I've recently had an issue with the ISP of a few of my clients in which they've blocked TCP port 25 and de-commissioned their old mail server in lieu of Gmail. Also, our business email has been hosted on Google Apps now for well over a year. This wouldn't be an issue, however our network devices and some applications (which used our ISP's old mail server) have no way to change the SMTP port from 25 to an alternate (let alone enable SSL and some does not allow SMTP authentication). I have, in the mean time, setup a local mail server for sending logs and scan-to-emails for some of our network devices and printers and this is working just fine.
We do have a problem though with our Act! Premium for Web 2006 application (which runs on an internal Windows 2003 Standard Server). I have researched these problems quite a bit over the past few days, but haven't found a working solution for what I'm attempting to do. I am looking for an application that could map/forward all traffic passing through the server from TCP port 25 to 465 or 587 and allow me to enable all traffic to be encrypted via SSL. I have tested several applications in hopes that they could do this, but so far have had no luck. The list of applications/scripts that I've tried so far is as follows:
GSR (perl script – James Specht)
RelayTCP10
KomodiaRelay
ITR (freeware by webcohort)
pmapperi
PortForward (download.com)
PortMapper 1.6 (java application)
PortTunnel
TansuTCP
tcp_forward (perl script – davesource.com)
tcppr (perl script – unknown author)
Tunneller
Most of these forwards a port to a hostname:port (similar to a port forward through a router), and none of them, save for one (with a paid key), have an option to encrypt all traffic on that port with SSL.
Act! Premium for Web 2006 will allow SMTP authentication ONLY when configuring email under a users' login. It has no option to change the SMTP port or to enable SSL. My ultimate goal is to have each of our users of Act! set their mail server to smtp.gmail.com and configure their username and password in the SMTP authentication fields. All mail sent from Act! goes through the server hosting the application. That's why I would like it to just forward all traffic on the server heading for port 25 to translate it and encrypt it with SSL over either port 465 or 587. I have searched/posted on Sage's forums to see if there is a back-end configuration or possibly an .ini file that we could change the SMTP port and enable SSL, but those features are STILL not available even in their latest version of the program.
Any and all help is appreciated if this is something that is actually possible. In the mean time, the local mail server I setup has a custom route that sends mail through a specified Google Apps account for our domain. I suspected though that this setup might have issues with other mail servers blacklisting our public static IP address since it doesn't match up with our MX records for our domain (since their obviously set to Google's) and possibly label our IP as an open relay (since the local mail server has to be setup in this way). This was confirmed this morning when our users received some bouncebacks from some mass mailers they sent out after the change. Even though the local mail server has to be setup as an open relay for our network devices and Act!, port 25 is NOT forwarded through our firewall, so nothing can send mail from the server if it isn't actually on our local network.
Again, I appreciate any help provided.
Thanks!
- Justin
Best Answer
Reason you are battling to find software that does that is sort of contained in your question. You want to take socket traffic that is being generated by the Windows 2K3 ip stack, bound for port 25, somehow intercept it, and then send it outbound on the same interface with the destination port rewritted to 485 (and throw in SSL for good measure).
There just is no simple way to do that in software - unless you are a total Windows Programming Guru (or you are a personal friend of Mark Russinovitch and he owes you a favour.).
If you have a NAT capable firewall or router, just use that for translate packets from your 2K3 host to the submission port for Google Apps - and don't use SSL. The only way to use SSL would be what you have sort of done, by the sounds of it, and that is to install a local SMTP MTA, that will receive e-mail on the SMTP port, and relay it out to Google Apps on the submission port and will negotiate TLS between this MTA relay and Google Apps.
You won't really get blacklisted for this, however you may find your mail will be dropped by some MTAs because it is originating from a non-mx IP. To address this problem, add your static IP to an SPF record for your domain in your DNS. That will tell receiving MTAs that do SPF checking that this IP is indeed authorized to send mail on your behalf. Check the OpenSPF project for more information.