A simple guide to getting outbound Email up and running in your home lab behind an ISP with outbound Email ports blocked.
But Why is it Blocked
Most ISP’s now block outbound Email ports for residential accounts. No, they aren’t just pulling some stunt trying to get you to buy up to a business account, there is a legitimate reason for this.
There was a time when this wasn’t the case, and ne’er-do-well’s were free to write malware that blasted spam Email all over the internet, either for money-making advertising or other nefarious ends. Meanwhile, all sorts of unsuspecting social-network-farm-simulation-game playing victims looking for a leg up would install “cheats” to help them “win” the game - as if that was ever even possible? Then the phone calls start - it’s their ISP telling the victim there is a lot of spam coming from their IP address, and they have now clue what they are being told. It’s an awkward situation for both parties, and in the end the only viable solution was to just block outbound Email ports.
Okay, Now What
There are several options here, you cannot get through this barrier, but you can go over or around it. Here are your choices:
- Buy up to a Business internet account
- Buy a hosted Virtual Private Server - I use Linode for this
- Buy a 3rd party Virtual Private Network service
- Route outgoing Email through an existing Email service
- Route outgoing Email through your ISP’s Email service
There are probably a few that I missed, but let’s start off by ruling out anything that starts with the word “buy”, because we want it for free, right?
The remaining two options are pretty much the same to implement, unless you want to use GMail, then you’ll need to enable login tokens and jump through a few hoops, but I don’t recommend that anyway since they may allow some people to read your private Email! So I’ll be using my ISP’s Email service.
Let’s Do It
You will need the following to get started (these are the example values I’ll be using in this post):
- An Email account (
mydomaindotcom@emailprovider.com) - A super secure password (
tkA4jURk49icujFA) - The SMTP server address (
smtp.emailprovider.com) - The SMTP server port (
587)
If you can’t find the server address/port, ask your Email provider how to set up the account on your phone.
First, let’s create a file on the Email server with the login credentials, using your favorite text editor (nano, vi, etc), create the following file:
/etc/postfix/sasl_passwd
[smtp.emailprovider.com]:587 mydomaindotcom:tkA4jURk49icujFA
You may need to add the domain to the user:password declaration depending on your Email provider (e.g. mydomaindotcom@emailprovider.com:tkA4jURk49icujFA)
Since that file contains a password, lets lock it down a bit so only the root user can read it:
sudo chmod 0600 /etc/postfix/sasl_passwd
Now we need to convert this file into a lookup table for Postfix to be able to utilize it, the command is simple:
sudo postmap /etc/postfix/sasl_passwd
Great, now we just need to plug it in by adding a few lines to bottom of the Postfix configuration file:
/etc/postfix/main.cf
relayhost = [smtp.emailprovider.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
You may need to play with smtp_sasl_security_options, but it will usually just work without any options added.
Now run the obligatory sudo systemctl restart postfix, and you should be in business!