Blocking SASL logins?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 2215
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 8.8.15 Network Edition
Contact:

Re: Blocking SASL logins?

Postby L. Mark Stone » Mon Jun 15, 2020 1:52 pm

DualBoot wrote:Block all except and monitor :
- 25 (SMTP, SMTP with auth)
- 587 (Submission)
- 22 (if need to access your server from the outside world, better use VPN or allow identified IP with private key)
- 110 (POP)
- 995 (POPS)
- 143 (IMAP)
- 993 (IMAPS)
- 80 (HTTP)
- 443 (HTTPS)
That should be enough

Regards


FWIW, and as a suggestion for those new to Zimbra, I typically do not open 110 and 143, as keeping those ports closed forces users to use POPS and IMAPS, and prevents their username:passwords from being transmitted in clear text across the wire.

All the best,
Mark


___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/

Return to “Administrators”

Who is online

Users browsing this forum: Google [Bot] and 18 guests