Problems sending pop3 email inside of someone else network

By deerek11 ·
Hello I have a few users that work in the field and one of our customers in the field there network does not allow my user to send pop3 email using Outlook inside of there network. We use Go Daddy for email and I have tried to use outgoing port 80, 25, 465, 3535 without any luck but web mail works, I have reach out to the company for assisitance without any luck all of there user in the past used pop3 email but now are all on gmail my question is what are my options at this point I would prefer not to have the users use web mail part of the time and other time use outlook is there any way around this problem without getting the company IT dept to make changes. I was thinking possibley proxy server ??? but not sure any help would be greatly appreciated let me know if more info is need

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Since SSL is typically allowed

by robo_dev In reply to Problems sending pop3 ema ...
Collapse -

Try changing SMTP server settings

by Colbus In reply to Since SSL is typically al ...

If you are inside a network, generally the pop3 SMTO settings will need to be that of the carrier you are using. If you change the outgoing server settings to be one that is used for that network your mail will send. Incoming mail is not an issue.

Collapse -

The company use gmail web for mail

by deerek11 In reply to Try changing SMTP server ...

All of the users in there network use gmail and I think there a possibility that a few users are connected to an exchange server that is inside of there network. To ensure I am understanding you, you are speaking of the out going SMTP out going port # 25, 80, 465 etc.

Collapse -

You cannot change the ports, or it will not work

by robo_dev In reply to The company use gmail web ...

If you are behind a firewall, typically the only outbound ports allowed for a lowly user are 80, 443 and maybe 23.

If, for example, you try to use port 80 for POP or SMPTP on the client, the server must be listening for those protocols on those ports, or it will not work.

If you can use the company internal mail server to send mail outbound, and it does not require authentication (and the admin allows this), then the pop client can just use the internal mail server to go outbound.

But, in your case, if that is not an option, then your only choice is to either tunnel the POP connection over SSL or do something with a web proxy.

HOWEVER, if you're going to the bother of using a web proxy, then using web mail makes more sense. See 'department of redundancy department'

Tunneling over SSL will allow the native POP client to talk to the external POP / SMTP server. It will also allow the web browser to get to any sites not allowed by the corporate proxy server, nudge nudge.

Collapse -

Not sure I fully understand

by deerek11 In reply to Since SSL is typically al ...

Not sure I completely understand if I setup Putty I can port out of the network and connected to my SMTP threw? I have read threw the links you provided and do I need to setup anything outside of this network to make this work?

Collapse -

Sorry, I did not explain this well

by robo_dev In reply to Not sure I fully understa ...

yes, your mail server would have to be listening for SSH. (typically running SSH Daemon on a UNIX box). Further, the firewall protecting your mail server would need to have port 22 redirected to the mail server.

Collapse -

Basic principles

by TobiF In reply to Not sure I fully understa ...

Some of your client companies use very strict limits for what outgoing connections are allowed.

They block everything!

Then they allow outgoing connections over the tcp protocol to port 80 on the server side. For a user this means that one can browse the internet over http.
BUT, they'll most probably be eavesdropping on you. If their firewall notes that you're not sending http requests and receiving the corresponding replies, then they may block this. (especially if you're going to dangerous places like or receive exe files...)

In this case, there may be only one option left:
From time to time, users may want to visit https sites. In system language, this means outgoing requests to tcp port 443. When a browser fetches a page via https, it may first lookup the the ip address via a dns lookup (dns request to port 53, will be monitored or even redirected to a proxy by the firewall), next it opens a connection to the server.
As soon as the connection is made, the browser and the server negotiate a secure "tunnel" between themselves. Once this enrypted tunnel is created, the browser will use it to request needed pages via the usual http protocol, but the firewall will only see an encrypted connection, not the requested url or the contents of the reply.

So the idea here, is to open up a "channel home" and have it look like an intensive two-way session to some https server.

One popular software, which could be used to accomplish this, would be to set up a ssh server on your home network and instruct it to listen for incoming connections on port 443, and then install the popular program puTTY on your consultants' laptops and set it up to open this secure tunnel home.

With this tunnel in place, the traffic from your mail program will leave the client company in the form of gibberish towards some https server, and then surface from the ssh server near your home company.

This tunnel could, of course, be used for other type of traffic, as well. If you, for instance, instruct your web browser to send any internet traffic via the tunnel, then you'll bypass any kind of filtering the client company may apply for usual http traffic.

Note: Some very strict companies may try to force even https traffic to be filtered via their proxy server. In this case, the proxy server will try to pose as the server you're connecting to. Since they don't have the certificate of the web server, they'll create fake certificates on the fly and sign them with their own certificate. For this to work, they need to deploy their own CA certificate as a trusted CA on all company computers. If that's the case, then your tunnel won't work (and the IT department will see in clear all communication to internet banks etc.)

Related Discussions

Related Forums