I don’t have a problem with ISPs blocking outbound port 25 other than their own mail servers – that is a sensible anti-spam precaution. However blocking inbound connections can only be used to prevent the running of mail servers and the only reason I can think of for them preventing this is to force people to use their MPLS based Internet leased line which cost over USD 1500/month for 512K last time I looked at the price.

Using nmap on a server in Amsterdam I quickly discovered it was only port 25 which was blocked. Other ports remained unaffected.

So my problem was to find a way of getting mail into my server using a port other than 25 (SMTP). Internet mail requires access to port 25 so I had to find another machine to forward mail into my ADSL line in Qatar. Fortunately I have access to such machines running Debian and postfix in Amsterdam.

The solution turned out to be surprisingly easy:

1. Arrange for the ADSL link gateway to port forward traffic from a free port (I chose 200) to port 25 on the internal mail server. I used IPTABLES to do this but the same can be done with almost any ADSL gateway – look for “Application Sharing”. This can be tested by using netcat (nc) to the gateway from a machine in the outside world (some names obscured):

ams1:~# nc www.mydomain.com 200
220 www.mydomain.com ESMTP Postfix (Debian/GNU)
helo www.x31.com
250 www.mydomain.com
quit
221 2.0.0 Bye

2. Configure the relay machine (mine is in Amsterdam) to accept mail for the ADSL connected system (my system in Qatar). To do this edit /etc/postfix/main.cf and add the domain to the end of the line (note the use of the comma ‘,’):

relay_domains = $mydestination, mydomain.com

3. Setup a special delivery transport for mydomain.com. To do this edit /etc/postfix/transport and add the following lines (myddnshost.dyndns.org is the dynamic dns hostname for my system in Qatar and the 200 is the port number I am using):

mydomain.com smtp:[myddnshost.dyndns.org]:200
.mydomain.com smtp:[myddnshost.dyndns.org]:200


Now rebuild the map file:
$ postmap /etc/postfix/transport


and edit /etc/postfix/main.cf again. Ensure the following line is present:
transport_maps = hash:/etc/postfix/transport

Finally restart postfix:
$ /etc/init.d/postfix restart

4. Now update your DNS and point the MX record at the relay machine. Wait for things to settle down (can take a few hours) and your mail will start to be delivered into your ADSL connected server.

I run Debian Etch and Lenny systems with a mostly standard postfix configuration which uses hash tables. If your system is different then you may need to specify a different format. The /etc/postfix/transport file is extremely powerful and I recommend you look at “man transport” before making changes.