When configuring a Customer Hosted on-premise server, it’s essential to open specific ports to ensure your server can properly communicate with your email tenants, both inbound and outbound.
This guide will walk you through the steps to open ports on your on-premise server using UFW or iptables, two common Linux firewall management tools.
⚙️ Note:
Your organization’s security policies may differ. Always follow your company’s firewall and security guidelines when applying these changes.
Example Scenario:
You may need to:
- Allow inbound traffic on port 25 (SMTP)
- Allow outbound traffic on ports 25 (SMTP) and 443 (HTTPS)
In some cases, you may also need to open port 587 or a custom port. Simply substitute the port numbers in the steps below to match your use case.
Option 1: Using UFW (Basic)
Step 1: Check if UFW is Enabled
sudo ufw status verbose
If UFW is inactive, enable it:
sudo ufw enable
Step 2: Open the Required Ports
# Allow inbound traffic on port 25 sudo ufw allow 25/tcp # Allow outbound traffic on port 25 sudo ufw allow out to any port 25 proto tcp # Allow outbound traffic on port 443 sudo ufw allow out to any port 443 proto tcp
Step 3: Reload UFW
sudo ufw reload
Step 4: Verify the UFW Rules
sudo ufw status verbose
You should see something like:
To Action From -- ------ ---- 25/tcp ALLOW Anywhere 25/tcp (out) ALLOW OUT Anywhere 443/tcp (out) ALLOW OUT Anywhere
Option 2: Using iptables (Advanced)
Step 1: Allow Inbound and Outbound Traffic
# Allow inbound traffic on port 25 sudo iptables -A INPUT -p tcp --dport 25 -j ACCEPT # Allow outbound traffic on port 25 sudo iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT # Allow outbound traffic on port 443 sudo iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
Step 2: Save iptables Rules (Persistence)
Install the iptables-persistent package to save your firewall rules across reboots:
sudo apt-get update && sudo apt-get install -y iptables-persistent
Save the current rules:
sudo netfilter-persistent save
Step 3: Verify iptables Rules
sudo iptables -L -v -n
Important Reminders:
- If your default outbound policy is "allow" (Ubuntu’s default for UFW), you may not need to explicitly allow outbound traffic.
- If your server is behind a network or hardware firewall, make sure the required ports are open at the network layer as well.
- These instructions assume TCP traffic. If you require UDP, simply replace
tcpwithudpin the commands.
Summary
| Port | Direction | Purpose |
|---|---|---|
| 25 | Inbound | SMTP Email |
| 25 | Outbound | SMTP Email |
| 443 | Outbound | HTTPS |
If you need further assistance securing your server or opening specific ports, please contact your internal IT or security team, network team for additional support.