Friday, August 26, 2011

News Feed Comments
You are here: Home / General / Opening ports in the firewall for the Mail Server

Opening ports in the firewall for the Mail Server

January 10, 2010 by  
Filed under General

Leave a Comment

There are standard ports that are used to access most services.

For example, accessing a website generally uses port 80 for normal (HTTP) web pages and port 443 for secure (HTTPS) pages.

Smtp

Smtp generally uses port 25 for connections although there are recommendations for port 587 (see the official documentation for details).

Pop and pops

Pop and secure Pop use ports 110 and 995 respectively.

Imap and imaps

Imap and secure imap use ports 143 and 993 respectively.

Iptables

We need to edit the iptables.test.rules files to allow access to those ports. We will use port 25 for smtp at the moment. You can change it as you see fit.

Open the test rules file:

sudo nano /etc/iptables.test.rules

Just before the HTTP and HTTPS entries add the following details:

# Allows SMTP access
-A INPUT -p tcp –dport 25 -j ACCEPT

# Allows pop and pops connections
-A INPUT -p tcp –dport 110 -j ACCEPT
-A INPUT -p tcp –dport 995 -j ACCEPT

# Allows imap and imaps connections
-A INPUT -p tcp –dport 143 -j ACCEPT
-A INPUT -p tcp –dport 993 -j ACCEPT

Now we need to apply the new rules:

sudo iptables-restore < /etc/iptables.test.rules

Ok. Let’s check the rules have been applied:

sudo iptables -L

In the output from the command should be the following information:

ACCEPT     all  –  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  –  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  –  anywhere             anywhere            tcp dpt:pop3
ACCEPT     tcp  –  anywhere             anywhere            tcp dpt:pop3s
ACCEPT     tcp  –  anywhere             anywhere            tcp dpt:imap2
ACCEPT     tcp  –  anywhere             anywhere            tcp dpt:imaps

Well, that seems to tie in nicely with what we want.

Permanent

Now we have tested the rules, we need to have them applied on a permanent basis.

You will need to have full root access for the next command so enter this:

sudo -i

This will place you in the root shell.

Now enter:

iptables-save > /etc/iptables.up.rules

One done, type:

exit

This will place you back at the admin users command prompt. Don’t stay in the root shell.

Summary

Opening the default mail ports in our firewall has ensure we have access to the pop, pops, imap and imaps services we have configured and started.

GD Star Rating
a WordPress rating system
Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Related posts:

  1. Common iptables command, cheatsheet
  2. Configuring your Firewall for Webmin
  3. Installing APF Firewall in cPanel server
  4. Installing Shoreline firewall (Shorewall) in RHEL
  5. Clean/Flushing Exim mail queue
Sources: http://articles.slicehost.com/2008/9/2/mail-server-opening-ports-in-the-firewall

Tags: ACCEPT, Don, , dpt, , , , imaps, iptables, L In, lt, , , official documentation, pop, pops, , port 443, port 587, , tcp, test rules

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!
Click here to cancel reply.