[NTLUG:Discuss] Can sendmail listen on multiple ports?

[Richard Cobbe]

Lo, on Thursday, November 16, Egome did write:

> sooOOoOOooo, if I could make sendmail listen on ports 25 AND say...2525, we
> could BYPASS the SMTP filter.
> 
> So, can it be done?  I have yet to find out how to make it listen on BOTH
> ports?  Am I missing something?

Probably a much easier thing to do (without having to worry about whether
or not two instances of sendmail coexist peacefully) is to use the
port-forwarding features in the firewall.  On the machine running the
mailserver, it'd be something like (for kernel 2.2):

ipchains -A input -p tcp -d 111.222.33.44 42 -j REDIRECT 25

where 111.222.33.44 is the IP address of the mailserver machine, and 42 is
an unused port number within the protected port range (less than 256 or
1024, I can't remember which---anybody got Stevens handy?).  You will need
to have firewalling and port forwarding compiled into the kernel, of
course.

With this set up, you simply set your mail client to connect to port 42 on
this machine, and the kernel firewalling code redirects it to port 25.  As
far as the server is concerned, all its traffic is coming in on port 25,
and the kernel handles the necessary translation magic.  I use this sort of
setup now on my PC, although not with sendmail.

(Why a protected port?  You want to make sure that you don't choose a port
which can be snagged by another application started on the server machine,
like netscape.  If *that* were to happen, then the responses to netscape
would actually be sent to sendmail, and everybody would get all confused.
Since only root can open a socket on ports in the protected range, this
reduces the chances that this will happen.)

HTH,

Richard