Sendmail & IpTable Rules

iptables firewall sendmail port

6,727

If you want to allow your Linux box to send emails via port 25, you should allow it by adding a rule like:

$ iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT

Similarly for DNS traffic:

$ iptables -A OUTPUT -p udp --dport 53 -j ACCEPT

If there is no such explicit rules, the traffic will be denied by default as the default policy is set to DROP.

Update:

Don't forget to allow the related/established connections using:

$ iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$ iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

6,727

s1ck

Updated on September 18, 2022

Comments

s1ck over 1 year

I need to setup IpTable Rules for a server with nginx, ssh and sendmail. Now, the problem is, with my rules I can not send emails to other hosts anymore. Emails to localhost do work, but sending to different servers does not, when the firewall is up.

I tried opening both Incoming and Outgoing Port 25 and DNS lookup ports, but nothing worked. Any ideas?

Update:

Here are my rules:

#! /bin/sh
# firewall iptable rules

interface="eth0"

# first, deny all
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

# open loopback device completely
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# open ssh ports
iptables -A INPUT -p tcp -i $interface --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp -o $interface --sport 22  -m state --state ESTABLISHED,RELATED -j ACCEPT

# open browser ports
iptables -A INPUT -p tcp -i $interface --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp -o $interface --sport 80  -m state --state ESTABLISHED,RELATED -j ACCEPT