Opening port 25 for mail servers with iptables

If you are having problems connecting to sendmail, postfix or other mail servers remotely it may either be a sendmail configuration issue or a firewall issue. The Linux 2.4 and greater kernel comes with iptables as a build in firewall solution.

When installing Linux the installer may prompt you for which ports you want to have open for remote connections. If you are wanting to set your machine up as a mail server then you would normally select the SMTP option, or enter port 25 to allow incoming connections to sendmail. If your installer did not give you the option to do this, you forgot to or you change the purpose of the machine at a later date, the firewell will not allow incoming connections on port 25, so external mail agents will not be able to connect to sendmail on your machine.

Fixing this in the firewall is a simple job. Edit the /etc/sysconfig/iptables text file (this is the RedHat distribution file location; it may differ for other distributions) and add a line like the following one:

-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT

The easiest way to ensure the correct syntax is to copy the line for another port which allows access and change the "–dport" part to port 25.

Once you are done, save the file and restart the iptables service – "service iptables restart" on RedHat ("/etc/rc.d/init.d/iptables restart" will also work).