Ports
Default Ports Used by Zimbra
- This article is a Work in Progress, and may be unfinished or missing sections.
You may choose not to allow remote connections to all of these. In a multi-node environment:
- all nodes will need access to
- the ldap server or servers (389) and
- the logger server (514)
- mta nodes will need access to lmtp on all mailbox nodes (7025)
- mailbox nodes will need admin port access to other mailbox nodes (7071)
External Access
These are ports typically available to mail clients.
- 25
- smtp [mta] - incoming mail to postfix
- 80
- http [mailbox|proxy] - web mail client (disabled by default: 8.0)
- 110
- pop3 [mailbox|proxy]
- 143
- imap [mailbox|proxy]
- 443
- https [mailbox|proxy] - web mail client: HTTP over TLS
- 465
- smtps [mta] - incoming mail to postfix over TLS (Legacy Outlook only? If possible, use 587 instead)
- 587
- smtp [mta] - Mail submission over TLS
- 993
- imaps [mailbox|proxy] - IMAP over TLS
- 995
- pop3s [mailbox|proxy] - POP3 over TLS
- 9071
- https [nginx => mailbox] - proxy admin console: HTTP over TLS (if enabled)
Internal Access
These are ports typically only used by the zimbra system itself.
- 389
- ldap [ldap]
- 636
- ldaps [ldaps] - if enabled
- 7025
- lmtp [mailbox] - local mail delivery
- 7047
- http [conversion server]
- 7071
- https [mailbox] - admin console: HTTP over TLS
- 7072
- http [mailbox] - ZCS Nginx Lookup (backend http service for nginx lookup/authentication)
- 7073
- http [mailbox] - ZCS saslauthd Lookup (backend http service for SASL lookup/authentication) (added: ZCS 8.7)
- 7110
- pop3 [mailbox] - Backend POP3 (if proxy configured)
- 7143
- imap [mailbox] - Backend IMAP (if proxy configured)
- 7171
- - [zmconfigd] - configuration daemon
- 7306
- mysql [mailbox]
- 7307
- mysql [logger] - logger (removed: ZCS 7)
- 7780
- http [mailbox] - spell check
- 7993
- imaps [mailbox] - Backend IMAP over TLS (if proxy configured)
- 7995
- pop3s [mailbox] - Backend POP3 over TLS (if proxy configured)
- 8080
- http [mailbox] - Backend HTTP (if proxy configured on same host, disabled by default: 8.0)
- 8443
- https [mailbox] - Backend HTTPS (if proxy configured on same host)
- 8465
- milter [mta/opendkim] - OpenDKIM milter service
- 10024
- smtp [mta/amavisd] - to amavis from postfix
- 10025
- smtp [mta/master] - (no antispam) back to postfix from amavis|opendkim
- 10026
- smtp [mta/amavisd] - "ORIGINATING" policy
- 10027
- smtp [mta/master] - postjournal
- 10028
- smtp [mta/master] - content_filter=scan via opendkim
- 10029
- smtp [mta/master] - "postfix/archive"
- 10030
- smtp [mta/master] - talks to opendkim milter, forwards to 10025|10032
- 10031
- milter [mta/cbpolicyd] - cluebringer policyd
- 10032
- smtp [mta/amavisd] - (antispam) "ORIGINATING_POST" policy
- 11211
- memcached [proxy] - nginx route lookups
System Access
- 22
- ssh
- 53
- dns
- 514
- syslogd [logger] (udp)