Ports: Difference between revisions
No edit summary |
(Change SSL to TLS, cleanup spacing, add comment about HTTP disabled by default in 8.0) |
||
Line 1: | Line 1: | ||
=Default Ports Used by Zimbra= | =Default Ports Used by Zimbra= | ||
You may choose not to allow remote connections to all of these. In a multi-node environment | You may choose not to allow remote connections to all of these. In a multi-node environment: | ||
* all nodes will need access to | |||
** the ldap server or servers (389) and | |||
** the logger server (514) | |||
* mta nodes will need access to lmtp on all mailbox nodes (7025) | |||
* mailbox nodes will need admin port access to other mailbox nodes (7071) | |||
==External Access== | ==External Access== | ||
Line 7: | Line 12: | ||
These are ports typically available to mail clients. | These are ports typically available to mail clients. | ||
;25:smtp [mta] - incoming mail to postfix | ;25:smtp [mta] - incoming mail to postfix | ||
;80:http [mailbox] - web mail client | ;80:http [mailbox] - web mail client (disabled by default: 8.0) | ||
;110:pop3 [mailbox] | ;110:pop3 [mailbox] | ||
;143:imap [mailbox] | ;143:imap [mailbox] | ||
;443:https [mailbox] - web mail client over | ;443:https [mailbox] - web mail client: HTTP over TLS | ||
;465:smtps [mta] - incoming mail to postfix over | ;465:smtps [mta] - incoming mail to postfix over TLS (Legacy Outlook only? If possible, use 587 instead) | ||
;587:smtp [mta] - Mail submission over | ;587:smtp [mta] - Mail submission over TLS | ||
;993:imaps [mailbox] - | ;993:imaps [mailbox] - IMAP over TLS | ||
;995: | ;995:pop3s [mailbox] - POP3 over TLS | ||
;9071:https [nginx => mailbox] - proxy admin console (if enabled) | ;9071:https [nginx => mailbox] - proxy admin console: HTTP over TLS (if enabled) | ||
==Internal Access== | ==Internal Access== | ||
Line 22: | Line 27: | ||
These are ports typically only used by the zimbra system itself. | These are ports typically only used by the zimbra system itself. | ||
;389:ldap [ldap] | ;389:ldap [ldap] | ||
;636:ldaps [ldaps] - if enabled | ;636:ldaps [ldaps] - if enabled | ||
;7025:lmtp [mailbox] - local mail delivery | ;7025:lmtp [mailbox] - local mail delivery | ||
;7047:http [conversion server] | ;7047:http [conversion server] | ||
;7071:https [mailbox] - admin console | ;7071:https [mailbox] - admin console: HTTP over TLS | ||
;7072:http [mailbox] - ZCS Nginx Lookup (backend http service for nginx lookup/authentication) | ;7072:http [mailbox] - ZCS Nginx Lookup (backend http service for nginx lookup/authentication) | ||
;7110:pop3 [mailbox] - Backend POP3 (if proxy configured) | ;7110:pop3 [mailbox] - Backend POP3 (if proxy configured) | ||
;7143:imap [mailbox] - Backend IMAP (if proxy configured) | ;7143:imap [mailbox] - Backend IMAP (if proxy configured) | ||
;7306:mysql [mailbox] | ;7306:mysql [mailbox] | ||
;7307:mysql [logger] - logger (removed: ZCS 7) | ;7307:mysql [logger] - logger (removed: ZCS 7) | ||
;7780:http [mailbox] - spell check | ;7780:http [mailbox] - spell check | ||
;7993:imaps [mailbox] - Backend IMAP | ;7993:imaps [mailbox] - Backend IMAP over TLS (if proxy configured) | ||
;7995:pop3s [mailbox] - Backend POP3 | ;7995:pop3s [mailbox] - Backend POP3 over TLS (if proxy configured) | ||
;8080:http [mailbox] - Backend HTTP (if proxy configured on same host) | ;8080:http [mailbox] - Backend HTTP (if proxy configured on same host, disabled by default: 8.0) | ||
;8443:https [mailbox] - Backend HTTPS (if proxy configured on same host) | ;8443:https [mailbox] - Backend HTTPS (if proxy configured on same host) | ||
;10024:smtp [mta] - to amavis from postfix | ;10024:smtp [mta] - to amavis from postfix |
Revision as of 05:01, 6 March 2015
Default Ports Used by Zimbra
You may choose not to allow remote connections to all of these. In a multi-node environment:
- all nodes will need access to
- the ldap server or servers (389) and
- the logger server (514)
- mta nodes will need access to lmtp on all mailbox nodes (7025)
- mailbox nodes will need admin port access to other mailbox nodes (7071)
External Access
These are ports typically available to mail clients.
- 25
- smtp [mta] - incoming mail to postfix
- 80
- http [mailbox] - web mail client (disabled by default: 8.0)
- 110
- pop3 [mailbox]
- 143
- imap [mailbox]
- 443
- https [mailbox] - web mail client: HTTP over TLS
- 465
- smtps [mta] - incoming mail to postfix over TLS (Legacy Outlook only? If possible, use 587 instead)
- 587
- smtp [mta] - Mail submission over TLS
- 993
- imaps [mailbox] - IMAP over TLS
- 995
- pop3s [mailbox] - POP3 over TLS
- 9071
- https [nginx => mailbox] - proxy admin console: HTTP over TLS (if enabled)
Internal Access
These are ports typically only used by the zimbra system itself.
- 389
- ldap [ldap]
- 636
- ldaps [ldaps] - if enabled
- 7025
- lmtp [mailbox] - local mail delivery
- 7047
- http [conversion server]
- 7071
- https [mailbox] - admin console: HTTP over TLS
- 7072
- http [mailbox] - ZCS Nginx Lookup (backend http service for nginx lookup/authentication)
- 7110
- pop3 [mailbox] - Backend POP3 (if proxy configured)
- 7143
- imap [mailbox] - Backend IMAP (if proxy configured)
- 7306
- mysql [mailbox]
- 7307
- mysql [logger] - logger (removed: ZCS 7)
- 7780
- http [mailbox] - spell check
- 7993
- imaps [mailbox] - Backend IMAP over TLS (if proxy configured)
- 7995
- pop3s [mailbox] - Backend POP3 over TLS (if proxy configured)
- 8080
- http [mailbox] - Backend HTTP (if proxy configured on same host, disabled by default: 8.0)
- 8443
- https [mailbox] - Backend HTTPS (if proxy configured on same host)
- 10024
- smtp [mta] - to amavis from postfix
- 10025
- smtp [mta] - back to postfix from amavis
- 11211
- memcached [proxy] - nginx route lookups
System Access
- 22
- ssh
- 53
- dns
- 514
- syslogd [logger] (udp)