On 03/16/2015 03:25 PM, Mark Hansel wrote:
> Hi,
>
> I want to use a relay host on port 10025. No matter what firewall rules I use, the port is blocked. I tested this using  2 computers with local connections only. (Isolated from the overall network by unplugging the router and plugging both computers into the same switch). The tests involved using telnet to target ports. Error was  "connection refused." Port scans show different, but in important respects, similar results.
>
> Way back in the days of inetd and xinetd, you told the daemon to fire up a program whenever a port was accessed. I cannot find an analogous process with SL.
>
> I use postfix as my MTA. The relay host is properly defined in the configuration file (main.cf). (This configuration worked with Ubuntu and with Mint Linux.)
>
> OS version is SL7, up to date, running firewalld, fail2ban (b/c of brute force root attack) with SELINUX active.
>
> Thank you,
> m hansel


It is unclear if you are running into a blockage on outbound connections 
(to a remote host listening on port 10025) or you have your daemon 
(listener/MTA) misconfigured and simply not listening on port 10025.

To get the MTA listening on the port you want, I believe you will have 
to edit postfix's master.cf and change the service to the port number 
you want.

As for the outbound 10025, there is nothing by default (other than 
perhaps SElinux, which I do not presently use) that would block postfix 
from relaying to a remote server on port 10025.

Other than that, as you said, relayhost= should be defined in the 
main.cf and if you have sasl or other required authnetication, you will 
need the necessary auth files setup (i.e. saslpass)

To create a listener for your telnet test, you could use xinetd (still 
available in SL7) or just use netcat (netcat -l 10025) to pop one up 
quickly.

-Mark