Revision of How to accept email on port 26, using Iptables port redirection from Sat, 09/01/2007 - 11:01

In some countries, or better said some ISP have started to block port 25 to avoid PC viruses to send copies of themselves by email to all the contacts on you address book.

Well this could be good if you use your ISP smtp server to send email, but what happens if you use your office server, or you are in business trip, and get to a Hotel where you cannot send email through your smtp server because the port 25 is blocked, and you can't use the ISP smtp server because you do not have an account with them.

An approach lots of systems administrators are taking is to use port 26, so you can configure your email client and your colleagues email's clients to use port 26 instead of 25 to send emails.

Here I will show you how to configure your smtp server to accept email connections on port 26, independent of the server you are using, Postfix, or Sendmail or any other server.

First you need to open port 26, to do so, insert this line in your firewall configuration.

iptables -A INPUT -p tcp --dport 26 -j ACCEPT

This will enable the server to accept connections on port 26, from all over the world, next redirect the connections on port 26 to 25, this way you do not need to reconfigure your email server to listen on port 26.

iptables -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25

With these two line you will make your email server to accept emails on port 26.

In the case of one customer of mine, we had configured his email server, also to be his firewall, here is how it is configured (only the email part)

#Accept connections on ports 25, 26 and 110
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 26 -j ACCEPT
##Next redirect 26 to 25
iptables -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25
#Block your own clients from accessing port 25 outside their own network, (prevent being banned for sending spam with virus)
iptables -A FORWARD -p tcp --dport 25 -j LOG # To log the packets, -Useful to identify the offending machine
# Drop the packets
iptables -A FORWARD -p tcp --dport 25 -j DROP

Add any other rule you think you may need, do not run your server only with these rules, as this could be dangerous.