Linode Forum
Linode Community Forums
 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic
Author Message
PostPosted: Tue Feb 19, 2008 3:52 pm 
Offline
Senior Newbie

Joined: Mon Feb 18, 2008 10:15 am
Posts: 13
I have a residential broadband connection, so my IP is dynamic. I also run a postfix smtp server for my domain, but unfortunately, sending mail is problematic since quite a few large providers block smtp connections from IP's in known dynamic ranges. A static IP is not an option, since I'd have to get a business account for 2X the cost. What I did: get a linode and install centos 5 on it. Set up an openvpn link between my home linux system and the linode. Set a couple of iptables rules and a custom routing rule so that outbound smtp connections are marked and later snat'ed to the IP of my end of the tunnel, and then sent into the tunnel. The linode has a single iptable rule to snat the outbound traffic. Works a charm. Here is the home end:

iptables -t mangle -I OUTPUT -p tcp --dport 25 -j MARK --set-mark 0x1a
iptables -t mangle -I OUTPUT -p tcp -d 10.0.0.0/24 --dport 25 -j ACCEPT
iptables -t mangle -I OUTPUT -p tcp -d 127.0.0.1 --dport 25 -j ACCEPT
iptables -t nat -I POSTROUTING -m mark --mark 0x1a -j SNAT --to-source 10.8.0.2

[root@sphinx iproute2]# ip rule list
0: from all lookup local
32765: from all fwmark 0x1a lookup mail.out <=== new rule
32766: from all lookup main
32767: from all lookup default

on the linode:

/sbin/iptables -t nat -I POSTROUTING -o eth0 -j SNAT -p tcp --to-source $PUBLIC_IP


Top
   
 Post subject:
PostPosted: Tue Feb 19, 2008 6:48 pm 
Offline
Junior Member

Joined: Sun Dec 02, 2007 1:17 am
Posts: 27
Website: http://www.nabber.org
Or you can do like I do and run postfix + smtp auth + SSL/TLS. Works well since most mail clients understand this natively, no need for openvpn software.


Top
   
PostPosted: Tue Feb 19, 2008 6:57 pm 
Offline
Senior Newbie

Joined: Mon Feb 18, 2008 10:15 am
Posts: 13
This has nothing to do with smtp clients, but with other sites' servers that will not accept inbound smtp from my smtp server, since it's public IP is in a dynamic IP pool (yes, I know I can just use my ISP's mail server, but I prefer to have more control, since if something goes wrong once it's handed off, I have no visibility into that...)


Top
   
 Post subject:
PostPosted: Tue Feb 19, 2008 6:57 pm 
Offline
Senior Member

Joined: Sun Nov 30, 2003 2:28 pm
Posts: 245
Or do what I do and run UUCP for the home<->linode connection, over OpenVPN, if you like. Sure, it's old tech, but it's exactly what it's designed for: pushing and pulling mail from/to an intermittently connected server. And since home is a real postfix (or whatever) mail server, you can use whatever clients you like.

_________________
The irony is that Bill Gates claims to be making a stable operating system and Linus Torvalds claims to be trying to take over the world.
-- seen on the net


Top
   
 Post subject:
PostPosted: Tue Feb 19, 2008 7:33 pm 
Offline
Senior Member
User avatar

Joined: Tue Apr 13, 2004 6:54 pm
Posts: 833
UUCP over stunnel, here (rather than openvpn). Works well :-)

_________________
Rgds
Stephen
(Linux user since kernel version 0.11)


Top
   
 Post subject:
PostPosted: Tue Feb 19, 2008 8:25 pm 
Offline
Junior Member

Joined: Tue Feb 19, 2008 7:08 am
Posts: 23
Location: USA
Openvpn solution is more generic and easier to implement. Zero configuration in both server and client software.


Top
   
 Post subject:
PostPosted: Wed Feb 20, 2008 9:42 am 
Offline
Senior Newbie

Joined: Mon Feb 18, 2008 10:15 am
Posts: 13
These are all interesting ideas, but completely unrelated to the problem I was trying to solve :(


Top
   
 Post subject:
PostPosted: Wed Feb 20, 2008 12:35 pm 
Offline
Senior Member

Joined: Sun Nov 30, 2003 2:28 pm
Posts: 245
No, it's not unrelated. The problem is that mail from your home server is rejected because your home IP is dynamic, right? The solution is not to send mail from your home server, but to route everything (except local mail, of course) through your linode. One way to do this is to have your home server treat your linode server as its smarthub, and have your linode server route local mail to your home server. The downside of this approach is if your IP changes, incoming mail will (for a while) be delivered to the old address. Most of the time there won't be a server there, and it will just sit in the queue until the linode server finds the new address. Occasionally, you'll be unlucky, and the mail will be bounced or accepted, and you'll never see it.

Another way is to not have a local server, and just have your client access your linode. The downside is that the client you like may not support SMTP AUTH, and that each client has to be configured.

Another way is UUCP, which is pretty easy to set up (with postfix, at least). The good thing about this approach is that all transfers are driven by the home server, whose current IP is irrelevant. It has proven extremely reliable for me. The "downside" is that it's old tech, and has a four-letter-acronym, which everyone knows isn't as good as a TLA.

_________________
The irony is that Bill Gates claims to be making a stable operating system and Linus Torvalds claims to be trying to take over the world.

-- seen on the net


Top
   
 Post subject: sigh
PostPosted: Wed Feb 20, 2008 12:37 pm 
Offline
Senior Newbie

Joined: Mon Feb 18, 2008 10:15 am
Posts: 13
I understand what you're saying, and I did consider the smarthub approach, but that involves having two sets of mail server software, and I wanted to keep everything centralized (and the simplest possible config on the linode...) This technique is also useful for other applications that need a static IP...


Top
   
 Post subject:
PostPosted: Wed Feb 20, 2008 12:50 pm 
Offline
Junior Member

Joined: Tue Feb 19, 2008 7:08 am
Posts: 23
Location: USA
When I use public wireless, I will route all my internet traffic through a openvpn gateway.
It seems to me openvpn is just easy to configure than all these old existing technology such as Ipsec, ppptp, etc.


Top
   
 Post subject:
PostPosted: Wed Feb 20, 2008 3:16 pm 
Offline
Senior Member

Joined: Sun Nov 30, 2003 2:28 pm
Posts: 245
Ah, I was assuming you had a mail server on your linode anyway, for incoming mail. So your MX is your home server? That can be problematic...but it's your mail.

_________________
The irony is that Bill Gates claims to be making a stable operating system and Linus Torvalds claims to be trying to take over the world.

-- seen on the net


Top
   
PostPosted: Wed Feb 20, 2008 3:44 pm 
Offline
Senior Newbie

Joined: Mon Feb 18, 2008 10:15 am
Posts: 13
it can be months between my IP changing, and i use a dynamic dns service to update the MX. you raise a good point that i may want to consider mapping inbound traffic thru the tunnel too, to avoid any issues there.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group