Resolved Which Ports do i have to open to recieve Mails? How does the firewall work

[Papalapappi]

Hello,
i got a fully working mailserver and im playing with the firewall.
my idea was, enable the services i really use, and then block all other outgoing and incoming traffic. i think this is i little bit more secure isnt it? so i set it up, leave the enabled presets of plesk like SMTP and IMAP allowed and blocked all other traffic (of course ssh etc is enabled xD)

i found this doc: Ports Used by Plesk

and i think the plesk firewall presets are related to this arent they? so if the preset SMTP is allowed that both ports, 25 and 465 are allowed? you cant see the actuall ports from that presets... and i manually added port 587 for submission.

so my problem is, if i set all other incoming and outgoind traffic to block. i cant recieve any mails. if i allow all other traffic its working fine again.

maybe somebody can help me with that

Edit: Ok, i am a bit confused right now. The Presets are all related to incoming traffic. if i block all outgoing traffic, i think i need to manually open all these ports for outgoing manually am I? because the server needs to answer the requests?

 

[Brujo]

my idea was, enable the services i really use, and then block all other outgoing and incoming traffic

and this is a good Idea !

see also: Which Ports Need To Be Opened for all Plesk Services to Work with a Firewall?

Ok, i am a bit confused right now. The Presets are all related to incoming traffic. if i block all outgoing traffic, i think i need to manually open all these ports for outgoing manually am I?

no not "all" this ports for outgoing, you have to adjust the outgoing ports but only this one you need.
just as an example;

Allow outgoing to all on ports 20-21/tcp, 22/tcp, 25/tcp, 43/tcp, 53/tcp, 53/udp, 67/tcp, 80/tcp, 123/tcp, 443/tcp, 465/tcp, 5224/tcp, 55500-55769/tcp

* means like: Outgoing connections on ports 443 and 5224 need to be allowed for Plesk to verify and renew the Plesk license/update. port 25 for sending mail, if you use passive ftp you have to allow the passiv port range and so on....

 

[Papalapappi]

no not "all" this ports for outgoing, you have to adjust the outgoing ports but only this one you need.
just as an example;

with "all these" i meant especially these related ports for plesk.

i think i got a misunderstanding of this firewall...

my current firewall settings are (simplified just for my understanding)

policies: block all incoming and outgoing traffic
presets: allow incoming https port 443/tcp

no i can go on my website with https because 443 is allowed incoming.
but i dont understand why this is working if my policies block all outgoing traffic. for my understanding the server should accept incoming traffic but DONT send anything out. but actually the website is avialable with that configuration. or does this mean that the server cant communcate through port 443 with another server

so what ports do i really need for outgoing traffic?

 

[Brujo]

but i dont understand why this is working if my policies block all outgoing traffic. for my understanding the server should accept incoming traffic but DONT send anything out. but actually the website is avialable with that configuration. or does this mean that the server cant communcate through port 443 with another server

Correct this means the connection is initiated from outside -> your server over port 443 and the firewall accept it and will responde, therefor your website is reachable.
Outgoing policy means you can not initiate/open a connection fom your server outgoing -> 443 if the port isnt opend in the outgoing policy