Friday, March 12, 2010

News Feed Comments
You are here: Home / General / Opening ports in the firewall for the Mail Server

Opening ports in the firewall for the Mail Server

January 10, 2010 by admin  
Filed under General

Leave a Comment

There are standard ports that are used to access most services.

For example, accessing a website generally uses port 80 for normal (HTTP) web pages and port 443 for secure (HTTPS) pages.

Smtp

Smtp generally uses port 25 for connections although there are recommendations for port 587 (see the official documentation for details).

Pop and pops

Pop and secure Pop use ports 110 and 995 respectively.

Imap and imaps

Imap and secure imap use ports 143 and 993 respectively.

Iptables

We need to edit the iptables.test.rules files to allow access to those ports. We will use port 25 for smtp at the moment. You can change it as you see fit.

Open the test rules file:

sudo nano /etc/iptables.test.rules

Just before the HTTP and HTTPS entries add the following details:

# Allows SMTP access
-A INPUT -p tcp –dport 25 -j ACCEPT

# Allows pop and pops connections
-A INPUT -p tcp –dport 110 -j ACCEPT
-A INPUT -p tcp –dport 995 -j ACCEPT

# Allows imap and imaps connections
-A INPUT -p tcp –dport 143 -j ACCEPT
-A INPUT -p tcp –dport 993 -j ACCEPT

Now we need to apply the new rules:

sudo iptables-restore < /etc/iptables.test.rules

Ok. Let’s check the rules have been applied:

sudo iptables -L

In the output from the command should be the following information:

ACCEPT     all  –  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  –  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  –  anywhere             anywhere            tcp dpt:pop3
ACCEPT     tcp  –  anywhere             anywhere            tcp dpt:pop3s
ACCEPT     tcp  –  anywhere             anywhere            tcp dpt:imap2
ACCEPT     tcp  –  anywhere             anywhere            tcp dpt:imaps

Well, that seems to tie in nicely with what we want.

Permanent

Now we have tested the rules, we need to have them applied on a permanent basis.

You will need to have full root access for the next command so enter this:

sudo -i

This will place you in the root shell.

Now enter:

iptables-save > /etc/iptables.up.rules

One done, type:

exit

This will place you back at the admin users command prompt. Don’t stay in the root shell.

Summary

Opening the default mail ports in our firewall has ensure we have access to the pop, pops, imap and imaps services we have configured and started.

  • Share/Bookmark

Related posts:

  1. Common iptables command, cheatsheet #!/bin/sh #File: /etc/rc.d/rc.firewall # Immediately log and drop any known...
  2. Configuring your Firewall for Webmin Many operating systems block access to port 10000 by default...
  3. Installing APF Firewall in cPanel server The whole process of securing a Server or network is...
  4. Installing Shoreline firewall (Shorewall) in RHEL Shorewall is the common name for the Shoreline firewall, a...
  5. Disallow /cpanel, /webmail to be redirected to ssl/tls ports (2083, 2096) If you are getting certificate errors while you are trying...

Related posts brought to you by Yet Another Related Posts Plugin.

Sources: http://articles.slicehost.com/2008/9/2/mail-server-opening-ports-in-the-firewall

Tags: , , , , , , , , , , , , , , , , , , , , ,

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!