re-route requests on filtered smtp port 25

Jason asked:

My VPN filters port 25 (to prevent spam) but my ISP doesn’t. The VPN takes over all traffic and changes the default gateway? How can I bypass the VPN to send mail? I want all outgoing traffic except on port 25 to continue using the VPN.

My setup:

router (this is the default gateway when VPN is not connected)

I tried to use iptables to do something with –dport 25 but I don’t really know my way around the firewall.

I am using Ubuntu 12.10.

Another thing is that runs several servers (web, mail, ssh, …). The router forwards requests on those ports (80, 443, …) to To stop the VPN from interfering with this, I run:

ip rule add from table 10
ip route add default via table 10

All of my servers started working except mail (because of the same issue with port 25?) so I changed postfix to run on 2525 (and had the router forward port 25 there) and that got it working.

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface       UG    0      0        0 tun0         UG    0      0        0 eth0 UGH   0      0        0 tun0 UH    0      0        0 tun0 UGH   0      0        0 eth0       UG    0      0        0 tun0     U     1000   0        0 eth0   U     1      0        0 eth0

My answer:

Two possibilities come to mind:

  1. Add a static route to your external mail server’s IP address which is explicitly routed via the Ethernet interface instead of the default route.

  2. Send out your outgoing mail to the external mail server on the submission port (587).

The best answer, though, is to run the mail server on a different (virtual) machine than the VPN, so that you can route its traffic appropriately. Routes can only be specified by IP address/network, not by port number.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.