Opening ports in the firewall for the Mail Server
There are standard ports that are used to access most services.
For example, accessing a website generally uses port 80 for normal (HTTP) web pages and port 443 for secure (HTTPS) pages.
Smtp
Smtp generally uses port 25 for connections although there are recommendations for port 587 (see the official documentation for details).
Pop and pops
Pop and secure Pop use ports 110 and 995 respectively.
Imap and imaps
Imap and secure imap use ports 143 and 993 respectively.
Iptables
We need to edit the iptables.test.rules files to allow access to those ports. We will use port 25 for smtp at the moment. You can change it as you see fit.
Open the test rules file:
sudo nano /etc/iptables.test.rules
Just before the HTTP and HTTPS entries add the following details:
# Allows SMTP access
-A INPUT -p tcp –dport 25 -j ACCEPT# Allows pop and pops connections
-A INPUT -p tcp –dport 110 -j ACCEPT
-A INPUT -p tcp –dport 995 -j ACCEPT# Allows imap and imaps connections
-A INPUT -p tcp –dport 143 -j ACCEPT
-A INPUT -p tcp –dport 993 -j ACCEPT
Now we need to apply the new rules:
sudo iptables-restore < /etc/iptables.test.rules
Ok. Let’s check the rules have been applied:
sudo iptables -L
In the output from the command should be the following information:
ACCEPT    all – anywhere            anywhere           state RELATED,ESTABLISHED
ACCEPT    tcp – anywhere            anywhere           tcp dpt:smtp
ACCEPT    tcp – anywhere            anywhere           tcp dpt:pop3
ACCEPT    tcp – anywhere            anywhere           tcp dpt:pop3s
ACCEPT    tcp – anywhere            anywhere           tcp dpt:imap2
ACCEPT    tcp – anywhere            anywhere           tcp dpt:imaps
Well, that seems to tie in nicely with what we want.
Permanent
Now we have tested the rules, we need to have them applied on a permanent basis.
You will need to have full root access for the next command so enter this:
sudo -i
This will place you in the root shell.
Now enter:
iptables-save > /etc/iptables.up.rules
One done, type:
exit
This will place you back at the admin users command prompt. Don’t stay in the root shell.
Summary
Opening the default mail ports in our firewall has ensure we have access to the pop, pops, imap and imaps services we have configured and started.
a WordPress rating system
Related posts:
- Common iptables command, cheatsheet
- Configuring your Firewall for Webmin
- Installing APF Firewall in cPanel server
- Installing Shoreline firewall (Shorewall) in RHEL
- Clean/Flushing Exim mail queue