I need to accept smtp traffic on additional ports to 25 because some of my clients have ISPs that block port 25 traffic to anything other than their ISPs mail servers. A while ago I implemented this with a quick workaround using IPTables where I added the rule... -A PREROUTING -p tcp -m tcp --dport 587 -j REDIRECT --to-ports 25 to /etc/sysconfig/iptables When I turn the firewall on in ISPConfig 3, the bastille script (I assume) rewrites iptables and discards my redirect. Is there an easy way to add my rerouting rule so it "sticks" or any other way of allowing postfix to listen on more than one port ? I assume I need to use /usr/local/ispconfig/server/conf-custom/ for the former ? Am I correct in thinking that this prerouting rule also allows fail2ban (on port 25) to work correctly for this new port ?