››

Firewall setup (Linux)

On the MailArchiva server, create the file /etc/iptables.rules, with the content below.

#!/bin/bash

# Flush existing rules
iptables -F
iptables -X

# Set default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Allow loopback traffic
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow established and related connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow incoming SSH (port 22)
iptables -A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT

# Allow incoming HTTP (port 80)
iptables -A INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

# Allow incoming HTTPS (port 443)
iptables -A INPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT

# Allow incoming SMTP (port 25)
iptables -A INPUT -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT

# Allow DNS (port 53, TCP/UDP)
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT

# Allow PING (ICMP)
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

# Allow incoming JMX (ports 1099 and 9010)
iptables -A INPUT -p tcp --dport 1099 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 9010 -m state --state NEW,ESTABLISHED -j ACCEPT

# Allow incoming SNMP (port 161) and SNMP trap (port 162)
iptables -A INPUT -p udp --dport 161 -j ACCEPT
iptables -A INPUT -p udp --dport 162 -j ACCEPT

Persist the rules as follows:

sudo iptables-restore < /etc/iptables.rules
sudo iptables-save > /etc/sysconfig/iptables
sudo systemctl enable iptables
sudo systemctl restart iptables

Please also refer to Microsoft 365 SMTP filtering for instructions on how to filter incoming SMTP (port 25) traffic from Microsoft 365 Exchange Online servers.

Was this helpful?

Thank you Your feedback helps us to continually improve our content.

Found this information useful? Visit mailarchiva.com to learn more about MailArchiva.