SMTP
SMTP stands for Simple Mail Transfer Protocol and is used to transfer e-mail between mail servers. SMTP usually uses a high port number on the client, port 25 on the server, and the TCP protocol.
This corresponds to the following service definition:
| Services | ||||
|---|---|---|---|---|
| Name | Protocol | Firewall type | Client ports | Server ports |
| smtp | TCP | Dynamic session management | 1024-65535 | 25 |
Outgoing SMTP
Allow the SMTP service as defined above from the computers that can forward e-mail to computers outside the firewall (for example, a server on an internal network), to one or more mail servers (for example, the Internet, everyone on the outside). Example:
DNS must work (see the DNS section) so that you can use a domain name (such as mail.ingate.se). E-mail will not work properly if you accidentally block DNS.
Incoming SMTP
To allow outside SMTP servers to connect to servers on an internal network, there are two alternatives: use firewall rules or use a relay. The relay solution works regardless of whether NAT is used or not, while the first solution only works when NAT isn't used.
Using Rules
Allow the SMTP service as defined above from the computers that are allowed to visit your mail server (such as the Internet, everything on the outside) to the address of your mail server. Example:
Using Relays
Use a relay to forward SMTP connections to the correct computer. Example (assuming that 192.168.1.17 is the internal IP address to the mail server):
| Relays | |||||
|---|---|---|---|---|---|
| Listen to ... | Relay to ... | Relay type | Allow access from | ||
| IP address | Port | DNS name or IP address | Port | Networks | |
| Outside (1.2.3.4) | 25 | DNS server | 25 | TCP relay | Internet |
The outer name (the firewall's outer address if you have not entered other outer names) is the address mail servers on the outside should use.