I want to make qmail-smtpd listen on 2 different ports, say 25 and 2500. How do I do this?

I've tried adding a second line to the supervise run script which would duplicate the tcpserver exec statement but it seems as though the second line doesn't get loaded.

Here are my guesses, having never used qmail:

If you (can) run qmail-smptd from inetd you could add a line in /etc/inetd.conf for each port...

OR, setup another config file with the other port specified, and run two instances ?

-Chris

Qmail can be setup in any number of ways from what I have read. I followed the directions at qmailrocks.org with some added assistance from lifewithqmail.org to get mine going.

Just as an FYI for anyone else who might have this question, I did the following:

Copy /var/qmail/supervise/qmail-smtpd to /var/qmail/supervise/qmail-smtpd2. Edit the run script located in the qmail-smtpd2 directory (make sure you designate the new port that you want it run on) and the run script located in the log sub-directory.

Create a symbolic link to your new smtpd2 supervisor directory...
ln -s /var/qmail/supervise/qmail-smtpd /service

Edit the qmailctl script (mine is at /usr/bin/qmailctl) and duplicate all qmail-smtpd entries with qmail-smtpd2 entries.

This should get it up and running on seperate ports.

I don't know if you found a solution, but I used to work at a DSL ISP and we had problems with users who used our dial-up service on the road. The problem was that the dial-up provider we bought service from blocked all outbound traffic on port 25 so users couldn't get to our SMTP server. To get around it, we added an iptables rule to redirect traffic destined for port 2525 to port 25. Presto! Instant SMTP server listening on 2 ports--and without the hassle and memory usage of running 2 copies of sendmail. I don't remember the exact syntax, but I'm guessing you can figure that out for yourself.

--James

UPDATE: - OK, I got bored (read: I'm avoiding studying for finals) and I went and looked up the syntax to do this with iptables. This works for me, just replace 25 with the port where the service is listeneing now and 2525 with the new port you also want it listening on.

iptables -t nat -A PREROUTING -p tcp --dport 2525 -i eth0 -j REDIRECT --to-ports 25

I tried this but it doesn't seem to be working. What am I missing (have never used iptables)?

# iptables -t nat -A PREROUTING -p tcp --dport 2525 -i eth0 -j REDIRECT --to-ports 25
# iptables->save /etc/sysconfig/iptables
# iptables -L -v -n -t nat
Chain PREROUTING (policy ACCEPT 640 packets, 29571 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 REDIRECT   tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:2525 redir ports 25

Chain POSTROUTING (policy ACCEPT 3441 packets, 140K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 3441 packets, 140K bytes)
 pkts bytes target     prot opt in     out     source               destination

But if I attempt to connect to port 2525 I get Connection Refused.

Ok, I tried that out again. For some reason it doesn't work when I'm sshed into the box and I telnet to 2525, but it does work if I telnet to 2525 from another machine. Obviously, the internal traffic is not getting processed by the rule. Why? I have no idea.

--James

It doesn't work from localhost because you told it to forward connections coming in on eth0. You'd have to specify lo as well (or just leave out the -i switch). But it probably will work fine as is.

I tried it with and without the -i etho switch, but it still doesn't work locally. Jus don't ask me why.

--James

From the man page:

nat        This table is consulted when a packet that  creates
              a  new  connection  is encountered.  It consists of
              three built-ins: PREROUTING (for  altering  packets
              as  soon  as  they  come  in), OUTPUT (for altering
              locally-generated  packets  before  routing),   and
              POSTROUTING (for altering packets as they are about
              to go out).

Locally generated packets will never hit the PREROUTING rule, you'll need to setup a near identical rule using OUTPUT to make it work.

As a follow-up...

Having the following commands in an iptables file will get the job done:

-A PREROUTING -p tcp -m tcp --dport 2525 -j REDIRECT --to-ports 25
-A OUTPUT -p tcp -m tcp --dport 2525 -j REDIRECT --to-ports 25