• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Change from SMTP port 25 to another port

Eberhard Gierke

Basic Pleskian
I tried the following.

Log into my server as root.
CD to /etc/postfix/
Create a backup of master.cf (cp master.cf master.cf-bak)
Open master.cf with a text editor
Find the line labeled: "smtp inet n ......"
Just below the line, insert a new line containing the following:
1234 inet n - n - - smtpd
Save the file.
Run "/etc/init.d/postfix restart" to restart Postfix.
Add the new port to iptables by running: "iptables -A INPUT -p tcp --dport 1234 -j ACCEPT"
So far everything has worked.

Now comes my problem ...
When I try to save the rule with the command
/etc/init.d/iptables save
AND/OR I try to restart "iptables",
/etc/init.d/iptables restart
I get the message ..
Incorrect path or filename.

I need the correct filename and path....
Can someone help me with my problem?

OS: Ubuntu 16.04.2 LTS‬
Plesk Onyx Version 17.5.3 Update #6

Many Thanks!!
 
Hi Eberhard Gierke,

at the moment, the usage of port "25" is hard - coded within Plesk files ( encrypted ) and can't be changed as far that I remember.
Pls. wait for a Plesk - Team - Member to verify my comment ( @IgorG ? ).
 
at the moment, the usage of port "25" is hard - coded within Plesk files ( encrypted ) and can't be changed as far

You could be right. I have found a way to save and activate the rule. BUT it does not work.

It would already be important (for me) to change the port 25 because I currently have a lot of " bad visitors" on my server.

@IgorG
Maybe you can help in this case.

Thank you!
 
Last edited:
Why would you want to change port 25? How would other mailservers find your mailserver? If you are the only one to send why not use the submission port and close 25?
 
You can add alternative port 26, for example with adding line

26 inet n - n - - smtpd

to

/etc/postfix/master.cf file and restart postfix service.
But it is not a permanent solution because postfix setting will be overwritten and next mail setting update in Plesk.
 
Another option is to add a NAPT translation into iptables.
Sometimes Plesk rewrites master.cf (or other files) and without you knowing that addition is gone.

You need to open up port 1234 as well.
If you don't want it to listen to port 25 you need to block that port on the incoming interface and port.

Code:
-A INPUT -p tcp -d <wan-ip>  --dport 25 -j DROP
-A INPUT -p tcp  --dport 25 -j ACCEPT


-A PREROUTING -d <wan-ip>/32 -p tcp -m tcp --dport 1234 -j DNAT --to-destination <wan-ip>:25

BTW...

On each new Plesk server I check the iptables of its firewall to see if there are any differences with my own standard iptables.

I close incoming MySQL btw..

I then remove the Plesk firewall and make sure my iptables is loaded when the interface comes up.

I feel more comfortable with that simple handling of iptables than its not that flexible Plesk counterpart.
 
Last edited:
Yes, but it's only needed if you DON'T want it to respond to port 25.

Most likely it is enough to just comment the "--dport 25 -j ACCEPT" line
The line I gave is for a situation where you would have more than 1 IP on your server.
Traffic coming from and going to localhost interface is already accepted that far down the chain.


BTW... I'm merely giving you a solution to your question.
Like eiko said... why would you stop listening to port 25?

If you want I could write a script that does all dynamically without changing the firewall.
 
Last edited:
I think this should work

cat /usr/local/sbin/change_smtp_port
Code:
#/bin/sh

SMTP=25
ALT_SMTP=1234

WANIP=`ifconfig | grep -o 'inet addr:[0-9.]*' | awk -F: '{print $2}' | egrep -v '^(10|192\.168|172\.1[6-9]|172\.2.|172\.3[01]|127)\.' | head -n1`
ACCEPTROW=`iptables --line-numbers -nL INPUT | grep -i "ACCEPT .* 0\.0\.0\.0/0 .* dpt:${SMTP}$" | head -n1 | awk '{print $1}'`
DROPROW=`iptables --line-numbers -nL INPUT | grep -i "DROP .* 0\.0\.0\.0/0 .* dpt:${SMTP}$" | head -n1 | awk '{print $1}'`

[ ${WANIP} ] || exit 1

if [ ${DROPROW} ] ; then
  echo "Port ${SMTP} is already getting dropped"
elif [ ${ACCEPTROW} ] ; then
  if [ ${ACCEPTROW} -gt 4 ] ; then
    iptables -I INPUT ${ACCEPTROW} -p tcp -m tcp -d ${WANIP} --dport ${ALT_SMTP} -j ACCEPT
    iptables -I INPUT ${ACCEPTROW} -p tcp -m tcp -d ${WANIP} --dport ${SMTP}     -j DROP

    iptables -t nat -A PREROUTING -d ${WANIP}/32 -p tcp -m tcp --dport ${ALT_SMTP} -j DNAT --to-destination ${WANIP}:${SMTP}
  else
    echo "I think something went wrong with the iptables detection, row ${ACCEPTROW} can't be true" >&2
  fi
else
  echo "I'm unable to detect the line where port ${SMTP} is accepted, I can't do anything" >&2
fi
 
Last edited:
Back
Top