16

I need to open TCP port 25 on my Raspberry Pi 3. I watched videos on the internet re. iptables, nothing has worked. If you have a solution, using iptables or another method, that would be great.

If you want to know, I'm building an SMTP mail server and I have errors like "connection timed out" (with postfix) when I try to send a mail, (that's why I think port 25 is the problem, because it's closed)

FKEinternet
  • 103
  • 5
Millefeuille
  • 183
  • 1
  • 1
  • 6
  • Have you enabled any kind of firewalls? Raspbian doesn't have an active firewall by default, so anything that's getting blocked is likely due to something you did. – Jacobm001 Jul 03 '17 at 14:41
  • When you say try to send a mail do you mean from the RPi or another computer? – Jacobm001 Jul 03 '17 at 14:41
  • both questions = yup, the problem was in the config, and hostname resolved now – Millefeuille Jul 03 '17 at 21:00
  • I send from RPI – Millefeuille Jul 22 '17 at 03:34
  • 1
    Port 25 is a special issue. It's commonly used as an open relay for mail, and most of the world's spam can be traced back to it, which is why it is very common for ISPs to block it (meaning, it blocks you from being a spammer, not from receiving it). As far as I am aware it is probably never used by legit email providers now, everything except junk uses encryption. – goldilocks Apr 14 '20 at 12:27

4 Answers4

12

You likely don't have issues with iptables, unless you installed and configured it as it is not running on a default Raspbian install. Also the default install will normally open and listen on the required ports. However, if you intend on running a mail server you should install and configure a firewall first, as your server will be a prime target for spammers etc. Properly securing a mail server involves considerably more than a firewall though.

As for port 25 It may be blocked by your ISP. I would suggest you implement SSL for your ingoing and outgoing mail which means that you will no longer be using port 25. The default configuration file should have automatically opened the port and be listening.

However, to answer your question you can see if the port is open and what process is listening with the following command:

sudo netstat -lptu

Additionally you can test your basic configuration using telnet as described in this post.

Depending on why you want an email server you may be better off just setting it up to forward all nonlocal mail through your Gmail account. I have not used it recently but this script makes that exceptionally easy.

Steve Robillard
  • 34,687
  • 17
  • 103
  • 109
  • It seem to work ! thanks, actually the problem was both with SSL, and also my fault for badly configuring hostname and domainname. You helped a lot, thanks. – Millefeuille Jun 29 '17 at 07:38
8

For me:

sudo ufw allow 9999

works, where 9999 is the port number i want to open.

Debugging:

In case ufw is not installed:

sudo apt-get install ufw

In case ufw is not running (check with sudo ufw status):

sudo ufw enable

Question already answered?

i asked on meta: Should i place a second answer if question title vs answer differ?.

Tonio Liebrand
  • 181
  • 1
  • 4
  • Just a note to be careful installing this. I did so when trying to open a specific port. However I managed to disable all other ports in the process and removed my ability to ssh into the pi. – Justin Caldicott Dec 19 '23 at 11:48
0

Working with iptables and its command line interface is pretty complicate.
To open or close ports I simply use sudo firewall-config. This program is a GUI for iptables and quite easy to configure:
You can open a port either by knowing the corresponding name (http, ssh, samba, smtp, ...) or by entering the port number itself. It's only a few clicks and the port is opened or closed.

To make the change permanent (after reboot) you click inside this program on `Options/Runtime to permanent`. That's it.

Michael Hutter
  • 149
  • 1
  • 8
0

If you just want to test if the firewall is your problem you can simply disable the complete firewall suing
sudo /sbin/iptables --flush.
The firewall will stay disabled immediately until the next system restart.

Michael Hutter
  • 149
  • 1
  • 8