Get reliable and fast VPS from Dropvps!Buy Now
Menu
Signup | Login
User

DropVPS Team

Writer: Cooper Reagan

How to Open and Close Email Ports on a VPS Firewall

How to Open and Close Email Ports on a VPS Firewall

Publication Date

01/05/2025

Category

Articles

Reading Time

8 Min

Table of Contents

Managing email ports on a VPS firewall is crucial for ensuring that your email services are both functional and secure. Email ports such as SMTP (Port 25), Secure SMTP (Port 465), and Submission (Port 587) are essential for the sending and receiving of emails. Properly configuring and controlling access to these ports helps prevent unauthorized use, protects against potential threats like spam or malware, and ensures that legitimate email communication can occur without interference.

On a VPS, you have the ability to control which ports are open or closed, making it vital to manage these ports according to your needs and security policies. By opening the appropriate ports and closing unnecessary ones, you can strike a balance between functionality and security. In this guide, we will walk you through the steps required to open or close email ports on your VPS firewall, ensuring that your server is both effective and secure in handling email traffic.

Checking Existing Firewall Rules on Your VPS

Before modifying the firewall rules on your VPS, it’s important to understand the current configuration. Checking the existing firewall rules helps you ensure that you are not inadvertently blocking essential ports or creating vulnerabilities. Here’s how you can check the existing firewall rules:

  1. Using ufw (Uncomplicated Firewall)
    If you’re using ufw on your VPS, you can check the current firewall status and rules with the following command:
    This command will display the current firewall rules along with their status (whether they are allowed or denied).
  2. Using iptables
    If your VPS uses iptables instead of ufw, you can view the existing rules by executing:
    This command shows the current chain rules for input, output, and forward traffic, helping you identify any blocks or allowances for specific ports.
  3. Using firewalld
    On systems that use firewalld, you can check the current rules with:

    sudo firewall-cmd --list-all

    This will display the default zone’s active rules and services allowed by the firewall.

  4. Checking for Specific Port
    To check if a specific port (like port 25 for SMTP) is open or closed, you can use:

    sudo iptables -L | grep '25'

    Or, if using firewalld:

    sudo firewall-cmd --list-ports

By reviewing these rules, you can determine if the necessary ports for email communication (like SMTP or IMAP) are open or need adjustment.

Opening Email Ports on Your VPS Firewall (Port 25, 465, 587)

To ensure email communication works smoothly on your VPS, it’s crucial to open the necessary email ports in the firewall. These ports are used for sending and receiving emails securely and efficiently. The most common ports are 25 (SMTP), 465 (SMTPS), and 587 (SMTP submission). Here’s how to open these ports:

1. Using ufw (Uncomplicated Firewall)

If you’re using ufw to manage the firewall, you can open these ports with the following commands:

  • Open Port 25 (SMTP): 
    sudo ufw allow 25/tcp
  • Open Port 465 (SMTPS): 
    sudo ufw allow 465/tcp
  • Open Port 587 (SMTP submission): 
    sudo ufw allow 587/tcp

After adding the rules, you can check the status to confirm:

2. Using iptables

If you are using iptables, you will need to add rules to allow traffic on these ports:

  • Allow Port 25 (SMTP): 
    sudo iptables -A INPUT -p tcp --dport 25 -j ACCEPT
  • Allow Port 465 (SMTPS): 
    sudo iptables -A INPUT -p tcp --dport 465 -j ACCEPT
  • Allow Port 587 (SMTP submission): 
    sudo iptables -A INPUT -p tcp --dport 587 -j ACCEPT

To ensure the new rules are saved across reboots, run:

sudo iptables-save > /etc/iptables/rules.v4

3. Using firewalld

If your VPS uses firewalld, you can open these ports using:

  • Open Port 25 (SMTP): 
    sudo firewall-cmd --zone=public --add-port=25/tcp --permanent
  • Open Port 465 (SMTPS): 
    sudo firewall-cmd --zone=public --add-port=465/tcp --permanent
  • Open Port 587 (SMTP submission): 
    sudo firewall-cmd --zone=public --add-port=587/tcp --permanent

After adding the rules, reload the firewall to apply the changes:

sudo firewall-cmd --reload

4. Verifying the Firewall Configuration

To verify that the ports are successfully opened, you can check the firewall status:

  • For ufw, use: 
    sudo ufw status
  • For iptables, use: 
    sudo iptables -L
  • For firewalld, use: 
    sudo firewall-cmd --list-ports

By following these steps, you will have ensured that the necessary email ports are open for sending and receiving emails securely through your VPS.

