Using port forwarding when ISP’s block port 25 for outbound email





Last Updated on 06/12/2015 by dboth

When travelling with a laptop, smart phone or tablet and using your own email server, you may find that email is not being sent either directly from your device to your normal email server, or to your own email server if you run your own like I do.

ISPs such as Verizon, Time Warner, AT&T and ComCast, among others, no longer provide outbound SMTP servers. When contacted about this, they say that this is for security reasons and that you should use your company’s own email server.

Unfortunately, most companies email servers are not configured to deal with this. Neither are most individuals who run their own email servers, like me.

So you will need to perform and end run and have your email server, whether your own or your company’s, reconfigured just a little bit. You will set up your email server’s firewall to accept connections on port 587 and forward them to port 25, the normal SMTP inbound port.

First, you should set up some form of authentication. See my article on Basic Outbound Authentication for Sendmail.

Then configure your sendmail server’s firewall to forward inbound connections on port 587 to port 25 using the following IPTables rules. These are not commands, they are the lines that should be entered into the /etc/sysconfig/iptables file.

The following line should be added to the NAT table. Change the IP address to match that of your server. The NIC interface name, in this case “em1” should also be changed to reflect the interface name on your email server.

-A PREROUTING -i em1 -p tcp -m tcp --dport 587 -j DNAT 
  --to-destination 192.168.0.1:25

The following line should be added to the FILTER table. This syntax assumes that you are using stateful filtering. This line should go after the state RELATED, ESTABLISHED line in the FILTER table.

-A INPUT -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT

After making these changes to the iptables file, run the following command to activate the new rules.

iptables-restore /etc/sysconfig/iptables

You can then test this using the telnet command to verify that your server is accepting connections on port 587.

telnet hostname 587
Connected to hostname.
Escape character is '^]'.
q220 hostname ESMTP Sendmail 8.14.5/8.14.5; Wed, 29 May 2013 20:47:58 -0400
Escape character is '^]'.
quit
221 2.0.0 hostname closing connection
Connection closed by foreign host.

You will now need to configure the email client on your mobile device to send email to your server on port 587.