Background

It is a common practice for many ISP’s to place restrictions on the sending and receiving of mail in order to reduce the potential for abuse by spammers.  For the typical home user, these restrictions are non-intrusive and are effective in preventing gratuitous abuse of the mail systems.  However, for users running their own mail server, these restrictions interfere with the proper operation of the service.

The origin for the restrictions began when spammers began directly injecting their email into the ISP’s mail relay servers for distribution.  This activity caused massive headaches for the ISP, as server utilization soared, bandwidth costs increased, and they would receive a torrent of angry calls from other ISPs for relaying so much spam.  The solution was to impose access restrictions on the mail relay servers so that only authenticated users from within the ISP’s network would be able to access them.  While effective in protecting the ISP’s mail relay servers, the tactics of the spammers shifted to work around this obstacle.

With direct access to the mail relay servers of the ISP blocked, hackers turned to using the large BotNets of Zombie Computers.  These compromised systems were used by the hackers to run their own mail relay servers and so the spam continued to flood the mail systems.  In order to reduce the effectiveness of this strategy, the ISPs  blocked all traffic for port 25 (the standard communication port for mail relay service) to their customers’ systems.  This prevented these systems from proxying spam throughout the email delivery systems.

In order to run a mail server, the restrictions imposed by the ISP must be overcome.  In some cases, simply contacting the customer support of the ISP can result in a lifting of the restrictions on the connection.  However, some ISPs do not have a flexible policy in place for customers wishing to run their own mail servers and so extra effort must be made in order to work around the situation.  Typically, there are two main blocks that must be overcome for mail service to be fully functional:  inbound blocking and outbound blocking.  The majority of ISPs implement both types of blocks, but occasionally only one or the other form of blocking is implemented.

Service Requirements

In order to work around the inbound or outbound blocks imposed by the ISP, an additional service provider must be used.  DynDNS.com offers several services that can be used to work around the ISP restrictions.  There are several other service providers that may have similar offerings, so you may wish to shop around.

The MailHop Relay service offers the ability to redirect incoming mail from the standard mail relay port (port 25) to an alternate port which is not blocked.  In addition, it provides a number of other benefits including:  spam filtering, white-listing, black-listing, virus scanning, and back-up queueing (which safely stores any incoming mail if your mail server should be temporarily unavailable).

The MailHop Outbound service offers the ability to bypass any outbound restrictions your ISP may have in place.  It is able to accept mail destined for other domains on an alternate port and so avoid a block placed on the standard mail relay port.  In addition, it offers a secure, authenticated mail relay connection (via SSL), the ability to send mail from any network, outgoing virus scanning, and detailed usage graphs.

Inbound Blocking

Inbound blocking prevents other mail servers from relaying mail to your mail server.  This means that mail which originates from another domain will not be able to be delivered to your email system.  Mail which originates from within your domain will not be affected by this type of restriction.  The MailHop Relay service offered by DynDNS is able to work around this restriction by accepting mail on behalf of your domain and then relaying it to your domain on an alternate port.

1. Subscribe to and setup the MailHop Relay service on the DynDNS site.
   1. Specify the destination mail server (e.g. example.com)
   2. Specify the alternate relay port (e.g. 10025)
   3. Enable any additional services desired (spam checking, virus scanning, etc.)
   4. Ensure the Mail Exchange (MX) Records are setup correctly for the domain
2. Create a port-forwarding rule on your gateway device to forward incoming connections from the alternate relay port specified (e.g. 10025) to the local mail server and standard mail relay port (e.g. mail.example.com, port 25).

   Protocol   External Port    Destination Address    Destination Port
      TCP         10025          mail.example.com            25

3. Verify inbound mail service is working properly by using Yahoo Mail to send a message to a test account in your domain.  It may take a few minutes for the DNS changes to propagate fully, so be patient if the mail does not appear quickly.

Outbound Blocking

Outbound blocking prevents mail originating from your server from being relayed to any other mail server.  Mail sent from within the domain to other members within the domain will not be affected.  The MailHop Outbound service offered by DynDNS is able to work around this restriction by accepting mail originating from your domain on an alternate port and then forwarding it on to the destination mail servers.

1. Subscribe to the MailHop Outbound service on the DynDNS site.
2. Open the Server Admin application and connect to the server hosting the mail service.
3. Select the Mail service from the list of available services.
4. Click on the “Settings” icon and select the “General” tab.
5. Enable the “Relay outgoing mail through host” option.
6. Enter the MailHop Outbound server address and port.

   outbound.mailhop.org:10025

7. Enable the “Authenticate to relay with user name” option.
8. Enter the account name and password for your DynDNS account in the appropriate fields.
9. Restart the Mail service.