Allowing emails on iptables

0

I am trying to configure my iptables firewall (currently rejecting all traffic) to allow emails traffic. For SMTP port 465 is used (SMTPS port), and for IMAP it uses port 143. But whatever I try, I cannot get a connection to work. Here are my iptables rules:

-A INPUT -p tcp --dport 143 -j ACCEPT

-A INPUT -p tcp --dport 993 -j ACCEPT

-A INPUT -p tcp --dport 465 -j ACCEPT

-A INPUT -p tcp --dport 25 -j ACCEPT

-A OUTPUT -p tcp --sport 465 -m state --state NEW,ESTABLISHED -j ACCEPT

-A OUTPUT -p tcp --sport 143 -m state --state NEW,ESTABLISHED -j ACCEPT

-A OUTPUT -p tcp --sport 993 -m state --state NEW,ESTABLISHED -j ACCEPT

I can easily get ssh connections to run with my other iptables rules, so I must be missing something here. Any ideas?

Kohoutek

Posted 2015-07-13T16:43:31.677

Reputation: 1

Are these rules for an e-mail server? You don't need the INPUT chain rules for a client. Default DROP policy for the OUTPUT chain are unnecessary for most desktop/client computers and often complicate things. Try changing the default policy to ACCEPT for the OUTPUT. Lastly, maybe there's something wrong with the server-side or your client configuration. – Larssend – 2015-07-13T17:34:27.520

The rules are for my email client, not a server. I have deleted the OUTPUT rules specified above, and I have changed the default OUTPUT policy to accept. Still it does not work. If I remove all restrictions/iptables I can connect to the email server, so my client is configured correctly. It must be something related to the iptables that is causing the problem. – Kohoutek – 2015-07-14T00:31:19.950

Answers

0

First of all on OUTPUT chain you should have only ESTABLISHED and RELATED - to create stateful firewall without ports... and it all should work as you already allowed incoming ports.

Check this firewall script:

https://doittherightway.wordpress.com/2013/02/11/basic-bash-iptables-dmz-firewall-script/

Pavel K

Posted 2015-07-13T16:43:31.677

Reputation: 13

Thanks for your reply and for pointing out my mistake in the output chain. That does however not solve my problem (neither does the link you posted). – Kohoutek – 2015-07-13T17:01:18.107

You are trying to get email on box running iptables or box behind it? – Pavel K – 2015-07-13T17:02:27.043

I try to receive (and be able to send) emails from my iptables-firewalled computer. the iptables firewall does not allow any in/out connections except ssh (and email as soon as it works). – Kohoutek – 2015-07-13T17:36:11.917

You are missing tcp/25 (smtp) in your OUTPUT chain... but encrypted mail should work though – Pavel K – 2015-07-13T18:11:48.163

I added an output chain for port 25 (-A OUTPUT -p tcp --sport 25 -m state --state ESTABLISHED,RELATED -j ACCEPT) but it still does not work (neither sendind nor receiving email) – Kohoutek – 2015-07-13T20:49:31.597

Asked: 2015-07-13T16:43:31.677

Viewed: 646 times

Active: 2015-07-16T10:44:13.133