Category Archives: Networking

Change Default SMTP Relay Port in Debian’s Exim4

It seems fairly common for someone to have a private range of IP addresses behind a dynamic IP address assigned by an ISP. If this is your situation, you may get your SMTP port blocked by your ISP.

For those of us with SMTP relays in a central place on the Internet, having our SMTP port blocked by our “conscientious” local ISP is troublesome. But, they usually excel at troublesome.

So when your local machines or servers need to send mail, like, say, to report that a hard drive in the array has failed… they’re out of luck unless you send it through your ISP’s relay.

Unless… your ISP allows at least some mail ports though (or you set yours to listen on bizarre ports, which is commendable when necessary).

So we know that residential Comcast blocks SMTP port 25 which keeps us from relaying our valid email from local machines. But they don’t block port 587, which they consider “secured” for some reason. Why? I don’t know. You can, and should, and most smart people do encrypt on port 25. And you don’t have to encrypt on port 587 if you don’t want to. And relays can be open on port 587 as easily as port 25. So… not sure why they think port 587 is “secured” while port 25 “unsecured”.  I think they just enjoy being fascists all-around. (please don’t smite me Comcast, I’m just a poor thing trying at humor)

Anyway, mail servers typically aren’t configured to relay on ports other than 25. It’s pretty easy to get them to listen and relay on the other ports, though. This post isn’t about listening, though. It’s about sending. And to send mail, relaying on port 587 (submission port) instead of port 25:

# edit /etc/exim4/update-exim4.conf.conf

Then just change your SMTP smarthost (mail server that relays mail on  your behalf to its destination) line:

dc_smarthost='mymxserver.mydomain.com::587'

You just append 2 colons and the port number. Of course, your mail server actually has to be listening on that port as well. Debian’s (and by extension Ubuntu’s) mail server Exim4 automatically deals with protocol and encryption negotiation.

Remember, any time you change your update-exim4.conf.conf file you need to run:

# update-exim4.conf
# service exim4 reload

That lets Debian generate all it’s Exim4 configuration magic that vexxes so the Exim4 developers. But believe me, it’s nicer than having to worry about doing it all by hand in the pure Exim4 way.

By the way, you can also just reconfigure Exim4 using the standard Debian dpkg scripts, and for your “smarthost” question, answer with those extra 2 colons and the port number as well as the FQDN of your mail relay.

# dpkg-reconfigure exim4-config

That script stuff will also restart the exim daemon for you.

Do that, and your boxes can now happily relay to your central SMTP mail server on port 587 instead of port 25 – or whatever other port your preferences or necessities might take you.

Override DHCP assigned DNS Server and Domain Search in dhclient

Sometimes, particularly if you are on a residential broadband Internet connection, your Linux box might need to get its external IP addressed assigned by your ISP.

In this case, and in the case of Debian, you define your network interface with the dhcp flag in /etc/network/interfaces

auto eth0
iface eth0 inet dhcp

When you do this, by default, your /etc/resolv.conf file will be overwritten by whatever your ISP wants to assign you for your DNS servers and your search domain as well. It’s not always desirable that your /etc/resolv.conf file gets overwritten.

In Debian, if you are not using Network-Manager, that is, if you have a nice, minimal system, like for a router, it is the “dhclient” program that is handling the task of getting your IP address and network configuration information from your ISP.

You can, if you like, alter, override or ignore whatever your ISP is assigning you by editing the dhclient configuration file in Debian:

edit /etc/dhcp/dhclient.conf

In here, at the bottom, if you want to ignore your ISP’s name server assignment and use your own machine as the DNS server, you can “supersede” what the ISP’s name server gives you – that is, completely ignore the stupid thing:

supersede domain-name-servers 127.0.0.1;

That gives you just your local machine as your DNS server. So please do make sure you have one. But perhaps you still want to use your ISP’s name servers, but want to use yours as well, say, for example, reverse DNS entries in the ARIN black holes that you might locally use for your subnet. In that case, you can just “prepend” or “append” your own entry to what the ISP will assign:

prepend domain-name-servers 127.0.0.1;

That way, you get yours first, then whatever they want to give you.

Of course, you’ll probably want to assign your own search domain too, so you don’t have to go typing FQDN’s all the time and give yourself carpel tunnel’s syndrome. So here’s some preventative care:

supersede domain-search "orbislumen.net";
supersede domain-name "orbislumen.net";

If you do these things, then your /etc/resolv.conf file will be just how you like it, even with that presumptuous dhclient trying to make your machines believe everything it hears from your ISP.

Of course, you’ll need to bring the interfaces down and up to see the changes happen – just use the

# ifdown eth0
# ifup eth0

I would think that is self-evident, but I’ve been nagged at before for not saying such things. And I’m delicate.

Hope this helps!