Ports
Default Ports Used by Zimbra
You may choose not to allow remote connections to all of these. In a multi-node environment, all nodes will need access to the ldap server or servers (389) and to the logger server (514), mta nodes will need access to lmtp on all mailbox nodes (7025), mailbox nodes will need admin port access to other mailbox nodes (7071).
External Access
These are ports typically available to mail clients.
- 25
- smtp [mta] - incoming mail to postfix
- 80
- http [mailbox] - web mail client
- 110
- pop3 [mailbox]
- 143
- imap [mailbox]
- 443
- https [mailbox] - web mail client over ssl
- 465
- smtps [mta] - incoming mail to postfix over ssl (Legacy Outlook only? If possible, use 587 instead)
- 587
- smtp [mta] - Mail submission over tls
- 993
- imaps [mailbox] - imap over ssl
- 995
- pops [mailbox] - pop over ssl
- 9071
- https [nginx => mailbox] - proxy admin console (if enabled)
Internal Access
These are ports typically only used by the zimbra system itself.
- 389
- ldap [ldap]
- 636
- ldaps [ldaps] - if enabled
- 7025
- lmtp [mailbox] - local mail delivery
- 7047
- http [conversion server]
- 7071
- https [mailbox] - admin console
- 7072
- http [mailbox] - ZCS Nginx Lookup (backend http service for nginx lookup/authentication)
- 7110
- pop3 [mailbox] - Backend POP3 (if proxy configured)
- 7143
- imap [mailbox] - Backend IMAP (if proxy configured)
- 7306
- mysql [mailbox]
- 7307
- mysql [logger] - logger (removed: ZCS 7)
- 7780
- http [mailbox] - spell check
- 7993
- imaps [mailbox] - Backend IMAP SSL (if proxy configured)
- 7995
- pop3s [mailbox] - Backend POP3 SSL (if proxy configured)
- 10024
- smtp [mta] - to amavis from postfix
- 10025
- smtp [mta] - back to postfix from amavis
- 11211
- memcached [proxy] - nginx route lookups
System Access
- 22
- ssh
- 53
- dns
- 514
- syslogd [logger] (udp)