Closing Email Ports on Your VPS Firewall

When email ports such as 25, 465, or 587 are no longer needed or you want to secure your VPS by limiting external access, closing these ports is an essential step. Here’s how to close email ports on your VPS firewall:

1. Using ufw (Uncomplicated Firewall)

If you’re using ufw to manage your firewall, you can close the email ports by running the following commands:

  • Close Port 25 (SMTP): 
    sudo ufw deny 25/tcp
  • Close Port 465 (SMTPS): 
    sudo ufw deny 465/tcp
  • Close Port 587 (SMTP submission): 
    sudo ufw deny 587/tcp

After applying these rules, check the status of ufw to confirm the changes:

sudo ufw status

2. Using iptables

If your server uses iptables to control firewall settings, close these ports with the following commands:

  • Close Port 25 (SMTP): 
    sudo iptables -A INPUT -p tcp --dport 25 -j REJECT
  • Close Port 465 (SMTPS): 
    sudo iptables -A INPUT -p tcp --dport 465 -j REJECT
  • Close Port 587 (SMTP submission): 
    sudo iptables -A INPUT -p tcp --dport 587 -j REJECT

To make these changes permanent, save the iptables rules:

sudo iptables-save > /etc/iptables/rules.v4

3. Using firewalld

If you’re using firewalld to manage the firewall, you can close these ports with the following commands:

  • Close Port 25 (SMTP): 
    sudo firewall-cmd --zone=public --remove-port=25/tcp --permanent
  • Close Port 465 (SMTPS): 
    sudo firewall-cmd --zone=public --remove-port=25/tcp --permanent
  • Close Port 587 (SMTP submission): 
    sudo firewall-cmd --zone=public --remove-port=587/tcp --permanent

Reload the firewall for the changes to take effect:

sudo firewall-cmd --reload

4. Verifying the Firewall Configuration

To ensure that the email ports have been successfully closed:

  • For ufw, check the status: 
    sudo ufw status
  • For iptables, list the rules: 
    sudo iptables -L
  • For firewalld, verify the open ports: 
    sudo firewall-cmd --list-ports

By following these steps, you will have effectively closed the unnecessary email ports on your VPS firewall, improving your server’s security.

Why Email Ports Need to Be Opened and Closed on a VPS?

Email ports play a critical role in the communication between email clients and servers. On a VPS, it’s essential to open or close these ports carefully to maintain both functionality and security. Here are some key reasons why controlling email ports is necessary:

  1. Ensuring Communication
    Email clients rely on specific ports to send and receive emails. Opening the correct email ports (such as Port 25 for SMTP, Port 465 for secure SMTP, and Port 587 for submission) allows these essential communication channels to function properly. If these ports are blocked, your email services may stop working entirely.
  2. Preventing Spam and Unauthorized Access
    Port 25 is often targeted by spammers and malicious users, as it is commonly used for sending bulk emails. By closing Port 25 on your VPS and using secured ports (Port 465 or 587), you can significantly reduce the risk of spam and unauthorized email use.
  3. Enhancing Security
    Closing unnecessary ports reduces the attack surface of your VPS, preventing unauthorized access to your system. Keeping only the necessary email ports open ensures that there are fewer opportunities for hackers or malware to exploit vulnerabilities.
  4. Regulating Traffic Flow
    By carefully managing email ports, you can control the flow of email traffic in and out of your VPS. This helps in preventing overloads or abuse and ensures that only legitimate email traffic is allowed.
  5. Compliance with Industry Standards
    Many email providers and services recommend using specific ports for secure communication. For example, Port 465 for secure SMTP and Port 587 for submission are industry standards to ensure encryption and secure delivery of emails.

Conclusion

Ensuring that the proper email ports are open or closed on your VPS firewall is crucial for both security and reliable email delivery. Proper management of ports like 25, 465, and 587 helps prevent unauthorized access and potential misuse while ensuring smooth email communication.

By securely configuring these ports:

  • Port 25 (SMTP): Typically used for outgoing emails but often blocked by many ISPs due to its association with spam. It is best left closed unless strictly necessary for specific configurations.
  • Port 465 (SMTPS): Provides secure email transmission over SSL and is ideal for encrypted email communication.
  • Port 587 (SMTP Submission): The recommended port for sending emails securely with encryption, making it a key player in ensuring safe and reliable email delivery.

Closing unnecessary email ports, monitoring the firewall settings, and employing secure connections (SSL/TLS) can significantly enhance the security of your VPS mail server and prevent abuse.

For optimal email performance and security, always test the email ports regularly, configure them correctly, and stay vigilant with firewall management to ensure efficient and protected email service on your VPS.

Linux VPS
U
Loading...

Related Posts