PDA

View Full Version : Technicolor TG587n outgoing NAT redirect



Geek4414
16-07-2014, 10:47 AM
With Xtra enforcing secure email, people are having issues with sending email from software packages that do not support secure email and also hard coded to port 25. Apparently, Xtra is now blocking port 25 totally, so you can't even use the software vendor's server to send email.

This thread on another forum is describing the exact problem ... http://www.dslreports.com/forum/r27836117-Redirect-outbound-to-different-port

Most people being affected with this issue are small businesses, so can't expect them to run any email server. The most transparent way to solve this would be redirecting outgoing port 25 traffic to the vendor's server configured to a port not blocked by Xtra.

Is there any simple way to redirect outgoing port 25 on Telecom/Xtra supplied modems? I know how to redirect incoming ports on the router, but have not found any way to redirect outgoing ports. I have checked my Technicolor TG587n v3 and can only find incoming port redirection.

Or is there a simple command line using netsh that can redirect outgoing port 25 to a specific port on the vendor's email server?

This looks promising, but have read a bit more and try it later ...
http://technet.microsoft.com/en-us/library/cc776297%28WS.10%29.aspx


58445845

Chilling_Silence
16-07-2014, 02:30 PM
How about just updating your email server settings on your mail client to use a different port? :P

Geek4414
16-07-2014, 05:50 PM
It is not an email client, it is an accounting package hard coded to port 25 to send out invoices and statements directly.

fred_fish
16-07-2014, 07:22 PM
Probably the best/easiest would be to set up a local mail server (just for this) that accepts the "plain" smtp connection, then forwards it via a smarthost with the appropriate configuration.
Mercury32 by David Harris might be a good choice.
http://www.pmail.com/

Also, telecom will unblock port 25 on request (might need a "business" line).

wainuitech
16-07-2014, 07:27 PM
It is not an email client, it is an accounting package hard coded to port 25 to send out invoices and statements directly. Got a email from Cashbook Complete yesterday stating your problem with xtra.

Rather Long but explains it all.


Dear Sir / Madam,


New Requirement for Xtra / Telecom Customers
Most Cashbook customers using Xtra / Telecom (which we will now only refer to as Xtra) are being given a rude awakening by requiring that their emailing software encrypts
the emails (using TLS / SSL) before sending them. It appears that it is a slow rollout, so some people
have already run into this problem, and others will find out at some point in the future.

How We Attempted to Resolve This New Requirement
We provided our own email servers which were independant of the Xtra network so that Xtra customers could use our SMTP servers instead.* We found however that not only was Xtra
requiring a secure connection to their email servers but they were blocking access to all third party email servers (even with the Port 25 filter disabled).* Our solution therfore didn't work.

Xtra Overstepping the MarkWe feel that Xtra has overstepped the mark in blocking customers from accessing other people's email services.* Just as it is not their right to block their customers
from visiting certain websites, it is also not their right to effectively block their customers from using third party emailing programs.* Cashbook Complete works throughout
the World and Xtra is the only ISP that we know of that requires TLS / SSL.

If You ARE With Xtra (Telecom)
There are two ways you can move forward:-
The first way is to switch ISP's to another oneThe second way is to install Primo PDF on your computer so that you can send your email as a PDF.* Although this involves a few more steps than clicking an "Email" button,
it will get the job done.
(more)
Switching to another accounting package is probably not going to solve the problem either, as we have heard that other software companies are experiencing the same problem with their
products (including the ones that support SSL / TLS).


If you have sent email invoices or statements, you may want to check that they have been recieved.

If You Are NOT With Xtra (Telecom)
If you are not with Xtra, this problem won't affect you, but if you are considering switching to Xtra, you need to take into account that you won't be able to email Invoices and
Statements from Cashbook Complete.

Our Communication With Xtra
We spoke to Xtra about these problems and were passed up the chain to more senior people.* We wanted to write them a letter explaining the situation, but none of the more
senior managers would give their name, and none of the more junior tech support people would give the names of any of their managers.* The senior tech support manager asked
how many people would be affected, we told them that it would be several thousand, but he didn't seem to consider that a high enough number for them to take action in resolving
the problem.* It was as if Xtra had accepted that they would lose some customers, and were not phased by that number.* One person said that he would try and get someone
to ring us back, but as yet, we haven't heard back.* We don't think that it is wise for any business to shut down avenues for written complaints.

We apologise for the inconvenience.* We have done what we thought would resolve the problem, but didn't know that Xtra's email blocking would be so comprehensive.


>From the Acclaim Software Team.


If people ever needed an excuse to change their email ( and ISP) Provider Xtra are doing a good job at giving them a reason.

For quite a while now, XTRA have been blocking accounting (and many other types of software) from sending from within the program. Its been things like statements, invoices, reports - Just to name a few things, the only way around it was to save the item as a PDF and email that as an attachment. Their spam filters are catching anything thats been sent out as spam.

Note: its ONLY Xtra that's doing it.

Dump the :waughh:, and get another ISP or email provider.

fred_fish
16-07-2014, 07:28 PM
Another option may be to run an stunnel instance on a local machines port 25 to connect it to an appropriate SSL mail port.

Geek4414
16-07-2014, 10:59 PM
Got a email from Cashbook Complete yesterday stating your problem with xtra.

Rather Long but explains it all.

If people ever needed an excuse to change their email ( and ISP) Provider Xtra are doing a good job at giving them a reason.

For quite a while now, XTRA have been blocking accounting (and many other types of software) from sending from within the program. Its been things like statements, invoices, reports - Just to name a few things, the only way around it was to save the item as a PDF and email that as an attachment. Their spam filters are catching anything thats been sent out as spam.

Note: its ONLY Xtra that's doing it.

Dump the :waughh:, and get another ISP or email provider.

Bingo Wainuitech! Well, we are with Xtra, it is still working for us for some reason, I guess it will stop working soon. We are locked in with Xtra after the UFB installation, probably for another 6 months. However, in saying that, I really can't be bothered switching provider.

Geek4414
16-07-2014, 11:04 PM
Probably the best/easiest would be to set up a local mail server (just for this) that accepts the "plain" smtp connection, then forwards it via a smarthost with the appropriate configuration.
Mercury32 by David Harris might be a good choice.
http://www.pmail.com/

Also, telecom will unblock port 25 on request (might need a "business" line).

Apparently, Telecom is unwilling to unblock port 25 for the server they set up to work around this problem. Anyway, I used to use Mercury years ago, it is relatively easy to set up, it may be one option, thanks for reminding me of Mercury.

Geek4414
16-07-2014, 11:24 PM
Another option may be to run an stunnel instance on a local machines port 25 to connect it to an appropriate SSL mail port.

Just downloaded stunnel and having a look at the stunnel.conf file

I gather the following lines refer to capturing port 25 from the localhost and forward it to smtp.gmail.com:465, but how does it authenticate with Gmail? CashBookComplete has no provision to store/send the user credentials to authenticate with Gmail's SMTP server?


[gmail-smtp]
client = yes
accept = 127.0.0.1:25
connect = smtp.gmail.com:465

fred_fish
17-07-2014, 08:34 AM
but how does it authenticate with Gmail?
Don't know sorry, haven't used it for that.


Apparently, Telecom is unwilling to unblock port 25 for the server they set up
AFAIK it must be opened for each CLIENT ip - that sounds like they were asking for a global exception for their server.

Telecom DO unblock 25 on request - I have a couple of mail servers running on Telecom ADSL connections.