Greetings,
I am having issues opening some ports for my mail server that I am hosting at home. I can’t seem to get these ports to open for IN/OUT traffic. What exactly do I have to do to get these to open?
This is what I currently have, and then I need to forward the ports to my server, but I just can’t seem to get these to open.
Are you trying to use smtp port 25, some ISP’s will block this port (escpically on home isp)
Do you need to do port forwards or just to open ports? I suspect you need port forwards.
Both. I am going to save anything I learn from here into my notes. For some reason I didn’t take notes last time. I would greatly appreciate any help. And I’ll have notation for down the road if I get confused. Thank you.
First you need to decide if you need just incoming mail or if you’d also like to be able to read your mail from outside your home network.
The distinction is important since it means opening up just the SMTP agent to the Internet vs also whatever you use for POP3 and IMAP. If at all possible, even if you’d like to read mail from outside the network, I suggest to do so over a VPN and keep POP3 & IMAP firewalled rather than opening more ports.
Moving on, once you have decided which ports to open, you generally need 2 things:
An additional point to keep in mind: if you need SSL traffic on any of the ports, such as SMTPS, you will need a public (i.e. not self signed) SSL certificate. Typically you’d want to get one for free from Let’s Encrypt.
For SMTP you also have 2 options: would you like it to just receive mail, or you’d like to have the ability to also send mail?
For just receiving it’s more simple, generally just setting an MX entry in your DNS should do the trick. Then you need to ask yourself what you’ll do about the incoming spam, you’ll probably want something to deal with it, likely also an antivirus.
For sending, things tend to get more complicated really fast: you need to secure your SMTP server to prevent spammers from using it to send… well, spam. You need to start thinking about your IP address reputation, so mails won’t be automatically rejected by most major mail servers, you need to setup DMARK, DKIM and SPF records in your DNS.
Don’t let this complexity discourage you, it is a fun and valuable learning process. But know it is a process and be prepared to put in the learning time and effort.
Hope this helps.
Hi, Dr. Heat!
I would like to have it fully functional, with being able to read mail from in & out of the network. Now, I get the theory of what you are saying using a VPN, but the only VPN I have is on my Unifi Controller to get into my Network from outside. So, if I’m being honest, I’m not 100% sure how do go about using a VPN for this purpose.
I have setup certs for a webserver I was using as a project, so I can surely get that taken care of. I followed a tutorial for setting up MailCow and used their documentation too and I setup everything on my DNS page of my GoDaddy account. I did everything they mentioned, I can get you a link of the tutorial. So, I’m a little confused now. What should my next step be? Thank you for replying.
Could you assist with setting up the firewall rules on the unifi controller?
I only have limited experience with Unifi. Wouldn’t feel comfortable assisting you with it. Perhaps others on the forum may offer some sort of assistance.
Couple questions for you to think over before you advance in this direction:
The better mindset is not if your network will get compromised, it is when it will get compromised.
Designing your network on the premise it will get compromised helps you plan ahead to detect as early as possible, limit the exposure and recover by just applying a plan you have prepared ahead of time, rather than scrambling under the pressure to come up with one.
