Linux 25 port routing (tunneling/forwarding)

Question

I have:

1) Centos server 1 with postfic/dovecot mail servers

IP1 45.45.45.45 (DNS: host1.com.ua)

server 1 cannot make outgoing request to 25 port because Internet Service Provider block it!

telnet alt2.gmail-smtp-in.l.google.com 25
Trying 173.194.71.27...
telnet: connect to address 173.194.71.27: Connection timed out
Trying 2a00:1450:4010:c04::1b...
telnet: connect to address 2a00:1450:4010:c04::1b: Network is unreachable

2) Centos server 2 (router)

IP2 93.93.93.93 DNS: (host2.com.ua)

server 2 can make outgoig request to 25 port

telnet alt2.gmail-smtp-in.l.google.com 25
Trying 74.125.193.26...
Connected to alt2.gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP ij4si32339564igb.9 - gsmtp

Question:

How do I set routing (tunneling/forwarding) to make all outgoing requests from server 1 port 25 through server 2?

Answer 1

Honestly, the right thing to do is to pick the ISP where you put your main mail server a little more carefully. But assuming that's out of the question, I wouldn't do this at layer 3 (iptables), I'd do it at layer 4 (application, being SMTP), taking advantage of SMTP's inherent store-and-forward nature. The procedure looks somewhat like this:

1. Set up a VPN of some kind between the two servers. I'd use ipsec, Iain seems to favour ssh tunneling, others round here like OpenVPN.
2. Configure server1 to route all outbound mail via server2
3. Configure server2 to accept any mail from server1 and send it on for delivery
4. Configure server2 to accept inbound mail for your domain(s), and to pass that all onto server1 for final delivery
5. Advertise server2 as your primary MX

Mail between the two servers (whether outbound from or inbound to your domain) will pass over the VPN, thus sidestepping the ISP's block.