I have blocked all ports except:
- 143, 110, 993, 995, 587
This is enough (587port) to send a message.
But If someone send me emails, I don't receive them. At the same time, others do not receive errors that the letter has not been delivered. If I unlock\allow port 25, then the emails arrive, even those that were previously stuck.
Hi Ilya and welcome to zextras community!
All the comunication between servers must be over port 25 as the standard of SMTP protocol.
Ports 587 or 465 is only for clients ( send email from your client to your server ).
I suggest you to open all tcp traffic for port 25 (in/out) or you are not be able to receive or send email to an external server.
actually - I use csf firewall and it's really good.
the config is as such:-
TCP_IN = "25,80,110,143,443,465,587,993,995,5222"
# Allow outgoing TCP ports
TCP_OUT = "25,80,110,143,443,465,587,993,995,5222"
For security reasons - don't allow anyone to access the admin port 6071; and what I do is put in csf.allow the ip addresses that can access the admin panel.