What ports should be left open for Virtualmin, Webmin, Usermin to function properly?

What ports must be excluded from blocking in iptables in order to my Virtualmin setup to function properly? I know I should keep open 10000, 20000. What else?

I am asking this, because I configured simple forward setup for all the incoming mails in Filter and Forward Mail in Usermin, but unfortunately no mail is forwarded, so I thought maybe my mail is being blocked by apf, which is installed on my server.

On the other hand it works with no issue if I compose and send mail form the same box, so outbound port for sending e-mails should be working. Then why forwarding does nto work?

Well, for email, you’d want to have 25, 110, 143, 993, 995, and if your server is acting as a nameserver, you’d need to have port 53 UDP open.

There’s a lot of email providers that block incoming port 25, so you’d want to make sure that’s accessible.

You also may want to take a look at the mail logs, in /var/log/maillog or /var/log/mail.log, to help in tracking down the problem.


Port# 25 indeed was blocked by apf. On the other hand, the problem was not only in blocked port. If someone encounter the same problem, please also read instructions on http://www.virtualmin.com/node/14004#comment-62463.

Copying form http://www.virtualmin.com/node/9202:



I’d like to also share with other users configuring APF for the first time with different port definition. Please add/correct/comment the following list of ports:

# Ingress (inbound) ports: # # 21 FTP # 22 SSH # 25 SMTP # 53 DNS - Domain Name Server # 80 HTTP # 110 POP3 # 143 IMAP # 443 HTTPS # 953 BIND ?? # 993 imap4 protocol over TLS/SSL # 995 pop3 protocol over TLS/SSL (was spop3) # 2082 CPANEL (http://sitename.com:2082) # 2083 CPANEL SSL (https://sitename.com:2083) # 2084 entropychat server (also disable this from the CPANEL service manager if not used) # 2086 WHM (http://sitename.com:2086) # 2087 WHM SSL (https://sitename.com:2087) # 2095 WebMail (http://sitename.com:2095) # 2096 WebMail SSL (https://sitename.com:2096) # 3306 mySQL remote access # 6277 SpamAssassin / DCC (email scanning) # 6666 Melange chat Server (also disable this from the CPANEL service manager if not used)

Egress (outbound) ports:

21 FTP


37 Required for CPANEL Licensing


53 DNS - Domain Name Server


110 POP3 (if you have scripts that need to retrieve email via POP, e.g. HelpDesk)

113 Authentication Protocol (AUTH)

123 NTP (Network Time)


873 rsync

953 BIND ??

2089 Required for CPANEL Licensing

2703 Razor (email scanning)

3306 mySQL remote access

6277 SpamAssassin / DCC (email scanning)

Here’s a more detailed post about which ports should be opened,
List of Virtualmin Ports to open in firewall

PORT 587 and 465 as port 25 is blocked/forbidden to use for lot of…
Some knowledge for readers about the mail ports themselves and wich to activate…:

And have some not default ports for external mysql, SSH and f(s)tp is common use.

Mail forwarding blocked could also be/due in/to (spamfilters) somewhere.
We tested some an put that domains on the box on a white list.

Don’t know if it is header problem or whatever we only needed few forwards we configured then this way with the list of the domains allowed.