Default Ports Used by Zimbra

   KB 1391        Last updated on 2016-03-25  

(0 votes)

You may choose not to allow remote connections to all of the external ports depending on which services you want to make available. In general, it is best to be restrictive as possible.

External Access

These are ports typically available to mail clients.

Port Protocol Zimbra Service Description
25 smtp mta incoming mail to postfix
80 http mailbox / proxy web mail client (disabled by default in 8.0)
110 pop3 mailbox / proxy POP3
143 imap mailbox / proxy IMAP
443 https mailbox / proxy - web mail client HTTP over TLS
465 smtps mta Incoming mail to postfix over TLS (Legacy Outlook only? If possible, use 587 instead)
587 smtp mta Mail submission over TLS
993 imaps mailbox / proxy IMAP over TLS
995 pop3s mailbox / proxy POP3 over TLS
3443 https proxy User Certificate Connection Port (optional)
9071 https proxy admin console HTTP over TLS (optional)

Internal Access

These are ports typically only used by the zimbra system itself.

Port Protocol Zimbra Service Description
389 ldap ldap
636 ldaps ldaps (if enabled)
7025 lmtp mailbox local mail delivery
7047 http conversion server Accessed by localhost by default; See also zimbraConvertdURL
7071 https mailbox admin console HTTP over TLS
7072 http mailbox ZCS Nginx Lookup (backend http service for nginx lookup/authentication)
7073 http mailbox ZCS saslauthd Lookup (backend http service for SASL lookup/authentication) (added in ZCS 8.7)
7110 pop3 mailbox Backend POP3 (if proxy configured)
7143 imap mailbox Backend IMAP (if proxy configured)
7171 - zmconfigd configuration daemon
7306 mysql mailbox
7307 mysql logger logger (removed in ZCS 7)
7780 http mailbox spell check
7993 imaps mailbox Backend IMAP over TLS (if proxy configured)
7995 pop3s mailbox Backend POP3 over TLS (if proxy configured)
8080 http mailbox Backend HTTP (if proxy configured on same host, disabled by default in 8.0)
8443 https mailbox Backend HTTPS (if proxy configured on same host)
8465 milter mta/opendkim OpenDKIM milter service
10024 smtp mta/amavisd to amavis from postfix
10025 smtp mta/master opendkim
10026 smtp mta/amavisd "ORIGINATING" policy
10027 smtp mta/master postjournal
10028 smtp mta/master content_filter=scan via opendkim
10029 smtp mta/master "postfix/archive"
10030 smtp mta/master 10032
10031 milter mta/cbpolicyd cluebringer policyd
10032 smtp mta/amavisd (antispam) "ORIGINATING_POST" policy
11211 memcached memcached nginx route lookups, mbox cache (calendar, folders, sync, tags)

System Access

Port Protocol Zimbra Service Description
22 ssh
53 dns
514 syslogd [logger] (udp)

Intra-Node Communication

In a multi-node environment the typical communication between nodes required includes:

Please note: this table is a WORK IN PROGRESS

Destination Source(s) Description
tcp/22 *ALL* zmrcd, SSH for management
DNS (optionally dnscache)
udp/53 *ALL* name resolution (dependent upon system resolver config)
tcp/389 *ALL* all nodes talk to LDAP server(s)
tcp/25 ldap sent email (cron jobs)
tcp/25 mbox sent email (web client, cron, etc.)
tcp/11211 mbox mbox metadata data cache
tcp/11211 proxy backend mailbox route cache
udp/514 *ALL* all nodes talk to logger server
Mailbox (mbox)
tcp/80 proxy backend proxy http
tcp/110 proxy backend proxy pop3
tcp/143 proxy backend proxy imap
tcp/443 proxy backend proxy https
tcp/993 proxy backend proxy imaps
tcp/995 proxy backend proxy pop3s
tcp/7025 mta all mta talk to any mbox (LMTP)
tcp/7071 mbox all mbox talk to any mbox (Admin)
tcp/7072 proxy zmlookup - zimbraReverseProxyLookupTarget
tcp/7073 mta sasl auth - zimbraMtaAuthTarget (since ZCS 8.7)
Verified Against: unknown Date Created: 4/4/2006
Article ID: https://wiki.zimbra.com/index.php?title=Ports Date Modified: 2016-03-25

Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search