/~sammy/

This is a simple redirector which works very well.  I installed it into the mail server I had previously created, started it up and voila, we had a working smtp relay which simply relayed all incoming on port 587 to port 25 at our mail provider.

Note that this does NOT do any encryption;  I simply used port 587 because I know it is always open at the ISP level.

usage:
        redir --lport=<n> --cport=<n> [options]
        redir --inetd --cport=<n>

        Options are:-
                --lport=<n>             port to listen on
                --laddr=IP              address of interface to listen on
                --cport=<n>             port to connect to
                --caddr=<host>          remote host to connect to
                --inetd                 run from inetd
                --debug                 output debugging info
                --timeout=<n>           set timeout to n seconds
                --syslog                log messages to syslog
                --name=<str>            tag syslog messages with 'str'
                --connect=<str>         CONNECT string passed to proxy server
                --bind_addr=IP          bind() outgoing IP to given addr
                --ftp=<type>            redirect ftp connections
                                        where type is either port, pasv, both
                --transproxy            run in linux's transparent proxy mode
                --bufsize=<octets>      size of the buffer
                --maxbandwidth=<bit-per-sec>    limit the bandwidth
                --random_wait=<millisec>        wait before each packet
                --wait_in_out=<flag>    1 wait for in, 2 out, 3 in&out

        Version 2.2.1.

And here is the actual command I used.  The system is in a VM on a private network; I opened up the firewall to route port 587 on the external address to this VM to make it work.

/usr/local/sbin/redir  –lport=587 –laddr=192.168.101.131 –cport=25 –caddr=smtp.hostingprovider.com

The program is also available here:

  Redir (41.3 KiB, 223 hits)

Posted in Administration, Networking • • Top Of Page
982 views

Write a comment

asd