Results 1 to 4 of 4

Thread: Port 7025 - Safe for Internet Exposure?

  1. #1
    Join Date
    Feb 2009
    Posts
    2
    Rep Power
    6

    Default Port 7025 - Safe for Internet Exposure?

    Hello,

    I just installed a Zimbra Open Source 5.0.13 on Ubuntu 8.0.4 to evaluate and learn on. Everything went well except for messages being deferred because the MTA was attempting to connect to my external firewall interface instead of locally. I read up on the problem, and applied an alias with the public address that the MTA was trying to connect to on my network adapter as suggested in the wiki. The end result was all sorts of oddness. I couldn't connect to the server's webmail interface from the internal network, opening programs at the console (ex: terminal) show "Opening 0" in the taskbar and then disappear. I rebooted to clear the alias and everything returned to normal. If I forward the port from my firewall, everything works fine and mail arrives in a timely fashion.

    My question:

    Is it safe to leave port 7025 exposed to the Internet?
    If not, can anyone point me in the right direction in terms of applying the alias?

    The alias command I ran is: sudo ifconfig eth1:0 xxx.xxx.xxx.xxx netmask 255.255.255.255 up

    Edit:

    I am giving the alias another try. This time I am not experiencing any oddness with opening programs on the system, but Zimbra is showing the same results.

    My ifconfig output:

    eth1 Link encap:Ethernet HWaddr 00:0e:a6:e0:ff:9b
    inet addr:192.168.0.252 Bcast:192.168.0.255 Mask:255.255.255.0
    inet6 addr: fe80::20e:a6ff:fee0:ff9b/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:19051 errors:0 dropped:0 overruns:0 frame:0
    TX packets:26491 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:1307065 (1.2 MB) TX bytes:24988893 (23.8 MB)
    Interrupt:18

    eth1:0 Link encap:Ethernet HWaddr 00:0e:a6:e0:ff:9b
    inet addr:xxx.xxx.xxx.xxx Bcast:xxx.xxx.xxx.255 Mask:255.255.255.255 (xxx.xxx.xxx.xxx = my public IP)
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    Interrupt:18

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:17506 errors:0 dropped:0 overruns:0 frame:0
    TX packets:17506 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:5661674 (5.3 MB) TX bytes:5661674 (5.3 MB)

    With these settings applied, the web interface times out with "cannot connect to server" as the error. I'm guessing it's directing it's resonses for external hosts trying to connect back unto itself because it thinks it is that public IP. Though the computers I am trying to connect from are on the 192.168.0.0 internal subnet. I'm sure I'm missing something basic here. Must need more coffee.
    Last edited by Techmonkey; 02-25-2009 at 11:28 AM.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by Techmonkey View Post
    My question:

    Is it safe to leave port 7025 exposed to the Internet?
    If not, can anyone point me in the right direction in terms of applying the alias?
    You need to set-up a Split DNS so Zimbra can resolve it's internal IP.

    Quote Originally Posted by Techmonkey View Post
    The alias command I ran is: sudo ifconfig eth1:0 xxx.xxx.xxx.xxx netmask 255.255.255.255 up
    You don't need that for Zimbra.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Feb 2009
    Posts
    2
    Rep Power
    6

    Default

    Worked fine. Fixed the issue. Guess I was just feeling lazy and avoiding it. Thanks for the guidance.

  4. #4
    Join Date
    Nov 2009
    Location
    Chile
    Posts
    17
    Rep Power
    6

    Default

    Hello everyone.
    On my multi server layout, I have an old PC serving as firewall (using shorewall) and DNS at the same time.
    My other 3 machines (Zimbra server, cloud and webpage servers) are NAT'ed on a DMZ. Ports are forwarded to the corresponding machines via the shorewall.
    Maybe this is not the right thread, please forgive me if so; the thing is I want to close some ports to the outside, on my firewall machine, and am considering closing port 7025 to the internet (and maybe to the LAN). I'd really appreciate to know if it's necessary to setup a Split DNS on my Zimbra controller too.
    Thanks in advance, best regards.
    KM

Similar Threads

  1. connection refused port 7025 - what is this?
    By pheonix1t in forum Administrators
    Replies: 4
    Last Post: 10-11-2011, 05:37 AM
  2. Erorr..initializing ldap failed(5362)
    By Logan_filter in forum Installation
    Replies: 10
    Last Post: 12-19-2008, 01:10 PM
  3. zmclamdctl is not running after upgrade
    By Darren in forum Installation
    Replies: 24
    Last Post: 10-10-2008, 10:10 AM
  4. Error 256 on Installation
    By RuinExplorer in forum Installation
    Replies: 5
    Last Post: 10-19-2006, 10:19 AM
  5. Getting problems in FC4 while instalation
    By kitty_bhoo in forum Installation
    Replies: 13
    Last Post: 09-12-2006, 11:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •