Celebrazio Net

Contact Us

Sendmail port 587 enabled

January, 2012

Your ISP decides to get tough on spammers and block outgoing SMTP port 25 traffic. Actually, it's only blocked when sent to any mail server other than their own. But this includes you, so it's an inconvenience, to say the least. This page describes a usually-effective workaround. At least, they worked for me.

Environment and Background

  • Sendmail Version on mail server: 8.14
  • Daemon configuration: running under xinetd
  • Location of sendmail config: /etc/mail/
  • Location of xinetd config: /etc/xinetd.d/
  • TLS connections, for authentication of smtp, is already working

The Configurations

First, make a backup of current functional sendmail.cf and sendmail.mc files. Next, add the changed lines to sendmail.mc. Next, rebuild sendmail.

  # cp -ip sendmail.cf sendmail.cf.orig
  # cp -ip sendmail.mc sendmail.mc.orig
  # echo "DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl"   >> sendmail.mc

  # echo "DAEMON_OPTIONS(`Port=587, Name=MSA, M=Ea')dnl"   >> sendmail.mc

  # make -C /etc/mail

Explanation: the first change above makes sure the daemon is listening on both ports. "smtp" is the denomination of port 25. The second change above adds the submission port, 587, to the application. The "make" command is how the "cf" files are generated - these are what sendmail really uses.

Next we will update xinetd so it knows what to do with requests for the new port. (submission port, 587).

  # cd /etc/xinetd.d

  # cp smtp_psa smtp_additional

  # vi smtp_additional

  # /etc/rc.d/init.d/xinetd restart

In the new file, the first line should be modified to read "service submission". This is in place of the original "service smtp". This way, xinetd knows these new instructions are for 587. Your files in xinetd.d directory may have alternate names such as "sendmail". It's okay - just copy it. Finally, restarting xinetd is done.

Other things to note: The system needs for pop3s proper stunnel certificate at /etc/stunnel/stunnel.pem. I was able to copy one over manually. It also needs /usr/lib/sasl2/Sendmail.conf for SMTP with TLS. I could test pop3s by telnet server 995 Other tools used were testsaslauthd and saslpasswd2

Testing the changes

You'll need to configure a client to use port 587 in order to fully test your changes. Or try telnet like the below. Also try it to verify port 25 is still okay. Getting a "connection refused" error suggests that xinetd is not properly configured.


  # telnet localhost 587
  Connected to localhost, etc.
  220 localhost.localdomain ESMTP Sendmail 8.12.11,8.12.11;...
  HELO me
  250-localhost.localdomain Hello localhost.localdomain [...] Pleased to meet you

If your server has sendmail in standalone, then the section on xinetd configuration can be skipped. If you succeed with the telnet 587 test, but still cannot send over port 587, be aware of the possibility that authentication (TLS or otherwise) is not properly set up on either your sendmail server or on your client. Oh, yes, and it also falls as an exercise upon the reader to set up their own mail client(s) for sending on 587. I use pine (and pc-pine for Windows) and the change went smoothly. Plenty of documentation on the internet for pine.

1998-2023 Celebrazio.net