Which ports to open for email server



  • hi all,

    really dumb question but here goes,

    my default rule is to block all traffic and protocols to/from anywhere

    i have made an email server and it uses TCP 25 (SMTP for postfix), 143 (IMAP for dovecot) and 443 (HTTPS for afterlogic ie webmail)

    obviously i know to create a NAT port forward to the email server with those ports but do i need to create an outbound rule for it aswell so those ports can see out ie the internet?

    many thanks,

    rob



  • No, you don't need any outbound NAT rule for incoming connections.

    However, postfix will also establish outbound connections for sending mails out. For these you need an outbound NAT rule, but for the WAN interface pfSense sets the outbound NAT automatically by default.



  • im thinking SMTP for both inbound/outbound traffic to email server, so it can send/recieve email from other smtp servers

    IMAP and HTTPS just inbound so people can access there emails via imap or https for webmail



  • You should have 3 NAT rules (25, 143, 443) for external access, and 1 outbound rule (25) on LAN interface (for outbound SMTP).
    You do not need to create rules for "reply" traffic for external connections, they managed automagically.