Powered by Blogger.

Default Ports Used by Zimbra

You may choose not to allow remote connections to all of the external ports depending on which services you want to make available. In general, it is best to be restrictive as possible.

External Access
These are ports typically available to mail clients.
PortProtocolZimbra ServiceDescription
25smtpmtaincoming mail to postfix
80httpmailbox / proxyweb mail client (disabled by default in 8.0)
110pop3mailbox / proxyPOP3
143imapmailbox / proxyIMAP
443httpsmailbox / proxy - web mail clientHTTP over TLS
465smtpsmtaIncoming mail to postfix over TLS (Legacy Outlook only? If possible, use 587 instead)
587smtpmtaMail submission over TLS
993imapsmailbox / proxyIMAP over TLS
995pop3smailbox / proxyPOP3 over TLS
3443httpsproxyUser Certificate Connection Port (optional)
9071httpsproxy admin consoleHTTP over TLS (optional)

Internal Access

These are ports typically only used by the Zimbra system itself.
PortProtocolZimbra ServiceDescription
636ldapsldapsif enabled via LC(ldap_bind_url)
7025lmtpmailboxlocal mail delivery; zimbraLmtpBindAddress
7047httpconversion serverAccessed by localhost by default; binds to '*'
7071httpsmailboxadmin console HTTP over TLS; zimbraAdminBindAddress
7072httpmailboxZCS nginx lookup - backend http service for nginx lookup/authentication
7073httpmailboxZCS saslauthd lookup - backend http service for SASL lookup/authentication (added in ZCS 8.7)
7110pop3mailboxBackend POP3 (if proxy configured); zimbraPop3BindAddress
7143imapmailboxBackend IMAP (if proxy configured); zimbraImapBindAddress
7171-zmconfigdconfiguration daemon; localhost
7306mysqlmailboxLC(mysql_bind_address); localhost
7307mysqlloggerlogger (removed in ZCS 7)
7780httpmailboxspell check
7993imapsmailboxBackend IMAP over TLS (if proxy configured); zimbraImapSSLBindAddress
7995pop3smailboxBackend POP3 over TLS (if proxy configured); zimbraPop3SSLBindAddress
8080httpmailboxBackend HTTP (if proxy configured on same host); zimbraMailBindAddress
8443httpsmailboxBackend HTTPS (if proxy configured on same host); zimbraMailSSLBindAddress
8465miltermta/opendkimOpenDKIM milter service; localhost
10024smtpmta/amavisdto amavis from postfix; localhost
10025smtpmta/masteropendkim; localhost
10026smtpmta/amavisd"ORIGINATING" policy; localhost
10028smtpmta/mastercontent_filter=scan via opendkim; localhost
10029smtpmta/master"postfix/archive"; localhost
10030smtpmta/master10032; localhost
10031miltermta/cbpolicydcluebringer policyd
10032smtpmta/amavisd(antispam) "ORIGINATING_POST" policy
10663-loggerLC(logger_zmrrdfetch_port); localhost
23232-mta/amavisdamavis-services / msg-forwarder (zeromq); localhost
23233-mta/amavisdsnmp-responder; localhost
11211memcachedmemcachednginx route lookups, mbox cache (calendar, folders, sync, tags); zimbraMemcachedBindAddress

System Access and Intra-Node Communication

In a multi-node environment the typical communication between nodes required includes:
Please note: this table is a WORK IN PROGRESS
22*ALL*SSH (system & zmrcd): host management
udp/53*ALL*DNS (system ¦ dnscache): name resolution
udp/514*ALL*syslog: system and application logging
389*ALL*all nodes talk to LDAP server(s)
25ldapsent email (cron jobs)
25mboxsent email (web client, cron, etc.)
3310mboxzimbraAttachmentsScanURL (not set by default)
11211mboxmbox metadata data cache
11211proxybackend mailbox route cache
Mailbox (mbox)
80proxybackend proxy http
110proxybackend proxy pop3
143proxybackend proxy imap
443proxybackend proxy https
993proxybackend proxy imaps
995proxybackend proxy pop3s
7025mtaall mta talk to any mbox (LMTP)
7047mboxlocalhost by default; zimbraConvertdURL
7071mboxall mbox talk to any mbox (Admin)
7072proxyzmlookup; zimbraReverseProxyLookupTarget
7073mtasasl auth; zimbraMtaAuthTarget (since ZCS 8.7)
    Blogger Comment
    Facebook Comment