Results 1 to 4 of 4

Thread: FOSS and Needed Firewall Ports

  1. #1
    Join Date
    Oct 2009
    Rep Power

    Default FOSS and Needed Firewall Ports

    Hey Gang,
    I use FOSS 7 Ubuntu this way.

    My zimbra receives email which I forwarded to me from my ISP.
    My zimbra sends email for me via relay thru my ISP.
    I use my webclient exclusively.
    I have full local access to the box on my local network via it's IP

    The only ports I need open on my firewall to my zimbra should be what ?

    Since I use my webclient I know I need 443.
    I am uncertain about 25 and 110.

    I'm not poping email off zimbra with a client so I don't see where 110 is needed.
    I'm relaying when I send so is 25 needed ?
    What port is used for zimbra to receive the forwarded email from my ISP ?

    I'm a little crossed up on this.

    My point is that I don't want any port open on my firewall that I don't need to have open.

    2nd question
    Realizing that zimbra can be configured for external accounts, what ports would I need to have open then ?
    I will never have any direct poping or using zimbra to send via clients like outlook or tbird.


  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Vannes, France
    Rep Power


    If you have no external access to your server for IMAP or POP then you only need ports 25 & 443 for SMTP & Webmail, if you don't have an outbound firewall then you don't need to do anything else. If you have an outbound firewall then you need port 25 & 993 for IMAPS (if you're getting mail via that port) - all the ports are detailed in the wiki: Ports - Zimbra :: Wiki


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Oct 2009
    Rep Power


    Yes, I saw and read that.
    Ah, I'm clear now. I don't have an outbound firewall. Anything generated inside is safe and cool and goes out on any port it wish. Yes, I run IPCop for anyone interested.

    So I need 25 because that's the port for mail to come in on from my ISP since I forward. Yeah I get it.

    443 is obviously needed since I must access the webclient.

    Yes, I will now lock up shop tighter.


  4. #4
    Join Date
    Nov 2009
    Ljubljana, Slovenia
    Rep Power


    There are ports I have opened (direction: inbound) on my Zimbra box. SSH and Zimbra Admin I have limited only from my office static IP. they Are all you need for proper and secure operation of your Zimbra:

    tcp 22 = SSH
    tcp 80 = HTTP
    tcp 25 = SMTP
    tcp 110 = POP3 *
    tcp 443 = HTTPS
    udp 443 = HTTPS **
    tcp 465 = SMTP over SSL
    tcp 993 = IMAP4 over SSL
    tcp 995 = POP3 over SSL
    tcp 7071 = Zimbra admin

    * Remove POP3 port 110 if you have SSL certificate and want to force users to download mail only via SSL/TLS secured chanell.

    ** I am not sure why I added UDP 443 port, but I know I did not add it by accident.

Similar Threads

  1. Replies: 4
    Last Post: 01-24-2011, 11:30 AM
  2. Need to backup FOSS - How
    By spectra in forum Administrators
    Replies: 2
    Last Post: 01-23-2011, 12:34 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts