CentOS - Mail Server - Opening Ports in the Firewall

In the previous article, we installed and configured Dovecot to accept our incoming connections to the mail server. Now we need to open the ports in our firewall so we can access those services.


There are standard ports that are used to access most services.

For example, accessing a website generally uses port 80 for normal (HTTP) web pages and port 443 for secure (HTTPS) pages.

SMTP

SMTP uses port 25 by default for connections although there are recommendations for port 587 (see the official documentation for details).

POP3 and POP3s

POP3 and secure POP3 use ports 110 and 995 respectively.

IMAP and IMAPS

IMAP and secure IMAP use ports 143 and 993 respectively.

Iptables

Following from the Slice setup, we need to edit the iptables configuration file to allow access to those ports. We will use port 25 for SMTP for the sake of this article. You can change it as you see fit.

Open the iptables file:

sudo nano /etc/sysconfig/iptables

Just before the HTTP and HTTPS entries add the following details:

# Allows SMTP access
-A INPUT -p tcp --dport 25 -j ACCEPT

# Allows pop and pops connections
-A INPUT -p tcp --dport 110 -j ACCEPT
-A INPUT -p tcp --dport 995 -j ACCEPT

# Allows imap and imaps connections 
-A INPUT -p tcp --dport 143 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT

Now we need to apply the new rules:

sudo /etc/init.d/iptables restart

Ok. Let's check the rules have been applied:

sudo iptables -L

The output from the command should now show the correct ports open in our firewall as follows:

ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps

Great, everything looks good there.

Permanent

Now that we have tested the rules, we need to apply them on a permanent basis:

sudo /etc/init.d/iptables save

Done.

Summary

Opening the default mail ports in our firewall will ensure we have access to the POP, POP3, IMAP, and IMAPS services. It will also allow our mail server to speak with our servers to send and receive mail as necessary.

Now we are ready to add users and domains so that we can start making use of all this hard work we've done.

The next article looks at that in detail.

Article Comments:

Greg commented Sat Jul 24 15:45:27 UTC 2010:

Hi, I'm getting this error while trying to restart iptables. Applying iptables firewall rules: iptables-restore: line 2 failed What is the reason of this failure? Thanks in advance.

Jered commented Mon Jul 26 18:24:26 UTC 2010:

Hi Greg, it's hard to say without looking at your iptables config exactly what's wrong. I know our articles usually assume you've used one of our setup articles to get iptables configured, so if you didn't, you might at least go to the CentOS section and look at part 1 of the setup series for your version of CentOS. That will describe the default iptables file we use, and you can hopefully adapt from there.

If you want more direct help, though, head over to our support chat and a tech there can help you look at your iptables setup and try to figure out how to fix it.

link builders commented Thu Jul 04 03:39:18 UTC 2013:

Does your blog have a contact page? I'm having a tough time locating it but, I'd like to shoot you an e-mail. I've got some recommendations for your blog you might be interested in hearing. Either way, great site and I look forward to seeing it develop over time.

my web blog; link builders

link builders commented Thu Jul 04 03:40:02 UTC 2013:

Does your blog have a contact page? I'm having a tough time locating it but, I'd like to shoot you an e-mail. I've got some recommendations for your blog you might be interested in hearing. Either way, great site and I look forward to seeing it develop over time.

my web blog; link builders

Want to comment?


(not made public)

(optional)

(use plain text or Markdown syntax)