This page is part of the EmailServer article. Alternate AccessIt is not uncommon for ISP to deal with the problem of spam and other email annoyances by forcing users to go through their own email services. Another species of more devious filtering seems to be common in places like China. The largest provider, China Telecom, seems to have strange ways of limiting (or filtering) access to IMAP and POP services when connecting to servers outside of China. To solve these issues I'm discussing here 2 solutions:
The first one may be enough to circumvent the restrictions imposed by most ISP and will work fine as long as their filter only block the usual email ports 25, 110 or 143. The second also requires that we poke holes in our firewall, but we'll just ask stunnel to listen to other ports as well as the standard SSL ones discussed in the SecureAccess article. Forwarding traffic from one port to anotherSo let's implement the first solution. As discussed in the Firewall chapter, I use the strong firewall rules scripts provided by the Linux IP Masquerade HOWTO. In the echo " - FWD: Aternate SMTP, POP3 and IMAP ports" $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 725 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 725 -j DNAT --to $INTIP1:25 $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 710 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 710 -j DNAT --to $INTIP1:110 $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 743 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 743 -j DNAT --to $INTIP1:143 Now restart the script (should be saved as Secure alternate accessAgain, we're going to use alternate ports 825, 810 and 843 as our arbitrary secure ports. First, we poke holes for these ports in our firewall, so just edit echo -e " - Allowing access to Alternate Secured Email ports" $IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED \ -p tcp -s $UNIVERSE -d $EXTIP --dport 825 -j ACCEPT $IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED \ -p tcp -s $UNIVERSE -d $EXTIP --dport 810 -j ACCEPT $IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED \ -p tcp -s $UNIVERSE -d $EXTIP --dport 843 -j ACCEPT Restart the script and add the following entries in the the [altimaps] accept = 843 connect = 143 [altpops] accept = 810 connect = 110 [altsmtps] accept = 825 connect = 25 Restart < AlternateAccess | EmailServer | MboxMaildirMigration > Leave your comments below |