Redirecting mail

Rob Sterenborg rob at
Fri Apr 8 14:06:15 CEST 2005

> > There is no need to use multiport because you only DNAT 1 
> port : smtp.
> > But that should not be a problem.
> >
> > iptables -t nat -A OUTPUT -p tcp --dports smtp \ -j DNAT 
> > --to-destination
> if I try it without the multiport option i get the following
> error..
> [root at posjia0h01 root]# iptables -t nat -A OUTPUT -p tcp 
> --dports smtp -j DNAT --to-destination iptables 
> v1.2.5: Unknown arg `--dports'
> Try `iptables -h' or 'iptables --help' for more information.

Sorry, that should be "--dport", not "--dports".

> this is strange...
> Ive got another mailserver ..
> now if I put that rule in
>  iptables -t nat -A OUTPUT -p tcp -m multiport --dports smtp  
> -j DNAT --to-destination
> and if I try telnet to any mail server on the internet , i connect to
> (Which should happen on

So if the rule works on, it should also be correct for

> [root at poscpt0h01 root]# telnet 25 Trying 
> Connected to
> Escape character is '^]'.
> 220 c ESMTP Sendmail 8.12.8/8.12.8; 
> Fri, 8 Apr 2005
> 17:30:45 +0200 is I suppose ?

> is there noway to make it connect directly to, 
> but using as a gateway

I think you'd need a smtp proxy to do that (right now you're using as a mail-gateway because it forwards mail from other
Perhaps if you run a smtp proxy on port 26 or so, and forward other
mailservers to that port ( is already running a mailserver
on port 25) :

iptables -t nat -A OUTPUT -p tcp --dport smtp \
  -j DNAT --to
And let the smtp proxy connect to an internet MTA on port 25. But this
way you still don't connect directly to the receiving MTA.


