Opening port for DNSMadeEasy email service

I am using a mail server redirect service from DNSMadeEasy that will allow me to use/test an exchange server on my residential internet connection.

I need this service because most ISPs block port 25 on residential connections.

No problem, or so I thought…

With this service, mail is delivered to me on port 25, but my MX records point to DNSMadeEasy and then they forward me my mail to any port I want/specify. If they have restrictions, I didn't see it in my panel, regardless, I decided to pick port 85.

After some testing with my pfsense box, I can't get port 85 to open, I am using this site to test....

www.canyouseeme.org

I can see port 21 open (thanks to the help of this board a few months ago) and I thought it would be easy enough to mirror the settings for that...sure enough, no dice.

I tried another port 8585, but that didn't work (I read port 85 is used/common for phishing and assumed it was blocked at the ISP level).

Finally after confirming all my settings multiple times (and making sure I saved) I used a common port, on pfsense of 3889, pfsense automatically found it as RDP...I didn't choose RDP, but it obviously knew that is what it was for. When I test 3389 from CanYouSeeMe, it shows that it is open, so I know I am configuring the NAT rule properly.

Why is it that port 85 and 8585 dont play nice?

Is there a list of common ports that I CAN use?

Thanks.

EDIT-

had no issues setting up FTP, but that could be because it is a service?

Success: I can see your service on xxx.xxx.xxx.xxx on port (21)
Your ISP is not blocking port 21

Error: I could not see your service on xxx.xxx.xxx.xxx on port (8585)
Reason: Connection timed out

biggsy

Does your ISP block port 25 inbound and outbound? Outbound 25 blocking is designed to force you to send mail via the ISP's mail server and that is almost a standard practice. Inbound 25 seems to be blocked less often - perhaps because people want to use their own mail server and the ISPs get sick of unblocking it on a case by case basis. You should check that your ISP blocks both ways.

Anyway, if you can receive mail forwarded from the DNSMadeEasy service to your mail server on 25 and send via your ISP's server on 25, that would be the easiest.

I don;t think there is anything special about port 85. If you forwarded it correctly is should work. Do you have another router between you pfSense and the ISP? Maybe you need to open 85 on that too.

The list of standard ports can be found here
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

If you're running a Windows (Exchange) box it might be better not to open 3389 unless you're confident about the security of usernames and passwords. ;)

did you read why i am using the service? that will answer your port 25 question.

did you see that i copy pasted that i can get port 21 to work but that i get an error when i try other ports?

did you see that i can open the standard rdp 3389 port but i get an error when i try other ports…85, 8585?

i know that we are all here for help, but come on....

isn't it assume that anyone willing to install a more advanced firewall for their home network would know if there was an additional piece of equipment that needed to be configured, as well?

thank you for the security tip, you obviously didnt read what i was doing with port 3389.

marcelloc

Maybe your provider allow inbound connections only for know client services like rdp, vnc.

If you have no intention to rdp your machine from internet, use 3389 port to forward to your internal server port 25. The rdp you see on gui is just the description found in /etc/services file.

@marcelloc:

Maybe your provider allow inbound connections only for know client services like rdp, vnc.

If you have no intention to rdp your machine from internet, use 3389 port to forward to your internal server port 25. The rdp you see on gui is just the description found in /etc/services file.

i am not using RDP and that was actually my plan from the start. i was just seeing why i couldnt use my own port, but you could be right, the ISP could be blocking anything that isnt a common port…

and that would also explain why the ports that are common, excluding port 25, do work when i set them up in pfsense.

just making sure it wasnt something i was missing.

thanks

johnpoz

That really wouldn't be very nice of your ISP to do if you ask me. The isp roll is to connect me to the internet, not decide which ports I may or may not want to use ;)

Is it possible your behind a nat? Is the ip on the wan interface of pfsense public, or private 10.x.x.x, 192.168.x.x, 172.16-31.x.x ? Do you have anything in front of your pfsense box other than just a plain jane modem.. Not something doing any sort of firewalling or nat, etc?

@johnpoz:

That really wouldn't be very nice of your ISP to do if you ask me. The isp roll is to connect me to the internet, not decide which ports I may or may not want to use ;)

Is it possible your behind a nat? Is the ip on the wan interface of pfsense public, or private 10.x.x.x, 192.168.x.x, 172.16-31.x.x ? Do you have anything in front of your pfsense box other than just a plain jane modem.. Not something doing any sort of firewalling or nat, etc?

i know it isnt nice of them to block port 25, but it is common that most of them do (for residential).

for the rest of your questions, see below (or above, but it seems you missed it above)

did you read why i am using the service? that will answer your port 25 question.

did you see that i copy pasted that i can get port 21 to work but that i get an error when i try other ports?

did you see that i can open the standard rdp 3389 port but i get an error when i try other ports…85, 8585?

i know that we are all here for help, but come on….

isn't it assume that anyone willing to install a more advanced firewall for their home network would know if there was an additional piece of equipment that needed to be configured, as well?

thank you for the security tip, you obviously didnt read what i was doing with port 3389.

edit- also, my original post shows the confirmation messages i get for when a port is seen and not seen from the internet to my network. that should be another good indication…