Pegasus Mail & Mercury

I would prefer to bypass my ISP if possible rather than relaying though it.  I know my ISP is blocking port 25 but not ports 26 or 2525, for example, is it not possible to reconfigure MercE to send on a different port?

But on port 26 no-one can hear you smtp.

 

SMTP servers listen on port 25, so if said ISP is blocking traffic on port 25, you only have two options, send via your ISP, or send via another smarthost that listens on an alternate port. Both options require MercC rather than MercE.

It would seem I misunderstand the mechanism of transmission.  I thought it works as follows:

My email client sends out on port 25 to my local SMTP server - Mercury/32, MercS (the server module) listens on port 25 and once recieving the mail, passes it to MercE (the end-to-end SMTP client) that without the need of any other SMTP servers delivers directly to the recipient's mail box - sending out either on port 110 for POP3 or on port 993 for IMAP thus not using port 25 at any point.  What am I missing?

MercE looks up the MX record of the domain part of the RCPT TO: address to determine which server handles delivery for that domain.

It then connects to port 25 of that server and passes the message. That is it.

As your ISP blocks outgoing connections to port 25 this is not going to work for you.

Being able to change the port in MercE would be useless, as there is no SMTP server listening on port 26. Sure you could set one up that way, but that will not help you deliver mail to anybody else.

You need to use MercC, which passes ALL external mail to ONE SMTP server for further delivery.

This will need to be a smarthost that you have an account on that is allowed to relay your mail.

The obvious choice is your ISP's server, however you could get an account on another smarthost as long as it has a port other than 25 that you can use.

 

The obvious choice is your ISP's server, however you could get an account on another smarthost as long as it has a port other than 25 that you can use.

The free GMail SMTP server is also an obvious choice.  You will need to register the email address in the MAIL FROM: address for this to work though if you want one different than the GMail account email address.  Since GMail does not use port 25 it's a good option to bypass port 25 blocking.

(b) -SMTP STARTTLS -

  Server host name: smtp.gmail.com
  Server TCP/IP port: 587
  SSL/TLS: via STARTTLS
  Enable server certificate fingerprint tracking: checked
  SMTP Authentication: Login to the SMTP server using POP3
  username/password (the GMAIL-POP3-definition has been chosen)

(c) - SMTP via SSL -

  Server host name: smtp.gmail.com
  Server TCP/IP port: 465
  SSL/TLS: via direct ssl connection
  Enable server certificate fingerprint tracking: unchecked
  SMTP Authentication: Login to the SMTP server using POP3
  username/password (the GMAIL-POP3-definition has been chosen)
 

 

 

---

Thomas R. Stephenson
San Jose, California
Member of Pegasus Mail Support Team

I do not answer private messages from the forum. If you want to contact me use email to techsupp@tstephenson.com.

As DLN says, you need to use port 25 for direct SMTP delivery. However, you could try contacting your ISP and ask them to open port 25 for you. They may say no, but if you explain that you will be running your own mail server there is a chance they say yes as well. Somewhat depending on their service level, professionality and general friendliness of course.

/Rolf 

OK, so another smarthost it is.  But I would prefer a choice different from either my ISP or GMail or any other North American server.  I would like a free SMTP server in France, Russia, China or anyplace not subordinate to the US.  Any suggestions?
 

tron:

OK, so another smarthost it is.  But I would prefer a choice different from either my ISP or GMail or any other North American server.  I would like a free SMTP server in France, Russia, China or anyplace not subordinate to the US.  Any suggestions?

Not a clue for free but there are quite a few commercial relay hosts out there that will use something other than port 25 for a fee.  You really do not know where the servers will be actually located though.  FWIW, I really have no idea why you are set against GMail since your mail if going to be going through a North American server sometime. 

 

 

---

Thomas R. Stephenson
San Jose, California
Member of Pegasus Mail Support Team

I do not answer private messages from the forum. If you want to contact me use email to techsupp@tstephenson.com.

 Thank you all for explaining all this stuff to me :),  the picture is getting clearer but I still have these questions:

1.  "MercE looks up the MX record of the domain part of the RCPT TO: address to determine which server handles delivery for that domain."
-From start to finish, how many and what type of servers are involved btw the sender and the recipient computer?

2.  "This will need to be a smarthost that you have an account on that is allowed to relay your mail"
-Can any smarthost relay server - where I have an account - read my mail and keep a record of it?

3.  "I really have no idea why you are set against GMail since your mail is going to be going through a North American server sometime. "
-Does that mean that no matter what server combination/solution I use and whether I use my own mail server or not the Big Brother can still read my mail?

4.  If my ISP will not unblock port 25 for me and I will have to use MercC and get an account on another SMTP server, than what do I need Mercury for?  I mean how is having it in the chain going to give me more privacy than just having my email client send mail directly to that remote SMTP server for delivery (as I have been doing up to now)?
 

tron:

 Thank you all for explaining all this stuff to me :),  the picture is getting clearer but I still have these questions:

1.  "MercE looks up the MX record of the domain part of the RCPT TO: address to determine which server handles delivery for that domain."
-From start to finish, how many and what type of servers are involved btw the sender and the recipient computer?

There is no way of knowing in advance. The server listed as the MX may be set up to forward on to another (internal maybe) server for actual delivery to the recipient's maildrop.

2.  "This will need to be a smarthost that you have an account on that is allowed to relay your mail"
-Can any smarthost relay server - where I have an account - read my mail and keep a record of it?

