sendmail delivery to alternate port

Slightly dated, but still a very useful sendmail hack.
My cable modem provider blocks not only outbound port 25 to anyone other than their own mail server, but they block inbound port 25 (as tho I am not responsible enough to manage my own incoming traffic).

I work around this by establishing my domain’s primary Mx on a public facing server, that has a custom sendmail mailer for my domain that re-delivers on a high port to the system at my house. Then on my home server, instead of having the local sendmail listen on that oddball port, I use iptables to redirect incoming 10125 => 25

call Redirect as an extended target
REDIRECT (only valid in nat table – prerouting or output chain)
REDIRECT –to-ports ‘port’

add this: ( to redirect to the existing port25)

-t nat -A PREROUTING -p tcp –dport 10125 -j REDIRECT –to-ports 25
for connections from outside

-t nat -A OUTPUT -p tcp –dport 10125 -j REDIRECT –to-ports 25
this works for connection from localhost

– of course, my Netgear firewall on cablemo has to forward incoming port 10125 to my local host, and then I came back and tighten up src specifier in iptables, limiting to the host with my primary MX. Using DynDNS on my home system, email sent to my hostname gets delivered directly, but doesn’t use port 25 on my local provider ..!..


About wb5rmg

Twitter-ish Bio: AMSAT, APRS, ARES, ARRL, Cisco, Dad, Digital, EmComm, Husband, Kundalini, IA, IT, LinkedIn, NASA, RedHat, Satellites, SomeNet, TV, WireShark, WordPress, ZFx My day job is Network Engineering for NASA @ MSFC, primarily supporting the International Space Station. My other 'job' is working as an Assistant ARRL Emergency Coordinator for the Huntsville - Madison County AL Amateur Radio Emergency Service ... /;^)
This entry was posted in internet, Linux, network and tagged , , , , , . Bookmark the permalink.

1 Response to sendmail delivery to alternate port

  1. Bill says:

    Just thought I would share this, for anyone who wants to know if their ISP is blocking outbound port 25 (which is becoming more and more common these days) try the test at

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s