iRedMail blocking custom ports after standard installation

Question

I followed the standard installation of iRedMail (Version 1.4.2) and updated the SSH certificates following this guide: https://www.linuxbabe.com/mail-server/debian-10-buster-iredmail-email-server

After a successfull installation some of my services (such as an Express REST API) couldn't be reached anymore because the assigned Port was blocked.

I checked iptables and ufw setup and disabled ufw all together aswell but nothing changed.

I also looked at every log from each service that got installed with iRedMail and tried some configurations with nginx to proxy_serve that port.

Nothing seemed to be working and it wasn't specifically bound to that port aswell (any port which wasn't related to Http, Https, smpt and so on did not work).

Answer 1

I searched a little more and found the blocking was done from /etc/firewalld/zones/iredmail.xml

in my case I wanted ports 2095 and 2096 so I just added

<port port="2095" protocol="tcp"/>
<port port="2096" protocol="tcp"/>

to the xml

rebooted the machine and viola.. ports are opened magically

the previous method of deleting all rules works only temporarily, once you reboot you lose the setting. The above change is persistent

just my 2¢

Answer 2

I found in a forum about fail2ban that nft could be the problem. For some reason the nft firewall blocked every port.

Executing sudo nft flush ruleset will remove every rule from nft and solved my problem.

I searched hours to find this solution, so I figured I should share it here.

Answer 3

I'm learning I'm not a expert, I solved it by editing

1. sudo nano /etc/nftables.conf

2. Just add a your new port for example

# webmin
    tcp dport 10000 accept

3. And then use sudo reboot.