Yes

3.  "I really have no idea why you are set against GMail since your mail is going to be going through a North American server sometime. "
-Does that mean that no matter what server combination/solution I use and whether I use my own mail server or not the Big Brother can still read my mail?

Yes. Depending on what conspiracy theories you subscribe to, it can be extracted from the TCP stream anyway.

4.  If my ISP will not unblock port 25 for me and I will have to use MercC and get an account on another SMTP server, than what do I need Mercury for?  I mean how is having it in the chain going to give me more privacy than just having my email client send mail directly to that remote SMTP server for delivery (as I have been doing up to now)?

No difference at all, just one more hop along the way.

 You can encrypt your messages (PGP is one way) but the recipient also needs to be set up to decrypt it.

OK, if MercE is neither going to give me more privacy (because of all the intermediate relays along the way) nor more independence (because I will still have to have an account on a 3rd party's relay SMTP server and thus will still be subject to their bandwidth and other restrictions - such as what file types can be transmitted), then can I assume that greater privacy and independence can only be attained by those able to use MercC (with end-to-end delivery)? 

And if so, then is it primarily advantageous in terms of independence from 3rd party relay server accounts rather than in terms of privacy ("Depending on what conspiracy theories you subscribe to")?

 

I'm afraid that the situation is that the moment you enter public Internet your email will have the security equivalence of a postcard - anyone who's hands it passes through can read it. If you can use MercuryE (end-to-end delivery) you will skip one mail server hop on the way to the recipient, but any carrier inbetween could (technically) extract the message from their routers even if no mail server is involved. So if you require higher privacy you will need to find a suitable way to encrypt the message.

/Rolf 

tron:

OK, if MercE MercC is neither going to give me more privacy (because of all the intermediate relays along the way) nor more independence (because I will still have to have an account on a 3rd party's relay SMTP server and thus will still be subject to their bandwidth and other restrictions - such as what file types can be transmitted), then can I assume that greater privacy and independence can only be attained by those able to use MercC MercE (with end-to-end delivery)? 

Yes

And if so, then is it primarily advantageous in terms of independence from 3rd party relay server accounts rather than in terms of privacy ("Depending on what conspiracy theories you subscribe to")?

 

Yes. We began running our own server to have more control over our mail.

We decide what size mails we will receive (at the time our ISP had a 10MB limit)

We can filter our own spam (rather than the ISP hit & miss approach)

We get better notification of delivery failures / delays (ISP had sendmails default of 4 days later "oh sorry I couldn't deliver your mail")

To achieve this we required a static ip address, exemption from port 25 blocking (which was introduced after we started hosting our own mail server), and correctly set up DNS records (MX, PTR, and A records) for our registered domain name.

As for privacy, most (pretty much all) server to server SMTP traffic is plain text and readable by anyone with access to the datastream (i.e. not just relay mail servers but any of the internet routers along the way), the ability to process that much data, and the inclination to invest the huge amount of effort involved. If 'someone' is that interested in your mail, encrypting it probably won't help much either.

In my opinion the use of SSL conections between server & client is pretty much only useful for securing the transmission over endpoint wireless access, so your coffee shop buddy can't sniff your mail while you read.

 

1.  "MercE looks up the MX record of the domain part of the RCPT TO: address to determine which server handles delivery for that domain."
-From start to finish, how many and what type of servers are involved btw the sender and the recipient computer?

Unknown, this MX record may point to a gateway host that routes through a number of server.  Most of the time this is one server but it could be many more.  For example if my server goes down the mail goes to the MX host for later delivery to my host when it gets back online,

2.  "This will need to be a smarthost that you have an account on that is allowed to relay your mail"

-Can any smarthost relay server - where I have an account - read my mail and keep a record of it?

Absolutely, they might record all mail going through the server.  If for no other reason they may be doing this to trace spam or even aid in troubleshooting.

 3.  "I really have no idea why you are set against GMail since your mail is going to be going through a North American server sometime. "
-Does that mean that no matter what server combination/solution I use and whether I use my own mail server or not the Big Brother can still read my mail?

Absolutely.  If you use something like Pretty Good Privacy it will make it a lot harder but then if you use PGP they might be thinging you have something to hide.  ;-)

 4.  If my ISP will not unblock port 25 for me and I will have to use MercC and get an account on another SMTP server, than what do I need Mercury for?  I mean how is having it in the chain going to give me more privacy than just having my email client send mail directly to that remote SMTP server for delivery (as I have been doing up to now)?

Mercury adds or subtracts nothing from SMTP mail.   You can expect that your SMTP mail is going to be read unless encrypted.  Even when encrypted the encryption can be broken by anyone that works hard enough at it.

 

 

 

---

Thomas R. Stephenson
San Jose, California
Member of Pegasus Mail Support Team

I do not answer private messages from the forum. If you want to contact me use email to techsupp@tstephenson.com.

Well, I just talked to my ISP and they cannot (or will not) unblock port 25 for me.  They claim it is a system wide block and they cannot change that. Of course, this means that I can kiss the idea of end-to-end delivery goodbye!  What's also less than pleasant is their inability (or unwillingness) to support ANY security and authentication - I mean no SMTP passwords, TLS or even SSL.  Which means they are worst than useless because they prevent their clients from acting independently from them (by blocking port 25) and do not allow to use cryptography with them!

This leaves me with just one question: if I choose to use MercC and cypher my mail, say using TLS, and then use my ISP SMTP server as a relay, will my mail get through or will their not supporting cryptographic protocols even prevent the mail from being relayed along?