iptables port redirection (smtp servers). | ramblings of a sysadmin.

iptables port redirection (smtp servers).

this is a quick tutorial on tables port redirection.
we have a few clients whose outgoing port 25 is blocked by their ISP due to vulnerabilities and exploits that cause this port to send out considerable amounts of spam.
this is never an obstacle for someone who hosts on a linux server with iptables, because you simply can forward traffic from port 25 to another port (e.g. 26, as in the example below):
# iptables -t nat -I PREROUTING -p tcp –dport 26 -j REDIRECT –to-ports 25
easy, isn’t it?
of course, if 26 is blocked, you can substitute another open port — but 25 must remain the same, as 25 is the standard smtp (outgoing email) port.
for someone who needs to utilize these settings, s/he would be required to go to outlook or whatever email application is being used and change the smtp port from standard 25 to 26 (in outlook, this can be done by going to tools > email accounts > view or change existing email accounts > select the questionable email account > change > more settings > advanced tab > change 25 to 26).
then, try to send out the email. it should no longer be sitting in the user’s outbox.
to verify that the change was made on the linux side, simply run:
# iptables -t nat –list
the output should show something like this:
target prot opt source destination
REDIRECT tcp — anywhere anywhere tcp dpt:26 redir ports 25

confirmed — it is working!
make sure to save your changes so that the rules are maintained between reboots:
# /sbin/iptables-save

Leave a Reply

Post Navigation