Open ports for yunohost

Hello, I am trying to setup a yunohost server, but have no idea how to properly open the required ports as requested bellow:

  • Web: 80 (HTTP), 443 (HTTPS)
  • SSH: 22
  • XMPP: 5222 (clients), 5269 (servers)
  • Email: 25, 587 (SMTP), 993 (IMAP)

What's the easiest way to do it? Can it be done using the luci interface?


Network/Firewall and Port Forwards of this server is running on another host, or Traffic Rules if it will run on OpenWrt. Just make sure which ports need to be opened inbound, because outbound everything is allowed.

1 Like

Also keep in mind that many ISPs block port 25 due to email spam abuse, and your ISP may or may not block other ports.

You will also need a true public IP address on your OpenWrt WAN if you are accepting inbound connections. If you have an address in the RFC1918 or CG-NAT ranges, you will not be able to achieve port forwarding.


Even if the ISP wouldn't filter port 25 and friends, the remote mail servers will reject mails from residential IP addresses anyways.


Is there a workaround for that? Maybe with a vpn?

You're looking for a workaround for port 25 rejections? Nope.. SMTP over port 25 (non-secured) was abused by spammers, especially when configured as an open-relay type mail server. Therefore, most mail servers these days outright reject it.

You'll need to use a mail server that uses a secure protocol (SSL/TLS) and ideally has a true fully qualified domain name (complete with reverse lookup).

My main goal is to move my company e-mail to a better solution than g suite or microsoft services. Ideally self hosting with my own server, yunohost seems the better solution I found, but I will not be doing it myself, I will hire an IT guy with experience on linux and debian, do you suggest something else?

1 Like

You most certainly don't want to be running a business email server over port 25.

Better in what respect? There are obviously reasons people will choose not to use such services, but when you consider things like robust security on the stack (managed by people who really know what they are doing), uptime, bandwidth, easy access for your users, multi-factor authentication options, etc.... you should really define what is wrong with these services in your opinion and/or use case.

not if it runs over port 25. And consider all the other challenges you might face. Any downtime, for example, means lost productivity for your business.

Hire your IT person first, let them setup the tech or recommend solutions (possibly including commercial services like Google/Microsoft/Amazon and others).

1 Like

I want to avoid google microsoft and etc, that's why the idea of self-hosting.

1 Like

You haven't said why. You may have legitimate reasons for avoiding them....that's fine... but...

You might be in over your head here. I'm honestly not trying to be rude or disparaging.... self hosting a business server isn't necessarily a bad thing, but you really need to have a solid understanding of security and many other aspects of the IT trade (including capacity planning, hardware and software redundancy, and so on -- the list is quite long). If you are asking about running mail servers over port 25, you probably aren't looking at this with a modern and security-first perspective. Simply exchanging email with clients and/or other companies could will be problematic if you're not using a properly configured and secured mail server, meaning that your business will experience productivity challenges from the outset based on your self-hosting goals.

Please consider hiring your IT person first and then giving them the task of selecting and implementing the technology stack.


You have to forward ports from router to Yunohost.

Speaking about Email server. The 25 port often is closed by ISP for outgoing emails but for receiving it's may be fine. Also there is 587 port which is TLS+SMTP and more secure.
My ISP allows both receiving and sending emails but it may be changed any any time.
If you are going to send emails then you also have to configure DKIM. The Yunohost must configure it

Most popular email services like GMail, Hotmail really don't like emails from someone whom they don't know. They are actively use block/allow lists by IPs.

For a personal usage receiving emails which is 99% of typical usage looks fine.
For a corporate email, as it was already mentioned, it may be better to use some service. As far I know FastMail is quite popular in the area.

The Yunohost is not the only email bundle. See a list of them here
emailwiz, Mailcow, Mail-in-a-Box are seems popular.